Configure APs with the Gateway Wireless Controller

To discover and manage the WatchGuard APs you add to your network, you can use the Gateway Wireless Controller on your Firebox.

You cannot manage WatchGuard Wi-Fi 6 APs (AP130, AP330, AP430CR, AP432) with a Gateway Wireless Controller on a Firebox or WatchGuard Wi-Fi Cloud. If you are looking for information about how to manage Wi-Fi 6 APs in WatchGuard Cloud, see About Wi-Fi in WatchGuard Cloud.

The Gateway Wireless Controller enables you to:

  • Pair WatchGuard APs on your network with your Firebox
  • Enable automatic deployment of APs on specific SSIDs
  • Enable wireless deployment of APs
  • Configure SSIDs and AP settings
  • Trust APs
  • Monitor AP activation status and AP feature keys
  • Monitor the paired APs and wireless client connections
  • Initiate a site survey from the WatchGuard AP to detect other wireless access points

A WatchGuard Gateway Wireless Controller can manage multiple WatchGuard APs. If you experience management performance issues as you add more APs to your network, you can use another Gateway Wireless Controller on another Firebox to manage some of the APs.

Enable the Gateway Wireless Controller

Before your Firebox can discover new WatchGuard APs on your network, you must enable the Gateway Wireless Controller on your Firebox.

When you enable the Gateway Wireless Controller, the WatchGuard Gateway Wireless Controller policy is automatically added to the Firebox configuration. This policy allows traffic from the trusted and optional networks to the Firebox over UDP port 2529 for AP management. The Firebox uses a secure SSH connection to manage APs with the Gateway Wireless Controller.

After you enable the Gateway Wireless Controller on the Firebox, the Firebox can detect connected WatchGuard APs on your trusted or optional network. The AP can also be located on the custom zone network. To enable the Gateway Wireless Controller to discover an AP on a custom zone network, you must modify the WatchGuard Gateway Wireless Controller policy to allow traffic from the custom zone. For more information on the custom zone, see Configure a Custom Interface.

Clear the Enable the Gateway Wireless Controller check box to disable the Gateway Wireless Controller on this Firebox. When you disable the Gateway Wireless Controller, APs currently connected will continue to function until they receive a configuration update from the Firebox. To force connected APs to update their configuration, you must reboot each AP.

In their factory default state, APs first try to connect to WatchGuard Wi-Fi Cloud. If the AP is not activated and provisioned for cloud management, the AP continues to try to connect to cloud services for several minutes. When the AP appears in the Unpaired Access Points section on the Gateway Wireless Controller Access Points page, you can then pair the device with the Gateway Wireless Controller. If you want to change a previously cloud-managed AP to be a locally managed device, see How to change a Total Wi-Fi or Secure Wi-Fi cloud-managed AP to a Basic Wi-Fi local-managed AP.

For more information about how to deploy APs, see:

Set the Diagnostic Log Level

To generate more detailed log messages for the Gateway Wireless Controller, you can change the diagnostic log level.

For more information about diagnostic log levels, see Set the Diagnostic Log Level.

See Also

About AP Configuration

About AP Passphrases