Setting up a wireless network with Sophos has always been a very convenient thing to do! Thanks to centralized management, wireless networks were quickly created and new access points were set up in no time. To be able to use Sophos’s wireless features, you previously had the following 4 options:
- Sophos SG Appliance (UTM operating system) + Wireless Protection + Sophos Access Point
- Sophos XG Appliance (Sophos Firewall OS) + Sophos Access Point
- Sophos UTM operating system with own hardware or virtualized + Wireless Protection + Sophos Access Point
- Sophos Firewall OS with own hardware or virtualized + Sophos Access Point
A fifth option is newly added. Indeed, “Wireless Protection” has now been integrated into Sophos Central under the product name “Sophos Wireless”. This means that, apart from the access points, no additional hardware is required and central management takes place in Sophos Central. Nothing new in itself, we know such solutions from Aruba or Aerohive, for example. “Sophos Wireless” can therefore be used completely independently of all other products. In the future, all that will be needed for central management of wireless networks and access points will be Internet access, a Sophos access point and a Sophos central account.
In this blog post, we’ll take a closer look at “Sophos Wireless”. In addition, we naturally also ask ourselves the question of cost and compare the licensing model of “Sophos Wireless” versus “Wireless Protection” on an SG or XG appliance.
What features does Sophos Wireless offer?
“Sophos Wireless” is currently still a very new product (Summer 2016 v1.0). However, as described in the introduction, “Sophos Wireless” is, so to speak, the “wireless protection” for Sophos Central. You can use it to manage and configure your Sophos access points, install firmware updates and much more.
It is planned that all the features of “Wireless Protection” will be incorporated into “Sophos Wireless”. At the moment, a few features are still missing, but according to the roadmap, they will be added by the end of 2016. According to Sophos, these are:
- Improved roaming
- time-based SSIDs
- dynamic VLAN
- MAC addresses as access control of the clients
- Isolate clients
- Background/Dynamic Channel Selection
What makes Sophos Wireless interesting?
Of course, many people ask themselves why they should manage their access points via Sophos Central when they already have an SG or XG appliance with wireless protection. In this case, “Sophos Wireless” is probably less interesting. On the other hand, those who do not need a Sophos firewall or use another product for this purpose can benefit from Sophos’s wireless capabilities completely independently.
Another advantage of “Sophos Wireless” is the fact that the number of access points can be scaled very easily. While you can’t connect 50 APs to an SG 125, for example, there are no limits with “Sophos Wireless”. So if a small Sophos appliance would be enough, but you need a relatively large number of APs, you might be better off with “Sophos Wireless”.
All you need to get started with Sophos Wireless is access to Sophos Central, formerly Sophos Cloud, and a Sophos access point with the latest firmware installed. The following models are supported:
In the future, there should be a “Sophos Central Ready” label on the packaging and the access points themselves. If you have an access point from the list above that doesn’t have a “Sophos Central Ready” label, that’s not a big deal at all. As mentioned, the prerequisite is that the latest firmware is installed, otherwise it will not be recognized. To update the access point with the latest firmware, you can proceed as follows:
- You need a UTM with firmware 9.4 (no matter if Box or VM)
- Activate wireless (here you need the license, purchased or 30 days free)
- Configure a simple wireless network
- Connect access point with UTM and wait until it is displayed
- Accept AP and add it to the wireless network
- Wait until the AP is displayed as “active”. Do not disconnect the AP from the power supply! Patience…
- The AP now understands the latest firmware and is therefore ready for “Sophos Central Wireless”. The settings on the UTM can be removed again.
Update: This process can of course also be done with the XG Firewall, where you don’t even need to own a wireless license, as this is already included for free with SFOS.
Sophos Wireless licensing model
Up to this point, “Sophos Wireless” makes quite a decent impression. However, I haven’t told you about the licensing model yet. So watch out, because here comes the hammer!
While an SG appliance with a UTM operating system requires a license for wireless protection, the XG appliance with the new Sophos Firewall OS comes with the wireless function free of charge. With both variants, as many APs can be connected until the appliance reaches its limits in terms of performance.
With “Sophos Wireless”, on the other hand, each AP that is connected must be licensed individually! So, for example, while a Sophos XG 210 has a one-time cost for the hardware (~1500 CHF) and can easily manage 20 APs, “Sophos Wireless” costs ~55 CHF/year per AP15 and ~110 CHF/year per AP55 or AP100. Now everyone can calculate for themselves which variant is worthwhile. 🙂
Try Sophos Wireless now!
If you don’t have a Sophos Central account yet, you can create one on the Sophos website and try all the features, including “Sophos Wireless”, for free for 30 days.
If you already have a Sophos Central account and the 30-day trial period has expired, you can order a license for “Sophos Wireless” in our store:
Overall, “Sophos Wireless” made a very good impression in my test! The setup of an access point is as usual simple and self-explanatory. The interface looks very clear and tidy. Only the licensing model doesn’t really convince me. Personally, I don’t think it’s exactly cheap, and if you consider that an advanced version with security features is supposed to come at the end of 2016, you’ll probably have to pay even more per access point. So if you have a wireless project coming up, let’s talk about it and work out which option makes the most sense for your requirements.