Set up new WLAN (SSID) for guest network on UniFi Controller
In many environments it makes sense to offer a separate guest network. This allows visitors or external service providers to access the internet safely without exposing the internal company network. This article shows how to create a new SSID on a UniFi Controller and assign it to an already configured VLAN, for example a guest VLAN.
Requirements
- UniFi Controller with access to the web interface.
- Already configured VLAN (configure VLAN on Sophos Firewall and UniFi Switch).
- VLAN ID and the corresponding firewall rules are configured.
Create a new SSID for the guest network
Open UniFi Controller
- Sign in to the UniFi Controller.
- Open Settings in the left menu.
Open WiFi settings
- Select WiFi in the left area.
- Check the overview of existing wireless networks (SSIDs).
Create new SSID
- Click Create New.
- Enter a name for the network, for example GUEST.
- Set a password that guests should use. Make sure it is sufficiently complex.

Assign VLAN
- In the settings under Network, define the previously created VLAN.
- Select the VLAN created for the guest network, for example WLAN Guest.

Advanced settings (optional)
- Under Advanced, configure additional options such as Guest Portal, Hotspot 2.0, Captive Portal or Bandwidth Limits.
- If required, enable Guest Policies to secure the network further, for example by isolating clients from each other.
Save and apply
- Finally click Add WiFi Network to create the new SSID.
- After a short time, the guest WLAN should be visible.
Check the configuration
- Connection test: Connect to the new WLAN and check whether a correct IP address from the guest VLAN is assigned, provided DHCP is already configured.
- Firewall rules: Check on the Sophos Firewall or gateway firewall whether the matching rules apply.
- Client isolation: Make sure guests can only access the internet and cannot reach other VLANs or internal devices.