About AP Device Passphrases

Each WatchGuard AP device has a passphrase that is used for management connections to the device. There are two passphrase settings in the Gateway Wireless Controller: the Pairing Passphrase and the WatchGuard AP Passphrase.

Pairing Passphrase

The Pairing Passphrase is used for the initial pairing of the AP device with your XTM device. The Pairing Passphrase set on the Gateway Wireless Controller must match the passphrase set on the AP device. By default, the passphrase on an unpaired AP device is wgwap.

In the Gateway Wireless Controller, you must type the Pairing Passphrase:

Unless you have connected to the AP device with the Access Point web UI and changed the AP device passphrase, the Pairing Passphrase is always the AP default passphrase, wgwap. If you changed the passphrase on the AP device, type that passphrase in the Pairing Passphrase dialog box when you pair the device.

If you type the wrong Pairing Passphrase when you try to pair the AP device and pairing fails, you can change the Pairing Passphrase in the AP device settings. For more information, see Configure AP Device Settings.

WatchGuard AP Passphrase

The WatchGuard AP passphrase is used for management connections to a WatchGuard AP device after it has been paired with an XTM device. The Gateway Wireless Controller on the XTM device uses the WatchGuard AP Passphrase when it connects to any paired AP device. The WatchGuard AP passphrase is also the passphrase you use to log into the Access Point web UI of a paired AP device.

When you enable the Gateway Wireless Controller on the XTM device, you set the WatchGuard AP passphrase. You can also change this passphrase in the Gateway Wireless Controller Settings dialog box. For more information, see Configure Gateway Wireless Controller Settings.

Passphrases and Pairing

Although you configure two passphrases in the Gateway Wireless Controller settings, you use only one passphrase for the AP device. The passphrase you use depends on the state of the AP device.

When you first pair an AP device with an XTM device, the XTM device uses the Pairing Passphrase to log in to the AP device. When the XTM device sends the AP device configuration to the paired AP device, it changes the passphrase on the AP device from the Pairing Passphrase to the WatchGuard AP passphrase configured in the Gateway Wireless Controller settings.

When you unpair an AP device from an XTM device, the XTM device resets the AP device to the factory default settings. This changes the passphrase on the AP device to the default AP passphrase, wgwap.

When the Gateway Wireless Controller connects to a paired AP device, it can use one of three passphrases to log in.This makes the communication between the two devices more resilient, and allows the AP device to automatically pair with the XTM device if the AP device is reset.

  1. By default, the Gateway Wireless Controller uses the WatchGuard AP passphrase to log in to the AP device.
  2. If it cannot successfully log in with the WatchGuard AP passphrase, it tries the passphrase used for the last successful connection to this AP device.
  3. If it cannot successfully log in with the last used passphrase, it tries to log in with the Pairing Passphrase.

If the XTM device uses anything other than the WatchGuard AP passphrase to log in, it resets the passphrase on the AP device to the WatchGuard AP passphrase. If the XTM device cannot log in to a paired AP device, the AP device status changes to Passphrase Mismatch.

Resolve a Passphrase Mismatch

The status of the AP device appears in Fireware XTM Web UI on the Dashboard > Gateway Wireless Controller page.

If the AP device status is Passphrase Mismatch, the Pairing Passphrase in the Gateway Wireless Controller settings does not match the passphrase on the AP device.

To resolve a passphrase mismatch, if you know the passphrase on the AP device, change the Pairing Passphrase in the AP device configuration on the Gateway Wireless Controller. For more information, see Configure AP Device Settings.

If you do not know the passphrase on the AP device, to resolve a passphrase mismatch:

  1. If the device is paired in the Gateway Access Controller, remove it from the list of paired AP devices.
    For more information, see Unpair an AP Device.
  2. Press the reset button on the AP device to reset it to factory default settings.
    For more information, see Reset the WatchGuard AP Device.
  3. Discover and pair the AP device again. Use the default Pairing Passphrase, wgwap.
    For more information, see WatchGuard AP Device Discovery and Pairing.

See Also

WatchGuard AP Device Discovery and Pairing

Unpair an AP Device

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base