Related Topics

WatchGuard AP Requirements and Limitations

Before you add a WatchGuard AP to your network, it is important to understand the requirements and limitations of the AP.


For an AP to be managed by Gateway Wireless Controller on a Firebox:

  • The WatchGuard AP must be managed by a WatchGuard Firebox that runs:
  • Fireware v11.7.2 or higher for AP100, AP102, and AP200
  • Fireware v11.10.5 or higher for AP300
  • Fireware v11.11.2 or higher for local management of AP120 and AP320
  • Fireware v11.12.2 or higher for local management of AP322
  • Fireware v11.12.4 or higher for local management of AP420
  • The Firebox must be configured in mixed routing or drop-in mode.
  • The AP must connect to a trusted, optional, or custom network.
  • The Firebox configuration must include a policy that allows NTP traffic from the AP to the Internet. The AP uses an NTP server to set the correct local time.
  • The Firebox and APs on your network require access to WatchGuard servers (* on port 443. This allows the Gateway Wireless Controller on the Firebox to register and activate APs, and find new firmware updates. APs require access to WatchGuard servers to get country and regional information.

The default Outgoing policy allows NTP traffic from the trusted network. If you remove or disable the Outgoing policy, or if your AP is connected to the Optional network, you must add an NTP policy to allow outgoing NTP traffic from the network the AP connects to.


  • You cannot use a WSM Management Server to manage WatchGuard APs.
  • You cannot locate WatchGuard APs behind a NAT firewall.
  • The WatchGuard Gateway Wireless Controller is designed to manage multiple WatchGuard APs. If you experience management performance issues as you add more APs to your network, you can use another Gateway Wireless Controller on another Firebox to manage these APs.
  • We recommend you configure your AP to accept connections from a maximum of 20-40 wireless client devices for each radio, based on the overall airtime demand of the client devices.

Features not Supported by AP120, AP320, AP322, and AP420 Devices

These features are not supported on AP120, AP320, AP322, and AP420 devices when they are managed by the Gateway Wireless Controller:

  • LED controls
  • Client limits
  • External syslog support
  • Local Web UI access
  • AP420 third scanning radio

See Also

Configure VLANs for WatchGuard APs

Give Us Feedback     Get Support     All Product Documentation     Technical Search