About AP Device Passphrases

Each WatchGuard AP device has a passphrase that is used for management connections to the device. There are two passphrase settings in the Gateway Wireless Controller: the Pairing Passphrase (Fireware v11.11.1 and lower) and the WatchGuard AP Passphrase.

Pairing Passphrase (Fireware v11.11.1 and lower)

In Fireware v11.11.1 and lower, the Pairing Passphrase is used for the initial pairing of the AP device with your Firebox. The Pairing Passphrase set on the Gateway Wireless Controller must match the passphrase set on the AP device. By default, the passphrase on an unpaired AP device is wgwap.

In Fireware v11.11.2 and higher, the pairing passphrase is not required.

In the Gateway Wireless Controller, you must type the Pairing Passphrase:

  • When you click Pair to pair an unpaired AP device to a Firebox.
  • When you click Add to manually add an AP device configuration to the Firebox.

Unless you have connected to the AP device with the Access Point web UI and changed the AP device passphrase, the Pairing Passphrase is always the AP default passphrase, wgwap. If you changed the passphrase on the AP device, type that passphrase in the Pairing Passphrase dialog box when you pair the device.

If you type the wrong Pairing Passphrase when you try to pair the AP device and pairing fails, you can change the Pairing Passphrase in the AP device settings. For more information, see Configure AP Device Settings.

WatchGuard AP Passphrase

The WatchGuard AP passphrase is used for management connections to a WatchGuard AP device after it has been paired with a Firebox. The Gateway Wireless Controller on the Firebox uses the WatchGuard AP Passphrase when it connects to any paired AP device. The WatchGuard AP passphrase is also the passphrase you use to log into the Access Point web UI of a paired AP device.

When you enable the Gateway Wireless Controller on the Firebox, you set the WatchGuard AP passphrase. You can also change this passphrase in the Gateway Wireless Controller Settings dialog box. For more information, see Configure Gateway Wireless Controller Settings.

Passphrases and Pairing

Although you configure two passphrases in the Gateway Wireless Controller settings, you use only one passphrase for the AP device. The passphrase you use depends on the state of the AP device.

  • For an unpaired AP device, use the default passphrase, wgwap, unless you change it in the Access Point web UI.
  • For a paired AP device, use the WatchGuard AP passphrase that you configured in the Gateway Wireless Controller settings.

When you first pair an AP device with a Firebox in Fireware v11.11.1 and lower, the Firebox uses the Pairing Passphrase to log in to the AP device. When the Firebox sends the AP device configuration to the paired AP device, it changes the passphrase on the AP device from the Pairing Passphrase to the WatchGuard AP passphrase configured in the Gateway Wireless Controller settings.

In Fireware v11.11.2 and higher, the pairing passphrase is not required.

When you unpair an AP device from a Firebox, the Firebox resets the AP device to the factory default settings. This changes the passphrase on the AP device to the default AP passphrase, wgwap.

When the Gateway Wireless Controller connects to a paired AP device, it can use one of these passphrases to log in. This makes the communication between the two devices more resilient, and allows the AP device to automatically pair with the Firebox if the AP device is reset.

  1. By default, the Gateway Wireless Controller uses the WatchGuard AP passphrase to log in to the AP device.
  2. If it cannot successfully log in with the WatchGuard AP passphrase, it tries the passphrase used for the last successful connection to this AP device.
  3. If it cannot successfully log in with the last used passphrase, it tries to log in with the Pairing Passphrase (Fireware 11.11.1 and lower).

If the Firebox uses anything other than the WatchGuard AP passphrase to log in, it resets the passphrase on the AP device to the WatchGuard AP passphrase. If the Firebox cannot log in to a paired AP device, the AP device status displays Authenticating and not Online.

Resolve a Passphrase Mismatch

In Firebox System Manager, the status of the AP device appears in the Gateway Wireless Controller tab .

In Fireware Web UI, the status of the AP device appears in the Dashboard > Gateway Wireless Controller page.

If the AP device status is Authenticating, and does not change to Online, the passphrase in the Gateway Wireless Controller settings may not match the passphrase on the AP device.

In Fireware 11.11.1 and lower, to resolve a passphrase mismatch, if you know the passphrase on the AP device, change the Pairing Passphrase in the AP device configuration on the Gateway Wireless Controller. For more information, see Configure AP Device Settings.

If you do not know the passphrase on the AP device, to resolve a passphrase mismatch:

  1. If the device is paired in the Gateway Access Controller, remove it from the list of paired AP devices.
    For more information, see Unpair an AP Device.
  2. Press the reset button on the AP device to reset it to factory default settings.
    For more information, see Reset the WatchGuard AP Device.
  3. Discover and pair the AP device again. Use the default Pairing Passphrase, wgwap.
    For more information, see WatchGuard AP Device Discovery and Pairing.

See Also

WatchGuard AP Device Discovery and Pairing

Unpair an AP Device

Give Us Feedback     Get Support     All Product Documentation     Technical Search