Your WatchGuard Access Point (AP) is an extension to your Firebox. You can connect one or more WatchGuard APs to your network to enable wireless access, expand the wireless range of your network, and enable wireless access to different security zones in your network. You configure and manage your APs through the Gateway Wireless Controller on your Firebox.
An SSID (Service Set Identifier) is the unique name you give to each wireless network. You can assign more than one SSID to several different APs to accommodate different wireless configurations.
When you configure SSIDs for your WatchGuard APs, you can:
Assign the same SSID to more than one AP (for wireless roaming on the same SSID)
When you assign the same SSID to more than one AP, the range of that SSID is extended. When a wireless client that is connected to an SSID moves to a different location on your physical network, the wireless client can automatically connect to the AP that has the strongest signal for that SSID. This eliminates the need for users to manually reconnect when they move their wireless devices around your office.
Assign more than one SSID to each AP
You can also enable more than one SSID on each AP. The number of SSIDs each wireless AP can support depends on the AP model, and whether the device has single or dual radios.
- Single radio devices support a maximum of 8 SSIDs
- Dual radio devices support a maximum of 16 SSIDs (eight per radio)
We recommend a maximum of 20-40 associated wireless clients per radio based on the overall airtime demand of the clients.
For each SSID, you configure the security and encryption settings that protect your network. For more information, see Configure WatchGuard AP SSIDs.
When you configure the SSIDs for your APs, you can optionally enable VLAN tagging. If you enable VLAN tagging for SSIDs on a WatchGuard AP, you must also enable VLANs on the network that the AP connects to.
Enable VLAN tagging on your AP SSIDs if you want to:
- Configure different firewall policies for SSIDs that connect to the same network
- Separate the traffic on the same physical network to different logical networks.
For more information, see Configure VLANs for WatchGuard APs.
To support roaming for a wireless guest network, you might want to enable client isolation to make sure wireless clients cannot directly send traffic to each other. This requires a VLAN, but does not require VLAN tagging. For more information, see About AP Client Isolation.
About Automatic Deployment
For wireless networks with a large number of WatchGuard APs to deploy that will be assigned the same SSIDs and do not require unique configurations, you can enable automatic deployment on specific SSIDs so that APs are automatically deployed by the Gateway Wireless Controller and configured with the specified SSID. For more information, see About AP Automatic Deployment.
In the Gateway Wireless Controller AP settings, you configure the radio settings for each AP and set the SSIDs each AP uses.
For more information, see Configure AP Settings.