WatchGuard AP Device Requirements and Limitations
Before you add a WatchGuard AP device to your network, it is important to understand the requirements and limitations of the AP device.
- The WatchGuard AP device must be managed by a WatchGuard Firebox that uses Fireware OS v11.7.2 or higher for AP100, AP102, and AP200, v11.10.5 or higher for AP300, and v11.11.2 or higher for local management of AP120 and AP320 devices.
- The Firebox must be configured in mixed routing or drop-in mode.
- The AP device must connect to a trusted, optional, or custom network.
- The Firebox configuration must include a policy that allows NTP traffic from the AP device to the Internet. The AP device uses an NTP server to set the correct local time.
- The Firebox and AP devices on your network require access to WatchGuard servers (*.watchguard.com) on port 443. This allows the Gateway Wireless Controller on the Firebox to register and activate AP devices, and check for new firmware updates. AP devices require access to WatchGuard servers to obtain country and regional information.
The default Outgoing policy allows NTP traffic from the trusted network. If you remove or disable the Outgoing policy, or if your AP device is connected to the Optional network, you must add an NTP policy to allow outgoing NTP traffic from the network the AP device connects to.
- You cannot use a WatchGuard Management Server to manage WatchGuard AP devices.
- You cannot locate WatchGuard AP devices behind a NAT firewall.
- A WatchGuard Gateway Wireless Controller is designed to manage multiple WatchGuard AP devices. If you experience management performance issues as you add more AP devices to your network, you can use another Gateway Wireless Controller on another Firebox to manage these AP devices.
- We recommend a maximum of 20-40 associated wireless clients per radio based on the overall airtime demand of the clients.