AP Trust Store

To help prevent potential security issues caused by factory reset, unauthorized, or compromised APs, the Gateway Wireless Controller creates trust records for each AP in your deployment. This Trust Store makes sure the Gateway Wireless Controller cannot give data (for example, passphrases and other sensitive information about your wireless deployment) to untrusted APs.

The Gateway Wireless Controller does not communicate with APs that are not trusted. If an AP is not trusted, wireless data functions on the AP continue to operate, but the Gateway Wireless Controller does not manage or monitor that AP.

APs that are paired with a Gateway Wireless Controller for the first time are automatically trusted.

Trust records use the IP address of the AP. If the IP address of the AP changes, the AP is no longer trusted. To prevent loss of trust status because of dynamic IP address changes, we recommend you use either DHCP reservations or static IP addresses for your APs.

AP Trust Status

APs without a known trust record have a status of Not Trusted on the Gateway Wireless Controller Access Points page.

An AP can have a status of Not Trusted for these reasons:

  • The AP has been reset to a factory-default configuration
  • The AP's IP address has changed to a new IP address
  • The AP might have been compromised

Screen shot of Gateway Wireless Controller Dashboard page - Not Trusted AP device status

You can configure the Firebox to send an alarm notification when the trust state of an AP changes. To configure notification settings, see Configure Gateway Wireless Controller Settings.

Trust an AP

Before you can manage and monitor an AP with the Gateway Wireless Controller, the AP must be trusted. Before you trust an AP, make sure it is a known AP in your deployment.

Reset the Trust Store

If any of your APs might have been compromised, for example, if APs have been tampered with, reset, or are no longer under your control, we recommend that you reset the Trust Store.

You cannot reset the Trust Store for a single AP. You must reset the Trust Store and trust all of your known APs again.

Disable the Trust Store

If you do not want to use the trust security feature, you can disable the Trust Store. If you disable the Trust Store all APs are considered trusted.

See Also

Configure Gateway Wireless Controller Settings