Skip to content

Deploy a wireless network as a bridge to an access point LAN

You want wireless clients to use the same address range as an access point LAN.


When you complete this unit, you'll know how to do the following:

  • Create a wireless network to be bridged into an access point LAN
  • Ensure that blocked devices cannot access the network.
  • Assign the network to an access point.
  • Create a bridge interface.

Create a wireless network as a bridge to AP LAN

  1. Go to Wireless > Wireless networks and click Add.
  2. Specify the settings.

    Option Description
    Name Bridge
    SSID Bridge
    Security mode WPA2 Personal
    Client traffic Bridge to AP LAN
  3. Type a password and confirm.

  4. Click Advanced settings and specify settings.

    Option Description
    MAC filtering Blacklist
    MAC list Bad hosts

The firewall contains a defined wireless network and a corresponding virtual interface. Blocked devices cannot access the network.

Add a wireless network to an access point

  1. Go to Wireless > Access points, and click an active access point. If you don't have any active access points, follow the optional steps below.
  2. Select the zone in which your access points are connected.
  3. Approve the pending access point.
  4. Click the active access point.
  5. Select the country where the access point is located.
  6. In the wireless networks list, click Add new item and select the requested network.

The network is now deployed.

Create a bridge interface

You only need to create a bridge interface when using the built-in access point on a wireless Sophos Firewall. It's not required when using a separate access point, for example, an APX 320.

  1. Go to Network > Interface.
  2. Click Add interface and select Add bridge.
  3. Specify the following settings.

    Option Description
    Name Bridge interface
    Interface Port1 > LAN
    Interface Port2 > WiFi
    Start IP <IP address>
    End IP <IP address>
    Subnet mask /24 (
    Domain name
    Gateway Use interface IP as gateway

Clients who access the guest network will now be allocated an IP address from the range specified.