Skip to content
Last update: 2021-10-21

Create a wireless network as a separate zone

Create a separate zone wireless network to separate LAN and wireless traffic. The wireless network exists on its own subnet. Sophos Firewall provides DHCP and DNS.

All IP details provided below are examples. Make sure you use the IP address range that corresponds to the network you're configuring.

  1. Go to Wireless > Wireless settings.
  2. Click the On/Off switch to turn wireless protection on.
  3. In the list of allowed zones, click Add new item, and select the check box for the zone your access points are connected to. For example, the LAN zone.
  4. Click Apply selected items.

    Select allowed zone

  5. Go to Wireless > Wireless networks and click Add.

  6. Specify the settings.

    Option Description
    Name Guest
    SSID Guest
    Security mode WPA2 Personal
    Client traffic Separate zone
    Zone Wi-Fi
    IP address 192.0.2.1
    Netmask /24 (255.255.255.0)
  7. Type a password. Enter the password again to confirm it.

    The screenshot below shows an example of the general settings.

    Separate zone general settings example.

  8. Click Save.

  9. Go to Network > DHCP.
  10. Under Server, click Add.
  11. Specify the settings.

    Option Description
    Name Guest DHCP
    Interface Guest
    Start IP 192.0.2.2
    End IP 192.0.2.255
    Subnet mask /24 (255.255.255.0)
    Domain name guest.example.com
    Gateway Use interface IP as gateway
    Default lease time 1440
    Max lease time 2880
    Conflict detection Enable
    DNS server Use the DNS settings of Sophos Firewall

    The screenshot below shows an example DHCP configuration.

    Example DHCP configuration.

  12. Click Save.

  13. Go to Wireless > Access points, and click an active access point. If you don't have any active access points, follow the optional steps below.
  14. Select the zone in which your access points are connected.
  15. Approve the pending access point.
  16. Click the active access point.
  17. Select the country where the access point is located.
  18. In the wireless networks list, click Add new item and select the requested network.
  19. Click Save.
  20. Go to Rules and policies > Firewall rules.
  21. Click Add firewall rule then New firewall rule.
  22. Specify the following settings:

    • Source zone: WiFi
    • Source networks: Any
    • Destination zones: WAN
    • Destination networks: Any
    • Services: Any
    • Action: Accept

    The screenshot below shows an example firewall rule.

    Example firewall rule.

  23. Click Save.

Back to top