Why are WIFI 6 APs cloud managed only?

I was considering upgrading to WiFi6 with Watchguard APs so I could manage them with my Firebox. Come to find out that the new WIFI6 are only cloud managed which is IMO a security flaw. Why would you open yourself up to getting your APs hacked from the internet? Call me when I can manage my APs from the local intranet.

Comments

  • It seems that WG's future products will all be cloud managed.
    Firewall configs & Wifi 6 are the newest offerings.
    Authpoint, TDR and more are WG cloud services.
    WG wifi 5 had 3 flavors, only Basic was managed by the firewall with GWC. The other 2 were cloud managed - a different interface than the cloud mgt for wifi 6.

    Do note that other brands offer cloud managed wifi.

  • I was planning on upgrading my existing WG AP's v5 to their new WiFi 6 AP's but decided to run with Juniper instead.
    One deciding factor was the "Must use Cloud and have active subscriptions in order for AP to work" motto from WG. Feel if I spend $1K on an AP I should be able to manage it with or without a Cloud subscription.
    Also, WG is a little late to the WiFi 6 game. While their AP's seem fairly robust, the WiFi 6 in the WG Cloud is still simmering on the stove.
    Other vendors (Juniper) are also implementing WiFi 6e and using the 6 GHz band in their AP lineup. Don't believe from reading the data sheets the new WG AP's offer that.

    Supply chain could be a deciding factor for you. WG has AP's available while other vendors are 3-9 months out.

    Not that the WG offerings are bad, but do your research before spending your cash.

    It's usually something simple.

  • I've installed over 40 Watchguard firewalls and maybe 200 APs over 10 years between different companies I've worked for, until now. Ran into the same issue with WIFI6, cloud controlled only.
    I'm speaking for myself and my clients here but:
    1 Nobody had a problem configuring APs through the WGC that we needed a cloud solution
    2 Nobody wanted an external web server to configure our APs
    3 Nobody wanted to pay for an external server to configure our APs.

    The only explanation is that Watchguard wanted to make more money.

    Nobody I work with thinks this ISN'T a scam. Unless this is reversed quickly, I'll never install a Watchguard firewall again. Nobody likes being scammed.

  • @EagleEyeT said:
    I've installed over 40 Watchguard firewalls and maybe 200 APs over 10 years between different companies I've worked for, until now. Ran into the same issue with WIFI6, cloud controlled only.
    I'm speaking for myself and my clients here but:
    1 Nobody had a problem configuring APs through the WGC that we needed a cloud solution
    2 Nobody wanted an external web server to configure our APs
    3 Nobody wanted to pay for an external server to configure our APs.

    The only explanation is that Watchguard wanted to make more money.

    Nobody I work with thinks this ISN'T a scam. Unless this is reversed quickly, I'll never install a Watchguard firewall again. Nobody likes being scammed.

    As someone who has been in several talks with WG on this (at both Gold and Platinum Partners that I worked for) , it is my understanding that Their firewalls are not fully cloud managed, we have the option to be local or cloud managed. I don't believe the firewalls will experience the same... unique... treatment the WAPs have gotten.

    The new WAPs are cloud managed but my guess is that it's due to how the old WiFi line is a WG Branded version of another product from a different manufacturer... and those WAPs aren't EOL until 2025 (with a handful being EOL in 2021-2022). Due to this the GWC and old Cloud portal have to be able to support the Arista line and my guess is that most likely we may see an urge to do GWC on the newer WiFi 6 line (hopefully) once the old line is EOL.

    The new WiFi 6 line is from WG and were designed to go in the cloud.watchguard.com portal since their previous manufacturer wouldn't allow them to develop upgrades (Like WiFi 6 and such). The new line is basically them trying to get away from a bad vendor relationship more-so than anything.

    ~T

  • Thanks for the possible explanation for moving things to the cloud that don't seem like they need to be moved there. I am obviously not happy about this and that showed in my previous post, which I will tone down. (probably even still need to buy more WG gear) But even with your explanation of possibilities other than it being a money making scheme by Watchguard, if they can send the necessary commands to an AP from a web server, why can't those same commands be sent via a Firebox? Sending commands from a remote webserver seems more difficult and would take more effort to do than though a Firebox on the same network as the APs themselves. So I still do view this as a 'bottom line' thing for Watchguard.

    The thing is I've installed many of these systems with locally controlled APs where I had to sell it to the customer because of the high costs of WG routers and APs. But there are also advantages. At this point I'm not willing to sell the expensive equipment with APs, along with an on going subscription cost to people who really don't really need all that functionality, which has been most of them. I'll be using home solutions in these cases for now on. WG will definitely sell a lot less equipment though me, they took themselves out of the running by going with plans where my customers will be required to pay WG until the sun burns out.

  • It should also be noted that the capabilities of Cloud-managed wiFi is very different than the simple GWC. Cloud WiFi also incorporate WIP (Wireless Intrusion Protection ) devices that can perform triangulation and detect the location of the attacker device. They can also jam attacker devices, something that I did point out was probably not legal in Australian Telecommunications law. They also incorporate business marketing tools through the use of a secured "free wifi" service to your customers.

    If you are looking after a small business or are a small business yourself, it might be fair to say that GWC or other simpler WAPs are all you will ever need, but if it was managing hundreds of WAP in a potentially hostile (or sensitive) environment, I would be making the business case for Cloud WiFi.

    Adrian from Australia

  • Note that none of the wifi 5 cloud features such as WIPS are currently available for the wifi 6 products.

  • Thanks XXUP for adding information and you're correct, few of my customers need that type of management. That's why I still don't understand why WG decided to leave customers like me out. I guess there weren't enough of us.

  • @james.carson I'm late to the party here. I just found out about this and I don't like this cloud management option only. I get it, the cloud offers more features but i don't need that in my environment. I like the simplicity of GWC and that was what kept me deploying the WatchGuard AP's over all the other options available.

    I'm going to keep running my AP 420's and 327x's until i can't anymore then I'll go with some other vendor kit (maybe aruba) to provide Wi-Fi.

    RIP GWC and simply on-prem Wi-Fi

  • horrible! With only cloud managed Wifi 6 APs you can forget all your necessary administration. Missing Floorplan, client "kick off", central SSID management, mesh, RF features, ...
    Please WG go back to GWC!

  • Seems to me that some of these features for Wifi 5 were only available with the non-GWC wifi cloud license version.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @SF2001
    GWC only supports very basic settings on the APs that it can control. Being able to upload a floorplan, mesh settings, and any RF feature beyond changing the transmit power of the radio would have been inside of WiFi Cloud only.

    -James Carson
    WatchGuard Customer Support

  • Yes, that's right. Most of the important features can only be used with the old Wifi 5 APs and not with the new (Wifi 6) ones.

  • Just was about to buy some new access points for our warehouse. Found out they are now cloud forever-pay only. I've been a WG customer since their very first Firebox came out over 25 years ago. I've always had the firewalls on support and paid for some of their extra services. But that was by choice, because they were good products. If I HAVE to pay an ongoing fee forever, just to use them, then I'll be looking for alternatives.

Sign In to comment.