Before you add a WatchGuard AP to your network, it is important to understand the requirements and limitations of the AP.
Minimum Fireware Versions
|AP Model||Minimum Fireware Version Required|
|AP100, AP102, AP200||11.7.2|
For an AP to be managed by Gateway Wireless Controller on a Firebox:
- The Firebox must be configured in mixed routing or drop-in mode.
- The AP must connect to a trusted, optional, or custom network.
- The Firebox configuration must include a policy that allows NTP traffic from the AP to the Internet. The AP uses an NTP server to set the correct local time.
- The Firebox and APs on your network require access to WatchGuard servers (*.watchguard.com) on port 443. This allows the Gateway Wireless Controller on the Firebox to register and activate APs, and find new firmware updates. APs require access to WatchGuard servers to get country and regional information.
The default Outgoing policy allows NTP traffic from the trusted network. If you remove or disable the Outgoing policy, or if your AP is connected to the Optional network, you must add an NTP policy to allow outgoing NTP traffic from the network the AP connects to.
- You cannot use a WSM Management Server to manage WatchGuard APs.
- You cannot locate WatchGuard APs behind a NAT firewall.
- The WatchGuard Gateway Wireless Controller is designed to manage multiple WatchGuard APs. If you experience management performance issues as you add more APs to your network, you can use another Gateway Wireless Controller on another Firebox to manage these APs.
- We recommend you configure your AP to accept connections from a maximum of 20-40 wireless client devices for each radio, based on the overall airtime demand of the client devices.
Features not Supported by Local Managed APs
These features are not supported on AP120, AP125, AP320, AP322, AP325, and AP420 devices when they are managed by the Gateway Wireless Controller:
- LED controls
- External syslog support
- Link aggregation on second Ethernet port
- Third scanning radio on tri-radio APs