Guest WiFi separate FW rules

Question

I have an XG210 with 1 LAN and 1 WAN connection. I created a VLAN 100 (interface 1.100) for guest wireless and it is working fine but I want to allow all traffic for the guest network. I created a new FW rule but the traffic is restricted like the default LAN unless I change the rule to ANY > ANY > ANY. If I choose the 1.100 interface it becomes restricted. Any tips? This is my first XG device but I've been banging my head trying to figure this out.

This thread was automatically locked due to age.

lferrara · Answer

Brandon, 
 welcome to Sophos Community. Take note that XG uses Zones, which can be thougth are virtual entities to group multiple network objects. So when you have created the VLAN, you also have assigned it to a zone (LAN).So, you can create an additional zone (Guest-Wifi) and then use the new zone inside firewall rules. For example, Guest-Wifi to WAN traffic is allowed for only those protocols: http,https). 
 The other option you have is to keep the new VLAN to lan zone and use source network. Create a proper subnet, IP range that takes the entire VLAN 100 and then proceed with the Firewall rule. 
 Do not use as source network: ports, vlan ports. 
 Regards

Aditya Patel · Answer

Hi Brandon , 
 Could you let me know if you are using Sophos AP or other AP? 
 If you are using Sophos AP you may configure it to a separate zone or use an existing Guest zone.

If you are using another AP , you may need to configure a VLAN or use a separate interface and configure DHCP and rule accordingly Make sure the traffic is tagged.