Add a mesh network

A mesh network generates a WPA2-Personal network with a randomly generated passphrase. This passphrase is shared among all access points that are configured to broadcast the mesh ID.

  1. Connect all access points you want to set up in the mesh network to the firewall using a wired LAN connection.


    Don't use dynamic channel selection since channels of access points may differ after a restart.


    To maximize network efficiency, set user SSIDs to 5 GHz and mesh SSID to 2.4 GHz.

  2. Go to Wireless > Access points and accept any pending access points that you want to set up.

  3. Go to Wireless > Mesh networks and click Add.
  4. Type a mesh ID and select a frequency band.
  5. Click Add Add button, select an access point, and specify a role.


    When you use legacy (non-APX) access points, you must designate at least one access point as root. You don't need to do this for APX series access points.


    You can't create a mesh network between Sophos access points (non-APX) and Sophos APX series access points. Also, you can't create a mesh network on Sophos APX series access points if both radios use the 5 GHz band.

  6. Add more access points as required.

  7. Click Save.
  8. Disconnect the mesh access points from the LAN and place them in the intended location.
  9. Restart the access points and wait five minutes. The mesh network is available after a few minutes. It's not visible to end users.

Common scenarios for troubleshooting:

  • If Enable mesh mode isn't shown, create a new SSID.
  • If the mesh network isn't visible to end users, create a separate SSID and add the same access points to the mesh network.

Next: To turn off the mesh network, delete the SSID.