Contents

AP Auto-Classification

WatchGuard Wi-Fi Cloud automatically classifies APs that connect to your network to prevent unauthorized APs from compromising your wireless network.

It is important to know the authenticity of APs on your network because unauthorized or misconfigured APs can introduce severe security vulnerabilities.

Diagram of AP WIPS Classification

APs are classified in these categories:

  • Authorized — APs connected to your network that match your Authorized WLAN Policy.
  • Misconfigured — Authorized APs with a configuration that does not match your Authorized WLAN Policy.
  • Rogue — Unauthorized APs connected to your network that do not match your Authorized WLAN Policy.
  • External — Neighborhood APs operating in the vicinity of your network, but are not connected to your network.
  • Uncategorized — New APs discovered by Wi-Fi Cloud that have not yet been classified. APs are then assigned a potential classification based on their network connectivity to the monitored network and their compliance with the Authorized WLAN Policy.
  • All WatchGuard APs connected to your network that match your Authorized WLAN Policy are auto-classified as Authorized.
  • All APs not managed by Wi-Fi Cloud (such as third-party APs) connected to your network that match your Authorized WLAN Policy are auto-classified as Potentially Authorized. You must manually classify these APs as Authorized.
  • All APs not managed by Wi-Fi Cloud (such as third-party APs) connected to your network that do not match your Authorized WLAN Policy are auto-classified as Potentially Rogue.
  • All APs not managed by Wi-Fi Cloud (such as third-party APs) not connected to your network are auto-classified as Potentially External.

Monitor AP Classification

You can see how Wi-Fi Cloud classifies APs on your network from the Monitoring > Security > APs page in Manage.

For more information, see Monitor Access Points.

Monitoring > Security > APs page in Manage

If you have known APs that are listed as Uncategorized, you can manually set the classification category of the AP to set it as Authorized. Make sure you verify the location and configuration of the device before changing an AP classification category.

  1. In Manage, select Monitoring > Security > APs.
  2. Select the AP that is classified as Uncategorized.
  3. Click the Change classification category icon icon on the tool bar.
  4. Select the Authorized category.

Change category icon selection

If you do not recognize the device, you can also manually set the category to Rogue to make sure clients cannot connect to the device until you can determine its location and configuration.

You can perform this procedure for other categories of APs, but in the case of Misconfigured or Rogue APs, you must make sure that the AP is a known AP and the configuration is correct to prevent security vulnerabilities on your wireless network.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search