The Gateway Wireless Controller includes some settings that apply to all AP devices. These global settings include:
To configure the global Access Point settings on the Gateway Wireless Controller:
The WatchGuard AP Passphrase is used for all WatchGuard AP devices after they are paired with your XTM device. The Gateway Wireless Controller uses this passphrase to establish connections between the XTM device and the paired AP devices. This is also the passphrase you use to log in to the Access Point web UI of a paired AP device. You set the WatchGuard AP passphrase when you enabled the Gateway Wireless Controller.
To change the WatchGuard AP passphrase:
By default, the Gateway Access Controller is configured to automatically update the firmware on WatchGuard AP devices when a new version is available. The XTM device receives AP device firmware updates as part of a Fireware XTM OS update. If you update the Fireware XTM OS on your XTM device, and that update contains new firmware for the AP devices, the default setting enables the Gateway Wireless Controller to automatically update the firmware on all paired AP devices. If your XTM device is paired to more than one AP device, the Gateway Wireless Controller automatically updates the AP devices one at a time. The Gateway Wireless Controller updates one AP device every five minutes. The AP device power LED will flash red while the device is upgraded.
To disable automatic firmware updates:
Clear the Automatically update WatchGuard AP firmware when a new version is available on the XTM device check box.
If you disable automatic firmware updates, you can manually update the firmware for each AP device. For more information, see Update AP Device Firmware.
By default, each AP device automatically stores recent syslog log messages locally. You can see the syslog messages stored on each AP device in
You can also configure all your AP devices to send syslog messages to the same, external syslog server. When you configure the syslog server in the Gateway Wireless Controller settings, all paired AP devices send syslog messages to the specified server.
Before you configure the Gateway Wireless Controller settings for an external syslog server, make sure the syslog server you specify is set up and your AP devices can connect to the IP address of the syslog server.
To configure your AP devices to send log messages to an external syslog server:
You can optionally use a tagged VLAN for management connections to the AP device. You can enable VLAN tagging for each AP device in the configuration for each AP device, or you can enable it in the Gateway Wireless Controller settings. If you want to use the same management VLAN ID for all paired access points, it might be most convenient to set the VLAN ID in the Gateway Wireless Controller settings.
If you enable management VLAN tagging in the Gateway Wireless Controller settings, you do not need to enable management VLAN tagging for each AP device. The XTM device uses the management VLAN ID specified in the Gateway Wireless Controller settings for management traffic to all AP devices, if management VLAN tagging is not enabled in the AP device settings.
To enable management VLAN tagging for all AP devices:
If you specify a management VLAN ID in the configuration settings for an AP device, the XTM device uses the VLAN ID configured for the AP device instead of the VLAN ID specified in the Gateway Wireless Controller settings.
WatchGuard AP devices automatically select the best radio channel to use from the allowed channels in the region where the device is located. To use the correct radio channels, you must select the location of your AP devices. All AP devices managed by the same XTM device use the same wireless radio region.
To set the wireless radio region:
From the Set the location of the WatchGuard AP devices drop-down list, select the country where your AP devices are located.
Secure SSH access to wireless AP devices is used by WatchGuard Technical Support to help troubleshoot issues with the AP device. Enable this option only if requested by technical support.
To allow SSH access on all AP devices, select the Enable SSH access on all WatchGuard APs check box.
In the MAC Access Control section, you can configure a list of denied or allowed MAC addresses for your AP devices.
To configure a list of denied or allowed MAC addresses for your AP devices:
From the Settings dialog box, select the MAC Access Control tab.
For more information, see Configure MAC Access Control.
Configure AP Device Radio Settings