WatchGuard AP Device Deployment Overview

When you add one or more WatchGuard Access Point (AP) devices to your network, you manage and configure the AP devices from the Gateway Wireless Controller on an XTM device. You do not have to connect directly to the AP device to configure it.

To deploy any AP device on your XTM device network you must:

  1. Enable the Gateway Wireless Controller on the XTM device.
  2. Connect the AP device to your network.
    If your network has a DHCP server, the AP device automatically gets an IP address.
  3. In the Gateway Wireless Controller, configure the SSIDs you want your AP device to use.
  4. In the Gateway Wireless Controller, pair the AP device with the XTM device.
  5. In the Gateway Wireless Controller, configure the AP device settings, and select the SSIDs to use.

You can optionally enable VLAN tagging in the SSIDs for your AP device. If you enable VLAN tagging, you must configure the necessary VLANs on your XTM device. For information about when to enable VLAN tagging and how to configure VLANs, see Configure VLANs for WatchGuard AP Devices.

You can optionally enable the AP device to use a tagged VLAN for management connections from the XTM device. But you still must configure an untagged VLAN that the XTM device can use to initially discover and connect to the AP device.

The subsequent sections provide a more detailed overview of the steps to deploy an AP device with, and without, VLAN tagging enabled.

If the network you connect your AP device to does not use DHCP, you can use the Access Point web UI to manually assign a static IP address to the AP device before you connect it to your network. For more information, see Use the WatchGuard Access Point Web UI.

Deploy AP Devices Without VLAN Tagging

To deploy an AP device without VLAN tagging, you must enable the Gateway Wireless Controller, configure SSIDs on your XTM device, pair your AP device with your XTM device, and configure your AP device.

Step 1 — Enable the Gateway Wireless Controller

For the XTM device to discover and manage an AP device, you must enable the Gateway Wireless Controller on your XTM device.

  1. Connect to Fireware XTM Web UI for your XTM device.
  2. Select Network > Gateway Wireless Controller .
    The Gateway Wireless Controller page appears.
  3. Select the Enable the Gateway Wireless Controller check box.
    The WatchGuard AP Passphrase dialog box appears.
  4. Type the WatchGuard AP Passphrase that you want all your AP devices to use after they are paired.

For more information, see Configure AP Devices in the Gateway Wireless Controller.

Step 2 — Connect the AP Device

Select one of these options to connect the AP device to your Trusted or Optional network. By default, the AP device automatically requests an IP address from a DHCP server on the local network.

Option 1 — Connect the AP device to an XTM device interface

If you have an available Trusted or Optional interface on your XTM device, you can connect the AP device directly to one of those interfaces.

Diagram of an AP device connected to an XTM device interface

To configure an XTM device interface as a Trusted or Optional interface:

  1. Select Network > Interfaces.
    The Network Interfaces page appears.
  2. Select a Trusted or Optional interface, and enable DHCP on that interface.
  3. Connect the AP device to the interface you configured.

For more information about interface configuration, see Common Interface Settings.

Option 2 — Connect the AP device to a switch

If you have a switch that connects to a Trusted or Optional interface on your XTM device, you can connect the AP device to that switch. With this option, you do not have to change the network settings on the XTM device interface.

Diagram of an AP device connected to a switch on the trusted network

Step 3 — Configure the SSIDs

Configure the SSIDs for your wireless users to connect to. You can configure up to eight SSIDs per radio.

  1. On the Gateway Wireless Controller page, select the SSIDs tab.
  2. Click Add to add an SSID.
  3. Configure the SSID (network name) and wireless security settings.

For more information, see Configure WatchGuard AP Device SSIDs.

Step 4 — Pair the AP Device

When you first connect the AP device to your network, it is an unpaired access point. This means it is not yet managed by an XTM device. The power LED on the AP device alternates from green to amber when the device is unpaired.

To discover an unpaired AP device and pair it with your XTM device:

  1. On the Network > Gateway Wireless Controller page, select the Access Points tab.
  2. Click Refresh.
    The unpaired AP device appears in the Unpaired Access Points list.
    For more information, see WatchGuard AP Device Discovery and Pairing.
  3. From the Unpaired Access Points list, select the AP device and click Pair.
  4. In the Pairing Passphrase dialog box, type the passphrase of the AP device.
    The default AP passphrase is wgwap.

When the AP device is paired, the power LED on the device will be green.

Step 5 — Configure the AP Device

After you pair the AP device with your XTM device, configure the AP device settings.

  1. In the AP device settings, specify the settings for each radio on the AP device.
  2. Add the SSID you created in Step 3 to the SSID list.

For more information, see Configure AP Device Radio Settings.

For a configuration example that demonstrates this type of deployment, see AP Device Deployment with a Single SSID.

Deploy AP Devices With VLAN Tagging Enabled

To set up an AP device with VLAN tagging enabled in the SSIDs, you must configure VLANs and enable VLAN tagging in your SSIDs.

Step 1 — Configure VLANs on the XTM device

To enable VLAN tagging in your SSIDs, you must configure VLANs and enable them on an XTM device interface. The AP device uses tagged VLANs to identify traffic for each SSID. The XTM device uses an untagged VLAN to pair with the AP device.

To configure VLANs on the XTM device:

  1. Add one VLAN for each SSID.
    These VLANs are used for tagged VLAN traffic for each SSID.
  2. Add one VLAN for management connections to the AP device.
    This VLAN is used for untagged management connections to the AP device.
  3. Enable DHCP server or DHCP relay for each VLAN.
  4. Configure the XTM device interface to pass tagged traffic for the VLANs for each SSID.
  5. Configure the XTM device to pass untagged traffic for the AP management VLAN.

For an example VLAN configuration, see Configure VLANs for WatchGuard AP Devices.

Step 2 — Enable the Gateway Wireless Controller

For the XTM device to discover and manage an AP device, you must enable the Gateway Wireless Controller.

  1. Connect to Fireware XTM Web UI for your XTM device.
  2. Select Network > Gateway Wireless Controller .
    The Gateway Wireless Controller page appears.
  3. Select the Enable the Gateway Wireless Controller check box.
    The WatchGuard AP Passphrase dialog box appears.
  4. Type the WatchGuard AP Passphrase that you want all your AP devices to use after they are paired.

For more information, see Configure AP Devices in the Gateway Wireless Controller.

Step 3 — Connect the AP Device

Select one of these options to connect the AP device to your Trusted or Optional network. By default, the AP device automatically requests an IP address from a DHCP server on the local network.

If the network you connect your AP device to does not use DHCP, you can use the Access Point web UI for the AP device to manually assign a static IP address to the AP device before you connect it to your network. For more information, see Use the WatchGuard Access Point Web UI.

Option 1 — Connect the AP device to an XTM device interface

You can connect the AP device directly to the XTM device interface that you configured as a VLAN interface in Step 1.

Option 2 — Connect the AP device to a 802.1Q switch

You can connect the AP device to an 802.1Q switch that has the necessary VLANs configured.

To configure the VLANs on the switch:

  1. Add VLANs to the switch with the same IDs as the VLANs you configured on the XTM device.
  2. Configure the switch interfaces that connect to the XTM device VLAN interface and the AP device to:
    • Send and receive tagged traffic for the VLANs assigned to each SSID.
    • Send and received untagged traffic for the VLAN you use for AP device management.

For more information about VLAN configuration, see Configure VLANs for WatchGuard AP Devices.

Step 4 — Configure the SSIDs

Configure the SSIDs for your wireless users to connect to. You can configure up to eight SSIDs per radio.

  1. On the Network > Gateway Wireless Controller page, select the SSIDs tab.
  2. Click Add to add an SSID.
  3. Configure the SSID (network name) and wireless security settings.
  4. In each SSID, enable VLAN tagging, and select the VLAN ID to use.

For more information, see Configure WatchGuard AP Device SSIDs.

Step 5 — Pair the AP Device

When you first connect the AP device to your network, it is an unpaired access point. This means it is not yet managed by an XTM device. The power LED on the AP device alternates from green to amber when the device is unpaired.

To discover an unpaired AP device and pair it with your XTM device:

  1. On the Network > Gateway Wireless Controller page, select the Access Points tab.
  2. Click Refresh.
    The unpaired AP device appears in the Unpaired Access Points list.
    For more information, see WatchGuard AP Device Discovery and Pairing.
  3. From the Unpaired Access Points list, select the AP device and click Pair.
  4. In the Pairing Passphrase dialog box, type the passphrase of the AP device.
    The default AP passphrase is wgwap.

When the AP device is paired, the power LED on the device will be green.

Step 6 — Configure the AP Device

After you pair the AP device, you can configure the AP device settings.

  1. In the AP device settings, specify the settings for each radio on the AP device.
  2. Add the SSID you created in Step 4 to the SSID list.

For more information, see Configure AP Device Radio Settings.

For a configuration example that demonstrates this type of deployment, see AP Device Deployment with VLANs.

See Also

About AP Device Configuration

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base