Access Point Authentication Domains

Applies To: WatchGuard Cloud-managed Access Points

You can use Authentication Domains to configure authentication servers that apply to all WatchGuard Cloud features for both Fireboxes and access points.

For access points, this enables you to select a RADIUS server for WPA2 Enterprise and WPA3 Enterprise security for your SSIDs. For more information about SSID security settings, see Configure Access Point SSID Settings.

Only RADIUS servers are available for access point enterprise authentication. Active Directory does not support 802.1X, which is required for enterprise authentication. You can use Active Directory NPS (Network Policy Server) as a RADIUS server.

About Device and Site Configurations

Access points can have two different types of settings:

Configure Authentication Domains for an Access Point

To configure Authentication Domains for an access point at the device level:

  1. Select Configure > Devices.
  2. Select the access point.
  3. Click Device Configuration.
    The Device Configuration page opens.

Screen shot of the Device Configuration page for access points

  1. Click Domains.
    The Authentication Domains page opens.

Screen shot of the Authentication Domains page for Access Points

  1. Click Add Authentication Domain.
    The Add Authentication Domain page opens.

  1. Select an existing Authentication Domain and RADIUS Server from the drop-down list.

If you need to create a new Authentication Domain, you must go to Configure > Authentication Domains. For more information, see Add an Authentication Domain to WatchGuard Cloud.

  1. Click Save.

You can now select the authentication domain and RADIUS server you created when you configure an SSID with WPA2 or WPA3 Enterprise authentication. For more information, see Configure Access Point SSID Settings.

Configure Authentication Domains for an Access Point Site

To configure Authentication Domains for an Access Point Site:

  1. Select Configure > Access Points Sites.
  2. Select an existing site, or add a new site.

Screen shot of the Configuration Details page in an Access Points Site

  1. From the Configuration Details tab, click Domains in the Authentication tile.
    The Authentication Domains page opens.

Screen shot of the Authentication Domains page for Access Points

  1. Click Add Authentication Domain.
    The Add Authentication Domain page opens.

  1. Select an existing Authentication Domain and RADIUS Server from the drop-down list.

If you need to create a new Authentication Domain, you must go to Configure > Authentication Domains. For more information, see Add an Authentication Domain to WatchGuard Cloud.

  1. Click Save.

You can now select the authentication domain and RADIUS server you created when you configure an SSID with WPA2 or WPA3 Enterprise authentication. For more information, see Configure Access Point SSID Settings.

See Also

WatchGuard Cloud Authentication Domains

Configure Access Point SSID Settings