Configuring VLAN between Sophos Firewall and UniFi is essential for proper network segmentation.
In this step-by-step guide, you’ll learn how to set up VLANs correctly without causing network issues.
We cover VLAN interfaces, tagging, and UniFi switch configuration.
This setup is commonly used in enterprise and SMB environments.
Proper VLAN configuration improves security and traffic management.
You’ll also learn common mistakes when integrating Sophos with UniFi.
The tutorial is suitable for beginners and network administrators.
Follow this demo to build a clean and scalable VLAN architecture.

Requirement: Divide the network into VLANs for guests or specific departments to control internet access, SMB access, etc.

Lab: The AP is connected to a switch, and the switch is connected to a Sophos firewall. A regular switch will work.

This model is suitable for small to medium-sized companies, cafes, etc.

1. Configuration on the Firewall (Sophos)

Step 1: Create a zone

Step 2: Add Interface-VLAN

Example: Using VLAN 10 (192.168.10.0/24)
Go to Configure  Network

Change the zone to GUEST (created above)

Step 3: Enable DHCP

Step 4: Create a rule for the VLAN to use the internet

2. Configuration on the AP

In this demo, I’m using a Unifi AP

Step 1: Create a guest network

Step 2: Create a guest Wi-Fi network

Step 3: Assign the guest network to the guest Wi-Fi network