Skip to content
Last update: 2022-03-11

Add a mesh network

A mesh network generates a WPA2-Personal network with a randomly generated passphrase. This passphrase is shared among all access points that are configured to broadcast the mesh ID.

  1. Connect all access points that you want to deploy in the mesh network to the firewall using a wired LAN connection.


    Don't use dynamic channel selection since channels of access points may differ after a restart.


    To maximize network efficiency, set user SSIDs to 5 GHz and mesh SSID to 2.4 GHz.

  2. Go to Wireless > Access points and accept any pending access points that you want to deploy.

  3. Go to Wireless > Mesh networks and click Add.
  4. Type a mesh ID and select a frequency band.
  5. Click Add Add button, select an access point, and specify a role.


    You must designate at least one access point as root. You can select either Sophos access points or Sophos APX series access points.


    You cannot create a mesh network between Sophos access points and Sophos APX series access points. Also, you cannot create a mesh network in Sophos APX series access points if both radios are using the 5 GHz band.


    You don’t need to specify a mesh network role for Sophos APX series access points.

  6. Add more access points as required.

  7. Click Save.
  8. Disconnect the mesh access points from the LAN and place them in the intended location.
  9. Restart the access points and wait five minutes. The mesh network is available after a few minutes. It is not visible to end users.

Common scenarios for troubleshooting:

  • If Enable mesh mode is not shown, create a new SSID.
  • If the mesh network is not visible to end users, create a separate SSID and add the same access points to the mesh network.

Next: To turn off the mesh network, delete the SSID.

Back to top