Skip to content
Avanet
Sophos Wireless – Central WLAN Management from the Cloud

Sophos Wireless – Central WLAN Management from the Cloud

Building a wireless network with Sophos has always been very convenient. Thanks to central management, wireless networks can be set up quickly and new access points deployed in no time. Until now, there have been four options for using the wireless features of Sophos:

  • Sophos SG Appliance (UTM operating system) + Wireless Protection + Sophos Access Point
  • Sophos XG Appliance (Sophos Firewall OS) + Sophos Access Point
  • Sophos UTM operating system on your own hardware or virtualised + Wireless Protection + Sophos Access Point
  • Sophos Firewall OS on your own hardware or virtualised + Sophos Access Point

A fifth option has now been added. “Wireless Protection” has been integrated into Sophos Central under the product name “Sophos Wireless”. This means that, apart from the access points, no additional hardware is required, and central management takes place in Sophos Central. Conceptually, this is nothing new; similar solutions are available from vendors such as Aruba or Aerohive. “Sophos Wireless” can therefore be used completely independently of all other products. In future, all you will need for central management of wireless networks and access points is an Internet connection, a Sophos access point and an Sophos Central account.

In this blog post we’ll take a closer look at “Sophos Wireless”. We’ll also address the cost aspect and compare the licensing model of “Sophos Wireless” with “Wireless Protection” on an SG or XG appliance.

What features does Sophos Wireless offer?

“Sophos Wireless” is currently still a very new product (summer 2016 v1.0). As mentioned in the introduction, “Sophos Wireless” is essentially “Wireless Protection” for Sophos Central. You can use it to manage your Sophos Access Points, configure them, roll out firmware updates, and much more.

Sophos Wireless Central Dashboard

All the functions of “Wireless Protection” are planned to be incorporated into “Sophos Wireless”. At the moment a few features are still missing, but according to the roadmap they should be delivered by the end of 2016. According to Sophos, these include:

  • improved roaming
  • time-based SSIDs
  • dynamic VLANs
  • client access control using MAC addresses
  • client isolation
  • background/dynamic channel selection

What makes Sophos Wireless interesting?

Many users will naturally ask why they should manage their access points via “Sophos Central” if they already use an SG or XG appliance with “Wireless Protection”. In that case, “Sophos Wireless” is probably less attractive. However, if you don’t need a Sophos Firewall, or you are already using a different product for that purpose, you can still benefit from the wireless functionality of Sophos completely independently.

Another advantage of “Sophos Wireless” is how easily you can scale the number of access points. While, for example, you cannot connect 50 APs to an SG 125, “Sophos Wireless” does not impose such limits. If a small Sophos appliance would otherwise be sufficient but you require a relatively large number of APs, “Sophos Wireless” may be the better choice.

Requirements

All you need to get started with “Sophos Wireless” is access to Sophos Central, formerly Sophos Cloud, and an Sophos access point with the latest firmware installed. The following models are supported:

In future, the packaging and the access points themselves should carry a “Sophos Central Ready” label. If you own an access point from the list above that does not have a “Sophos Central Ready” label, that’s not a problem. As mentioned, the only requirement is that the latest firmware is installed; otherwise it won’t be recognised. To update the access point to the latest firmware, proceed as follows:

  1. You need a UTM with firmware 9.4 (hardware or VM; it does not matter).
  2. Enable Wireless (this requires a licence, either purchased or the free 30‑day trial).
  3. Configure a simple wireless network.
  4. Connect the access point to the UTM and wait until it is displayed.
  5. Accept the AP and add it to the wireless network.
  6. Wait until the AP is shown as “active”. Do not power it off. Be patient…
  7. The AP is now running the latest firmware and is therefore ready for “Sophos Central Wireless”. You can then remove the configuration from the UTM.

Update: You can of course also carry out this process with XG Firewall, where you don’t even need a Wireless licence, as it is already included free with SFOS.

Licensing model for Sophos Wireless

So far, “Sophos Wireless” looks quite good. However, the licensing model has not yet been discussed. Pay attention here, because this is where the catch lies.

With an SG appliance running the UTM operating system you need to purchase a licence for “Wireless Protection”, whereas with an XG appliance and the new “Sophos Firewall OS” the wireless functionality is, as is well known, included at no extra cost. With both variants you can connect as many APs as the appliance can handle from a performance perspective.

With “Sophos Wireless”, however, every connected AP must be licensed individually. So while, for example, with an Sophos XG 210 you only have one-off costs for the hardware (~1500 CHF) and can easily manage 20 APs, with “Sophos Wireless” you pay around 55 CHF/year per AP15 and around 110 CHF/year per AP55 or AP100. You can now work out for yourself which option is more cost-effective. 🙂

Try Sophos Wireless now!

If you don’t yet have an Sophos Central account, you can create one on the Sophos website and test all features, including “Sophos Wireless”, free for 30 days.

If you already have an Sophos Central account and your 30‑day trial period has expired, you can order a licence for “Sophos Wireless” from our shop:

Conclusion

Overall, “Sophos Wireless” made a very good impression in my tests. Provisioning an access point is as straightforward and self-explanatory as ever. The interface looks clean and well structured. The only thing I’m not really convinced by is the licensing model. Personally, I don’t find it particularly inexpensive and, given that an Advanced version with security features is expected towards the end of 2016, you will probably have to pay even more per access point. So if you’re planning a wireless project in the near future, let’s discuss it and calculate which option makes the most sense for your requirements.

More information on Sophos Wireless:

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.