Network Services Best Practices

This table provides recommendations for network service configuration to support a WatchGuard Wi-Fi Cloud deployment in an enterprise environment.

Service	Recommended	Notes
DHCP	Use the current network DHCP servers.
DNS	Use the current network DNS services.
Proxy	Configure proxy bypass rules to allow AP to cloud management traffic.	All management traffic from the access points to Wi-Fi Cloud must be configured to bypass proxies while preventing unfiltered user access to the Internet. You can use a WatchGuard Firebox to configure policies for Wi-Fi Cloud traffic and bypass proxies. Predefined policies are available for this purpose. If your Firebox runs Fireware v11.11.4 or higher, the Firebox configuration file includes the predefined WG-Cloud-Managed-WiFi packet filter policy that you can add to the configuration to enable traffic over the ports required for WatchGuard Wi-Fi Cloud domains.
Firewall	You must allow this traffic on your firewall: Port 3851 (UDP) outbound Port 3852 (UDP) outbound for APs configured in CIP mode Port 80 (TCP) outbound / stateful inbound Port 443 (TCP) outbound / stateful inbound	These are the required ports for WatchGuard APs to communicate with WatchGuard Wi-Fi Cloud at these domains: *.cloudwifi.com redirector.online.spectraguard.net
NAT	Use the current network NAT solution.	Consider enabling NAT on the AP for small remote sites.
Traffic Shaping and QoS	Apply traffic shaping and QoS to traffic inbound from Internet.
Content Filtering	Use the current network content filter solution.	Consider content filtering on the AP for small remote sites.
RADIUS	Use the current network RADIUS solution.

© 2024 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.