Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 10523 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to get Wireless AP working on Sophos XG Virtual Firewall

gv aj

I have recently installed Sophos XG Virtual Firewall at the house. I am trying to have all of the devices go through XG and would like my setup to be the following:

Cable Modem in bridge Mode -> Sophos XG Firewall -> Wireless Access Point/Switch (DHCP)

I have an ESXi 6.0 setup for me host machine with 2 NICs:

WAN: cable modem to WAN NIC on ESX Host

LAN: second NIC is connected to my Wireless Router/switch

I have the XGFW configured and it is picking up 192x IP from my LAN/Wireless AP/Router and from my 70x IP for my WAN. I am was able to ping 8.8.8.8 from the Console screen and was able to activate the license and was able to download and install the updated firmware for Sophos XGFW which means that XG has internet connection.

However, I cannot get to internet on the Access Point that XG's LAN is connected to. Ideally I should be able to add additional routers or Wireless APs that LAN and everything should be behind the FW. I am assuming I need to enable a policy of some sort? Sorry this is my first time working with any firewall. Any direction you can provide would be very helpful. Thank you for your help in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Gv,

    use the suggestion as first approach.

    It would be better if you share a network diagram.

    Regards

  • 0 in reply to lferrara

    Luk,

    Below is the diagram. Sorry I just put this together with paint so it isn't great but hopefully this shows you what I am trying to do. Thank you for your help sir.

  • 0 in reply to gv aj

    Thanks for the picture.

    So I expect that on your XG VM, you have 2 VM Nics:

    • one that belongs to a WAN vswitch where is attached a Physical NIC (ESXi)
    • one that belongs to a LAN vswitch where is attached another Physical NIC (ESXi)

    Once this is done, you should be able to use the Wireless AP as an additional interface (if you configure another VM Nic using a third interface on XG) or use the Wi-Fi AP as a pure AP that is in the same network as the XG LAN card.

    Firewall LAN to WAN are needed and are enough.

    Regards

  • 0 in reply to lferrara

    Luke,

     

    Yes, I have 2 NICs (LAN/WAN) exactly as you described. Since you mentioned that i can configure anothe rVM NIC using a third interface on XG, i added another virtual NIC to the kernal that my Sophos is connected to providing a WAN connection. Then I went into 'Network' section and setup that third NIC with Wifi as the Network Zone and DHCP IP assignment although it is not show an IP address so i am not sure if that is working or is doing anything at this point.

    Another change I made is to host DHCP on Sophos and disabled DHCP on my Wi-Fi AP. I confirmed under Services that 'DHCP Server' was running and while I was in there, I also disabled HotSpot which I believe is for hardware appliances that allows you to host wifi on your hardware device although I could be wrong.

    And in between these changes, my internet is now working. What I don't know is which change made this happen :).

    Should I remove the additional NIC i added? I don't think it helped so I suppose I can remove it and see if it will continue to work. If not, I can add it back the same way. Any other suggestions as to any changes I should make from best practices stand point considering I am new and trying to put this in place to make my network more secure and don't want to open everything and do the opposite and make it unsecure for everyone to get in :).

    Thanks again for your help and time.

     

    aj

  • 0 in reply to gv aj

    Hi,

    the wireless functions on the XG only work with Sophos APs regardless of physical or virtual system.

     

Reply Children
No Data