General questions wrt. Sophos XG125 AP100 AP100C

Hello everyone,

I have an old XG125 (not sure about the revision) that is still running the Sophos SW 19, because 20 does not support the access points I have (2x AP100 and 2x AP100C). I am considering switching to OpenWrt. The functions I need are:

  • Wireless management, support the AP, multiple AP for the same SSID, multiple SSID with different rules
  • If possible: vouchers for guest access to Internet
  • Support for multiple WAN with automatic fail-over
  • Zone management and firewall between them
  • Nice-to-have: additional security features (web filters…)

Would OpenWrt be able to do that?

According to the following thread, I can flash my AP100(C) access points:

My questions:

  • Do I have to flash the AP, or could OpenWrt on the XG125 deal with the Sophos software?
  • The Sophos software on the XG125 manages the AP centrally. Is it also supported by OpenWrt, or do I have to configure each AP?
  • Maybe it is the wrong forum, but I am also asking myself pfSense would be an option and what the pros and cons would be?

Thanks!

If it's an eight-port device with all eight ports in a single row, that's rev 1 or 2, which are virtually identical (except 1 has a hard drive, and 2, a SATA SSD). If it's a nine-port device with eight Ethernet ports in a 4x2 matrix and a single SFP port, it's a rev 3. Also, there should be a sticker on the bottom... :crazy_face:

Yes, you do. Moreover, this will require a TFTP server. To flash an AP 100, you will also need a console cable. To flash an AP 100C, you will instead need a UART cable and a Phillips screwdriver (you will have to take the AP's system board out of its case to expose the UART pins).

You have to configure each AP separately. OpenWrt proper has no central management of any kind. There's a product called OpenWISP, which provides central management functionality, but you would still need to do the initial installation (and then installation of the OpenWISP agent) on-device. From there on, you can manage the device from your OpenWISP server. Also, OpenWISP is deployed using Ansible, which, unless your name is Jeff Geerling, is a chore...

Yes, pfSense is absolutely an option on the XG 125, and so are OPNsense and VyOS. Pros and cons... it's really about the finer points of your use case. OpenWrt is much more lightweight, but the XG 125 has more than enough hardware muscle to run any of the systems I mentioned. In terms of basic networking performance, you really won't see any major differences on this hardware.

Where you will see a difference is in availability of third-party extensions. If you need them. Which I have no way of knowing... :crazy_face:

1 Like

Great, thanks for this very helpful answer!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.