Applies To: WatchGuard Cloud-managed Access Points (AP130, AP330, AP332CR, AP430CR, AP432)
Use WatchGuard Cloud Authentication Domains to configure shared authentication servers that apply to all WatchGuard Cloud features for both Fireboxes and access points.
For access points, this enables you to select RADIUS servers for WPA2 Enterprise and WPA3 Enterprise security for your SSIDs. For more information about SSID security settings, see Configure Access Point SSID Settings.
For more information about how to use RADIUS to authenticate wireless clients, see Configure RADIUS Authentication for an Access Point.
Only RADIUS servers are available for access point enterprise authentication. Active Directory does not support 802.1X, which is required for enterprise authentication. You can use Active Directory NPS (Network Policy Server) as a RADIUS server.
About Device and Site Configurations
Access points can have two different types of settings:
- Device-level settings that you apply individually to each access point — To configure Authentication Domains for an access point at the device-level, see Configure Authentication Domains for an Access Point.
- Settings that you apply to the access point from an Access Point Site — You can use Access Point Sites to create Authentication Domain settings that are applied to multiple access points that subscribe to the site. To configure Authentication Domains for an access point site, see Configure Authentication Domains for an Access Point Site.
Configure Authentication Domains for an Access Point
To configure Authentication Domains for an access point at the device level:
- Select Configure > Devices.
- Select the access point.
- Click Device Configuration.
The Device Configuration page opens.
- In the Authentication tile, click Domains.
The Authentication Domains page opens.
- Click Add Authentication Domain.
The Add Authentication Domain page opens.
- Select an existing Authentication Domain, RADIUS Authentication Server, and optional RADIUS Accounting Server from the drop-down list.
If you do not have any existing configured Authentication Domains, you must go to Configure > Authentication Domains to create a new Authentication Domain. For more information, see Add an Authentication Domain to WatchGuard Cloud.
- Click Save.
You can now select the authentication domain and RADIUS server you created when you configure an SSID with WPA2 Enterprise or WPA3 Enterprise security. For more information, see Configure Access Point SSID Settings.
Configure Authentication Domains for an Access Point Site
To configure Authentication Domains for an Access Point Site:
- Select Configure > Access Points Sites.
- Select an existing site, or add a new site.
- From the Configuration Details tab, click Domains in the Authentication tile.
The Authentication Domains page opens.
- Click Add Authentication Domain.
The Add Authentication Domain page opens.
- Select an existing Authentication Domain, RADIUS Authentication Server, and optional RADIUS Accounting Server from the drop-down list.
If you do not have any existing configured Authentication Domains, you must go to Configure > Authentication Domains to create a new Authentication Domain. For more information, see Add an Authentication Domain to WatchGuard Cloud.
- Click Save.
You can now select the authentication domain and RADIUS server you created when you configure an SSID with WPA2 Enterprise or WPA3 Enterprise authentication. For more information, see Configure Access Point SSID Settings.