Skip to content


Configure and manage access points, wireless networks, and connected devices.

Go to My Products > Wireless to configure and manage Sophos Wireless.


Don't disconnect your access point from the power outlet when the lights blink rapidly. This means that a firmware update is in progress.

This video explains how to plan and set up your wireless network.

Domain requirements

You must allow the following domains in your firewall so access points can communicate with Sophos Central, update the time, and log wireless events:

Connection Domain or IP address
Sophos Central

Remote login and logging

Firmware upgrade

Network Time Protocol (NTP) for time synchronization
Synchronized Security with TCP port 8347

Network requirements

Access points must be able to communicate with Sophos Central. You must ensure your network meets the following requirements:

  • You must have DHCP and DNS servers to provide an IP address to the access point and answer its DNS requests (IPv4 only).
  • Access points can reach Sophos Central without requiring a VLAN to be configured on the access point for this connection.
  • There's no HTTPS proxy on the communication path.


For remote support, allow outbound SSH connections on port 22.

VLAN requirements

You must add the proper VLANs in the trunk port of the wired switch. The access point always communicates over untagged VLAN. Make sure the native or management VLAN is untagged in the wired switch.