AP Deployment with a Single SSID

For basic AP installation, you can deploy WatchGuard APs with a single SSID. In this simple deployment scenario, you do not have to configure VLANs or complex network settings. This example is recommended for small office deployments where the requirement is to add secure, wireless access to an existing LAN.

If your environment is large enough to require more than one AP for wider wireless coverage, you can assign the same SSID to multiple APs. When you assign the same SSID to more than one AP, the range of that SSID is extended, which enables mobile users to roam from one AP coverage area to another. For more information, go to AP Deployment with Simple Roaming.

For wireless networks with a large number of WatchGuard APs to deploy that will be assigned the same SSIDs and do not require unique configurations, you can use the Automatic Deployment feature. For more information, go to About AP Automatic Deployment.

With this deployment scenario, there are two primary methods you can use to physically connect your WatchGuard AP to the network:

  • Connect the AP directly to your Firebox on a Trusted or Optional network interface.

Diagram of an AP device connected directly to an XTM device trusted or optional interface

  • Connect the AP to a switch that is on a Trusted or Optional network.

Diagram of an AP device connected to a switch connected to the XTM device

AP Deployment and Firebox Policies

Note these policy requirements, which depend on how you connect the APs and other resources to your network.

  • If you connect the AP directly to a Firebox interface, the wireless users do not automatically have access to trusted resources that connect to other trusted interfaces on the Firebox. You must configure policies to allow that traffic because the wireless users are on a separate trusted network. The default firewall policies only allow outbound traffic from trusted networks, but do not allow traffic between devices on different trusted networks.
  • If you connect the AP to a switch on the trusted network, the wireless users can access other network resources on the network connected to the same interface. You do not need to create additional policies to allow access because the traffic does not go through the Firebox, but you do need to create policies for traffic to resources that connect to any other trusted interface.

Configure a Firebox Interface and Enable DHCP

To connect the AP directly to a Firebox interface, configure that interface as a Trusted or Optional interface. Enable the DHCP server or DHCP relay on that interface so that the Firebox can automatically assign an IP address to the AP and to wireless clients.

Add an SSID to the Gateway Wireless Controller

After you have configured the SSIDs, you can pair the AP with the Firebox, and assign these SSIDs to the radios on the AP.

Related Topics

About AP Configuration

Configure APs with the Gateway Wireless Controller