AP55 won't connect to Central through XGS (SFOS 19.0.1 MR-1-Build365) cause of TLS Handshake Failure

Do you have Wireless Protection enabled on that XGS-system? You should disable XGS-Wireless when using Sophos Central Wireless, both won't work togehter in the same network.

Wireless Protection is disabled

Do you have the transparent webproxy in place?

No, no web-policies in any fw-rule active

(We are migrating from UTM to xg and at the moment there is no user active, so no actual web-surfing ;)

I was talking about the Proxy, which is configured under "Protect / Web / General settings"

Thanks for that point

We got them running - Problem was the FQDN-Configuration (allowing the APs to reach Central) - only some of them can be defined with wildcards (e.g.: *.prod.hydra.sophos.com works, but *.sophos.com won't work for wifilogs.sophos.com)

[FQDNS following this article Sophos Central Wireless: Network requirements]

Problem solved ;-)

Thanks for that point

We got them running - Problem was the FQDN-Configuration (allowing the APs to reach Central) - only some of them can be defined with wildcards (e.g.: *.prod.hydra.sophos.com works, but *.sophos.com won't work for wifilogs.sophos.com)

[FQDNS following this article Sophos Central Wireless: Network requirements]

Problem solved ;-)

thanks for posting the solution.

I can confirm it happens from time to time, that Sophos' own FQDN hosts stop working and you need to allow the full FQDN (if possible) or move some sub-domain levels up - like going from *.sophos.com to *.prod.hydra.sophos.com.

community.sophos.com/.../central-accesspoints-offline-due-to-prod-hydra-sophos-com-fqdn-host-issue-since-18-5-mr4-and-also-in-19-0-mr1