[PacketFence-users] PacketFence -SophosUG

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello PacketFence community,

We are preparing for a PacketFence NAC deployment and we want to confirm
compatibility and set realistic expectations.

Do you have experience running PacketFence with the Sophos devices listed
below? If yes, which NAC functions work well, and which ones have limits?

Network equipment in scope

   -

   Firewalls: Sophos XGS2100, Sophos XGS107W
   -

   Switches: Sophos CS110-48FP, Sophos CS110-24FP
   -

   Access Points: Sophos APX320
   -

   Also present in the environment: Cisco Catalyst 3750, Cisco 2911

What we want to achieve

   -

   Wired and wireless access control (802.1X and/or MAB)
   -

   Guest captive portal
   -

   BYOD onboarding portal
   -

   Device identification and profiling
   -

   Dynamic enforcement (VLAN assignment, re-auth, quarantine, ACL options)
   -

   Posture and compliance checks (if feasible)

Questions for the community

   1.

   Compatibility and real-world behavior

   -

   Does PacketFence integrate cleanly with Sophos CS110 switches and Sophos
   APX320 for NAC workflows?
   -

   Which features work reliably with Sophos in production: 802.1X, MAB,
   RADIUS accounting, CoA, dynamic VLAN changes, ACL enforcement?
   -

   Are there any known limitations or special configuration steps for
   Sophos XGS firewalls in a PacketFence deployment?

   2.

   Profiling and enforcement approach

   -

   What profiling sources work best in this Sophos environment (SNMP, DHCP
   fingerprinting, RADIUS, Nmap, MAC OUI)?
   -

   What enforcement pattern works best: VLANs, quarantine VLAN, switch
   ACLs, firewall policy, or a hybrid approach?

   3.

   Posture and compliance checks

   -

   Are posture checks practical with PacketFence in this setup?
   -

   If yes, what approach works: agent-based checks, MDM integration, or EDR
   integration?
   -

   What checks are realistic to promise to stakeholders?

What we are doing on our side

   -

   We will run PacketFence in a lab to test these use cases and share
   internal results.
   -

   We are preparing a customer expectations checklist and a technical
   proposal listing what is feasible and what needs other tools.

Any deployment notes, sample configs, or lessons learned for Sophos CS110
and APX320 integrations would help us a lot.