Sophos Ap30

Posted on  by admin
  1. You can flash AP30 with the available Sophos flash tool. Please refer to, https://community.sophos.com/kb/en-us/118843.
  2. Sophos ap30 ieee 802.11n 300 mbps wireless access point - ism band: Avl: RFQ: A30ZTCHUS: networking and communication: astaro ap30 ieee 802.11n 300 mbps wireless access point - ism band: Avl: RFQ: A30ZTCHUS B: networking: sophos ap 30 access point with poe injector & us power cord: Avl: RFQ: A50ZTCHEU: networking and communication.
  3. The Fritzbox now only serves as an 'empty shell'. Then I defined DHCP and set up masquerading so that my network has access to the internet. Later, I switched on the firewall and intrusion prevention in the UTM. Next week I will try to install a Sophos AP30. Is this initial setup OK? Is it safe from outside threats?

I am a big fan of home network security. As the father of three kids and the one in charge of the network at home, I am constantly worried about online safety. Over the years I have tried many different security solutions and am now running Sophos XG at home. Sophos is one piece of my home setup, and you can see more of my setup here.

Brand: SOPHOS, model: AP30, Firewall Throughput: 300 Mbps, VPN Throughput: 300 Mbps, Connectivity: Wireless - Wi-Fi 802.11b. SOPHOS AP30 Point Description. Due to growth of the school enrollment we switched another brand firewall and access points. We used these access points to provide wireless network at a school campus.

A few years back, I got tired of the constant reboots I was having to do to my consumer router. It seemed that if I didn’t reboot it every few days to a week, it would cause my network to become laggy. I had the problem in varying forms and severity across several routers. I decided to switch to Ubiquiti equipment, and ran that up until this year. I used an EdgeRouter Lite as my main router and a UniFi UAP-LR as my access point. This was a great combination for many years. I also used Open DNS as a content filter for many years to help the inside to outside security.

Although the EdgeRouter was a great router/firewall and OpenDNS a great filter, I really wanted the filter on the local network. The more network between my users and the equipment protecting them, the more vulnerable the protection is. With OpenDNS, there was a lot of network in between, most of which was out of my control. I read about hardware/software firewalls like pfSense, Sophos and Untangle and was really interested in using them as a solution. After looking into the available options, I wound up choosing Sophos XG as my firewall. There really isn’t a well defined reason I chose it, as all three options are really solid.

Having picked up an old Dell Poweredge 1950 III a few years back, I wanted to stay with rack mount type equipment for my network stuff. I wound up grabbing a Roswell brand 2U case and a Lenovo ThinkCentre with a core i5-2500 3.3GHz processor and 4GB of ram. I pulled the hardware out of the ThinkCentre and put it in the 2U case. 4GB is the Sophos home user (free for home users) RAM cap, so the ThinkCentre’s hardware worked out perfectly.

Ap30

Sophos Ap30 Firmware

Once configured, I have a pretty robust bit of security all contained right here at home. Although my past Ubiquiti AP was awesome, I wanted the extra control and features available to the firewall that come from using a Sophos AP. I am using a Sophos AP55C 802.11 a/b/g/n/ac and a Sophos AP30 802.11 b/g/n to run three SSIDS. The first SSID is WPA2 enterprise encrypted, RADIUS authenticated using the wonderful software, FreeRADIUS. The second SSID is for my dumb devices that can’t authenticate via RADIUS. It is WPA2 encrypted and whitelist MAC address filtered. The third and final SSID is completely open! *GASP* Ok, it isn’t exactly open. It is configured as a hotspot and requires a randomly generated, time expiring voucher key to access. It is also isolated from the rest of the network on its own VLAN/subnet.

All in all, I am pretty happy with my current setup. I have good security, good filtering, all while still getting full internet speed from my provider. I am sure that in time, something new will come along and I will change it all again. Hopefully, that isn’t anytime soon!

Use these settings to enable wireless protection, to set notification time-out, and to configure a RADIUS server for enterprise authentication.

AP firmware

Sophos

If access point firmware is not installed, click the link to download and install.

Sophos

Global settings

Enable wireless protection
Scan all traffic on the specified zones for threats and malware.
Allowed zone
Network zones that permit access point connectivity. You can deploy access points on the specified zones.

Sophos Ap30 Rev 2

Advanced settings

Timeout
The time, in minutes, between when an access point goes offline and when the firewall sends a time-out notification. After the specified time, the access point will be considered inactive.
Sophos ap

Sophos Ap

RADIUS server
RADIUS server to use for enterprise authentication. Access points communicate with the firewall, not the RADIUS server, for authentication. Port 414 is used for RADIUS communication between the firewall and access points. Access points send accounting information on port 417 to the firewall. The firewall then forwards the information on the configured accounting port 1813 to the RADIUS server. Interim accounting updates are not supported. Accounting Request or Accounting Response contains accounting-related information. It is separate from access request, response, or challenge.
You must set up the wireless network with 802.1x authentication.
You must enable accounting for your RADIUS server. RADIUS accounting is supported on AP15, AP15C, AP55, AP55C, AP100, AP100C, AP100X, and Wi-Fi enabled devices.

Sophos Ap30 Reset

You must add a network address translation policy for the access point networks when the RADIUS server is connected to the firewall through an IPsec tunnel. This replaces the source address with the IP address of the firewall that is used to reach the RADIUS server.
Note RADIUS SSO is not supported in wireless enterprise authentication.
Secondary RADIUS server
A backup RADIUS server for enterprise authentication when the firewall can’t access the primary RADIUS server.

Sophos Ap30 Manual

Note Sophos APX series, AP10, AP30, AP50, and Wi-Fi enabled devices can access only the primary RADIUS server.