Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 2361 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Points limits in the Sophos XGS model

Angelo Orlando1

There is any UPDATED formal documentation from Sophos regarding how many Access Points can be managed by Firewall according the model?

This is the only documentation I have found but it's not updated. I'm interested for the new model XGS



This thread was automatically locked due to age.

Top Replies

  • in reply to kerobra +1

    Separate zone is not a scaling solution. Essentially it was designed for the customer to have a way to build a VLAN within the product, if you dont have a VLAN solution on hand. 

    But customers started to use this on bigger installation. Separate Zone means: Per SSID and per access point one VXLAN Interface.

    This means: You have 100 access points and 2 SSIDs = 200 VXLAN Interfaces. That can be an issue for firewalls (linux systems). 

    The concept of doing separate zones in smaller setups is fine for me. To do this in a bigger scale (like in this setup) is just not the way to go. You should move to VLAN. And to do it in Central or one the firewall does not matter. 

    You need to differentiate between smaller project (one access point, one firewall) and large projects like this one. 

    Plans to add the firewall support on APX320X are stopped. https://partnernews.sophos.com/en-us/2021/07/products/end-of-sale-ap-100x-outdoor-access-point/

    Essentially i would always go Central Wireless. A firewall is not a wireless controller. 

    BTW: In Central you can go with guest network as well, which essentially does the same in a simpler setup. 

    Jump to answer
Parents
  • 0

    Why not using Central Wireless? There is no limitation. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    According the size and the business of the company I can agree with You but it's not for our case.

    We have a Sophos XGS dedicated only as AP controller for the management of many APs and subnets.

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

  • 0 in reply to Angelo Orlando1

    But why use the firewall for managing the Access points in the first place? You could do this in Central Wireless and bridge to a VLAN, which is managed by the Firewall. There is essentially no need to do this on a firewall anymore. Central offers this for free. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I'm doing myconsiderations about the option you mentioned despite for us, with many different VLANs ,can be bit complicated.

    What about the WiFi HotSpot and the creation of vouchers for the guests?  This does not appear managed by Sophos Central.

    The captive portal in the Sophos XGS is only for wiFi or can be bound to a network zone ?

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

Reply
  • 0 in reply to LuCar Toni

    I'm doing myconsiderations about the option you mentioned despite for us, with many different VLANs ,can be bit complicated.

    What about the WiFi HotSpot and the creation of vouchers for the guests?  This does not appear managed by Sophos Central.

    The captive portal in the Sophos XGS is only for wiFi or can be bound to a network zone ?

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

Children
  • 0 in reply to Angelo Orlando1

    You can do SSID + Voucher / Hotspot creation in Central as well. Even Social login (facebook etc.) is possible. 

    Then you would bridge to a VLAn and the firewall will take over the VLAN routing and other matters. 

    __________________________________________________________________________________________________________________