AP Device Deployment with a Single SSID

For basic AP device installation, you can deploy WatchGuard AP devices with a single SSID. In this simple deployment scenario, you do not have to configure VLANs or complex network settings. This example is recommended for small office deployments where the requirement is to add secure, wireless access to an existing LAN.

If your environment is large enough to require more than one AP device for wider wireless coverage, you can assign the same SSID to multiple AP devices. When you assign the same SSID to more than one AP device, the range of that SSID is extended, which enables mobile users to roam from one AP device coverage area to another. For more information, see AP Device Deployment with Simple Roaming.

For wireless networks with a large number of WatchGuard AP devices to deploy that will be assigned the same SSIDs and do not require unique configurations, you can use the Automatic Deployment feature. For more information, see About AP Automatic Deployment.

With this deployment scenario, there are two primary methods you can use to physically connect your WatchGuard AP device to the network:

  • Connect the AP device directly to your Firebox on a Trusted or Optional network interface.

Diagram of an AP device connected directly to an XTM device trusted or optional interface

  • Connect the AP device to a switch that is on a Trusted or Optional network.

Diagram of an AP device connected to a switch connected to the XTM device

AP Deployment and Firebox Policies

Note these policy considerations depending on how you connect your AP devices to the network:

  • If you connect the AP device directly to a Firebox interface, the wireless users do not automatically have access to trusted resources connected to other trusted interfaces. You still need to create policies to allow that traffic because the wireless users are on a separate trusted network. The default policies only allow outbound traffic from trusted networks, but do not allow traffic between devices on different trusted networks.
  • If you connect the AP device to a switch on the trusted network, the wireless users can access other network resources on the network connected to the same interface. You do not need to create additional policies to allow access because the traffic does not go through the Firebox, but you do need to create policies for traffic to any other trusted interface.

Configure a Firebox Interface and Enable DHCP

To connect the AP device directly to a Firebox interface, configure that interface as a Trusted or Optional interface. Enable the DHCP server or DHCP relay on that interface so that the Firebox can automatically assign an IP address to the AP device and to wireless clients.

Add an SSID to the Gateway Wireless Controller

After you have configured the SSIDs, you can pair the AP device with the Firebox, and assign these SSIDs to the radios on the AP device.

See Also

About AP Device Configuration

Configure AP Devices in the Gateway Wireless Controller

Give Us Feedback     Get Support     All Product Documentation     Technical Search