Firebox Gateway Wireless Controller and older APs
Some time back I was doing work for a company and as part of that, got a NFR XTM 525 and several AP300's for my personal use and to learn on. I also have several 26W's that I've put a few places. Even in an 'expired' state, everything works well enough for me. Let's be honest - for a homelab environment, there's no way I could afford or justify buying all new WG equipment and keeping support up, but having them keeps me familiar with them for times that I need to work with them.
That being said, I just got thrown a new curveball. Over time, I've acquired several more AP200's and 300's, which have never been an issue connecting to and managing with the GWC in the Watchguards that I have. Until now. I picked up a pair of M500's that I wanted to replace my XTM 525 with, but in testing, my APs won't tag up with the GWC. Based on my research, it's due to not having or having had at least a basic subscription on the APs. It seems that at one point, once a subscription expired, the GWC would stop managing it, but at some point, Watchguard relaxed that and allowed for expired units to still be managed. That's all well and good, because while I get not supporting hardware that doesn't have some sort of support on it, making it so it basically can't be used is no bueno (yes, I get that they'll keep going on their last config, but when you need to make a change...). But what about older APs that are still viable but, as far as I know, never had a 'basic subscription' available, like the AP200's and AP300's? IT seems like if I were to purchase some AP320's, odds are they would have had at least a basic subscription at some point and be expired, and work.
This subscription nonsense it just out of control. I fully get that without some sort of support contract, you can't call in for support or anything, although I feel that firmware updates should remain available, BUT, AT YOUR OWN RISK because if it should go sideways, you don't have a support contract, so you're on your own. But moving the goalposts and requiring some sort of subscription for newer APs to be managed by the GWC only if they have or have had a subscription is absurd.
Is there any way to get my 'legacy' (Old... Not obsolete) APs working with the newer WG OSes that are looking for this subscription? I could probably go and find some second hand AP320's and odds are they would have had some sort of subscription at some point, and would work, but there's really nothing wrong with the 'legacy' AP's that I have. It seems like this may have just been an oversight... They relaxed the 'rules' to allow newer units that had a subscription but it expired to be managed, but forgot about 'legacy' units that never even had that option.
Comments
Hi @SubnetMask
So long as they were activated at some point before they went end of life, the AP200s should have this license.
If you're unable to retrieve your license, I would suggest creating a customer care case to find out what the current status of these APs are.
You will want to make sure you've had those APs transferred to your account.
NFR appliances are a different case -- these devices are provided at a large discount to ensure that partners and resellers have up to date equipment to train/learn on. If your NFR appliances were not purchased and converted to standard appliances after the NFR period expired, I would not expect to be able to continue using these. Current NFR appliances are also a requirement of the various WatchGuardOne program levels.
If you have any questions about the NFR program, I would suggest reaching out to the partner rep that works with your company. They will be able to provide more information about what is available.
If you need to determine if an appliance or AP is an NFR unit, please create a customer care case with the serial numbers in question, and we can have those looked up for you.
-James Carson
WatchGuard Customer Support
Well, the thing of it is all of the AP200's and AP300's that I have were activated for sure - as far as I know, they won't even function if they weren't. They tag up and work perfectly with the XTM525 and 26W's, but the M series firewalls GWC is looking for a 'Basic Wi-Fi', 'Secure Wi-Fi' or 'Total Wi-Fi' AP subscription. They do get detected and listed, but the activation status is 'Not Available'. If I try to pair it, I get 'The AP license could not be updated'. Given that Watchguard relaxed their stance on 'must have an active subscription to be managed' to 'must have at least HAD an active subscription, even if it's expired', one would think they would have automatically included the legacy units as if they had once had this subscription, since it actually wasn't possible for them to ever have had one to begin with.
The XTM525 is the only unit I know was a NFR. The AP300's may or may not have been (I don't know if APs were even offered as NFR), and most of the AP200's I acquired secondhand from local off-lease/equipment recycling places and were likely removed from a commercial network, as were the M500's and M200's that I have.
Have you gotten the M500's and M200's assigned to your account via Customer Care?
If not, you should do so, along with any APs which are not assigned to your account.
To do so, open a support case with Customer Care, and provide photos of the serial numbers of the units involved.
@SubnetMask You should get them moved to your account. Open a customer care case (use the support center link at the top right of this page.)
-Include a picture of the serial number barcode for anything you're having moved to your account.
-If the device is a special device type (like NFR or MSSP) it may not be eligible for being moved to your account.
-I would suggest looking devices up before you purchase them via the serial number lookup tool:
https://myproducts.watchguard.com/manage-products/device-lookup
This can give you the type of device, and let you know if it's been retired/traded up.
-James Carson
WatchGuard Customer Support
I'll look into getting the units transferred to my account (didn't know that was actually possible), but the lookup tool doesn't seem to work... For every device I tried, APs, M series, my 525, I just got 'Unable to lookup device. Try again later.'
Same for me - none work.