WatchGuard Wireless, AP300 Access Points & WPA2-Enterprise Review

13 Jun

I’m a big fan of WatchGuard and I’ve been using their appliances for some time now. Some other people I know have had concerns about the lack of support for older WatchGuard hardware, and whilst I can see this as a potential issue, I generally get the kit with 3 years’ live security, knowing at the end of that 3 years, the kit is probably going to be obsolete and a refresh will be required anyway.


I’ve also started moving away almost entirely from desktop PC’s with almost all users now having laptops (with the exception of some general use and reception machines). All desks then have docking stations with dual monitors, wired Ethernet, keyboard and mice and power.

Any user can now dock at any desk and also take their laptop home with them which means less kit left in the office and so it’s much better for my BCP/DR plans. Laptops also have a battery so effectively has its own UPS too. On a side note, I also have Microsoft Wireless display adapters in the meeting room projectors and so any user can now easily display their laptop for a meeting etc.


Anyway, with this move over to laptops there is of course then a lot more reliance on WiFi. I previously had 2 physical Access Points, and older Netgear unit on a separate network for guests (Staff Phones, guest laptops etc.) and then a Cisco Meraki box that I inherited for the staff computers. Whilst this worked OK in a relatively small office, it wasn’t easily scalable and so I decided to move to WatchGuard AP300 Access Points for a better long term wireless solution.

I think personally the units look great, they’re very discreet and very powerful.


They have 2 Radio’s (5GHz and 2.4GHz), 6 antennas, 1.75Gbps transfer rate, up to 16 SSID’s, PoE, support for all the wireless standards (802.11 a/b/g/n/ac)  and now with the added bonus of Fast Roaming and Band Steering.

It also comes boxed with a ceiling mount kit and even more useful an T-rail ceiling mounting kit (to connect to those metal grid on the false ceiling above you).


The units also run PoE and I’m currently using a HP 1920-8G-PoE 180W switch. By using PoE to power the Access Points, I don’t now need power sockets (no sparky required) in the ceiling and I can also reboot any AP by turning off the PoE for that port should it ever get a bit stuck down the line.


I now have a few VLAN’s configured with each AP300 broadcasting both the guest and staff (WPA2-Enterprise) wireless networks. I currently have the AP300’s set to auto regarding the channels and so it does a lot of the work in working out which channel to run on for me to ease wireless congestion. I have 2 x AP300’s right now, but as the business grows and we have more floor space I can then easily add in more AP300’s and deploy them very quickly indeed.

ap300 radio settings

The other nice thing about using a WatchGuard firewall and WatchGuard access points is the single pane of glass for managing all of this. I can do everything from the WatchGuard System Manager interface making things much easier for me.

The monitoring of this is also great, I can see at any point any wireless device, which AP it is connected to, the traffic volume and also its signal strength etc.



There is an issue although that is currently being worked on my WatchGuard. In short I was running a single AP300 and it was rebooting in the middle of the day, which as you can imaging was somewhat annoying. I initially blamed by PoE switch, but after directly connecting in a 12v 1.25A PSU it kept happening. After an RMA and a brand new AP300 from WatchGuard, the issue was still happening. I had all the latest firmware and I tried all sorts before finally stumbling across a error message in the log which WatchGuard then agreed was a newly discovered bug, which as of right now is still being worked on. As a temporary fix, I’m now running a second AP300 and I’ve set both AP’s to reboot early every morning which seems to have helped the stability. The full details about this can be found on the WatchGuard forum.

WatchGuard Case Number: 00885222
This is an issue, you have hit a new found BUG:
XTM Issue – BUG89136: AP300 goes into an unusable state ( WAL_DBGID_DEV_TX_TIMEOUT ) (Assigned)
This is a severity 1 BUG.

All in all, I’m generally very happy with the devices, once the bug above is resolved (Due to be resolved in AP Firmware, Date TBC) I hope to be very happy.


It’s worth nothing that to make the most of fast roaming you need to be running WPA Enterprise. There’s a great video on setting up WPA2-Enterprise here: