Configure a wireless network
To turn on wireless protection, add a wireless network and an access point on Sophos Firewall.
Introduction
Do the following to configure a wireless network on Sophos Firewall:
- Assign an IP address to your access point. You must make sure your access point is assigned an IP address through DHCP.
- Turn on wireless protection.
- Add a wireless network.
- Add an access point.
- Assign a wireless network to the access point.
Assign an IP address to your access point
You must make sure your access point has an IP address. You can't use a static address.
-
Assign an IP address to the access point using DHCP. Use one of the following methods:
- Use the DHCP server on your network.
- Set up a DHCP server on your Sophos Firewall. See Configure Sophos Firewall as a DHCP server.
Turn on wireless protection
To turn on wireless protection, do as follows:
- Go to Wireless > Wireless settings and make sure Enable wireless protection is turned on. (It's turned on by default).
- In the Allowed zone section, add the network zones used to connect the access points. You can add the following zones: DMZ, LAN, and Wi-Fi.
-
Under Time-out (in minutes), enter a time-out value.
The access point becomes inactive when the time-out is reached.
-
Click Apply.
The following image shows example wireless settings:
Add a wireless network
To add a wireless network, do as follows:
- Go to Wireless > Wireless networks and click Add.
-
Enter a name. You can change this name later.
Maximum number of characters: 58
The subsystems will show the customizable name and not the hardware name of the interface.
-
Enter a hardware name for the interface. You can't change this name later.
Maximum number of characters: 10
Allowed characters: (A-Za-z0-9_)
-
Enter the Service Set Identifier (SSID).
The SSID is a unique identifier attached to the header of packets sent over a wireless local area network. It identifies the wireless network to users. The SSID can consist of 1-32 ASCII printable characters.
-
Select a security mode.
We recommend you use the WPA2 mode. The firewall supports IEEE 802.11r on networks that are secured with WPA2.
Note
If you're using enterprise authentication, you must configure a RADIUS server. Use the wireless network name as the NAS ID.
-
Enter a passphrase to protect the wireless network from unauthorized access, and re-enter the passphrase to confirm.
- In the Client traffic section, select a method that'll determine how the wireless network integrates with your local network.
- Click Save.
The following image shows example wireless network settings:
When you save your settings, your new wireless network appears.
Add an access point
To add an access point, do as follows:
-
Go to Wireless > Access points.
You can see the list of active, inactive, and pending access points. Unauthorized access points connected to Sophos Firewall show in the pending access points section.
-
Click the check mark to authorize your access point.
The authorized access point shows under Active/inactive access points as Active.
Assign a wireless network to the access point
To assign a wireless network, do as follows:
- Go to Wireless > Access points.
- Click the active access point link or click Edit under the Manage column to assign a wireless network to the access point. This opens a window where you can add and edit access point details and assign a wireless network to the access point.
- Select the country where the access point is located.
- Select the wireless network that you want to assign to the access point.
- Click Save.
The following image shows example access point settings.
More resources