This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

register AP55C to Sophos Central behind XGS


I know Managing AP55C on XGS has been disabled but the AP is still supported in Central.

We replaced a SG with XGS. on SG there were 2 APs AP55C.

We removed both APs from SG Firewall, then deleted the unregistered APs there and pulled the AP from Network then.

Then we deployed XGS and wanted to register the AP55C to central.Wireless protection was enabled on XGS on that point.

Initially we could see in Central that the AP received new firmware but since then it fails to register to central.

In tcpdump I can see it is rebooting, trying to connect to

Sometimes I can see 443 HTTPS communication with CNAME

But in central the AP stays at status "Waiting for initial AP connection" and then times out.

That screenshot is from when we put the AP behind XGS

Is there a guide how to move an AP55C to central in SFOS?

This thread was automatically locked due to age.
  • You need to disable Wireless Protection on the XGS, or the XGS will intercept the magic address and it won't get through to Sophos Central.

  • Thanks . I didn't write it but we disabled it already.

    The issue is fixed today. It was a VLAN issue because the switch ports were still with tagged VLAN as from the SG setup. The colleagues changed the switch port to untagged and I was able to bring the AP online into central in 5 minutes. first, it applied a new firmware.

  • Central Wireless Management works on Untagged and can bridge to VLAN or LAN at the same time.

    SFOS/UTM Wireless uses VLAN for everything, if you start to use VLAN. This is actually a limitation, which is not there in Central. 


  • Yes, I already created multiple SSIDs bridging to different VLANs on that AP and it's working.

    The only thing that is now still open is how to get our staff users at the remote location access to the Hotspot Vouchers. I don't want to give them Central Accounts because they would see all the Wireless configuration of our enterprise. It's not compareable to Hotspot vouchers on XG/XGS if you set it up in Central. But that is an other story.