Purple Wi-Fi Integration with Wi-Fi in WatchGuard Cloud

This guide demonstrates how to integrate WatchGuard Cloud with Purple Wi-Fi to enable guest users to authenticate to a captive portal.

Before you begin, make sure your access point is activated with a WatchGuard Standard Wi-Fi or USP Wi-Fi Management license and registered with WatchGuard Cloud. For more information, go to Activating an Access Point.

Contents

Platform and Software

The hardware and software used in this guide include:

  • Purple:
    • Purple Wi-Fi Management Portal Account
  • WatchGuard:
    • WatchGuard AP330
    • WatchGuard Cloud Account
  • Wireless client devices

Additional charges might apply to use Purple Wi-Fi.

Test Topology

For more information about network port configuration for communications between your access points, WatchGuard Cloud, and Purple, go to the Purple support documentation and the WatchGuard Cloud documentation.

Topology diagram for Purple Captive Portal Integration topology

Purple Wi-Fi Configuration

Get the WatchGuard Access Point Device Settings

Make sure that you record the name and MAC address of each WatchGuard access point you want to use to integrate with the Purple Wi-Fi.

To get the settings for each WatchGuard access point:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Devices.
  3. Select an access point.
  4. Click Device Settings.
  5. Copy the device MAC address.

Screenshot of the access point Device Settings page

Add a Location (Venue) in Purple Wi-Fi

  1. Log in to the Purple Wi-Fi Management Portal.
  2. Click The screenshoot of expand-icon .

Screenshot of the Purple Wi-Fi portal main page

  1. Select Management > Locations (or Venues, depending on the browser language settings).

Screenshot of the Purple Wi-Fi locations page

  1. Select Venues and Groups.
  2. Click The screenshot of point-icon > Add venue.

Screenshot of the Add Venue page in Purple Wi-Fi

  1. Follow the instructions in the wizard to add a new venue.
  2. Select your venue from Venues and Groups.
  3. From your venue, select Hardware.
  4. Click Add hardware > Add new hardware.
  5. In the Name text box, type a name.
  6. From the Hardware type drop-down list, select WiFi AP.
  7. From the WiFi AP type drop-down list, select WatchGuard Wi-Fi Cloud AP.
  8. In the WiFi AP Mac Address text box, type or paste the MAC address of the WatchGuard AP.
  9. Click View Manual Online or Download Manual to view the configuration steps and information required for the WatchGuard Cloud configuration.

Screenshot of the Venue Add Hardware page in Purple Wi-Fi

This information includes the IP addresses and the shared secret of the Purple Wi-Fi RADIUS servers that you require for your WatchGuard Cloud Configuration.

  1. Click Save details.

Screenshot of the Hardware details page in Purple Wi-Fi

WatchGuard Cloud Configuration

For detailed information on Wi-Fi in WatchGuard Cloud deployment, go to Get Started with Wi-Fi in WatchGuard Cloud.

Access points can have two different types of settings:

  • Device-level settings — Settings that you apply individually to each access point.
  • Access Point Site settings — Access Point Sites enable you to create SSID settings and apply them to multiple access points that subscribe to the site.

The Captive Portal feature is only available when setting up Access Point Site settings.

Add a RADIUS Authentication Domain to WatchGuard Cloud

To configure a RADIUS authentication domain in WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Shared Configurations > Authentication Domains.
  3. Click Add Authentication Domain.
  4. In the Domain Name text box, type a domain name. In this example, we use purple.primary.
  5. Click Next.
  6. In the Add servers section, select RADIUS.
  7. From the RADIUS Server Type drop-down list, select RADIUS Authentication Server.
  8. From the Type drop-down list, select Host IPv4.
  9. In the IP Address text box, type the primary IP address of the Purple Wi-Fi RADIUS server.
  10. In the Port text box, type the authentication port number of the Purple Wi-Fi RADIUS server.
  11. In the Shared secret text box, type the shared secret of the Purple Wi-Fi RADIUS server.

The Purple Wi-Fi RADIUS settings and other integration information are provided in the manual for the WatchGuard Cloud configuration available in the Purple Wi-Fi Configuration.

Screenshot of the Add Authentication Domain page in WatchGuard Cloud

  1. Click Save.
  2. Click Done.
  3. From the authentication domain list, select your domain name. In this example, purple.primary.
  4. From the Update Authentication Domain page, select Servers.
  5. Click Add Server.
  6. Repeat steps 6 -12 to create a RADIUS Accounting Server with port 1813.
    The authentication and accounting services are on the same RADIUS server and run on different ports.
  7. (Optional) Repeat these steps to create a secondary RADIUS server.

Screenshot of the Authentication Server update page in WatchGuard Cloud

Configure SSID Settings for an Access Point Site

To configure SSID settings for an Access Point Site in WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Shared Configurations > Access Points Sites.
  3. Select an existing site, or add a new site.
  4. In the Subscribed Devices tab, make sure your access points are subscribed to the site.

Screenshot of the subscribed devices in an Access Point Site

  1. From the Configuration Details tab, in the Wi-Fi Networks section, click SSIDs.
  2. Click Add SSID.
  3. In the SSID Name text box, type an SSID name. In this example, we use Guest-Purple.
  4. Select the Broadcast SSID check box.
  5. From the SSID Type drop-down list, select Guest.
  6. From the Radio drop-down list, select 2.4 GHz and 5 GHz.
  7. From the Security drop-down list, select Open.
  8. In the Network section, select NAT. Configure the IP address range and DNS server details:
    • Local IP Address (Gateway)
    • Subnet Mask
    • DHCP Pool Start IP Address
    • DHCP Pool End IP Address
    • Lease Time
    • Primary DNS Servers
    • Secondary DNS Server

Screenshot of the Add SSID configuration page in WatchGuard Cloud

  1. Click Save.
  2. To apply the configuration to your access points, click Schedule Deployment in the banner at the bottom of the page.
  3. Type a Description for the deployment.

Screenshot of the Schedule Deployment page

  1. Click Deploy, then click Close.

Configure an Authentication Domain for an Access Point Site

To configure Authentication Domain settings for an Access Point Site:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Shared Configurations > Access Point Sites.
  3. Select the Access Point Site where you configured your SSID in the SSID settings section.
  4. Select the Configuration Details tab.
  5. In the Authentication section, click Domains.
  6. Click Add Authentication Domain.
  7. From the Select an existing Authentication Domain drop-down list, select the domain you created in the Add RADIUS Authentication Domain to WatchGuard Cloud section.
  8. From the RADIUS Authentication Server drop-down list, select the primary or secondary RADIUS authentication server.
  9. From the RADIUS Accounting Server drop-down list, select the primary or secondary RADIUS accounting server.

Screenshot of the Add Authentication Domain page in an Access Point Site

  1. Click Save
  2. To apply the configuration to your access points, click Schedule Deployment in the banner at the bottom of the page.
  3. Type a Description for the deployment.

Screenshot of the Schedule Deployment page

  1. Click Deploy, then click Close.

Configure a Captive Portal for Guest SSID

To add a captive portal to an SSID, you must enable the Captive Portal option in an Access Point Site:

  1. Log in to your WatchGuard Cloud account.
    If you are a service provider, make sure you have allocated the activated access point to a subscriber account in WatchGuard Cloud.
  2. Select Configure > Share Configurations > Access Point Sites.
  3. Select the Access Point Site where you configured your SSID in the SSID settings section.
  4. Select the Configuration Details tab.
  5. In the Portal widget, click Captive Portal.

Screenshot of Access Point Site configuration page

  1. Click Add Captive Portal.
    The Add Captive Portal page appears.
  2. From the SSID drop-down list, select the SSID you created in the Configure SSID Settings for an Access Point Site section.
  3. From the Captive Portal Type drop-down list, select Third-party hosted.

Screenshot of the Captive Portal type selection in WatchGuard Cloud

  1. Click Next.
  2. In the Splash Page URL text box, type the Purple Wi-Fi splash page URL.
    For example: https://region1.purpleportal.net/access/
  3. In the Shared Secret text box, type the shared key for Purple Wi-Fi. Verify the shared secret with the current Purple Wi-Fi documentation for the Wi-Fi in WatchGuard Cloud access point.
  4. From the Authentication Domain drop-down list, select your authentication domain you created in the Add RADIUS Authentication Domain to WatchGuard Cloud section.

Screenshot of Captive Portal configuration in WatchGuard Cloud

  1. In the Walled Garden section, click Add Destination to add the basic configuration domains provided by Purple Wi-Fi.

    To support social network logins, make sure you add these domains for each network you plan to support.
    • Basic Configuration
      • region1.purpleportal.net
      • venuewifi.com
      • openweathermap.org
      • cloudfront.net
      • stripe.com
    • Facebook
      • facebook.com
      • fbcdn.net
      • akamaihd.net
      • connect.facebook.net
    • Twitter
      • twitter.com
      • twimg.com
    • LinkedIn
      • linkedin.com
      • licdn.net
      • licdn.com
    • Instagram
      • instagram.com

Screenshot of the Captive Portal Walled Garden settings in WatchGuard Cloud

  1. Leave the other options at their default settings.
  2. Click Finish.
  3. Return to the Configuration Details page of the Access Point Site.
  4. To apply the configuration to your access points, click Schedule Deployment in the banner at the bottom of the page.
  5. Type a Description for your deployment.

Screenshot of the Schedule Deployment page

Test the Purple Wi-Fi Integration

To test the Purple Wi-Fi integration with WatchGuard Cloud:

  1. Use a wireless client to connect to the SSID you created in WatchGuard Cloud.
    The user browser is redirected to the Purple Wi-Fi splash page.
  2. Complete the requested information to connect through the splash page.
    The configured Landing Page or specified external page appears.
  3. Access the Internet through the captive portal.

For more information about the wireless client details, from the Purple Wi-Fi user interface, select Marketing > CRM > View

Screenshot of the Purple Wi-Fi client user details page