Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Access point details

Add wireless networks to the access point to provide separate wireless networks for different zones, for example a company network in offices and a guest network in public areas.

You can also use the access point to broadcast a mesh network.

Use these settings to select networks and specify advanced settings, such as channel, transmission power, and VLAN tagging.

  • To add a wireless network to the access point, click Add new item and select a wireless network.
  • To broadcast a mesh network using the access point, click Add Add button., select a network, and specify a role.

Tip

To manage network settings for more than one access point at a time, use access point groups.

Edit access point

ID

Access point ID (serial number).

Label

Label or identifier of the access point on your network.

Country

Country where the access point is located. The country setting determines the available channels.

Restrictions

  • When you use Sophos Firewall with two Wi-Fi cards, built-in or optional, if you change the country on one card, the change is also applied to the second card. The channel is also set to Auto on both cards.
  • If you change the country in the Sophos APX series access point, the channel list shows only the Auto option until you save the settings. To apply the updated country's channel list, you must restart the access point.
  • Radio 0 for APX 320 in Israel supports only 2.4 GHz.

Group

Group to which the access point belongs.

Wireless networks

You can see the wireless networks assigned to the access point.

Click Add new item to select the wireless networks that you want to assign to the access point.

Click edit Edit button. to change the settings of wireless networks assigned to the access point.

Click remove Remove button. to unassign wireless networks from the access point.

Mesh networks

You can see the mesh networks assigned to the access point.

Note

This option will appear only if a mesh network is configured.

Click Search / Add or the add button Add button. to select a mesh network to assign to the access point.

Click remove Remove button. to unassign mesh networks from the access point.

You can create mesh networks only between access points of the same series. For example, APX access points can create a mesh network only with other APX access points.

For APX access points, there's no need to specify the mesh role. If the mesh-enabled SSID is pushed to two APXs, the one with the existing Ethernet connection to the firewall becomes the root AP. We recommend you restart your APX access points once the mesh-enabled SSIDs are pushed to them.

Advanced settings

Bridge to Ethernet

Turn on Bridge to Ethernet to bridge the local wireless access point to Ethernet. The existing DHCP server will be used for the bridge port. If a DHCP server doesn't exist, a new server is automatically created. If you turn it off, the bridge is deleted, and all configurations are restored to the physical interface.

Note

This feature is available only for IPv4 configurations and applicable only for the SSIDs that are of type, Bridge to LAN.

Port to bridge

Select the interface you want to bridge the wireless connection with.

Note

The interface must have an IP address and not belong to the WAN port or any other bridge. Bridging between the VLAN interface and local Wi-Fi isn't allowed.

Zone

Select the zone for the bridge connection. You can't select the WAN zone here.

Channel 2.4 GHz

Select the channel to use for the 2.4 GHz frequency band or select Auto to allow the access point to choose the best channel.

Dyn chan

Turns on or off dynamic channel scanning. This allows the access point to scan the 2.4 GHz frequency band at regular intervals to determine the best channel to use.

Note

Turning Dyn chan on may cause clients to reconnect whenever the channel selection changes.

Time-based scan

Available if Dyn chan is turned on. Allows you to set the time for dynamic channel scanning.

Select scan time

Available if Time-based scan is turned on. Click Add new item and select a scanning time schedule or click Add to create your own.

TX power

Set the power output of the 2.4 GHz wireless radio. Adjusting the power can help with coverage and interference. For example, reducing power output may enhance security and improve performance by reducing access to your signal.

Channel width

Select the channel width for the 2.4 GHz frequency band. If you increase the channel width, throughput increases in low-density wireless environments and decreases in high-density environments.

Default: 20 MHz

Channel 5 GHz

Select the channel to use for the 5 GHz frequency band or select Auto to allow the access point to choose the best channel.

Note

For APX 320, both radios must be on 5 GHz to enlist all available channels.

Dyn chan

Turns on or off dynamic channel scanning. This allows the access point to scan the 5 GHz frequency band at regular intervals to determine the best channel to use.

Note

Turning Dyn chan on may cause clients to reconnect whenever the channel selection changes.

Time-based scan

Available if Dyn chan is turned on. Allows you to set the time for dynamic channel scanning.

Select scan time

Available if Time-based scan is enabled. Click Add new item and select a scanning time schedule or click Add to create your own scan.

TX power 5 GHz

Set the power output of the 5 GHz wireless radio. Adjusting the power can help with coverage and interference. For example, reducing power output may enhance security and improve performance by reducing access to your signal.

Channel width 5 GHz

Select the channel width for band 5 GHz. If you increase the channel width, throughput increases in low-density wireless environments and decreases in high-density environments.

Default: 40 MHz

Turn on Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) prevents bridge loops and the broadcast radiation that results from them. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. It also allows a network design to include redundant links to provide automatic backup paths if an active link fails.

VLAN tagging

Turn VLAN tagging on to tag all access point traffic with the specified VLAN ID.

Restriction

The LocalWiFi0 access point on Sophos Firewall wireless-enabled hardware doesn't support VLAN tagging.

AP VLAN ID

Set the VLAN ID to be used for VLAN tagging.