Skip to content

Create a wireless network as a separate zone

Create a separate zone wireless network to separate LAN and wireless traffic. The wireless network exists on its own subnet. Sophos Firewall provides DHCP and DNS.


All IP address details mentioned on this page are examples. Make sure you use the IP address range corresponding to the network you're configuring.

  1. Go to Wireless > Wireless settings.
  2. Click the On/Off switch to turn wireless protection on.
  3. In the list of allowed zones, click Add new item, and select the zone your access points are connected to. For example, the LAN zone.
  4. Click Apply selected items.

    Select allowed zone

  5. Go to Wireless > Wireless networks and click Add.

  6. Specify the settings.

    Option Description
    Name Guest
    SSID Guest
    Security mode WPA2 Personal
    Client traffic Separate zone
    Zone Wi-Fi
    IP address
    Netmask /24 (
  7. Type a password. Enter the password again to confirm it.

    Here's an example of the general settings.

    Separate zone general settings example.

  8. Click Save.

  9. Go to Network > DHCP.
  10. Under Server, click Add.
  11. Specify the settings.

    Option Description
    Name Guest DHCP
    Interface Guest
    Start IP
    End IP
    Subnet mask /24 (
    Domain name
    Gateway Use the interface IP address as the gateway.
    Default lease time 1440
    Max lease time 2880
    Conflict detection Enable
    DNS server Use the DNS settings of Sophos Firewall.

    Here's an example of the DHCP configuration.

    Example DHCP configuration.

  12. Click Save.

  13. Go to Wireless > Access points, and click an active access point. If you don't have any active access points, follow the optional steps below.
  14. Select the zone in which your access points are connected.
  15. Approve the pending access point.
  16. Click the active access point.
  17. Select the country where the access point is located.
  18. In the wireless networks list, click Add new item and select the requested network.
  19. Click Save.
  20. Go to Rules and policies > Firewall rules.
  21. Click Add firewall rule and then click New firewall rule.
  22. Specify the following settings:

    • Source zone: WiFi
    • Source networks: Any
    • Destination zones: WAN
    • Destination networks: Any
    • Services: Any
    • Action: Accept

    Here's an example of a firewall rule.

    Example firewall rule.

  23. Click Save.