Sophos Wireless: Cloud-based centralized WLAN management
Setting up a wireless network with Sophos has always been a very convenient thing! Thanks to centralized management, wireless networks were quickly created and new access points set up in no time at all. To take advantage of Sophos’s wireless capabilities, you had 4 options so far:
- Sophos SG Appliance (UTM operating system) + wireless protection + Sophos Access Point
- Sophos XG appliance (Sophos Firewall OS) + Sophos access point
- Sophos UTM operating system with its own hardware or virtualized + wireless protection + Sophos Access Point
- Sophos Firewall OS with your own hardware or virtualized + Sophos Access Point
A fifth possibility has been added. Wireless Protection has now been integrated into Sophos Central under the product name “Sophos Wireless”. As a result, except for the access points, no additional hardware is required and central management takes place in Sophos Central. Nothing new in itself, such solutions are known from Aruba or Aerohive, for example. “Sophos Wireless” can therefore be used completely independently of all other products. In the future, one Internet connection, one Sophos Access Point and one Sophos Central Account will be sufficient for the central management of wireless networks and access points.
In this blog post, we take a closer look at “Sophos Wireless”. We also look at the cost issue and compare the licensing model of Sophos Wireless with that of Wireless Protection on an SG or XG appliance.
What features does Sophos Wireless offer?
“Sophos Wireless” is currently a very new product (summer 2016 v1.0). However, as described in the introduction, “Sophos Wireless” is the “Wireless Protection” for Sophos Central. So you can use it to manage your Sophos access points, configure them, install firmware updates and much more.
It is planned that all Wireless Protection features will be included in Sophos Wireless. At the moment there are still a few features missing, but according to the roadmap they will be delivered by the end of 2016. According to Sophos, these are:
- improved roaming
- time-based SSIDs
- dynamic VLAN
- MAC addresses as access control for the clients
- Isolate Clients
- Background/Dynamic Channel Selection
What makes Sophos Wireless interesting?
Many people wonder why they should manage their access points with Sophos Central when they already have an SG or XG appliance with wireless protection. In this case, “Sophos Wireless” is probably less interesting. However, if you don’t need a Sophos Firewall or are using a different product for this purpose, you can benefit from Sophos’s wireless features completely independently.
Another advantage of Sophos Wireless is that the number of access points can be easily scaled. For example, while you can’t connect 50 APs to an SG 125, there are no limits with Sophos Wireless. So if a small Sophos appliance is sufficient, but a relatively large number of APs are required, then Sophos Wireless may be better suited for you.
All you need to get started with “Sophos Wireless” is access to Sophos Central, formerly Sophos Cloud and a Sophos Access Point where the latest firmware must be installed. The following models are supported:
The packaging and access points themselves should be labelled “Sophos Central Ready” in the future. If you have an access point from the above list that does not have a Sophos Central Ready label, this is no big deal. As mentioned above, the prerequisite is that you have the latest firmware on it, otherwise it will not be detected. To give the access point the latest firmware, proceed as follows:
- You need a UTM with the firmware 9.4 (no matter if box or VM)
- Activate wireless (here you need the license, bought or 30 days for free)
- Configure a simple wireless network
- Connect the access point to UTM and wait until it is displayed
- Accept AP and add it to the wireless network
- Wait until the AP is displayed as “active”. Do not disconnect the AP from the power supply! Patience…
- The AP is now ready for “Sophos Central Wireless” with the current firmware. The settings on the UTM can be removed.
Update: This process can of course also be done with the XG firewall, where you don’t even have to have a wireless license, as it’s already included for free with SFOS.
Sophos Wireless licensing model
So far, “Sophos Wireless” makes quite a decent impression. But I haven’t told you anything about the licensing model yet. So watch out, what comes now is unbelievable!
While an SG Appliance with UTM operating system requires a license for the “Wireless Protection”, the XG Appliance with the new “Sophos Firewall OS” comes with the wireless function for free. With both variants, as many APs can be connected until the appliance reaches its performance limits.
Sophos Wireless, on the other hand, requires that each AP connected be licensed individually! For example, while a Sophos XG 210 can cost one time for hardware (~1500 CHF) and easily manage 20 APs, Sophos Wireless costs
~55 CHF/year per AP15 and
~110 CHF/year per AP55 or AP100. Now everyone can calculate for themselves which variant is worthwhile.
Try Sophos Wireless now!
If you do not yet have a Sophos Central account, you can check the Sophos website create one and test all features, including Sophos Wireless free for 30 days.
If you already have a Sophos Central account and the 30-day trial period has expired, you can order a license for Sophos Wireless from our shop:
Overall, “Sophos Wireless” made a very good impression in my test! Setting up an access point is as simple and self-explanatory as usual. The interface looks very clear and tidy. The only thing that doesn’t convince me is the license model. Personally, I don’t think it’s very cheap and if you consider that an advanced version with security features is to be released at the end of 2016, you’ll probably have to pay even more per access point. So if you’re planning a wireless project in the near future, let’s talk about it and figure out which version makes the most sense for your requirements.