Add an Access Point to WatchGuard Cloud

Applies To: WatchGuard Cloud-managed Access Points (AP130, AP230W, AP330, AP332CR, AP430CR, AP432)

To manage a WatchGuard access point with WatchGuard Cloud, you must add the access point to your WatchGuard Cloud account as a cloud-managed device. If you have multiple new access points, you can add these devices to WatchGuard Cloud at one time.

For Service Providers, you can add multiple access points to a Subscriber account with a shared Access Point Site configuration for faster initial configuration and setup before device installation.

Before You Begin

Before you add access points to WatchGuard Cloud, make sure that:

About Replacement (RMA) Access Points

If your access point hardware fails during the warranty period, WatchGuard might replace it with an RMA (Return Merchandise Authorization) device of the same model. When you exchange an access point for an RMA replacement, WatchGuard Customer Care transfers the license from the original device serial number to the new device serial number.

When you add replacement access points to WatchGuard Cloud, these devices are identified by a Replacement label in the Add Device page.

When you add a replacement access point, WatchGuard Cloud automatically applies the configuration used by the original access point, except the device password that you configure when you add the replacement device. When you connect the replacement device and the access point comes online, the original access point becomes inactive in WatchGuard Cloud. You can then remove the original device from WatchGuard Cloud.

For more information, go to Add a Replacement (RMA) Access Point to WatchGuard Cloud.

You must add replacement devices to WatchGuard Cloud separately from new access points.

Required Ports

The access points use TCP port 443 to connect to WatchGuard Cloud.

Access points must also be able to connect to these destinations:

  • *.watchguard.io for product activation and feature key updates
  • *.watchguard.com for WatchGuard Cloud registration and connections
  • Access points must be able to resolve DNS queries with the DNS server the device receives from DHCP.
  • Access points must initially be able to connect to *.pool.ntp.org on NTP port 123 (TCP/UDP) for the default access point time synchronization servers, and for any custom NTP servers set for the device.

If you set up an access point behind a firewall that performs inspection on HTTPS traffic, you must add *.watchguard.io to the content inspection exception / bypass list to enable the access point to receive a feature key from WatchGuard servers. On the WatchGuard Firebox, this is enabled by default for cloud-managed Fireboxes in WatchGuard Cloud.

To add an access point to WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud Subscriber account.
  2. Select Configure > Devices.
  3. In Device Manager, click Add Device.
    A list of activated devices opens.
  4. Select the Access Point tab.
    A list of activated access points opens.

Screenshot of the Add Device list for access points

If you have a replacement (RMA) access point to add to WatchGuard Cloud, a Replacement label identifies the device. You cannot add replacement devices to WatchGuard Cloud at the same time as new devices.

  1. Click the Name of the access point you want to add or click . Tip!
    A confirmation dialog box opens.

Screenshot of the Add Device Wizard - Single access point

  1. Click Add Device.
    The Add Device to WatchGuard Cloud page appears.
  2. Type a Device Name and an optional Description for the access point.
    The default name is the registered name of the device.

Screenshot of the Add Device To WatchGuard Cloud page for an access point

  1. Select the Time Zone of the location where the access point is installed. Click Next.
  2. Select the folder that you want to add your device to. Device Folders help you to see status and summarized data for groups of devices.
    If you only have one root folder, the folder list does not appear.
  3. From the IP Address Configuration drop-down list, select and configure one of these options, then click Next.

Screenshot of the Add Device To WatchGuard Cloud page for an access point, IP address configuration

DHCP IP Address

Select this option to configure the access point to use DHCP to request an IP address.

Static IP Address

Select this option to configure the access point to use a static IP address.

Configure the Network IP Address and Netmask, a Gateway on the same subnet, and a DNS Server.

Enable Management VLAN

Select the Enable Management VLAN check box if you want to use a tagged VLAN for management communications to this access point. Select a VLAN ID from 1 to 4094.

  1. Select the Access Point Site settings that you want to apply to the access point.

Access Point Sites enable you to manage and deploy shared wireless settings for multiple cloud-managed access points. For more information, go to About Access Point Sites.

Screenshot of the Add Device To WatchGuard Cloud page for an access point, Access Point Site

From the Site drop-down list, select an existing site, or select None to use your own configuration for the device.

The deployment wizard performs a check to verify that the firmware version of the access points supports the features enabled in the selected site configuration.

If a feature in the site configuration deployment is not supported by the current firmware version on the access points, the new devices are automatically upgraded to the latest available firmware version to meet the requirements of the access point site configuration.

Click Next.

  1. Type an Admin Password for the access point.

This is the administrator password for the access point Web UI and Command Line Interface (CLI) for local access to troubleshoot the device. You can change this password at a later time in the device configuration in WatchGuard Cloud. For more information, go to Access Point Device Password.

Screenshot of the Add Device To WatchGuard Cloud page for an access point, Device Password

  1. Click Done.
    The access point now appears in the list of devices in WatchGuard Cloud.

You can add multiple access points to a WatchGuard Cloud account at one time. Before you begin, make sure the access points you want to add are activated. For Service Providers, make sure that the access point is allocated to the Subscriber account.

To add multiple access points to WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud account.
  2. (Service Providers only) Select the Subscriber account where you want to add the access points.
  3. Select Configure > Devices.
  4. In Device Manager, click Add Device.
    A list of activated devices opens.
  5. Select the Access Point tab.
    A list of activated access points opens.

If you have a replacement (RMA) access point to add to WatchGuard Cloud, a Replacement label identifies the device. You cannot add replacement devices to WatchGuard Cloud at the same time as new devices. For more information, go to Add a Replacement (RMA) Access Point to WatchGuard Cloud.

Screen shot of the Add Device list with mutliple devices

  1. Select one or more access points to add to WatchGuard Cloud, then click Add Devices.
    The Set Up Your Access Points page opens.
  2. Configure the Time Zone, Folder, Name, and Description details for the access points you selected.

Screenshot of the Add Device Wizard for multiple access points - Name, Time Zone, Folder page

  • Time Zone — Select the time zone of the location where the access points are installed.
  • Folder — Select the folder that you want to add your devices to. Device Folders help you to view status and summarized data for groups of devices.
  • Device Name — Type a name for the device. By default, the registered name of the device shows.
  • Description — Type an optional description for the device.

Click Next.

  1. Configure the network settings for the access points. From the IP Address Configuration drop-down list:

To automatically assign IP addresses to the device from a DHCP server, select DHCP IP Address.

Screenshot of the Add Device Wizard for multiple access points - IP address configuration

To manually assign static IP addresses to each device, select Static IP Address .

Screenshot of the Add Device Wizard for multiple access points - Static IP address confguration

  • Type the Subnet Mask, Gateway, and DNS Server for the network.
  • Select the Enable Management VLAN check box if you want to use a tagged VLAN for management communications to the access points. Select a VLAN ID from 1 to 4094.
  • Type a Starting IP Address, and then click Fill to automatically assign IP addresses from the IP address range to the access points.
    You can also type an address in the IP Address column to customize the address for each access point as required.

Click Next.

  1. On the Access Point Site page, select the site settings you want to apply to the access point.
    Access Point Sites enable you to manage and deploy shared wireless settings for multiple cloud-managed access points. For more information, go to About Access Point Sites.

Screenshot of the Add Device Wizard for multiple access points - Access Point Site configuration

From the Site drop-down list, select an existing site, or select None to use your own configuration for the device. Click Next.

The deployment wizard performs a check to verify that the firmware version of the access points supports the features enabled in the selected site configuration.

If a feature in the site configuration deployment is not supported by the current firmware version on the access points, the new devices are automatically upgraded to the latest available firmware version to meet the requirements of the access point site configuration.

  1. Configure an Admin Password for the access points.

This is the administrator password for the access point Web UI and Command Line Interface (CLI) for local access to troubleshoot the device. You can change this password at a later time in the device configuration in WatchGuard Cloud. For more information, go to Access Point Device Password.

Screenshot of the Add Device Wizard for multiple access points - Admin password

To configure one password to use for all devices, select Use the same password for all access points.

To configure a unique password for each device, select Use a different password for each access point. The password must be 8 to 12 characters.

Screenshot of the Add Device Wizard for multiple access points - Different admin passwords

We recommend that you download the list of passwords to a CSV file and store them in a password manager. To download a CSV file of the access point admin passwords, click Export.

The CSV file uses this syntax: Device Password, Device Name, Description, Serial Number, Model

Click Next.

  1. The process to add multiple devices might take several minutes to complete, and a progress bar opens to show the current status.

You can leave this page and return to view the progress, or you can click Notify Me to receive a notification when the process is complete.

Screenshot of the Add Device Wizard for multiple access points - Adding devices page with notification button

  1. Click Done.

Screenshot of the Add Device Wizard for multiple access points - Add devices successful page

If some of your access points were not successfully added to WatchGuard Cloud, these devices remain in their original status allocated to the subscriber account. You can attempt to add these devices to WatchGuard Cloud again.

To add a replacement access point to WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud account.
  2. Select the Subscriber account where you want to add the replacement access point. This must be the same account of the original access point you want to replace.
  3. Select Configure > Devices.
  4. In Device Manager, click Add Device.

    A list of activated devices opens.
  5. Select the Access Point tab.
    A list of activated access points opens. A Replacement label indicates replacement access points.

  1. Select one or more replacement access points, then click Add Devices.

    You cannot add replacement devices to WatchGuard Cloud at the same time as new devices. Make sure you only select replacement devices from the list of access points.

  1. Configure an Admin Password for the access points.

This is the administrator password for the access point Web UI and Command Line Interface (CLI) for local access to troubleshoot the device. You can change this password at a later time in the device configuration in WatchGuard Cloud. For more information, go to Access Point Device Password.

To configure one password to use for all devices, select Use the same password for all access points .

To configure a unique password for each device, select Use a different password for each access point. The password must be 8 to 12 characters. We recommend you download the list of passwords to a CSV file and store them in a password manager.

To download a CSV file of the access point admin passwords, click Export.

The CSV file uses this syntax: Device Password, Device Name, Description, Serial Number, Model

Click Next.

  1. The process to add devices might take several minutes to complete, and a progress bar opens to show the current status.

You can leave this page and return to view the progress, or you can click Notify Me to receive a notification when the process is complete.

  1. Click Done.

When the replacement access point is successfully added, WatchGuard Cloud automatically applies the configuration used by the original access point, except the device password that you configure when you add the replacement device.

When you connect the replacement device and the access point comes online, the original access point becomes inactive in WatchGuard Cloud. You can then remove the original device from WatchGuard Cloud.

Related Topics

About WatchGuard Cloud

Manage the Access Point Device Configuration

Monitor Access Points