On the Wireless Protection > Global Settings > Advanced tab you can configure your access points to use WPA/WPA2 enterprise authentication and to specify the notification delay of offline access points.
For enterprise authentication, you need to provide some information of your RADIUS server. Note that the APs do not communicate with the RADIUS server for authentication but only Sophos UTM on AWS. Port 414 is used for the RADIUS communication between Sophos UTM on AWS and the APs.
Select the requested RADIUS server from the drop-down list. Servers can be added and configured on Definitions & Users > Authentication Services > Servers.
Note – When your RADIUS server is connected to Sophos UTM on AWS via an IPsec tunnel, you have to configure an additional SNAT rule to ensure that the communication works correctly. On the Network Protection > NAT > NAT tab, add the following SNAT rule: For traffic from the APs' network(s), using service RADIUS, and going to the RADIUS server, replace the source address with the IP address of Sophos UTM on AWS used to reach the RADIUS server.
Click Apply to save your settings.
If an access point is offline you get a notification. With the notification timeout you can configure a timeout for the notification. This means, if you set the delay for example to 2 minutes the notification will be sent if the access point is offline for at least 2 minutes. The notification timeout requires an integer. The default timeout is 5 minutes.
To set the notification timeout, proceed as follows:
- Enter the timeout in minutes.
Your settings will be saved.