Configure WatchGuard AP Device SSIDs

Before you can assign an SSID to a WatchGuard AP device, you must add the SSID to the Gateway Wireless Controller.

You can also enable VLAN tagging on each SSID. If you enable VLAN tagging, the SSID uses the VLAN ID you specify to connect to a VLAN that is configured on the network between your AP device and Firebox. For more information about when and how to use VLAN tagging with your AP device, see Configure VLANs for WatchGuard AP Devices.

Add an SSID

Configure SSID Settings

To configure the SSID settings, in the Settings tab:

  1. In the Network Name (SSID) text box, type the SSID name.
  2. To specify that your AP devices do not broadcast the SSID name, clear the Broadcast SSID and respond to SSID queries check box.
  3. To specify that wireless clients connected to this SSID cannot send traffic to each other through the AP device, select the Enable station isolation check box. For more information, see About AP Station Isolation.
  4. To use the MAC Access Control list for your AP devices, select the Use the MAC Access Control list defined in the Gateway Wireless Controller Settings check box. For more information, see Configure MAC Access Control.
  5. To use tagged VLANs to separate the traffic between multiple SSIDs, select the Enable VLAN tagging check box.
  6. If you enabled VLAN tagging, in the VLAN ID text box, type or select the ID of the tagged VLAN to use for this SSID.

If you enable VLAN tagging and try to configure an SSID to use a VLAN ID that is not configured on the Firebox, a warning message appears with the information that the VLAN ID you configured in the SSID settings does not exist on the Firebox. Make sure you configure a tagged VLAN for this SSID. In most network configurations, you create the tagged VLAN for each SSID on the Firebox, and one untagged VLAN for management connections to the AP device.

  1. To enable this SSID for use with automatic deployment, select the Automatically deploy this SSID to all unpaired WatchGuard AP Devices check box. For more information. see About AP Automatic Deployment.
  2. To enable this SSID for use in telecommuter mode when deployed in a remote location, select the Enable telecommuter mode on this SSID when used remotely check box. For more information, see About AP Remote VPN Deployment.
  3. To use traffic rate shaping on wireless downloads for this SSID, select the Enable rate shaping check box.

These limits are applied to all combined traffic on the SSID, and not on a per client basis. You can set these values:

  • Base rate — The base throughput rate in kilobits per second (Kbps). Download traffic is not allowed to exceed this limit except for burst activity.
  • Ceiling rate — The hard limit throughput rate in kilobits per second (Kbps). This limit includes burst activity.
  • Burst — The maximum number of kilobytes allowed beyond the base rate. Set to 0 to disable bursting.
  1. To activate this SSID for a specific time period, select the Enable an activation schedule check box. This feature limits access to this SSID based on the times you configure.

Set the Start time and End time in 24 hour format (hh:mm).

SSIDs that are not active in the schedule do not appear in the Gateway Wireless Controller monitoring pages in Fireware Web UI or Firebox System Manager.

  1. To check your wireless network for access points that do not belong to your network, select the Enable rogue access point detection check box.

A rogue access point is any wireless access point within range of your network that is not recognized as an authorized access point. When you enable rogue access point detection, the Gateway Wireless Controller scans wireless channels to identify unknown wireless access points. For more information, see Enable Rogue Access Point Detection.

Use the Wireless Deployment Maps feature of the Gateway Access Controller to view any foreign BSSIDs (Broadcast SSIDs) and potential rogue access points. For more information, see View Wireless Deployment Maps.

You can configure exceptions to the rogue access points list to prevent any known access points (identified by MAC address) from being identified as a rogue access point. Click Add to add a MAC address of a known access point. Click Remove to remove a device from the list.

The Rogue Access Point Detection feature for the Gateway Wireless Controller and managed WatchGuard AP devices is different than the Rogue Access Point Detection feature designed for Firebox and XTM wireless devices with built-in wireless capabilities.

For information on the differences between Firebox and XTM wireless devices and WatchGuard AP devices, see Wireless Access Point Types. For information on Rogue Access Point Detection for Firebox or XTM wireless devices, see Rogue Access Point Detection.

Add AP Device Radios

When you add an SSID, you can assign the SSID to one or more AP device radios. For AP200 and AP300 devices that have two radios, you select each radio separately.

To assign an SSID to an AP device radio:

  1. From the SSID configuration, select the Access Points tab.
  2. In the Access Points with this SSID list, add the AP device radios that you want to use with this SSID.

You can also assign SSIDs to an AP device radio when you edit the AP device radio settings. For more information, see Configure AP Device Radio Settings.

Configure Security Settings

To configure the wireless security settings for the SSID:

  1. Select the Security tab.
  2. From the Security Mode drop-down list, select the security protocol to use for this SSID.
  3. Complete the settings to configure the selected security protocol.

For more information, see Configure SSID Security Settings.

See Also

Configure Gateway Wireless Controller Settings

Give Us Feedback     Get Support     All Product Documentation     Technical Search