Cloud AP with VLANs - WSM Firebox Polies

I have a firebox that is managed with watchguard system manager. I have an AP wired directly to the firebox that is cloud managed. The AP is NATed not bridged. I’d like to keep this configuration if at all possible. The AP has several ssids. I’d like to setup each ssid on a different vlan and apply different policies to them on the firebox. Is it possible to use the gateway wireless controller on the firebox to apply policies to the vlans and keep the AP otherwise cloud managed? thanks

Comments

  • edited March 5

    No. An AP is either GWC managed or cloud managed, but not both.

    What is your issue about setting up different firewall policies for the different VLANs on your cloud managed AP?

    What do you mean by "The AP is NATed" ?

  • I was hoping the firebox could differentiate the vlan tags and apply an alias to them or something like that while keeping the ssids and wips, etc in the cloud.

    I will have to look into cloud policies for the vlans. The wifi cloud is new to me.

    The ssids on the ap are set to NAT as opposed to bridged or tunneled.

    thanks
  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    If they're set to NAT, the AP is acting as a firewall for those networks. If you want the traffic to be passed to the firewall, you'll want them bridged.

    You can set up tagged and untagged VLANs on the firewall. It's set up to be flexible, so you could name them what the networks are for, or something else.

    Aside from the Gateway Wireless Controller part, this goes over an example network and how to set VLANs up:

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/wireless/ap_deployment_examples_vlans.html

    -James Carson
    WatchGuard Customer Support

  • Thank you for your help. Could you please confirm that if I setup bridged ssids and vlan tagging using the gateway wireless controller on the firebox then I would have to change the AP to firebox managed from wifi cloud managed? I would lose several important security features I have with The Total WiFi package I purchased?
  • To use Fireware GWC to manage an AP, you would need to change the AP to Firebox managed (Basic Wi-Fi) and you can not use the additional features from a Cloud managed AP.

    We suggest to stay with Cloud managed, and use Bridge mode for the AP, as James suggests above.
    If you have difficulties, you can open a support incident to get WG help is setting this up. To do so, click on the SUPPORT CENTER link above.

Sign In to comment.