On the Wireless Protection > Global Settings > Advanced tab you can configure your access points to use WPAClosed Wi-Fi Protected Access/WPA2 enterprise authentication and to specify the notification delay of offline access points.

Enterprise Authentication

For enterprise authentication, you need to provide some information of your RADIUS server. Note that the APs do not communicate with the RADIUS server for authentication but only Sophos UTM. Port 414 is used for the RADIUS communication between Sophos UTM and the APs.

Select the requested RADIUS server from the drop-down list. Servers can be added and configured on Definitions & Users > Authentication Services > Servers.

Note – When your RADIUS server is connected to Sophos UTM via an IPsec tunnel, you have to configure an additional SNAT rule to ensure that the communication works correctly. On the Network Protection > NAT > NAT tab, add the following SNAT rule: For traffic from the APs' network(s), using service RADIUS, and going to the RADIUS server, replace the source address with the IP address of Sophos UTM used to reach the RADIUS server.

Click Apply to save your settings.

Notification Timeout

If an access point is offline you get a notification. With the notification timeout you can configure a timeout for the notification. This means, if you set the delay for example to 2 minutes the notification will be sent if the access point is offline for at least 2 minutes. The notification timeout requires an integer. The default timeout is 5 minutes.

To set the notification timeout, proceed as follows:

  1. Enter the timeout in minutes.
  2. Click Apply.

    Your settings will be saved.