About AP Configuration

Your WatchGuard Access Point (AP) is an extension to your Firebox. You can connect one or more WatchGuard APs to your network to enable wireless access, expand the wireless range of your network, and enable wireless access to different security zones in your network. You configure and manage your APs through the Gateway Wireless Controller on your Firebox.

You cannot manage WatchGuard Wi-Fi 6 APs (AP130, AP330, AP430CR, AP432) with a Gateway Wireless Controller on a Firebox or WatchGuard Wi-Fi Cloud. If you are looking for information about how to manage Wi-Fi 6 APs in WatchGuard Cloud, see About Wi-Fi in WatchGuard Cloud.

SSID Configuration

An SSID (Service Set Identifier) is the unique name you give to each wireless network. You can assign more than one SSID to several different APs to accommodate different wireless configurations.

When you configure SSIDs for your WatchGuard APs, you can:

Assign the same SSID to more than one AP (for wireless roaming on the same SSID)

When you assign the same SSID to more than one AP, the range of that SSID is extended. When a wireless client that is connected to an SSID moves to a different location on your physical network, the wireless client can automatically connect to the AP that has the strongest signal for that SSID. This eliminates the need for users to manually reconnect when they move their wireless devices around your office.

Assign more than one SSID to each AP

You can also enable more than one SSID on each AP. The number of SSIDs each wireless AP can support depends on the AP model, and whether the device has single or dual radios.

  • Single radio devices support a maximum of 8 SSIDs
  • Dual radio devices support a maximum of 16 SSIDs (eight per radio)

We recommend a maximum of 20-40 associated wireless clients per radio based on the overall airtime demand of the clients.

For each SSID, you configure the security and encryption settings that protect your network. For more information, see Configure WatchGuard AP SSIDs.

When you configure the SSIDs for your APs, you can optionally enable VLAN tagging. If you enable VLAN tagging for SSIDs on a WatchGuard AP, you must also enable VLANs on the network that the AP connects to.

Enable VLAN tagging on your AP SSIDs if you want to:

  • Configure different firewall policies for SSIDs that connect to the same network
  • Separate the traffic on the same physical network to different logical networks.

For more information, see Configure VLANs for WatchGuard APs.

To support roaming for a wireless guest network, you might want to enable client isolation to make sure wireless clients cannot directly send traffic to each other. This requires a VLAN, but does not require VLAN tagging. For more information, see About AP Client Isolation.

About Automatic Deployment

You can enable automatic deployment on specific SSIDs so that unpaired APs are automatically deployed by the Gateway Wireless Controller and configured with the specified SSID.

This is useful in these deployment scenarios to automatically configure new APs:

  • If you need to deploy a large number of WatchGuard APs in your wireless network, and all the APs will be assigned the same SSIDs and do not require unique configurations.

  • If you want to add new APs to your deployment or replace existing device hardware with a new model, you can automatically configure the AP with your existing SSID configuration.

For more information, see About AP Automatic Deployment.

AP Configuration

In the Gateway Wireless Controller AP settings, you configure the radio settings for each AP and set the SSIDs each AP uses.

For more information, see Configure AP Settings.

See Also

WatchGuard AP Deployment Examples