Troubleshoot Access Points in WatchGuard Cloud

Applies To: WatchGuard Cloud-managed Access Points (AP130, AP230W, AP330, AP332CR, AP430CR, AP432)

This section provides information to help troubleshoot issues with access points and wireless clients in WatchGuard Cloud.

For additional information on how to troubleshoot Wi-Fi issues, see the Wi-Fi Troubleshooting Fundamentals video tutorial (9 minutes).

How to Troubleshoot Wireless Connections

The following sections describe how to identify and troubleshoot a Wi-Fi connection.

Identify the Issue

The first step of the troubleshooting process is to identify the root cause of the issue.

  • How is the wireless client impacted? 
  • Can the client associate to the access point?
  • Can the client access the network or Internet? 
  • Is this a performance issue where the client is connected to the network but the connection is poor or has slow performance? 
  • Are all wireless clients affected or a specific client? 
  • Are wired clients impacted by the same issue? 

Is this a Network or Wi-Fi Issue?

Try to narrow down the issue to determine if this a general network issue or if it is specific to Wi-Fi. 

  • Are all wired and wireless clients affected by this issue or just wireless clients?
  • Is there access to internal resources or the Internet?
  • Can you ping the network gateway and external sites?
  • Did the wireless client receive an IP address from DHCP?
  • Is DNS working to resolve host names?

Issue Recurrence

It is helpful to understand if this is an ongoing issue or if it only occurs with specific clients, or at certain times or locations.

  • Does the issue occur on multiple clients?
  • Is the issue consistent over time?
  • When did it last occur and for how long?
  • Is there a specific location where the issue occurs? 
  • What type of device is affected? (desktop, laptop, mobile device?)
  • Can you connect from a different device?

Wireless Client Connection Process

To help troubleshoot Wi-Fi issues, it is important to understand the wireless client connection process to an access point and to the network. Each step in the process can result in the wireless client failing to associate to an access point.

  1. Access points periodically send beacons to the network to advertise their presence, capabilities, and requirements for connection
  2. Wireless client sends a probe request to access points
  3. One or more access points respond to the probe request
  4. Client decides on the access point to associate to based on compatibilities and requirements, signal strength, and other factors
  5. Client sends an authentication (low-level 802.11) request to the access point
  6. Access point responds to the authentication (low-level 802.11) request
  7. Client sends an association request to the access point with the required encryption protocol (such as WPA2 or WPA3) and other 802.11 capabilities and requirements
  8. Access point responds to the association request if the capabilities and encryption protocol match
  9. Encryption process is completed and the client is now associated to the access point with an encrypted connection and is connected to the network
  10. Client receives an IP address from DHCP
  11. After the wireless client is successfully associated to the access point and receives an IP address from DHCP, it can now connect to the network

Access Point Diagnostic Tools

From an access point, you can perform basic connectivity tests, and also perform more advanced packet captures between access points and wireless clients.

  • Ping — Ping an IP address or host name. Use this tool to test connectivity to your network gateway, internal servers, and external sites.
  • Traceroute — Trace the route to an IP address or host name. Use this tool to make sure you do not have any network routing issues.
  • DNS Lookup — Look up DNS information to find which IP address a host name resolves to. Use this tool to make sure your devices can resolve host name queries. If DNS is unavailable, many services and connections will not work correctly.
  • Packet Capture — This is an advanced tool that enables you to perform a packet capture of the wired and wireless interfaces of the access point to troubleshoot connectivity issues.

For more information, go to Access Point Diagnostic Tools.

If your access point cannot connect to WatchGuard Cloud, you can also log in to the local Web UI or the command line interface of the access point to perform basic connectivity tests and check the system logs. For more information, go to Access Point Web UI or Access Point Command Line Interface.

Monitor Wireless Clients

To view a list of wireless clients currently connected to WatchGuard access points in WatchGuard Cloud, select Monitor > Devices, select an access point or a folder that contains your access points, and then select Live Status > Clients. For more information, go to View Wireless Clients.

You can select an individual wireless client to see its details. The most important information on the client details page is the Connection Events table that shows any connection errors with a description of why the connection failed, such as an incorrect password, or disconnection by the access point. For more information, go to View Wireless Client Details.

Screen shot of the wireless client events table in WatchGuard Cloud

Performance Issues Report

The Performance Issues report is an important troubleshooting resource that provides detailed information about clients impacted by poor Wi-Fi performance such as a low RSSI (signal strength) or low data rate.

To view the report, select Monitor > Devices, select an access point or a folder that contains your access points, and then select Access Points > Performance Issues.

The initial report view shows data on all wireless clients with performance issues.

Screenshot of the Access Points Performance Issues page in WatchGuard Cloud

Within the report, you can select individual clients and view their performance history for specific times when the client was impacted by poor performance.

Screenshot of the Performance Issues client details page in WatchGuard Cloud

Connection Issues and Connection Events Reports

The Connection Issues report shows Wi-Fi clients that experienced connection issues with access points on your wireless network. To view the report, select Monitor > Devices, select an access point or a folder that contains your access points, and then select Access Points > Connection Issues.

Check the Last Failure Reason column to find out why the wireless client could not connect.

Screen shot of the Access Points Connection Issues page in WatchGuard Cloud

The Connection Events report shows connection success and failure events for clients that attempt to connect to an access point on your wireless network.

To view the report, select Monitor > Devices, select an access point or a folder that contains your access points, and then select Access Points > Connection Events.

Check the Status column to find out when the client had a successfully connection, and the reason why the wireless client could not connect at other times.

Screen shot of the Access Points Connection Events page in WatchGuard Cloud

Monitoring and Troubleshooting Resources

The following section provides a summary of helpful wireless monitoring and troubleshooting help topics:

Access Point Diagnostic Tools

Diagnostic Tools

(Ping, Packet Capture, Traceroute, DNS Lookup, Support Snapshot)

Local Web UI

Command Line Interface

Guest Analytics