Use these settings to enable wireless protection, to set notification time-out, and to configure a RADIUS server for enterprise authentication.
Network zones that permit access point connectivity. You can deploy access points on the specified zones.
The time, in minutes, between when an access point goes offline and when the firewall sends a time-out notification. After the specified time, the access point will be considered inactive.
RADIUS server to use for enterprise authentication. Access points communicate with the firewall, not the RADIUS server, for authentication. Port 414 is used for RADIUS communication between the firewall and access points. Access points send accounting information on port 417 to the firewall. The firewall then forwards the information on the configured accounting port 1813 to the RADIUS server. Interim accounting updates are not supported. Accounting Request or Accounting Response contains accounting-related information. It is separate from access request, response, or challenge.
You must set up the wireless network with 802.1x authentication.
You must enable accounting for your RADIUS server. RADIUS accounting is supported on all APX access points and the following earlier AP models, AP15, AP15C, AP55, AP55C, AP100, AP100C, AP100X, and Wi-Fi enabled devices.
You must add a network address translation policy for the access point networks when the RADIUS server is connected to the firewall through an IPsec tunnel. This replaces the source address with the IP address of the firewall that is used to reach the RADIUS server. This is configured from the shell, see knowledge base article 122999.
Secondary RADIUS server
A backup RADIUS server for enterprise authentication when the firewall can’t access the primary RADIUS server.
Sophos APX series, AP10, AP30, AP50, and Wi-Fi enabled devices can access only the primary RADIUS server.