Access point details
Add wireless networks to the access point to provide separate wireless networks for different zones, for example a company network in offices and a guest network in public areas.
You can also use the access point to broadcast a mesh network.
Use these settings to select networks and specify advanced settings, such as channel, transmission power, and VLAN tagging.
- To add a wireless network to the access point, click Add new item and select a wireless network.
- To broadcast a mesh network using the access point, click Add , select a network, and specify a role.
Tip
To manage network settings for more than one access point at a time, use access point groups.
Edit access point
ID
Access point ID (serial number).
Label
Label or identifier of the access point on your network.
Country
Country where the access point is located. The country setting determines the available channels.
Restrictions
- When you use Sophos Firewall with two Wi-Fi cards, built-in or optional, if you change the country on one card, the change is also applied to the second card. The channel is also set to Auto on both cards.
- If you change the country in the Sophos APX series access point, the channel list shows only the Auto option until you save the settings. To apply the updated country's channel list, you must restart the access point.
- Radio 0 for APX 320 in Israel supports only 2.4 GHz.
Group
Group to which the access point belongs.
Wireless networks
You can see the wireless networks assigned to the access point.
Click Add new item to select the wireless networks that you want to assign to the access point.
Click edit to change the settings of wireless networks assigned to the access point.
Click remove to unassign wireless networks from the access point.
Mesh networks
You can see the mesh networks assigned to the access point.
Note
This option will appear only if a mesh network is configured.
Click Search / Add or the add button to select a mesh network to assign to the access point.
Click remove to unassign mesh networks from the access point.
You can create mesh networks only between access points of the same series. For example, APX access points can create a mesh network only with other APX access points.
For APX access points, there's no need to specify the mesh role. If the mesh-enabled SSID is pushed to two APXs, the one with the existing Ethernet connection to the firewall becomes the root AP. We recommend you restart your APX access points once the mesh-enabled SSIDs are pushed to them.
Advanced settings
Bridge to Ethernet
Turn on Bridge to Ethernet to bridge the local wireless access point to Ethernet. The existing DHCP server will be used for the bridge port. If a DHCP server doesn't exist, a new server is automatically created. If you turn it off, the bridge is deleted, and all configurations are restored to the physical interface.
Note
This feature is available only for IPv4 configurations and applicable only for the SSIDs that are of type, Bridge to LAN.
Port to bridge
Select the interface you want to bridge the wireless connection with.
Note
The interface must have an IP address and not belong to the WAN port or any other bridge. Bridging between the VLAN interface and local Wi-Fi isn't allowed.
Zone
Select the zone for the bridge connection. You can't select the WAN zone here.
Channel 2.4 GHz
Select the channel to use for the 2.4 GHz frequency band or select Auto to allow the access point to choose the best channel.
Dyn chan
Turns on or off dynamic channel scanning. This allows the access point to scan the 2.4 GHz frequency band at regular intervals to determine the best channel to use.
Note
Turning Dyn chan on may cause clients to reconnect whenever the channel selection changes.
Time-based scan
Available if Dyn chan is turned on. Allows you to set the time for dynamic channel scanning.
Select scan time
Available if Time-based scan is turned on. Click Add new item and select a scanning time schedule or click Add to create your own.
TX power
Set the power output of the 2.4 GHz wireless radio. Adjusting the power can help with coverage and interference. For example, reducing power output may enhance security and improve performance by reducing access to your signal.
Channel width
Select the channel width for the 2.4 GHz frequency band. If you increase the channel width, throughput increases in low-density wireless environments and decreases in high-density environments.
Default: 20 MHz
Channel 5 GHz
Select the channel to use for the 5 GHz frequency band or select Auto to allow the access point to choose the best channel.
Note
For APX 320, both radios must be on 5 GHz to enlist all available channels.
Dyn chan
Turns on or off dynamic channel scanning. This allows the access point to scan the 5 GHz frequency band at regular intervals to determine the best channel to use.
Note
Turning Dyn chan on may cause clients to reconnect whenever the channel selection changes.
Time-based scan
Available if Dyn chan is turned on. Allows you to set the time for dynamic channel scanning.
Select scan time
Available if Time-based scan is enabled. Click Add new item and select a scanning time schedule or click Add to create your own scan.
TX power 5 GHz
Set the power output of the 5 GHz wireless radio. Adjusting the power can help with coverage and interference. For example, reducing power output may enhance security and improve performance by reducing access to your signal.
Channel width 5 GHz
Select the channel width for band 5 GHz. If you increase the channel width, throughput increases in low-density wireless environments and decreases in high-density environments.
Default: 40 MHz
Turn on Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP) prevents bridge loops and the broadcast radiation that results from them. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. It also allows a network design to include redundant links to provide automatic backup paths if an active link fails.
VLAN tagging
Turn VLAN tagging on to tag all access point traffic with the specified VLAN ID.
Restriction
The LocalWiFi0 access point on Sophos Firewall wireless-enabled hardware doesn't support VLAN tagging.
AP VLAN ID
Set the VLAN ID to be used for VLAN tagging.