Académique Documents
Professionnel Documents
Culture Documents
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard AP300
Features:
Concurrent 3x3 MIMO
(Multiple Input Multiple
Output) capability
Dual radios for 2.4GHz
and 5GHz
802.11ac capability on
5GHz, including
20/40/80MHz channel
widths
Auto channel selects
more diverse channels
on the 2.4GHz band
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard AP300
Requires Fireware OS v11.10.5 or
higher
AP300 Firmware version 2.0.0.1
LED indicator behavior changes
(different than AP100, AP102,
AP200):
Power and wireless indicators
alternately flash green AP device
is powered on and ready to be
paired
Power indicator slowly flashes green
A firmware upgrade is in
progress
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
Fast Handover
Encourages wireless clients that are roaming between
WatchGuard AP devices to disconnect from their current AP
devices and connect to an AP device with a stronger signal
Prevents wireless clients from maintaining their current AP
device connection, even when the signal degrades as the
wireless client moves farther away
Uses the RSSI (Received Signal Strength Indicator) as a
threshold to indicate when a client should be encouraged to
move to an AP device with a stronger RSSI level
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
Fast Handover
Fast Handover is only supported on WatchGuard AP300
devices
Configured on the general Access Point Settings tab
Disabled by default
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
Fast Handover
Wireless clients can have very different RSSI strengths
depending on the manufacturer; you must set your RSSI
threshold accordingly
Fast Handover will disconnect a client when RSSI threshold is
reached
Check your environment to make sure APs are in range for
handover based on your thresholds
Band Steering
Encourages dual-band clients to move from 2.4GHz to 5GHz
Helps reduce congestion on the more widely-used 2.4GHz
radio spectrum
Configured on the Access Point Settings tab
Disabled
by default
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
10
Band Steering
Only supported on WatchGuard AP300 devices
The same SSID and security mode must be configured on
both 2.4GHz and 5GHz radios to enable wireless clients to
switch frequency bands
Do not enable if the Fast Handover feature is enabled:
Switching to the 5GHz band can result in a loss of RSSI strength
for the client
Disconnections because of the Fast Handover RSSI threshold
can occur
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
11
Band Steering
Band Steering is usually not required in an environment
where most wireless devices are newer devices that are
already optimized to choose the 5GHz band
In some cases, Band Steering can cause connectivity issues
with older, legacy wireless clients that only support 2.4GHz
For these devices, we recommend that you disable Band
Steering or have clients manually connect to the SSID
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
12
Fast Roaming
Fast Roaming enables a wireless client to quickly handover
wireless communications as it moves from one WatchGuard
AP device to another
Helps provide a seamless communications transition and
improves performance and stability of streaming-intensive
applications such as VoIP and video streaming as you roam
Fast Roaming works by decreasing the re-authentication time
for WPA2-Enterprise authentication for a wireless client on an
SSID
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
13
Fast Roaming
Configured in the security
settings for an SSID
Only supported on
WatchGuard AP300
devices
Disabled by default
Can only be enabled for
WPA/WPA2 Enterprise
mixed or WPA2-Enterprise
protected SSIDs
Wireless client must
support the 802.11k and
802.11r standards
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
14
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
15
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
16
A rogue AP is detected
Configure notifications
for alarms on the
Notifications tab
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
17
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
18
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
19
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
20
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
21
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
22
23
The Proxy Server certificate is used for inbound HTTPS with content inspection and
SMTP with TLS inspection. The Proxy Authority certificate is used for outbound
HTTPS with content inspection. The two certificates are linked because the default
Proxy Server certificate is signed by the default Proxy Authority certificate.
You can upgrade the default Proxy Authority and Proxy Server certificates with the
Fireware CLI.
After you upgrade, you must redistribute the new Proxy Authority certificate to
your clients.
Without the new certificate, users will receive web browser warnings when they
browse HTTPS sites, if content inspection is enabled.
There are special considerations if you use a third-party Proxy Server certificate:
The CLI command will not work unless you first delete the Proxy Authority
certificate. The CLI command will regenerate both the Proxy Server and
Proxy Authority default certificates.
If you originally used a third-party tool to create the CSR, you can simply reimport your existing third-party certificate and private key.
If you originally created your CSR from the Firebox, you must create a new
CSR to be signed, and then import a new third-party certificate.
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
24
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
25
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
26
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
27
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved
28
Thank You!
WatchGuard Training
Copyright 2015 WatchGuard Technologies, Inc. All Rights Reserved