Related Topics

WatchGuard AP Device Requirements and Limitations

Before you add a WatchGuard AP device to your network, it is important to understand the requirements and limitations of the AP device.


For an AP device to be managed by Gateway Wireless Controller on a Firebox:

  • The WatchGuard AP device must be managed by a WatchGuard Firebox that runs:
    • Fireware v11.7.2 or higher for AP100, AP102, and AP200
    • Fireware v11.10.5 or higher for AP300
    • Fireware v11.11.2 or higher for local management of AP120 and AP320
    • Fireware v11.12.2 or higher for local management of AP322
    • Fireware v11.12.4 or higher for local management of AP420
  • The Firebox must be configured in mixed routing or drop-in mode.
  • The AP device must connect to a trusted, optional, or custom network.
  • The Firebox configuration must include a policy that allows NTP traffic from the AP device to the Internet. The AP device uses an NTP server to set the correct local time.
  • The Firebox and AP devices on your network require access to WatchGuard servers (* on port 443. This allows the Gateway Wireless Controller on the Firebox to register and activate AP devices, and find new firmware updates. AP devices require access to WatchGuard servers to get country and regional information.

The default Outgoing policy allows NTP traffic from the trusted network. If you remove or disable the Outgoing policy, or if your AP device is connected to the Optional network, you must add an NTP policy to allow outgoing NTP traffic from the network the AP device connects to.


  • You cannot use a WSM Management Server to manage WatchGuard AP devices.
  • You cannot locate WatchGuard AP devices behind a NAT firewall.
  • The WatchGuard Gateway Wireless Controller is designed to manage multiple WatchGuard AP devices. If you experience management performance issues as you add more AP devices to your network, you can use another Gateway Wireless Controller on another Firebox to manage these AP devices.
  • We recommend you configure your AP device to accept connections from a maximum of 20-40 wireless client devices for each radio, based on the overall airtime demand of the client devices.

Features not Supported by AP120, AP320, AP322, and AP420 Devices

These features are not supported on AP120, AP320, AP322, and AP420 devices when they are managed by the Gateway Wireless Controller:

  • LED controls
  • Fast Handover
  • Radio rate settings
  • Client limits
  • External syslog support
  • Cannot disable DFS or select outdoor channels
  • Local Web UI access

See Also

Configure VLANs for WatchGuard AP Devices

Give Us Feedback     Get Support     All Product Documentation     Technical Search