WiFi - WatchGuard Cloud | Best Practices
Introduction:
I decided to create this topic following the forced migration from the Manage Wi-Fi Cloud platform, which managed our AP325s, to WatchGuard Cloud "Access Point Sites," which now manages our AP330s. Since this migration, although we have occasionally noticed an improvement in speed, the stability of our Wi-Fi infrastructure has significantly decreased.
After numerous attempts and adjustments to the settings, we finally found a configuration that seems to make our Wi-Fi network more stable. I would like to share this configuration to help those who may encounter similar issues.
...::: Configuration :::...
1. ThreatSync - Device Settings
Start by disabling ThreatSync for all your access points to avoid any conflicts or stability issues related to this feature.
2. Shared Configuration - Access Point Sites
Wi-Fi Networks - SSID
Configure your SSIDs so that they only broadcast on a single band:
- 2.4 GHz Band: This allows for greater distance coverage but with slightly slower speed. Ideal for environments that require a wider range.
- 5 GHz Band: This provides faster speeds but over a shorter distance. Recommended for maximum performance in closer proximity.
3. Radio Settings - 2.4 GHz
- Wireless Mode: 802.11 n
- Candidate Channels: 1, 6, 11
- Channel Width: 20 MHz
Transmission Power: Automatic
In the advanced tab:Enable "Fast Roaming"
- Disable "Allow 802.11 b/g" (to prevent slower, older technology usage)
4. Radio Settings - 5 GHz
- Wireless Mode: 802.11 ax
- Use all Non-DFS Channels (for better performance and compatibility)
- Channel Width: 80 MHz
Transmission Power: Automatic
In the advanced tab:Enable "Fast Roaming"
- Disable "Allow 802.11 a" (similar to the 2.4 GHz band, to avoid using outdated standards)
5. Advanced Settings
- Enable "Spectrum Monitoring" (for proactive interference detection)
- Approved Access Points List: Add the MAC addresses of your trusted Wi-Fi access points, including your WatchGuard access points, to prevent them from being detected as potential "Evil Twin" access points.
This configuration can now be deployed.