Contents

About AP Remote VPN Deployment

To deploy APs in remote locations, you can use a VPN on the Firebox. This deployment enables the AP to connect to the Gateway Wireless Controller for remote AP management and monitoring.

Remote deployment is only supported for AP100, AP102, AP200, and AP300 devices.

A remote AP uses Mobile VPN with SSL to connect to the Firebox. This allows the Gateway Wireless Controller to send management traffic to the remote AP through the VPN tunnel.

You can also enable telecommuter mode for specific SSIDs to bridge SSID traffic over the VPN to the Firebox.

Diagram of AP remote VPN deployment

Diagram of two remote APs managed by the Gateway Wireless Controller (GWC) on a Firebox,

Configure AP Remote Deployment

To configure remote deployment, you must:

  • Enable Mobile VPN with SSL and create a VPN user account on the Firebox for a remotely-deployed AP
  • Download a Mobile VPN profile from the Firebox
  • Enable remote VPN on an AP
  • Enable telecommuter mode on an SSID

Enable Mobile VPN with SSL

You must enable Mobile VPN with SSL on the Firebox that you want your APs to connect to, and add a user account in the SSLVPN-Users group. The remote APs will use the user account credentials for VPN authentication. You can use the same VPN user account for all your remote APs.

For information about how to enable Mobile VPN with SSL and add a VPN user, see Manually Configure the Firebox for Mobile VPN with SSL.

To use telecommuter mode, you must configure the VPN to use the Bridge VPN traffic option instead of the default Routed VPN traffic option.

Make sure the VPN user account is a member of the SSLVPN-Users group.

Download a Mobile VPN Configuration Profile from the Firebox

To complete your VPN configuration, the AP must be configured to use a Mobile VPN with SSL client profile. You can download this profile from the Firebox after you have enabled Mobile VPN with SSL.

To connect to the Firebox and download an SSL VPN client configuration profile for your remotely-deployed AP:

  1. From a web browser, go to: https://<Firebox address>
  2. Download the Mobile VPN with SSL client profile.

Screen shot of Firebox VPN proflile download page

Enable Remote VPN on an AP

On your remotely-deployed AP, you must log in to the Access Point Web UI to configure remote VPN capability.

To enable and configure remote Gateway Wireless Controller VPN settings on a remotely deployed AP:

  1. Log in to the AP local web UI.

For information on how to connect to your AP local web UI, see Use the WatchGuard Access Point Web UI.

  1. In the local Access Point Web UI, select Settings.
  2. In the Remote Gateway Wireless Controller VPN Settings section, select the Enable VPN check box.

Screen shot of the local AP UI Network Settings page in the Access Point web UI

  1. Click Browse. Select the Mobile VPN with SSL client profile you downloaded from the Firebox.
  2. In the VPN authentication user name text box, type the user name for the VPN user account you created on the Firebox for this AP.
  3. In the VPN authentication password text box, type the password for the VPN user account.
  4. Click Save.

Enable Telecommuter Mode on an SSID

(Fireware v12.0.2 or lower)

To bridge SSID traffic over the VPN to the Firebox, you can enable telecommuter mode for specific SSIDs.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search