What's New in Wi-Fi Cloud

• Okta Authentication Plug-in for Captive PortalFeature Details You can now use Okta for social media plug-in authentication for captive portal users.

• Scheduled AP Firmware Update EnhancementsFeature Details Wi-Fi Cloud now provides improved visibility for scheduled device updates including a new scheduled update icon, counter notification, and monitoring data on last update and upcoming scheduled update window.
• Offline Mode WIPS SettingsFeature Details You can now apply Offline mode settings for WIPS Device Classification and Intrusion Prevention Policy to access points.
• Custom Applications ExperienceFeature Details You can now add custom applications to the current Applications Experience Dashboard.
• RADIUS EnhancementsFeature Details You can now define RADIUS servers by a hostname in addition to an IP address. You can now define up to 3 backup RADIUS servers in addition to the primary RADIUS server when you configure RADIUS authentication. You can now use set a custom password in RADIUS MAC authentication for an SSID.
• Flash AP LEDsFeature Details You can now flash the AP LEDs from the Monitor > WiFi > Access Points page. This is useful if you have disabled LEDs on the AP for security reasons and you want to identify the AP.

• AP Health and Performance WidgetsFeature Details New AP health and performance widgets are available in Discover, including spectrum occupancy and RF explorer features.
• VLAN NamesFeature Details You can now use VLAN names to map a VLAN name to one or more VLAN IDs that enable you to use different VLAN IDs at multiple locations for the same SSID.
• Web-based Enterprise Application ExperienceFeature Details You can now monitor web-based enterprise application experience such as cloud services, web-based email and office applications, online drives, and custom applications that you define.
• mDNS TaggingFeature Details Wi-Fi Cloud APs now support multicast DNS (mDNS) packet tagging. This is enabled in the SSID Network settings, and requires the use of Location tags.
• Floor plan EnhancementsFeature Details You can now add floor plan images to location folders, add notes to floor plans, and drag and drop sub-folder locations on to a floor plan.
• Notification Language SettingsFeature Details You can now set a default language for system notifications and email notifications.

• Remote Access PointFeature Details Enables you to extend your corporate SSID to a remote workplace such as remote worker home offices or small branch offices with an AP connected to the corporate network through an IPSec VPN tunnel.
• Enable or disable an AP radioFeature Details You can now individually disable or enable the 2.4 and 5 GHz radios on an AP.
• Download AnalyticsFeature Details You can now download Visibility and Association analytics from the Reports menu in Discover.
• Download Audit LogsFeature Details You can now download user management audit logs and set the audit log retention policy from the System menu in Discover.
• Download AlertsFeature Details You can now download a full list of possible alert events in tab-separated value format from the Configure > Alerts page in Discover.
• Manage AP and Server Communications KeyFeature Details For advanced security purposes, you can now configure and manage your own key or passphrase used for authentication and encryption between Wi-Fi Cloud and managed APs.

• Zoom and Microsoft Teams support in Application DashboardFeature Details The Zoom and Microsoft Teams applications are now available on the Application Dashboard in Discover.
• Scheduled firmware upgrades in DiscoverFeature Details You can now configure scheduled firmware upgrades and options for new device upgrades in Discover.
• Configure mesh networks in DiscoverFeature Details You can now configure mesh networks in Discover. You must configure mesh network profiles for APs in an AP Group.
• Client issue root cause analysisFeature Details In Discover, you can now view the root cause analysis of issues that affect one or more client devices and the recommendations for how to resolve these issues.
• Locate APs and clients in DiscoverFeature Details You can now locate APs and clients on a floor map in Discover.
• Cloud Integration Point (CIP) high availabilityFeature Details Cloud Integration Point (CIP) now supports a high availability configuration in Discover that enables you to select a primary and secondary CIP-enabled AP for syslog and SNMP servers, and WLAN integration.
• New AP health statistics and wired network propertiesFeature Details New AP health statistics and wired network properties are available in the AP monitoring pages and AP properties in Discover.
• Client connectivity test captive portal supportFeature Details Client connectivity tests now support SSIDs with captive portals.

• You can now configure tri-radio AP models so that the AP operates in full WIPS sensor mode on radio 1 (2.4 GHz) and radio 2 (5 GHz), while the third radio is disabled.
• The AP325 is now PoE 802.3af compliant. The AP now operates with full capabilities in both 802.3af (PoE) and 802.3at (PoE+) power modes.
• You can now enable Cloud Integration Point (CIP) mode for the AP420 in Discover. To enable CIP mode, select Monitor > WiFi > Access Points, right-click the AP, then select Enable CIP Mode.
• Added hardware-based encryption support for IPSec tunnels to increase the throughput and performance on AP420 devices.
• Added support for TCP MSS (maximum segment size) clamping in the EoGRE, IPSec, and VxLAN tunnel configuration.
• Some changes have been made to the LED behavior for the radio and LAN indicators on an AP:
• A radio LED indicator is on when the radio is operational with an enabled SSID or if WIPS scanning is in progress on the radio.
• The primary LAN LED indicator is on when the interface is connected and up. Any additional LAN ports on the AP will be indicated as on when a VLAN extension, wired extension, or link aggregation is enabled on the interface.
• The automatic channel selection algorithm is enhanced to improve optimum channel distribution in high density deployments.
• Added support to restrict AP operation on the 5 GHz band in the Israel regulatory domain.
• APs now support the RADIUS authentication NAS-IP-Address and NAS-IPv6-Address attributes.

• Enhanced role-based access control for RADIUS MAC authentication — You can now configure RADIUS MAC Authentication to assign role profiles to clients both before and after authentication. This enhances Wi-Fi Cloud integration with third-party RADIUS servers and deployment scenarios that use external RADIUS portal authentication. For more information, see RADIUS MAC Authentication.
• Uniform LED patterns for all 802.11ac Wave 1 and Wave 2 APs. For more information, see Troubleshoot WatchGuard AP LED Status or the Hardware Guide for your AP model.
• Support added for the upcoming AP225W wall-plate access point.

Discover New Features and Enhancements

• Wi-Fi Configuration in Discover   Feature Details In Discover, you can now configure your Wi-Fi networks, including SSID settings and AP device and radio settings.
• WIPS Configuration in Discover   Feature Details You can now configure WIPS settings for your Wi-Fi networks in Discover, including the Authorized WiFi Policy, Intrusion Prevention, and WIPS classification settings.
• WIPS Monitoring in Discover   Feature Details The Monitor section in Discover now displays WIPS information including AP and Client classifications.
• WIPS Dashboard in Discover   Feature Details The Dashboard section in Discover now displays WIPS information, including an overview of AP and client classifications and security alerts.
• Wi-Fi Cloud Reports in Discover   Feature Details From Discover, you can now configure, schedule, and view the same Wi-Fi reports as in Manage.
• AP Groups in Discover   Feature Details AP groups in Discover enable you to organize and manage your APs across your location tree. You can apply the same configuration to APs even though they are placed in different location folders and floors.

Wi-Fi Cloud Enhancements

• Hitless AP Firmware Upgrades   Feature Details APs are not upgraded at the same time as nearby APs so that wireless clients in that vicinity can remain connected to the Wi-Fi network.
• Use SSID Profile Configuration for Authorized WiFi Policy   Feature Details You can now use the settings of your SSID Profiles to validate the configuration of your APs for the Authorized WiFi Policy. This simplifies the security settings of your Wi-Fi deployment when you use only WatchGuard APs.
• Staging Area in Location Folders   Feature Details The location folder for newly deployed APs is now called "Staging Area". Previously, this was called the "Unknown" folder.
• VXLAN Tunnel Support   Feature Details You can now configure VXLAN (Virtual Extensible LAN) tunnels.
• SNMP Trap Support with CIP   Feature Details You can now configure alerts to be sent as SNMP traps to SNMP trap destination servers through an AP420 configured in Cloud Integration Point (CIP) mode.

• Guest Passphrase for Web Form Captive Portals   Feature Details The Web Form captive portal now supports the ability for multiple guest users to log in to the portal with a single passphrase that you define in the portal configuration. This enables you to set up a captive portal splash page where guest users only need to type a passphrase to gain access.
• HTTP Pre-Validation for Web Form Guest Users   Feature Details You can now pre-validate guest user credentials in the Web Form plug-in with your own third-party CRM validation system. You can configure an external HTTP end-point and define any number of custom fields to validate during guest user login.
• Audit Logs and GDPR Compliance   Feature Details As part of GDPR compliance, you can now delete audit logs in Analyze based on the age of data.
• Guestbook Enhancements for Self-Registration   Feature Details The self-registration option for the Guestbook plug-in has been enhanced to improve the work flow of guest user approval. You can now configure the host email address to receive only a notification about guests that self-register for access. Host approval is only required if you have configured that option.
• Social Media Plug-in API Updates   Feature Details Facebook and LinkedIn plug-in APIs have been updated to support the most recent versions.

Discover is a powerful cognitive Wi-Fi monitoring and troubleshooting tool that combines the power of large cloud data and advanced analytics intelligence to monitor the health of your Wi-Fi networks and automate Wi-Fi troubleshooting. Discover provides an easy-to-read big picture overview with the ability to narrow down the focus to specific details to identify and solve connectivity and performance issues on your network.

Discover is available as a new tile on your Launchpad Dashboard when you log in to Wi-Fi Cloud.

For more information, see About WatchGuard Discover.

This release of Wi-Fi Cloud includes these new and improved features:

• Automatic Transmit Power Control Enhancements   Feature Details Automatic transmit power control thresholds are now configurable. You can configure the Minimum and Maximum Tx Power Range, Loudness Threshold, and Connectivity Threshold. Default values are provided for optimized power control.
• Secure EoGRE Tunnels with IPSec   Feature Details Wave 2 APs (AP325 and AP420) now support tunneling with EoGRE over IPSec in either Tunnel or Transport mode. You can use IPSec in conjunction with EoGRE to provide encryption for encapsulated data to provide a secure and flexible VPN solution. EoGRE over IPSec is configured in a network interface profile.
• VoIP-aware Scanning   Feature Details You can now select VoIP-aware background scanning for 802.11ac Wave 2 APs (AP325 and AP420) to optimize high priority traffic during background scanning. Make sure that SSIDs added to the radio settings have the Application Visibility option enabled for traffic detection. If you enable VoIP-aware scanning on Wave 1 APs (AP120, AP320, AP322), this will disable background scanning on these APs.
• AP Auto Upgrade Enhancements   Feature Details You can now perform manual AP software updates outside of an expired automatic update window.
• Third-Party Analytics Integration Interval   Feature Details The minimum send interval for updating a third-party server with visibility analytics is reduced from 1 minute to 10 seconds. This enables you to send more immediate analytics data to the third-party server. You can configure an interval between 10 and 3600 seconds. The default interval is 600 seconds (10 minutes). This is configured in the Third Party Analytics Integration settings in a Device Template.
• Full Client Isolation   Feature Details The client isolation option now provides complete wireless isolation between clients connected to different APs, the same AP, or different radios of the same AP. This is useful in typical guest Wi-Fi access deployments. With full client isolation, wireless clients also cannot communicate with wired-side hosts on the same network. Client Isolation is configured in the Security settings of an SSID Profile and is disabled by default.
• SSID VLAN Monitoring   Feature Details You now have the option to disable SSID VLAN monitoring if you do not want the AP to monitor VLANs corresponding to the SSIDs defined on the VLAN. This optimizes the use of IP addresses by not creating an automatic bridge interface for every VLAN on an SSID. SSID VLAN Monitoring is enabled by default and is configured in the Device Settings of a Device Template.
• Disable AP LED support   Feature Details You can now disable LED activity for 802.11ac Wave 2 APs (AP325 and AP420). This enables you to hide any visible LED activity on your APs for security reasons. This option is configured in a device template, and cannot be configured for individual APs.
• HTTPS Redirection Support for Captive Portal   Feature Details Support is added for secure HTTPS redirection to a configured captive portal. A user that is connected to an SSID with a configured Captive Portal will now be successfully redirected to the portal when the user attempts to access an HTTPS site. HTTPS redirection is disabled by default.
• Configuration Support for MU-MIMO   Feature Details You can now disable the MU-MIMO capability on the 5GHz radio of 802.11ac wave 2 APs. This option is useful for cases when clients encounter bandwidth issues when both SU-MIMO and MU-MIMO clients connect simultaneously to wave 2 APs.
• Device Template Migration to Consolidated Template   Feature Details You can now migrate your existing AP model specific device templates to the consolidated model configuration template.

• Pre-Validation for Guest Login   Feature Details Support is added for additional pre-validation for guest users that log in to a Wi-Fi network. You can configure an external HTTPS end-point for use with the SMS plug-in and define any number of custom fields to validate during guest login.

This release of Wi-Fi Cloud includes these new and improved features:

• Automatic Transmit Power Control   Feature Details APs can now dynamically adjust and optimize their transmit power in coordination with other APs to provide optimal coverage and minimize interference.
• Consolidated Device Templates   Feature Details Device templates are now configured independently of the AP hardware platform type. All AP models are now managed through a single configuration within the template instead of having a separate configuration for each device type.
• Background Scanning and WIPS   Feature Details Background scanning has now been decoupled from WIPS security scanning. You can enable Background Scanning for use in radio communications optimization without enabling additional WIPS scanning.
• Cloud Integration Point   Feature Details Cloud Integration Point (CIP) enables the integration of WatchGuard Wi-Fi Cloud with on-premise WLAN controllers such as Aruba Mobility Controller, Cisco Wireless LAN Controller (WLC), and HP Multi-Service Mobility (MSM) Controller, and also logging and ESM services such as ArcSight ESM and Syslog. CIP is only supported with AP420 devices.
• RADIUS Profiles   Feature Details For easier RADIUS configuration, you can now create RADIUS configuration profiles that can be applied to any feature that uses RADIUS instead of having to configure the same RADIUS settings in each SSID profile.
• RADIUS MAC Authentication Enhancements   Feature Details If a client’s secondary authentication fails, the client can be assigned either an SSID profile or a Role Profile. If a client successfully completes secondary authentication, they are assigned a Role Profile.
• Suspicious AP Monitoring   Feature Details You can monitor APs that you do not manage by marking them as "Suspicious". This allows you to track performance data for the AP.
• AP Upgrades over Port 443   Feature Details AP upgrades now occur securely over TCP port 443. If this port is unavailable or blocked, the upgrade process will use TCP port 80.
• AP Firmware Downgrade   Feature Details You can now downgrade the firmware of an AP to a previous firmware version.