Sophos Ap30

Posted : admin On 16.08.2021
  1. Sophos Access Point
  2. Sophos Ap30 Reset
  3. Sophos Ap30 Rev 2

I am a big fan of home network security. As the father of three kids and the one in charge of the network at home, I am constantly worried about online safety. Over the years I have tried many different security solutions and am now running Sophos XG at home. Sophos is one piece of my home setup, and you can see more of my setup here.

  1. All models are available for cloud-management in Sophos Central. Indoor models can also be managed on-premises via XG Firewall and SG UTM. The Sophos APX Series is a growing portfolio of access points with 802.11ac Wave 2 technology.
  2. Note Sophos APX series, AP10, AP30, AP50, and Wi-Fi enabled devices can access only the primary RADIUS server. Related information Authenticate branch office users with head-office AD server.

A few years back, I got tired of the constant reboots I was having to do to my consumer router. It seemed that if I didn’t reboot it every few days to a week, it would cause my network to become laggy. I had the problem in varying forms and severity across several routers. Adobe bridge cc for mac. I decided to switch to Ubiquiti equipment, and ran that up until this year. I used an EdgeRouter Lite as my main router and a UniFi UAP-LR as my access point. This was a great combination for many years. I also used Open DNS as a content filter for many years to help the inside to outside security.

AP30 Scope of supply Mounting instructions The Sophos AP30 can be mounted on the ceiling. Screws are included in delivery. Use the screws from the scope of supply or screws whose dimensions correspond with the mounting holes in the bracket. Remove the bracket from the housing Unlock the bracket on the backside by turning it (approx.

Although the EdgeRouter was a great router/firewall and OpenDNS a great filter, I really wanted the filter on the local network. The more network between my users and the equipment protecting them, the more vulnerable the protection is. With OpenDNS, there was a lot of network in between, most of which was out of my control. I read about hardware/software firewalls like pfSense, Sophos and Untangle and was really interested in using them as a solution. After looking into the available options, I wound up choosing Sophos XG as my firewall. There really isn’t a well defined reason I chose it, as all three options are really solid.

Having picked up an old Dell Poweredge 1950 III a few years back, I wanted to stay with rack mount type equipment for my network stuff. I wound up grabbing a Roswell brand 2U case and a Lenovo ThinkCentre with a core i5-2500 3.3GHz processor and 4GB of ram. I pulled the hardware out of the ThinkCentre and put it in the 2U case. 4GB is the Sophos home user (free for home users) RAM cap, so the ThinkCentre’s hardware worked out perfectly.

Once configured, I have a pretty robust bit of security all contained right here at home. Although my past Ubiquiti AP was awesome, I wanted the extra control and features available to the firewall that come from using a Sophos AP. I am using a Sophos AP55C 802.11 a/b/g/n/ac and a Sophos AP30 802.11 b/g/n to run three SSIDS. The first SSID is WPA2 enterprise encrypted, RADIUS authenticated using the wonderful software, FreeRADIUS. The second SSID is for my dumb devices that can’t authenticate via RADIUS. It is WPA2 encrypted and whitelist MAC address filtered. The third and final SSID is completely open! *GASP* Ok, it isn’t exactly open. It is configured as a hotspot and requires a randomly generated, time expiring voucher key to access. It is also isolated from the rest of the network on its own VLAN/subnet.

All in all, I am pretty happy with my current setup. I have good security, good filtering, all while still getting full internet speed from my provider. I am sure that in time, something new will come along and I will change it all again. Hopefully, that isn’t anytime soon!

Use these settings to enable wireless protection, to set notification time-out, and to configure a RADIUS server for enterprise authentication.

AP firmware

If access point firmware is not installed, click the link to download and install.

Global settings

Enable wireless protection
Scan all traffic on the specified zones for threats and malware.
Allowed zone
Network zones that permit access point connectivity. You can deploy access points on the specified zones.

Advanced settings

The time, in minutes, between when an access point goes offline and when the firewall sends a time-out notification. After the specified time, the access point will be considered inactive.
RADIUS server
RADIUS server to use for enterprise authentication. Access points communicate with the firewall, not the RADIUS server, for authentication. Port 414 is used for RADIUS communication between the firewall and access points. Access points send accounting information on port 417 to the firewall. The firewall then forwards the information on the configured accounting port 1813 to the RADIUS server. Interim accounting updates are not supported. Accounting Request or Accounting Response contains accounting-related information. It is separate from access request, response, or challenge.
You must set up the wireless network with 802.1x authentication.
You must enable accounting for your RADIUS server. RADIUS accounting is supported on AP15, AP15C, AP55, AP55C, AP100, AP100C, AP100X, and Wi-Fi enabled devices.
You must add a network address translation policy for the access point networks when the RADIUS server is connected to the firewall through an IPsec tunnel. This replaces the source address with the IP address of the firewall that is used to reach the RADIUS server.

Sophos Access Point

Note RADIUS SSO is not supported in wireless enterprise authentication.

Sophos Ap30 Reset

Secondary RADIUS server
A backup RADIUS server for enterprise authentication when the firewall can’t access the primary RADIUS server.

Sophos Ap30 Rev 2

Note Sophos APX series, AP10, AP30, AP50, and Wi-Fi enabled devices can access only the primary RADIUS server.