Device Configuration : Protect : Wireless : Wireless
Wireless
The page allows general configuration of wireless networks.
Device Configuration > Protect > Wireless > Wireless
Following is a description of the different sections of this page:
Download AP Firmware (Displayed only if AP firmware is not available on the device)
Click to download AP firmware.
* Wireless Protection can be used after AP firmware is successfully downloaded.
Global Settings
Enable Wireless Protection
Select the checkbox to enable Wireless Protection.
Allowed Zone
Select network zones that are to be allowed for access point connectivity. These are the zones where access points are deployed to.
* If the wireless network uses WPA/WPA2 Enterprise Authentication as encryption mode then a RADIUS server needs to be specified.
Advanced Settings
Notification Timeout
If an access point goes offline you get a notification. The Notification Timeout lets you configure a timeout for the notification. This means, if you set a delay of 2 minutes, the notification will be sent only if the access point is offline for at least 2 minutes. After the specified time, the AP will be considered inactive.
Timeout (in minutes)
The notification timeout requires an integer. The default timeout is 0 minutes.
Enterprise Authentication
For enterprise authentication, you need to provide some information of your RADIUS server. Note that access points do not communicate with the RADIUS server for authentication but only the Sophos Firewall OS . Port 414 is used for the RADIUS communication between the Sophos Firewall OS and the access points.
RADIUS Server
Select the required RADIUS server from the drop-down list. Servers can be added and configured on Device Configuration > Configure > Authentication > Authentication Server .
* When your RADIUS server is connected to the Sophos Firewall OS via an IPsec tunnel, you have to configure an additional SNAT rule to ensure that the communication works correctly. On the Device Configuration > System > Profiles > NAT Policy page, add the following SNAT rule: For traffic from the APs' network(s), using service RADIUS, and going to the RADIUS server, replace the source address with the IP address of Sophos Firewall OS used to reach the RADIUS server.