Sophos Central Wireless: APX Advanced Settings


I am Doug from the product team here at
Sophos and today we are going to be looking at some of the advanced SSID
settings for the Sophos wireless apx access point
we’re here in Sophos Central Wireless on the dashboard and under manage
protection we’ve clicked on the SS IDs link and then in the sub menu here we’re
gonna click advanced settings and as you can see we have a handful of options so
let’s take a closer look at those now in the security tab here the first option
is to enable Sophos synchronize security which is a great set of intelligence and
remediation features to be using if you’ve got multiple sillas products
we’ve also got the option to hide the SSID from broadcasting prevent direct
communication between clients and some basic Mac filtering settings next in the
client connection tab we’ll specify which type of network we want to provide
to users at local area network or LAN which is selected by default
pretty straightforward for the majority of use cases VLAN lets you bridge client
traffic into a specified virtual local area network if you’ve got a radius
server there’s an option for that available with encryption mode wpa wpa2
enterprise it separates users without having multiple SS IDs users will be
tagged to a VLAN provided by a radius server but traffic goes as untagged if
the radius server does not provide VLAN and you can set up a guest network from
here which grants users only access to the internet but not the rest of the
network the network availability tab lets you specify whether the network is
available around the clock or only between times you specify this could be
helpful if you have a business it’s only open certain hours and you don’t want
the network to be used on nights and weekends and then we’ve got a handful of
quality of service settings here multicast a unicast conversion is great
when you’ve only got a limited number of devices connecting to your access point
and these devices are generally used to stream media the proxy ARP setting is
useful if you’ve got hosts on different networks and you want them to be able to
connect without having to use subnet masking fast roaming is helpful if
you’ve got multiple access points with the same SSID and you’ve got machines
using W pa2 encryption and enterprise
credentials to connect keep broadcasting let’s the access point continue to work
normally during the rare case of not being able to reconnect to Scylla
central after a reboot so if you’ve made changes to the API itself a central
reboot it and it doesn’t connect it’ll use the previous settings and finally
band steering attempts to connect compatible devices to the five gigahertz
band to improve their wireless connections and can also identify
devices only compatible with the 2.4 gigahertz band and prevent them from
trying to negotiate a 5 gigahertz connection in the future the captive
portal section lets you set your access point up as a public hotspot you can
provide a page title welcome text in terms of service here you can also
define authentication methods and which URL to redirect users to after they’ve
authenticated so as we’re going through all these steps we can see them here in
the right-hand column this is helpful to get a good overview of what we’ve chosen
so far and of course once we’re ready we’ll just click the blue Save button up
in the corner here

Leave a Reply

Your email address will not be published. Required fields are marked *