Skip to content

Mesh networks

A mesh network is a network topology in which each node relays data for the network, extending over a large area. In a mesh network, access points can act as root or as mesh nodes. You can set up a mesh network as a wireless repeater or as a wireless bridge.

Repeater configuration

When an access point starts, it attempts to connect to the firewall through a wired LAN connection. If it can do so, it assumes the role of the root access point. If it can't, it assumes the role of a mesh access point and joins the network as an endpoint computer. Mesh access points broadcast the SSID from the root access point.

Network diagram: Root and mesh access points in repeater configuration.

Bridge configuration

In a bridge configuration, you use a mesh network as a wireless connection between two Ethernet networks. To establish a wireless bridge, you connect the second Ethernet segment to the Ethernet interface of the mesh access point.

Network diagram: Wireless bridge configuration.

General settings


Unique ID for the mesh network. Access points look for others advertising the same mesh ID.

Frequency band

Band on which the mesh network operates.

Access points

Access points to include in the mesh network.

Things to know about mesh networks

  • You can create a mesh network only with Sophos access points.
  • For setting up a mesh network, you must create a new SSID.
  • You can have only one mesh SSID.
  • At least one access point must have a LAN connection.
  • Mesh access points must be on the same channel.
  • Don't use dynamic channel selection since channels of access points may differ after a restart.
  • A mesh network may need up to five minutes after configuration to be available.
  • There's no automatic takeover of the root access point. You need to restart one of the mesh access points.
  • You can create mesh networks only between access points of the same series. For example, APX access points can only create a mesh network with other APX access points.
  • For APX access points, there's no need to specify the mesh role. If the mesh-enabled SSID is pushed to two APXs, the one with the existing Ethernet connection to the Sophos Firewall becomes the root access point. Once the mesh-enabled SSIDs are pushed to the APXs, it’s advisable to restart them.
  • You can only set up a mesh network using access points with VLANs assigned if the VLANs don't use a Bridge to VLAN configuration.

More resources