Related Topics

About AP Remote VPN Deployment

You can deploy your AP devices in remote locations using a VPN on the Firebox. This deployment enables the AP device to connect to the Gateway Wireless Controller for remote AP device management and monitoring.

A remote AP device uses Mobile VPN with SSL to connect to the Firebox. This allows the Gateway Wireless Controller to send management traffic to the remote AP device through the VPN tunnel.

You can also enable telecommuter mode for specific SSIDs to bridge SSID traffic over the VPN to the Firebox.

Remote deployment is only supported for AP100, AP102, AP200, and AP300 devices.

AP remote VPN deployment diagram

Diagram of two remote AP devices managed by the Gateway Wireless Controller (GWC) on a Firebox,

Configure AP Remote Deployment

To configure remote deployment, you must:

  • Enable Mobile VPN with SSL and create a VPN user account on the Firebox for a remotely-deployed AP device
  • Download a Mobile VPN profile from the Firebox
  • Enable remote VPN on an AP device
  • Enable telecommuter mode on an SSID

Enable Mobile VPN with SSL

You must enable Mobile VPN with SSL on the Firebox that you want your AP devices to connect to.

For information about how to enable Mobile VPN with SSL and add a VPN user, see Configure the Firebox for Mobile VPN with SSL.

To use telecommuter mode, the VPN must be configured for Bridge VPN traffic instead of Routed VPN traffic.

Make sure the VPN user account is a member of the SSLVPN-Users group. You can use the same VPN user account for all your remote AP devices.

Download a Mobile VPN Configuration Profile from the Firebox

To complete your VPN configuration, the AP device must be configured to use a Mobile VPN with SSL client profile. You can download this profile from the Firebox after you have enabled Mobile VPN with SSL.

To connect to the Firebox and download an SSL VPN client configuration profile for your remotely-deployed AP device:

  1. From a web browser, go to: https://<Firebox address>
  2. Download the Mobile VPN with SSL client profile.

Firebox VPN proflile download page

Enable Remote VPN on an AP Device

On your remotely-deployed AP device, you must log in to the Access Point Web UI to configure remote VPN capability.

To enable and configure remote Gateway Wireless Controller VPN settings on a remotely deployed AP device:

  1. Log in to the AP device local web UI.

For information on how to connect to your AP device local web UI, see Use the WatchGuard Access Point Web UI.

  1. In the local Access Point Web UI, select Settings.
  2. In the Remote Gateway Wireless Controller VPN Settings section, select Enable VPN.

Screen shot of the Network Settings page

  1. Click Browse. Select the VPN client profile you downloaded from the Firebox.
  2. In the VPN authentication user name text box, type the user name for the VPN user account you created on the Firebox for this AP device.
  3. In the VPN authentication password text box, type the password for the VPN user account.
  4. Click Save.

Enable Telecommuter Mode on an SSID

You can enable telecommuter mode for specific SSIDs to bridge SSID traffic over the VPN to the Firebox.

Give Us Feedback     Get Support     All Product Documentation     Technical Search