About WatchGuard Wi-Fi Cloud WIPS

WIPS (Wireless Intrusion Prevention System) is a powerful, cloud-based, enterprise-level wireless security solution that helps detect and prevent threats to your wireless network.

WIPS includes these security technologies that work together to secure your wireless network:

  • Auto-classification of APs and clients using marker packet techniques that classify APs, clients, and networks, including vulnerable and guest SSIDs, based on the sources and types of wireless traffic
  • Authorized Wi-Fi policies to enforce a minimum set of security parameters for wireless access
  • Intrusion Prevention capabilities to detect wireless security threats and actively mitigate certain types of attacks

WIPS Classifications

WIPS uses device classifications together with your security policies to monitor your network for threats.

Access Points

APs are classified by WIPS in these categories:

Screen shot of the Monitor > WIPS > Access Points page in Discover

  • Authorized — Managed APs that match your defined Authorized WiFi Policy.
  • Guest — Authorized APs that are configured for guest Wi-Fi access.
  • Misconfigured — Authorized APs with a configuration that does not match your defined Authorized WiFi Policy.
  • Rogue — Unauthorized APs connected to your wired network.
  • External — Neighborhood APs that are not part of your Wi-Fi network but operate in the vicinity.
  • Uncategorized — New APs discovered by Wi-Fi Cloud that have not yet been classified.


Clients are classified at initial discovery and subsequent associations with your APs:

  • Authorized — Managed clients that connect through an Authorized AP.
  • Guest — Clients that connect to an Authorized AP for guest Wi-Fi access.
  • Rogue — Unauthorized clients on your network that connect through a Rogue AP.
  • External — Neighborhood clients that are not part of your Wi-Fi network but operate in the vicinity. External clients can be reclassified if they connect to an Authorized, Authorized Guest, or Rogue access point.
  • Uncategorized — New clients discovered by Wi-Fi Cloud that have not yet been classified.
  • Misbehaving — Authorized clients that connected to an external, guest, or rogue AP, ad hoc network, or performed bridging between the wired and wireless network.

WatchGuard AP Operation Modes

You can configure WatchGuard APs in these modes of operation:

Access Point

  • Performs normal AP functions for Wi-Fi access to the network.
  • Does not perform security scanning.

Access Point with Background Scanning

  • Performs normal AP functions for Wi-Fi access to the network.
  • Scans the RF environment for radio and channel optimization.
  • Scans the wireless network for security threats on available channels.
  • VoIP-aware scanning option is available to optimize high priority traffic while background scanning.
  • Limited ability to detect over-the-air threats.
  • Cannot perform active prevention of over-the-air threats.
  • Not as effective as a dedicated WIPS sensor.

WIPS Sensor

  • Dedicated to WIPS security and intrusion prevention.
  • Does not perform normal AP functions for wireless access to the network.
  • Can be used to protect a WatchGuard AP network or any third-party AP network. WIPS can protect APs from any vendor. For more information, see Protect WatchGuard Networks and Third-Party Networks with WIPS.
  • Dual-radio AP models configured as dedicated WIPS sensors use both 2.4 and 5 GHz radios for security scanning, and do not perform normal AP functions for Wi-Fi access to the network.
  • Tri-radio models have a third radio as a dedicated WIPS sensor and offer dedicated 2.4 and 5 GHz Wi-Fi access on the other two radios.

If you configure a tri-radio AP into a dedicated WIPS sensor, the 2.4 GHz and 5 GHz radios are dedicated to WIPS security scanning, while the third scanning radio is disabled.

Some AP models must use full PoE+ power or be connected to a power adapter for the third WIPS scanning radio to be fully effective. Lower PoE power results in reduced performance and effectiveness of WIPS scanning and intrusion prevention functions. For more information, see AP Power Requirements.