Our APX Series access points are custom-built to offer optimal performance and increased throughput at load. These models are enabled with Security Heartbeat™, offering integration with Sophos Mobile and Sophos Endpoint to protect your Wi-Fi networks. 2x2, 3x3 and 4x4 models available with 802.11ac Wave 2 technology.
Customer's Please Note: A Wireless Protection subscription is required for all Sophos Access Points
3x3 MIMO, internal antennas. Includes mounting bracket for wall and 15/16', 9/16', 3/8' ceiling T-bar. No power adapter/PoE Injector, 16.7W max. power consumption. 5-Year warranty, no extended warranty available.
List Price:
Add to Cart to see sale price!
Optional mounting kits are available for the indoor APX 320, APX 530, and APX 740 for flat-ceiling, plenum, or suspend mount. Check with your local Sophos partner for further details and pricing. Antenna Options for APX 320X. Get Fast Service and Low Prices on Sophos Inc A530TCHNF Sophos APX 530 Access Point (FCC) plain, no Power Adapter/PoE Injector Related Products and Over 500,000 Other Products at Provantage.
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
Overview:
Sophos APX Series
Currently available for management in Sophos Central.
The Sophos APX Series is a growing portfolio of Synchronized Security ready access points. With 802.11ac Wave 2 technology, they are custom-built for increased throughput at load and better performance and security.
APX Series – Product Benefits
- Security Heartbeat™ ready to connect with other Sophos Central managed products
- Significant performance improvement over legacy 802.11 Wave 1 models
- Optimized for both wall- and ceiling-mount
- 5-year warranty as standard, Advance Replacement RMA included in subscription
APX 740 – our flagship 4x4:4 product for high-density, high-capacity environments
APX 530 – high-performance 3x3:3 access point for typical office environments of all sizes
APX 320 – 2x2:2 access point, dual 5 GHz capable, ideal in high-density school environments or small retail scenarios
Highlights
- Managed from Sophos Central
- Superior visibility into wireless health
- Simple deployment and administration
- Synchronized Security-ready
- Enhanced security with rogue AP detection
- Multi-site management and cloud scalability
Features:
The smarter way to simple, secure Wi-Fi
Sophos Wireless provides an easy, effective way to manage and secure your wireless networks. You can use it on its own or as part of your Sophos Central portfolio of cloud-managed security solutions.
Manage all your security on a single platform
Sophos Central is a highly scalable management platform which gives you a single pane of glass for all of your cloud-managed security solutions. Using Sophos Central, you can manage Sophos Wireless on its own, or alongside your Endpoint, Mobile, Email, Encryption and Server Protection.
Superior visibility into wireless health
The Sophos Wireless dashboard puts all the key information about the health of your wireless networks and connecting clients directly at your fingertips. Not only can you see if there are potential threats you need to deal with, such as rogue APs, but you can also quickly identify clients with compliance or connectivity issues.
Simple deployment and administration
Using the step-by-step guidance in our on-boarding wizard, creating networks, registering one or more access points, and adding sites is child’s play. Our solution is built to be simple to use, even for non-wireless experts, but that doesn’t mean you forfeit functionality. Schedule firmware upgrades to keep your network up to date and benefit from new features and enhancements in every release.
Intelligence connected with Security Heartbeat™
When using our Security Heartbeat™ enabled APX Series access points, you can monitor the health status of any Sophos Central-managed endpoint or mobile device and so automatically restrict web access on trusted Wi-Fi networks. Users with serious compliance issues see a splash screen to alert them to their walled garden status but receive full connectivity again, once health is restored.
Security enhanced for your trusted Wi-Fi networks
Our Enhanced Rogue AP Detection classifies neighboring Wi-Fi networks to identify threats and prevent attempts to infiltrate an organization via Wi-Fi.
Additionally, you can keep your networks secure by providing controlled internet access and hotspots for visitors, contractors, and other guests on your network. Use enterprise-grade backend authentication for a seamless user experience.
Multi-site management and cloud scalability
Whether you have just one growing network, or multiple sites, extending your Wi-Fi is as simple as adding an additional access point.
Sophos APX Series Access Points – at a glance
The Sophos APX Series is a growing portfolio of Security Heartbeat-enabled access points. With 802.11ac Wave 2 technology, they are custom-built for increased throughput at load and better performance and security.
Unboxing Video:
Unboxing the Sophos APX Series Access Points
Join us as we unbox one of our brand new Sophos APX Series access points. The APX Series is a growing portfolio of Synchronized Security ready access points. With 802.11ac Wave 2 technology, they are custom-built for increased throughput at load and better performance and security. Oh, and they look GREAT.
Specifications:
APX 320 | APX 530 | APX 740 | |
---|---|---|---|
802.11ac Wave 2 | |||
Management | Sophos Central XG Firewall planned for late 2018 | Sophos Central XG Firewall planned for late 2018 | Sophos Central XG Firewall planned for late 2018 |
Deployment * | Indoor; desktop, wall, or ceiling mount | Indoor; desktop, wall, or ceiling mount | Indoor; desktop, wall, or ceiling mount |
WLAN Standards | 802.11a/b/g/n/ac | 802.11a/b/g/n/ac | 802.11a/b/g/n/ac |
Radios | 1x 2.4 GHz / 5 GHz dual-band 1x 5 GHz single band 1x Bluetooth low energy (BLE) | 1x 2.4 GHz single band 1x 5 GHz single band 1x Bluetooth low energy (BLE) | 1x 2.4 GHz single band 1x 5 GHz single band 1x Bluetooth low energy (BLE) |
Antennas | 2x internal dual-band antenna for Radio-1 2x internal 5 GHz antenna for Radio-2 1x internal 2.4 GHz antenna for BLE | 3x internal 2.4 GHz antenna for Radio-1 3x internal 5 GHz antenna for Radio-2 1x internal 2.4 GHz antenna for BLE | 4x internal 2.4 GHz antenna for Radio-1 4x internal 5 GHz antenna for Radio-2 1x internal 2.4 GHz antenna for BLE |
Performance | 2x2:2 MU-MIMO | 3x3:3 MU-MIMO | 4x4:4 MU-MIMO |
Interfaces | 1x RJ45 connector console serial port 1x RJ45 10/100/1000 Ethernet w/PoE | 1x RJ45 connector console serial port 1x RJ45 10/100/1000 Ethernet port 1x RJ45 10/100/1000 Ethernet w/PoE | 1x RJ45 connector console serial port 1x RJ45 10/100/1000 Ethernet port 1x RJ45 10/100/1000 Ethernet w/PoE |
Power (Max.) | 11.5 W | 16.7 W | 22.4 W |
Power-over-Ethernet (Min.) | PoE 802.3af | PoE+ 802.3at | PoE+ 802.3at |
Dimensions | 155x155x38 mm | 183x183x39 mm | 195x195x43 mm |
Weight | 0.474 kg | 0.922kg | 1.012 kg |
Certifications ** | CB, UL, CE, FCC, IC, RCM | CB, UL, CE, FCC, IC, RCM | CB, UL, CE, FCC, IC, RCM |
Compliance | All APX models have a plenum-rating and comply with EN 60601-1-2 | ||
Warranty | All APX models have a standard 5-year warranty included in the purchase price | ||
Support | A Central Wireless Standard Subscription for APX includes Enhanced Support with Advance Replacement RMA |
* A bracket for wall- and/or 15/16', 9/16', 3/8' T-bar ceiling-mount is included with every APX. Further mounting kits will be available for purchase in the near future.** Further certifications for some models are currently in progress, e.g. MIC for Japan and Anatel for Brazil. APX models are not sold in China, Taiwan and Malaysia at this time.
Documentation:
Download the Sophos APX Series Access Points Data Sheet (PDF).
Pricing Notes:
- Customer's Please Note: A Wireless Protection subscription is required for all Sophos Access Points
- Pricing and product availability subject to change without notice.
- Management in Sophos Central only. XG Firewall support planned for late 2018.
3x3 MIMO, internal antennas. Includes mounting bracket for wall and 15/16', 9/16', 3/8' ceiling T-bar. No power adapter/PoE Injector, 16.7W max. power consumption. 5-Year warranty, no extended warranty available.
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
Sophos Apx 530 Driver
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
List Price:
Add to Cart to see sale price!
Configure security, backend authentication, client connection, quality of service (QoS), network availability, and captive portal.
Go to Wireless > SSIDs and click Advanced Settings.
Security
Define settings to make your network more secure.
Synchronized Security: Enable to ensure that clients with Sophos Endpoint Protection and Sophos Mobile Protection can communicate with Sophos Central Wireless access points. If Synchronized Security is enabled on both Sophos XG Firewall and Sophos Central Wireless, the settings on Sophos XG Firewall take precedence.
To use this feature, you need to have an Endpoint Advanced Protection license for your endpoints. For mobile protection, go to Mobile > Set up > System setup > Network Access Control, and select Sophos Wireless.
Security Heartbeat green: Indicates that the endpoint is healthy and all traffic is allowed.
Security Heartbeat yellow: Indicates that a potentially unwanted application (PUA) or inactive malware has been detected. All traffic is allowed.
Security Heartbeat red: Indicates that active malware or ransomware has been detected or the access point is unable to receive Security Heartbeat messages from the endpoint’s Sophos Endpoint Services. The access point blocks all internet traffic. Only traffic from the secured browsing environment (walled garden or safe URLs list) is allowed.
Sophos Mobile (UEM): Turned on by default. Allows heartbeat information to be sent from Sophos managed mobile devices. You can also manage policies for these devices in Sophos Central.
Sophos Central Endpoint Protection: Turn on if you want to manage endpoint policies in Sophos Central. Alternatively you can manage endpoint policies in XG Firewall.
Restrict SSID to Sophos Managed Devices: When an unmanaged device connects to the SSID, after authentication, we determine that the device is unmanaged and display a landing page, which you have to configure. The device is put behind a walled garden. The behavior of this device is similar to having a red security heartbeat status. The device is allowed to access only Sophos websites or those URLs and IPs that are on the allowed list.
A managed device is a mobile or endpoint device protected by Sophos.
When you enable this option the landing page configuration is shown. Enter the following information:
- Page Title
- Welcome Text
- Message to appear
- Company logo
Allowed domains: Enter domains here that you still want clients to access, along with any .sophos.com domains, when they have a red Synchronized Security status. These domains will also be accessible by unmanaged devices if you have turned on Restrict SSID to Sophos Managed Devices. Both IP addresses and domain names are supported.
Hidden SSID: Hides the SSID for network scans. When hidden, the SSID is still available and you need to know the SSID name for a direct connection. Even if an SSID is hidden, you can assign the SSID to an access point.
Client isolation: Blocks communication between clients within the same radio frequency. This is useful in a guest or hotspot network.
MAC Filtering: Provides minimal security by restricting Media Access Control (MAC) address connections.
- None: No restriction on MAC addresses.
- Blocked List: All MAC addresses are allowed except those that you enter here.
- Allowed List: All MAC addresses are prohibited except those that you enter here.
Client Connection
LAN: Bridges a wireless network onto the network of an access point. The wireless clients share the same IP address range.
VLAN: Directs the client traffic to specific VLANs. The uplink switch must be configured to accept VLAN packets.
RADIUS VLAN Assignment: Separates users without having multiple SSIDs. Available with encryption mode WPA/WPA2 Enterprise.
Users will be tagged to a VLAN provided by a RADIUS server. Traffic is untagged if the RADIUS server does not provide VLAN.
Enable Guest Network: Enables a guest network. A guest network provides an isolated network for the clients with some traffic restrictions. Access points can have one guest network at a given time. The following modes are available:
Bridge Mode: Uses the DHCP server from the same subnet.
It filters all traffic and only allows communication to the gateway, DNS server, and external networks. You can add a guest network to an environment without VLAN and still have an isolation. As the DHCP server is still on your network, roaming between access points will work.
NAT Mode: Uses the on-board DHCP server on the access point. This provides local isolated IPs to the guest network clients. Clients are unaware of the internal IP scheme.
In NAT mode, a DNS server is optional for a client address. If a DNS address is not assigned to the client by the DNS server, they will be assigned the same DNS address as of the access point.
Bridge mode has a higher throughput, whereas NAT mode has more isolation.
Network Availability
Define SSIDs which are only available for a certain time of a day or certain days in a week. The SSIDs are not visible in the meantime.
Always: Select to make SSID available at all times.
Scheduled: Select the weekdays and timeframes for the network to be available.
Quality of Service
Configure settings to optimize your network.
Multicast to unicast conversion: Optimizes the multicast packets to unicast packets. The access point converts multicast packets to unicast packets individually for each client based on the Internet Group Management Protocol (IGMP).
It works best when fewer clients are connected to one access point.
Sophos Apx 530 Price
The conversion to unicast is preferred for media streaming as it can operate at higher throughput rates.
Proxy ARP: Enables the access point to answer Address Resolution Protocol (ARP) requests intended for the connected wireless clients.
Fast roaming: Optimizes the roaming times when switching between different access points. SSIDs with WPA2 encryption use the IEEE 802.11r standard to reduce roaming times (with enterprise authentification). It applies when the same SSID is assigned to different access points. Clients also need to support the IEEE 802.11r standard.
Keep broadcasting: Ensures that the access point keeps broadcasting when it is not able to re-connect to Sophos Central after a restart. If this is turned on, clients will still be able to connect to the access point and (or) to the internet and the access point works with its old configuration.
Band Steering: Distributes clients based on the load on two radio bands and the client's capability between the 2.4 GHz and 5 GHz bands. Dual-band capable wireless clients will be routed to 5 GHz, if possible, to improve the client experience. This is done by rejecting the initial association request sent by the client in the 2.4 GHz band. This will cause a dual-band client to then attempt to negotiate at 5 GHz. If it does not associate in the 5 GHz band, it will be marked as “steering unfriendly” and will not be routed again. If a client is too far away from the access point, routing will not be attempted. This prevents routing clients to 5 GHz when the range is usually less than in the 2.4 GHz band. Band Steering is done on a per access point level and will affect all SSIDs on that access point.
Captive Portal
Activate and configure a hotspot.
Enable hotspot: Turns the SSID into a hotspot. This allows cafés, hotels, or companies to provide time and traffic restricted internet access to guests.
Page Title: You can define a title for the landing page. It is visible to the users when they accept terms of service.
Welcome Text: You can define welcome text for the landing page.
Terms of Service: Users have to accept the terms of service before authentication.
Backend Authentication: With this authentication type, users can authenticate via Remote Authentication Dial-In User Service (RADIUS).
Password schedule: You can create a new password automatically on a fixed schedule. If the schedule is set to weekly or monthly, you can also select a weekday or week. The old password expires when the scheduled time is reached and current sessions are cut off. The new password is sent as a notification to the specified email addresses.
Voucher: With this hotspot type, vouchers with time limitations can be generated, printed, and given to customers. After entering the code, users can directly access the internet.
Social Login: You can allow your users to authenticate using their social media accounts. You can let them use their Facebook or Google accounts. To set up Google authentication, go to the Google Developer Console and get the Client ID and Secret for Google. Enter this information here. To set up Facebook authentication, go to Facebook Developer Account and get the Application ID and Secret for Facebook. Enter this information here.
To retrieve the Google client ID from the Google developer console you will need to do as follows:
Sophos Apx 530 Indoor Access Point
- Create a new project.
- Go to the OAuth Consent screen and enter the application name. You can enter anything in this field. Then enter the authorized domain, which has to be 'myapsophos.com'.
- Go to credentials > create credentials > OAuth client ID.
- Choose application type as web application.
- Under the restrictions, enter the authorized javascript origins and authorized redirect URIs as given below.
Authorized JavaScript origins: https://www.myapsophos.com:8443
Authorized redirect URIs: https://www.myapsophos.com:8443/hotspot.cgi
Session Timeout: Restricts the users internet access time.
Re-Login Timeout: Enabling this will prevent the user from re-logging into the network for 24 hours from the time of initial connection to social login.
Sophos Apx 320
Redirect URL: You can define the URL to which users will be redirected from the landing page. Users can be redirected to the default website of the mobile device or a specific website of your choice. For example, your company page.