Wireless settings

Use these settings to enable wireless protection, to set notification time-out, and to configure a RADIUS server for enterprise authentication.

AP firmware

If access point firmware is not installed, click the link to download and install.

Global settings

Enable wireless protection
Scan all traffic on the specified zones for threats and malware.
Allowed zone
Network zones that permit access point connectivity. You can deploy access points on the specified zones.

Advanced settings

The time, in minutes, between when an access point goes offline and when the firewall sends a time-out notification. After the specified time, the access point will be considered inactive.
RADIUS server
RADIUS server to use for enterprise authentication. Access points communicate with the firewall, not the RADIUS server, for authentication. Port 414 is used for RADIUS communication between the firewall and access points. Access points send accounting information on port 417 to the firewall. The firewall then forwards the information on the configured accounting port 1813 to the RADIUS server. Interim accounting updates are not supported. Accounting Request or Accounting Response contains accounting-related information. It is separate from access request, response, or challenge.
You must set up the wireless network with 802.1x authentication.
You must enable accounting for your RADIUS server. RADIUS accounting is supported on AP15, AP15C, AP55, AP55C, AP100, AP100C, AP100X, and Wi-Fi enabled devices.
You must add a network address translation policy for the access point networks when the RADIUS server is connected to the firewall through an IPsec tunnel. This replaces the source address with the IP address of the firewall that is used to reach the RADIUS server.
Note RADIUS SSO is not supported in wireless enterprise authentication.
Secondary RADIUS server
A backup RADIUS server for enterprise authentication when the firewall can’t access the primary RADIUS server.
Note Sophos APX series, AP10, AP30, AP50, and Wi-Fi enabled devices can access only the primary RADIUS server.