Skip to content

Wireless networks

A wireless network provides common connection settings for wireless clients. These settings include SSID, security mode, and the method for handling client traffic.

Sophos Firewall's WiFi interface shows the unplugged status until you connect and add a wireless network to an access point.

When you add a wireless network to an access point, you define the method of integrating traffic on the wireless network into your local network.

Name Description
Separate zone The wireless network is handled as a separate network with the specified IP address range. Use this option to configure firewall rules for the specified SSIDs.All traffic from a separate zone network is sent to Sophos Firewall using the Virtual Extensible LAN (VXLAN) protocol. VXLAN is a virtual tunnel that encapsulates layer 2 Ethernet frames within layer 3 IP packets.
Encapsulation lowers the available MTU size. Lower MTU results in higher fragmentation and may slow the traffic at times. To prevent this issue, you can do one of the following:
  • Use Bridge to AP LAN or Bridge to VLAN.
  • If you must use a separate zone, lower the MTU value on users' endpoint devices.
Bridge to AP LAN The wireless network is bridged into the network of the selected access point. Clients share the IP address range of the access point.
Bridge to VLAN The wireless network is bridged into a VLAN. Use this method when you want access points to be in a common network that's separate from the wireless clients.

General settings

Client traffic

Method for integrating traffic on the wireless network into your local network.

Encryption

Encryption algorithm to use for network traffic. We recommend you use AES.

Time-based access

Allow access to the wireless network according to the specified schedule.

Client isolation

Prevent traffic among wireless clients that connect to the same SSID on the same radio. You use this setting typically on guest networks.

Hide SSID

Don't show the wireless network SSID.

Fast transition

Force wireless networks to use the IEEE 802.11r standard.

MAC filtering

Allow or block clients from connecting to the wireless network based on their MAC addresses.

More resources