Applies To: WatchGuard Cloud-managed Access Points (AP130, AP330, AP332CR, AP430CR, AP432)
This section provides suggestions and best practices on how to deploy a wireless network. The recommended settings are based on the features available in Wi-Fi in WatchGuard Cloud.
Access Point Transmit Power
You can set the maximum transmit power of your access points to limit or expand the transmission distance of your wireless signals. We recommend that you set your transmit power to limit your coverage area so that it does not expand outside the necessary boundaries for your deployment.
Use your site survey to determine the transmit power for your deployment. You can set the transmit power between 8 dBm to 28 dBm. If you set the value to Auto, this enables the access point to use the maximum transmit power allowed for the country of operation.
We recommend that you set access point transmit power levels for 2.4 GHz lower than those for 5 GHz. This is to compensate for better propagation of 2.4 GHz signals as compared to 5 GHz.
You configure the transmit power in the radio settings for an access point.
Examples
Office:
- 5 GHz: 15–20 dBm
- 2.4 GHz: 10-15 dBm
Classroom:
- 5 GHz: 8–16 dBm
- 2.4 GHz: 4–10 dBm
Auditorium or Lecture Hall:
- 5 GHz: 5–12 dBm
- 2.4 GHz: 3–10 dBm
Fast Roaming (802.11k/r)
WatchGuard access points support the 802.11r / 802.11k standards that significantly improves roaming times.
Fast Roaming requires WPA2 security encryption. Fast Roaming reduces the re-authentication time for a wireless client as it roams from one WatchGuard access point to another access point. This enables the wireless client to quickly transition wireless communications and improves performance and stability of streaming-intensive applications such as VoIP and video streaming.
You configure Fast Roaming in the SSID settings on the Advanced tab.
SSID Bridge Mode and NAT Mode
WatchGuard access points can operate in Bridged mode or NAT (Network Address Translation) mode.
For most use cases we recommend you use Bridged mode. With Bridged mode, traffic is bridged between the wireless interface and the wired interface.
When you use NAT mode, the access point supplies clients with IP addresses from the DHCP range you configure and performs NAT for traffic between the wireless interface and the wired interface.
NAT mode is required to create an Access Point VPN.
You configure Bridged or NAT mode network settings in the SSID wireless configuration.
Band Steering
You can actively steer wireless clients from the 2.4 GHz band to use the less congested 5 GHz band to help balance associated clients on an access point between the 2.4 GHz and 5 GHz radios.
You configure Band Steering in the SSID settings on the Advanced tab.
- Balance Clients: Distributes the wireless client load between the 2.4 GHz and 5 GHz radios. Specify the percentage of clients that will use the 5 GHz radio. The remaining percentage will use the 2.4 GHz radio.
- Prefer 5 GHz (default): Clients are steered to the 5 GHz band if the client's signal strength in 5 GHz is higher than the configured threshold.
- Force 5 GHz: Enables the use of additional management packets to make sure a client is always disconnected from the 2.4 GHz radio and steered to the 5 GHz radio when the client reconnects to the access point.
Client Isolation
Client isolation prevents wireless clients from communicating directly to other wireless or wired clients and devices on the same network.
Client isolation is useful in typical guest Wi-Fi access deployments to prevent communications between guest clients and other clients and devices on the network. Client isolation is enabled by default if the SSID is configured as a Guest SSID.
Traffic Shaping
If you offer guest wireless access, you can use traffic shaping to prevent guest traffic from adversely affecting your private internal wireless network.
You configure bandwidth limits in the SSID settings on the Traffic Shaping tab.
In this example, the throughput rate for the Guest SSID has been limited to 10 Mbps for uploads and 20 Mbps for downloads.
