What's New in Wi-Fi Cloud
Wi-Fi Cloud 8.8 — Aug 23, 2019
Discover New Features and Enhancements
- Wi-Fi Configuration in Discover Feature DetailsIn Discover, you can now configure your Wi-Fi networks, including SSID settings and AP device and radio settings.
- WIPS Configuration in Discover Feature DetailsYou can now configure WIPS settings for your Wi-Fi networks in Discover, including the Authorized WiFi Policy, Intrusion Prevention, and WIPS classification settings.
- WIPS Monitoring in Discover Feature DetailsThe Monitor section in Discover now displays WIPS information including AP and Client classifications.
- WIPS Dashboard in Discover Feature DetailsThe Dashboard section in Discover now displays WIPS information, including an overview of AP and client classifications and security alerts.
- Wi-Fi Cloud Reports in Discover Feature DetailsFrom Discover, you can now configure, schedule, and view the same Wi-Fi reports as in Manage.
- AP Groups in Discover Feature DetailsAP groups in Discover enable you to organize and manage your APs across your location tree. You can apply the same configuration to APs even though they are placed in different location folders and floors.
Wi-Fi Cloud Enhancements
- Hitless AP Firmware Upgrades Feature DetailsAPs are not upgraded at the same time as nearby APs so that wireless clients in that vicinity can remain connected to the Wi-Fi network.
- Use SSID Profile Configuration for Authorized WiFi Policy Feature DetailsYou can now use the settings of your SSID Profiles to validate the configuration of your APs for the Authorized WiFi Policy. This simplifies the security settings of your Wi-Fi deployment when you use only WatchGuard APs.
- Staging Area in Location Folders Feature DetailsThe location folder for newly deployed APs is now called "Staging Area". Previously, this was called the "Unknown" folder.
- VXLAN Tunnel Support Feature DetailsYou can now configure VXLAN (Virtual Extensible LAN) tunnels.
- SNMP Trap Support with CIP Feature DetailsYou can now configure alerts to be sent as SNMP traps to SNMP trap destination servers through an AP420 configured in Cloud Integration Point (CIP) mode.
- Guest Passphrase for Web Form Captive Portals Feature DetailsThe Web Form captive portal now supports the ability for multiple guest users to log in to the portal with a single passphrase that you define in the portal configuration. This enables you to set up a captive portal splash page where guest users only need to type a passphrase to gain access.
- HTTP Pre-Validation for Web Form Guest Users Feature DetailsYou can now pre-validate guest user credentials in the Web Form plug-in with your own third-party CRM validation system. You can configure an external HTTP end-point and define any number of custom fields to validate during guest user login.
- Audit Logs and GDPR Compliance Feature DetailsAs part of GDPR compliance, you can now delete audit logs in Analyze based on the age of data.
- Guestbook Enhancements for Self-Registration Feature DetailsThe self-registration option for the Guestbook plug-in has been enhanced to improve the work flow of guest user approval. You can now configure the host email address to receive only a notification about guests that self-register for access. Host approval is only required if you have configured that option.
- Social Media Plug-in API Updates Feature DetailsFacebook and LinkedIn plug-in APIs have been updated to support the most recent versions.
Discover is a powerful cognitive Wi-Fi monitoring and troubleshooting tool that combines the power of large cloud data and advanced analytics intelligence to monitor the health of your Wi-Fi networks and automate Wi-Fi troubleshooting. Discover provides an easy-to-read big picture overview with the ability to narrow down the focus to specific details to identify and solve connectivity and performance issues on your network.
Discover is available as a new tile on your Launchpad Dashboard when you log in to Wi-Fi Cloud.
For more information, see About WatchGuard Discover.
This release of Wi-Fi Cloud includes these new and improved features:
- Automatic Transmit Power Control Enhancements Feature DetailsAutomatic transmit power control thresholds are now configurable. You can configure the Minimum and Maximum Tx Power Range, Loudness Threshold, and Connectivity Threshold. Default values are provided for optimized power control.
- Secure EoGRE Tunnels with IPSec Feature DetailsWave 2 APs (AP325 and AP420) now support tunneling with EoGRE over IPSec in either Tunnel or Transport mode. You can use IPSec in conjunction with EoGRE to provide encryption for encapsulated data to provide a secure and flexible VPN solution. EoGRE over IPSec is configured in a network interface profile.
- VoIP-aware Scanning Feature DetailsYou can now select VoIP-aware background scanning for 802.11ac Wave 2 APs (AP325 and AP420) to optimize high priority traffic during background scanning. Make sure that SSIDs added to the radio settings have the Application Visibility option enabled for traffic detection. If you enable VoIP-aware scanning on Wave 1 APs (AP120, AP320, AP322), this will disable background scanning on these APs.
- AP Auto Upgrade Enhancements Feature DetailsYou can now perform manual AP software updates outside of an expired automatic update window.
- Third-Party Analytics Integration Interval Feature DetailsThe minimum send interval for updating a third-party server with visibility analytics is reduced from 1 minute to 10 seconds. This enables you to send more immediate analytics data to the third-party server. You can configure an interval between 10 and 3600 seconds. The default interval is 600 seconds (10 minutes). This is configured in the Third Party Analytics Integration settings in a Device Template.
- Full Client Isolation Feature DetailsThe client isolation option now provides complete wireless isolation between clients connected to different APs, the same AP, or different radios of the same AP. This is useful in typical guest Wi-Fi access deployments. With full client isolation, wireless clients also cannot communicate with wired-side hosts on the same network. Client Isolation is configured in the Security settings of an SSID Profile and is disabled by default.
- SSID VLAN Monitoring Feature DetailsYou now have the option to disable SSID VLAN monitoring if you do not want the AP to monitor VLANs corresponding to the SSIDs defined on the VLAN. This optimizes the use of IP addresses by not creating an automatic bridge interface for every VLAN on an SSID. SSID VLAN Monitoring is enabled by default and is configured in the Device Settings of a Device Template.
- Disable AP LED support Feature DetailsYou can now disable LED activity for 802.11ac Wave 2 APs (AP325 and AP420). This enables you to hide any visible LED activity on your APs for security reasons. This option is configured in a device template, and cannot be configured for individual APs.
- HTTPS Redirection Support for Captive Portal Feature DetailsSupport is added for secure HTTPS redirection to a configured captive portal. A user that is connected to an SSID with a configured Captive Portal will now be successfully redirected to the portal when the user attempts to access an HTTPS site. HTTPS redirection is disabled by default.
- Configuration Support for MU-MIMO Feature DetailsYou can now disable the MU-MIMO capability on the 5GHz radio of 802.11ac wave 2 APs. This option is useful for cases when clients encounter bandwidth issues when both SU-MIMO and MU-MIMO clients connect simultaneously to wave 2 APs.
- Device Template Migration to Consolidated Template Feature DetailsYou can now migrate your existing AP model specific device templates to the consolidated model configuration template.
This release of Wi-Fi Cloud includes these new and improved features:
- Automatic Transmit Power Control Feature DetailsAPs can now dynamically adjust and optimize their transmit power in coordination with other APs to provide optimal coverage and minimize interference.
- Consolidated Device Templates Feature DetailsDevice templates are now configured independently of the AP hardware platform type. All AP models are now managed through a single configuration within the template instead of having a separate configuration for each device type.
- Background Scanning and WIPS Feature DetailsBackground scanning has now been decoupled from WIPS security scanning. You can enable Background Scanning for use in radio communications optimization without enabling additional WIPS scanning.
- Cloud Integration Point Feature DetailsCloud Integration Point (CIP) enables the integration of WatchGuard Wi-Fi Cloud with on-premise WLAN controllers such as Aruba Mobility Controller, Cisco Wireless LAN Controller (WLC), and HP Multi-Service Mobility (MSM) Controller, and also logging and ESM services such as ArcSight ESM and Syslog. CIP is only supported with AP420 devices.
- RADIUS Profiles Feature DetailsFor easier RADIUS configuration, you can now create RADIUS configuration profiles that can be applied to any feature that uses RADIUS instead of having to configure the same RADIUS settings in each SSID profile.
- RADIUS MAC Authentication Enhancements Feature DetailsIf a client’s secondary authentication fails, the client can be assigned either an SSID profile or a Role Profile. If a client successfully completes secondary authentication, they are assigned a Role Profile.
- Suspicious AP Monitoring Feature DetailsYou can monitor APs that you do not manage by marking them as "Suspicious". This allows you to track performance data for the AP.
- AP Upgrades over Port 443 Feature DetailsAP upgrades now occur securely over TCP port 443. If this port is unavailable or blocked, the upgrade process will use TCP port 80.
- AP Firmware Downgrade Feature DetailsYou can now downgrade the firmware of an AP to a previous firmware version.