Contents

Monitor Access Points

The Monitoring > Security > APs tab shows all visible access points, including the devices that operate in AP mode.

APs are classified into these types, each represented by a different color:

  • Uncategorized — When an AP is first detected, it is treated as an uncategorized AP.
  • Authorized — This AP is authorized to get access to wired and wireless networks and network resources.
  • Misconfigured — This AP does not match the current WLAN security policy.
  • Rogue — This AP is not authorized to get access to network or network resources. It is an AP that is installed in an unauthorized manner, without the knowledge of the administrator or without authorization. It can be used for malicious activity, such as theft of sensitive data or unauthorized access to network resources. It is essential to protect your network from rogue APs and from clients that associate with these APs.
  • External — This AP is not connected to your network, but is a neighboring AP that operates in your area.

You can choose one or more of these categories at a time. Select All to see APs from all categories.

WatchGuard APs that form a wireless mesh network are always categorized as Authorized APs. You cannot change the category of these WatchGuard APs. If APs from vendors other than WatchGuard are part of the mesh network, you can to change the category of these APs from authorized to any other category.

When you select an AP, the information related to the selected AP appears on multiple pages. To see more details related to an AP, select a page number.

1 — Properties and Recently Associated Clients

2 — Events related to the AP

3 — Devices that can see the AP, AP Utilization

4 — AP Associated Clients, AP Traffic

5 — AP Average Data Rate, AP Error Rate Trend

To perform operations related to the APs you can select the toolbar options. To perform any operation from the toolbar, you must first select an AP.

Monitoring > Security > APs toolbar

This table provides a description of the columns in the AP security view:

Column

Description

Currently Active?

Indicates whether the AP is active or inactive

RSSI

Observed RSSI (Received Signal Strength Indicator) value for the AP

Name

User-defined name of the AP.

MAC Address

Unique 48-bit address of the AP/ 802.11 PHY modes used by the AP.

Channel

Channel number on which the AP operates. The channel is shown as Dual for APs that operate on 802.11a and 802.11b/g simultaneously.

Protocol

 802.11 protocol used – 802.11a, 802.11b only, 802.11b/g, or 802.11a/b/g, with or without 802.11n or 802.11ac capability

Clients

Number of active clients associated with the AP.

SSID

For an AP, this specifies the SSID that is the unique identity that prospective clients use to recognize the network. When several WLANs operate in the same space, the SSID helps clients decide which one to join. However, SSID alone does not provide any meaningful security.

Security

Security standards, such as Open, WEP, WPA, 802.11i, or Unknown, that are applied to the AP. This is based on the template applied to the AP.

Location

Location of the AP

Network

Network to which the AP is connected

Up/Down Since

Date and time the AP has most recently gone up or down

Networked Status

Indicates whether or not the AP is in the network

Vendor

Name of the AP vendor

Is Banned

Indicates if the AP is a banned AP

Quarantine Status

Indicates if the AP is quarantined

First Detected At

Date and time when the AP was first detected

Encryption

Encryption protocol used by the AP

Troubleshooting

Indicates whether troubleshooting is in progress for the AP

MFP/11w

Indicates if MFP/11w is enabled on the AP

Authentication

Authentication protocol used by AP

Classification

WIPS classification of the AP

Manually Classified

Indicates whether the AP is manually classified

View AP Properties

Select an AP to see its properties. You can edit some AP properties. Double-click the property to edit its value.

This table describes the AP properties:

Property

Description

Name

Name of the AP

Classification

Specifies whether the AP is categorized as Authorized, External, or Rogue. Uncategorized indicates that the AP has not been categorized.

Location

 AP location

Is Placed

Specifies whether the AP was placed on a layout for a location

MAC Address

Unique 48-bit address of the AP/ 802.11 PHY modes used by the AP

Protocol

Wireless protocol version used by the AP to provide wireless connectivity

Capability

Operation mode capabilities of the device like 802.11n, 802.11ac, Super AG, and Turbo

SSID

SSID of the  wireless LAN to which the AP is connected

Is Guest

Specifies whether the AP is a guest AP.

Device Tag

Text with additional information about the AP. For example: Hawaii Conference Room, Bldg 15 – Cubicle G2.

IP Address

IP address if the AP is authorized. The property is blank if the AP is rogue or external.

Network

Network tag of the network to which the AP is connected. This value is blank if the AP is not connected to a network.

Vendor Name

Name of the AP vendor

First Detected At

Date and time when the AP was first detected by Wi-Fi Cloud

Up Since

Date and time the AP most recently started up

Channel

Channel number on which the AP operates

Basic Link Rates (Mbps)

Comma-separated list of link rates the AP supports

Security

Security standard applied to the AP. This is based on the template applied to the AP.

Authentication

Procedure used by AP to verify the identity of a client

Pairwise Encryption

Encryption used for unicast communication between the AP and a client. MULTIPLE is displayed if For All BSSIDs is selected in the MAC/Protocol field.

Groupwise Encryption

Specifies the encryption used for broadcast or multicast communication from the AP. MULTIPLE is displayed if For All BSSIDs is selected in the MAC/Protocol field.

Beacon Interval

Time interval, in milliseconds, between successive beacons of the AP

802.11n Capability

This setting is visible only if the selected AP is an 802.11n AP. It provides information about whether the AP is compliant with early or standard implementations of the 802.11n standard.

Channel Width

This setting is visible only if the selected AP is an 802.or a 802.11ac AP. It specifies whether an 802.11n AP operates on a 20 MHz or 40 MHz channel width. 802.11n enables the use of a standard channel width of 20 MHz or a double channel width of 40 MHz. To achieve a 40 MHz channel width, use two adjacent channels to send data simultaneously. For an 802.11ac capable AP, the possible values are 20 MHz, 40 MHz, 80 MHz, 160 MHz, or 80+80 MHz.

Channel offset

This setting is visible only if the selected AP is an 802.11n AP. It specifies whether the adjacent channel used in 40 MHz operation is above or below the primary channel for the selected 802.11n AP.

Data Rate

This setting is visible only if the selected AP is an 802.11n or 802.11ac AP. It specifies the highest 802.11n data rate or the  highest 802.11ac data rate of the selected active 802.11n AP or 802.11ac AP with which it communicates with the client.

GI for 20 MHz

This setting is visible only if the selected AP is an 802.11n AP. It specifies whether the AP can use the short guard interval for 20 MHz. The possible values are 400 nanoseconds and 800 nanoseconds.

GI for 40 MHz

This setting is visible only if the selected AP is an 802.11n AP. It specifies whether the AP can use the short guard interval for 40 MHz. The possible values are 400 nanoseconds and 800 nanoseconds. The setting only applies if the channel width is 40 MHz or more.

802.11n MCS supported

This setting is visible only if the selected AP is an 802.11n AP. It specifies the various Modulation and Coding Schemes (MCS) supported for 802.11n. The 802.11n standard defines a total of 77 MCS. Each MCS is a combination of a certain modulation (for example, BPSK, QPSK, 64-QAM), coding rate (for example, 1/2, 3/4), guard interval (800 or 400 ns), and number of spatial streams. Support for MCS 0-15 is mandatory for 802.11n APs and support for MCS 0-7 is mandatory for 802.11n clients.

Greenfield Mode

This setting is visible only if the selected AP is an 802.11n AP. It specifies whether the AP can work in the Greenfield mode. Greenfield mode is an optional high-throughput mode in the 802.11n standard that is not backward compatible with legacy (802.11a/b/g) protocols and is expected to provide maximum performance benefits of 802.11n.

802.11n Beam forming Capability

This setting is visible only if the selected AP is an 802.11n AP. It specifies whether the AP is capable of Beamforming. Beamforming is an RF transmission method that helps focus the radiated RF energy directly at a receiving client. This improves signal reception at the client and also the throughput.

MFP/802.11w

Indicates if MFP/802.11w is enabled on the selected AP.

Quarantine Status

Quarantine status of the selected AP. Possible values are Not in Quarantine, Quarantine Active, Quarantine Pending, DoS Quarantine on, DoS Quarantine pending, Quarantine disabled.

Defending Sensor Name

Name of defending sensor.

Quarantine Pending Reason

Reason for quarantine if quarantine is pending. Possible values are Device Inactive, Device(s) outside the prevention range of all <device name> devices, Prevention capacity full at all <device name> within the prevention range, Device operating Channel unknown, Quarantined Client currently not a security threat, Error in selecting <device name> for prevention, No suitable <device name> found for prevention, device channel not in defend list of any <device name>, Wired side identity of the device not available, waiting for <device name> acknowledgment, Unknown.

Tx STBC 802.11n

This setting is visible only if the selected AP is an 802.11n AP. It indicates support for transmission of PLCP protocol data units (PPDUs) using space time block code (STBC).

Rx STBC 802.11n

This setting is visible only if the selected AP is an 802.11n AP. It indicates support for reception of PLCP protocol data units (PPDUs) using space time block code (STBC).  If this reception is supported, the number of spatial streams supported is indicated. Up to 3 spatial streams are supported for the 802.11n protocol.

802.11ac capability

This setting is visible only if the selected AP is an 802.11ac AP. It indicates whether the selected AP is 802.11ac capable.

Supported Channel width

This setting is visible only if the selected AP is an 802.11ac AP. It indicates the 160 and 80+80 MHz operation capability of the selected 802.11ac AP. Possible values are 80 MHZ, 160 MHz, or 160 MHz and 80+80 MHz.

GI (80MHz)

This setting is visible only if the selected AP is an 802.11ac AP. It indicates whether the 802.11ac AP can use the short guard interval for 80 MHz.
The possible values are 400 nanoseconds and 800 nanoseconds. This setting only applies if the channel width is 80 MHz or more.

GI (160 MHz and 80+80 MHz)

This setting is visible only if the selected AP is an 802.11ac AP. It indicates whether the 802.11ac AP can use the short guard interval for 160 MHz and 80+80 MHz.
The possible values are 400 nanoseconds and 800 nanoseconds.  This setting applies only if the channel width is 160 MHz or 80+80 MHz.

Tx STBC 802.11ac

This setting is visible only if the selected AP is an 802.11ac AP. It indicates support for the transmission of at least 2x1 STBC.

Rx STBC 802.11ac

This setting is visible only if the selected AP is an 802.11ac AP. It indicates support for the reception of  PLCP protocol data units (PPDUs) using space time block code (STBC).  If this reception is supported, the number of spatial streams supported is indicated. Up to 4 spatial streams are supported for the 802.11ac protocol.

SU Beamformer Capability

This setting is visible only if the selected AP is an 802.11ac AP. It indicates support for operation as a single user beamformer.

SU Beamformee Capability

This setting is visible only if the selected AP is an 802.11ac AP. It indicates support for operation as a single user beamformee.

MU Beamformer Capability

This setting is visible only if the selected AP is an 802.11ac AP. It indicates support for operation as a multiuser beamformer.

MU Beamformee Capability

This setting is visible only if the selected AP is an 802.11ac AP. It indicates support for operation as a multiuser beamformee.

802.11ac MCS for each Stream

This setting is visible only if the selected AP is an 802.11ac AP. It specifies the maximum 802.11ac Modulation and Coding Schemes (MCS) supported for each supported Tx stream.

Number of Spatial Streams

This setting is visible only if the selected AP is an 802.11ac AP. It specifies the number of Tx and Rx spatial streams supported by the AP.

Channel List

This setting is visible only if the selected AP is an 802.11ac AP. It specifies the list of channels in the operating band of the 802.11ac AP.

Mesh mode

Indicates whether mesh mode is enabled or disabled for the selected AP.

View Recently Associated Clients

In Recently Associated Clients, you can see a list of clients that are recently associated to the selected AP. The criteria for recent association is either 4 hours or 100 thousand clients. This is the total number of associations and not per device. Client details such as Client Active/Inactive, Client Name, SSID, and Last Detected At (which shows the date and time or Present) are displayed.

Information related to recently associated clients is available in specific deployments only.

Mark APs as Suspicious

APs that are connected to and managed by Wi-Fi Cloud are called Managed APs. All other APs are Non-Managed APs. For Managed APs, Wi-Fi Cloud automatically collects and stores performance data, such as AP utilization, clients connected to the AP, and AP data and error rates. There can be Non-Managed APs that you want to monitor. To do this, mark the APs as "Suspicious". Wi-Fi Cloud then collects and stores additional data for these suspicious APs.

To mark an AP as suspicious:

  1. Select Monitoring > Security.
  2. Select the APs tab.
  3. Select the location for the AP.
  4. Select one or more APs, then click More on the toolbar.
  5. Click Suspicious to mark the AP. You can also mark the AP as Non Suspicious if you no longer want to monitor the performance of the AP.

View AP Utilization

In the AP Utilization section, you can see a graphical representation of the percentage of AP utilization over the last 4 hours. The AP Utilization section is displayed only for authorized APs. The device keeps track of the cumulative time occupancy as a percentage of the total scan time of the channel every 15 minutes.

View AP Associated Clients

In the AP Associated Clients section, you can see a graphical representation of the clients associated with the AP over the last 4 hours. The number of client associations with the AP is measured every 15 minutes.

View AP Traffic

In the AP Traffic section, you can see a graphical representation of AP traffic over the last 4 hours. The AP Traffic section is displayed only for authorized APs. Traffic sent and received by the AP is measured every 15 minutes. Note that sensors that scan AP channels spend only a percentage of the total time on any given channel. This parameter usually underestimates the actual traffic, depending on the number of channels to scan and differences in the rate of network traffic.

View AP Average Data Rate

In the AP Average Data Rate section, you can see a graphical representation of the average data rate in Mbps of the AP over the last 12 hours. The AP Average Data Rate section is displayed only for authorized APs. Devices that see the client keep track of the transmission rates of the data frames in the BSS of the AP and report the weighted average transmission rate over every 15 minutes.

View Devices That See an AP

The Devices Seeing APs widget displays the devices in sensor mode that have detected the selected AP.

To see the devices that see the AP:

  1. Select Monitoring > Security > APs.
  2. Select the AP.
  3. Select page 9 to view the devices seeing the AP in the Seen By section.

View AP Events

To see the current AP events for the AP selected in the upper pane:

  1. Select Monitoring > Security > APs.
  2. Select the AP.
  3. Select page 5 to look at the events associated with the AP.

Change AP Location

To change the location of an AP on the floor map:

  1. Select Monitoring > Security > APs.
  2. Select the location.
  3. Select the AP that you want to change the location of.
  4. Click Change location icon.
  5. Select the new location for the AP.
  6. Click OK.

Locate AP

To locate an AP on the location floor map:

  1. Select Monitoring > Security > APs.
  2. Select the location where the AP is located.
  3. Select the AP.
  4. Click Locate icon on the toolbar to locate the AP on the location floor map.

Quarantine an AP

To quarantine an AP:

  1. Select Monitoring > Security > APs.
  2. Select the location where the AP is located.
  3. Select the AP.
  4. Click Quarantine icon on the toolbar, then click Yes on the confirmation message to quarantine the AP.

Change AP Category

To change the AP category:

  1. Select Monitoring > Security > APs.
  2. Select the location where you want to change the AP category.
  3. Select the AP.
  4. Click Change category icon on the toolbar.
  5. Select a category (Authorized, External, or Rogue).

Disable Auto Quarantine

To disable auto-quarantine for an AP:

  1. Select Monitoring > Security > APs.
  2. Select the location where the AP is located.
  3. Select the AP and click More on the toolbar.
  4. Click the Disable auto-quarantine option to disable automatic quarantine of APs.

Add AP to Banned List

To add an AP to the banned list:

  1. Select Monitoring > Security > APs.
  2. Select the location where the AP is located.
  3. Select the AP and click More on the toolbar.
  4. Click the Add to Banned List option to add the AP to the banned list.

Sort APs

You can sort AP details on the columns in the upper pane of the APs tab. You can sort the APs in ascending or descending order.

  1. Select Monitoring > Security > APs.
  2. Select a location.
  3. Select the column to sort, then click the drop-down list for the sort options.

Filter AP Details

You can choose the columns to view or filter the AP information to display based on filter text that matches the text in the selected column.

For example, if you want to see only the APs with WPA security:

  1. Select Monitoring > Security > APs.
  2. Select the location.
  3. Select Security in the upper pane, click the drop-down arrow, and type WPA as the filter text.
  4. Click Enter key to see the APs with WPA security.

To choose the columns to view:

  1. Select Monitoring > Security > APs.
  2. Select the location.
  3. Select any column name in the upper pane and click the drop-down arrow.
  4. Select the Columns option in the menu and select the check boxes for the columns to see.

Search APs

You can search for an AP based on the name, MAC address, or SSID of the AP.

To search for an AP:

  1. Select Monitoring > Security > APs.
  2. Select the location where you want to search APs.
  3. Type the name, MAC address, or SSID of the AP in the Quick Search box.
  4. Press the Enter key.
    APs that match the search criteria are displayed in the upper pane.

Print AP List for Location

To print the AP list for a location:

  1. Select Monitoring > Security > APs.
  2. Select the location where you want to print the APs list.
  3. Select the type of APs that you want to print.
  4. Select the columns that you want to print.
  5. Click Print icon.
    A print preview of the AP list appears.
  6. Click Print.

Delete AP

To delete an AP:

  1. Select Monitoring > Security > APs.
  2. Select the location where you want to delete the AP.
  3. Select  one or more APs to delete and click More on the toolbar.
  4. Click the Delete option to initiate the delete operation for the AP.
  5. Click Yes to confirm.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search