Contents

Related Topics

About AP Device Passphrases

The WatchGuard AP passphrase is used for management connections to a WatchGuard AP device after it has been paired with a Firebox. The Gateway Wireless Controller on the Firebox uses the WatchGuard AP Passphrase when it connects to any paired AP device. The WatchGuard AP passphrase is also the passphrase you use to log into the Access Point web UI (AP100/102, AP200, AP300) of a paired AP device.

When you enable the Gateway Wireless Controller on the Firebox, you manually set the WatchGuard AP passphrase.

To improve the security and management of AP passphrases, the Gateway Wireless Controller can automatically create and manage unique, random passphrases for each AP device. The automatically generated passphrase only changes if the AP device is reset to factory default settings.

Automatically generated AP passphrases cannot be restored. If data is lost on the Firebox that manages your AP devices, you might lose access to your AP devices. Automatic passphrase management is not supported for FireClusters and are disabled by default on cluster members.

You can change the manual passphrase or enable automatic passphrase management in the Gateway Wireless Controller Settings dialog box. For more information, see Configure Gateway Wireless Controller Settings.

Pairing Passphrase

(Fireware v11.11.1 and lower)

In Fireware v11.11.1 and lower, the Pairing Passphrase is used for the initial pairing of the AP device with your Firebox. The Pairing Passphrase set on the Gateway Wireless Controller must be the same as the passphrase set on the AP device. By default, the passphrase on an unpaired AP device is wgwap.

In Fireware v11.11.2 and higher, the Pairing Passphrase is not required.

In the Gateway Wireless Controller, you must type the Pairing Passphrase when you click:

  • Pair to pair an unpaired AP device to a Firebox.
  • Add to manually add an AP device configuration to the Firebox.

Unless you have connected to the AP device with the Access Point web UI and changed the AP device passphrase, the Pairing Passphrase is always the default AP passphrase, wgwap. If you changed the passphrase on the AP device, type that passphrase in the Pairing Passphrase dialog box when you pair the device.

If you type the wrong Pairing Passphrase when you try to pair the AP device and pairing fails, you can change the Pairing Passphrase in the AP device settings. For more information, see Configure AP Device Settings.

Although you configure two passphrases in the Gateway Wireless Controller settings, you use only one passphrase for the AP device. The passphrase you use depends on the state of the AP device.

  • For an unpaired AP device, use the default AP passphrase, wgwap, unless you change it in the Access Point web UI.
  • For a paired AP device, use the WatchGuard AP passphrase that you configured in the Gateway Wireless Controller settings.

When you first pair an AP device with a Firebox in Fireware v11.11.1 and lower, the Firebox uses the Pairing Passphrase to log in to the AP device. When the Firebox sends the AP device configuration to the paired AP device, it changes the passphrase on the AP device from the Pairing Passphrase to the WatchGuard AP passphrase configured in the Gateway Wireless Controller settings.

When you unpair an AP device from a Firebox, the Firebox resets the AP device to the factory-default settings. This changes the passphrase on the AP device to the default AP passphrase, wgwap.

When the Gateway Wireless Controller connects to a paired AP device, it can use one of these passphrases to log in. This strengthens the communication link between the two devices, and enables the AP device to automatically pair with the Firebox if the AP device is reset.

  1. By default, the Gateway Wireless Controller uses the WatchGuard AP passphrase to log in to the AP device.
  2. If it cannot successfully log in with the WatchGuard AP passphrase, it tries the passphrase used for the last successful connection to this AP device.
  3. If it cannot successfully log in with the last used passphrase, it tries to log in with the Pairing Passphrase (Fireware v11.11.1 and lower).

If the Firebox uses anything other than the WatchGuard AP passphrase to log in, it resets the passphrase on the AP device to the WatchGuard AP passphrase. If the Firebox cannot log in to a paired AP device, the AP device status is Authenticating, not Online.

Resolve a Passphrase Mismatch

In Firebox System Manager, the status of the AP device appears on the Gateway Wireless Controller tab .

In Fireware Web UI, the status of the AP device appears on the Dashboard > Gateway Wireless Controller page.

If the AP device status is Authenticating, and does not change to Online, the passphrase in the Gateway Wireless Controller settings might not be the same as the passphrase on the AP device.

In Fireware 11.11.1 and lower, to resolve a passphrase mismatch, if you know the passphrase on the AP device, change the Pairing Passphrase in the AP device configuration on the Gateway Wireless Controller. For more information, see Configure AP Device Settings.

If you do not know the passphrase on the AP device, to resolve a passphrase mismatch:

  1. If the device is paired in the Gateway Access Controller, delete it from the list of paired AP devices.
    For more information, see Unpair an AP Device.
  2. Press the reset button on the AP device to reset it to factory-default settings.
    For more information, see Reset a WatchGuard AP Device.
  3. Discover and pair the AP device again. Use the default Pairing Passphrase, wgwap.
    For more information, see WatchGuard AP Device Discovery and Pairing.

See Also

WatchGuard AP Device Discovery and Pairing

Unpair an AP Device

Give Us Feedback     Get Support     All Product Documentation     Technical Search