Configure a wireless network

To turn on wireless protection, add a wireless network and an access point on Sophos Firewall.

Introduction

Do the following to configure a wireless network on Sophos Firewall:

• Assign an IP address to your access point. You must make sure your access point is assigned an IP address through DHCP.
• Turn on wireless protection.
• Add a wireless network.
• Add an access point.
• Assign a wireless network to the access point.

Assign an IP address to your access point

You must make sure your access point has an IP address. You can't use a static address.

1. Assign an IP address to the access point using DHCP. Use one of the following methods:

   • Use the DHCP server on your network.
   • Set up a DHCP server on your Sophos Firewall. See Configure Sophos Firewall as a DHCP server.

Turn on wireless protection

To turn on wireless protection, do as follows:

1. Go to Wireless > Wireless settings and make sure Enable wireless protection is turned on. (It's turned on by default).
2. In the Allowed zone section, add the network zones used to connect the access points. You can add the following zones: DMZ, LAN, and Wi-Fi.

3. Under Time-out (in minutes), enter a time-out value.

   The access point becomes inactive when the time-out is reached.

4. Click Apply.

The following image shows example wireless settings:

Add a wireless network

To add a wireless network, do as follows:

1. Go to Wireless > Wireless networks and click Add.

2. Enter a name. You can change this name later.

   Maximum number of characters: 58

   The subsystems will show the customizable name and not the hardware name of the interface.

3. Enter a hardware name for the interface. You can't change this name later.

   Maximum number of characters: 10

   Allowed characters: (A-Za-z0-9_)

4. Enter the Service Set Identifier (SSID).

   The SSID is a unique identifier attached to the header of packets sent over a wireless local area network. It identifies the wireless network to users. The SSID can consist of 1-32 ASCII printable characters.

5. Select a security mode.

   We recommend you use the WPA2 mode. The firewall supports IEEE 802.11r on networks that are secured with WPA2.

   Note

   If you're using enterprise authentication, you must configure a RADIUS server. Use the wireless network name as the NAS ID.

6. Enter a passphrase to protect the wireless network from unauthorized access, and re-enter the passphrase to confirm.

7. In the Client traffic section, select a method that'll determine how the wireless network integrates with your local network.
8. Click Save.

The following image shows example wireless network settings:

When you save your settings, your new wireless network appears.

Add an access point

To add an access point, do as follows:

1. Go to Wireless > Access points.

   You can see the list of active, inactive, and pending access points. Unauthorized access points connected to Sophos Firewall show in the pending access points section.

2. Click the check mark to authorize your access point.

   

   The authorized access point shows under Active/inactive access points as Active.

Assign a wireless network to the access point

To assign a wireless network, do as follows:

1. Go to Wireless > Access points.
2. Click the active access point link or click Edit under the Manage column to assign a wireless network to the access point. This opens a window where you can add and edit access point details and assign a wireless network to the access point.
3. Select the country where the access point is located.
4. Select the wireless network that you want to assign to the access point.
5. Click Save.

The following image shows example access point settings.

More resources

• How to troubleshoot Sophos Access Points
• ASCII printable characters
• sophos.com/get-started-ap