Monitor Wireless Connections (Gateway Wireless Controller)

From the Gateway Wireless Controller, you can monitor the connection status and activity on your WatchGuard APs, including the license and AP feature key status. You can also monitor and manage the client connections to your WatchGuard APs.

  1. Connect to Fireware Web UI for the Firebox that manages your AP.
  2. Select Dashboard > Gateway Wireless Controller.
    The Gateway Wireless Controller page appears, with the Summary tab selected.

Screen shot of the Gateway Wireless Controller page, Summary tab

  1. Review the Summary details for the Gateway Wireless Controller, as described in the Summary section.
  2. To see the locations of all APs and other wireless devices in the vicinity of your Firebox, select the Maps tab.
    For more information about the Maps tab, go to Use Gateway Wireless Controller Maps.
  3. To review the status of the APs managed by this Firebox, select the Access Points tab.

Screen shot of the Gateway Wireless Controller page, Access Points tab

Click on an AP to display a pop-up window with detailed information about the AP.

Screen shot of the pop-up details for an AP

  1. Complete any necessary tasks related to your APs, as described in the Access Points section.
  2. To review the status of the clients connected to the AP, select the Wireless Clients tab.

Click on a client IP address to see statistics for a wireless client in FireWatch or Traffic Monitor.

Screen shot of the Gateway Wireless Controller page, Wireless Clients tab

Click on a client MAC address to display a pop-up window with detailed information about the client.

Screenshot of the Wireless Client monitoring page in Gateway Wireless Controller

  1. Complete any necessary tasks related to the connected wireless clients as described in the Wireless Clients section.
  2. To see the external access point devices in the same geographical area as your APs, select the External BSSIDs tab.
  3. Complete any necessary tasks related to the external access points as described in the External BSSIDs section.

Screen shot of the Foreign BSSIDs tab

  1. Start Firebox System Manager for the Firebox that manages your AP.
  2. Select the Gateway Wireless Controller tab.
    The Gateway Wireless Controller page appears, with the Access Points tab selected.

Screen shot of the Gateway Wireless Controller page, Access Points tab

  1. Review the Summary details for the Gateway Wireless Controller, as described in the Summary section.
  2. Review the WAP Firmware Available section and check for updates to firmware on your APs, as described in the Firmware Updates section.
  3. To review the status of the APs managed by this Firebox, on the Access Points tab, complete any necessary tasks related to your APs as described in the Access Points section.

Click on an AP to display a pop-up window with detailed information about the AP.

Screenshot of pop-up window with detailed information about the AP

  1. To review the status of the clients connected to the AP, click Wireless Clients.

Screen shot of the Wireless Clients tab with one client selected

Click on a client MAC address to display a pop-up window with detailed information about the client.

Screen shot of the wireless client details in FSM

  1. Complete any necessary tasks related to the connected wireless clients as described in the Wireless Clients section.
  2. To see the external access point devices in the same geographical area as your APs, select the External BSSIDs tab.
  3. Complete any necessary tasks related to the external access points as described in the External BSSIDs section.

Summary Information

The Summary section includes basic connection information for your APs and the clients connected to your APs. The information available in the Summary section is different in Fireware Web UI than in Firebox System Manager.

In Fireware Web UI, the Gateway Wireless Controller page Summary tab includes basic connection information for your APs and clients connected to your APs, as well as a list of the top ten connections for each connection category. To see more information for each connection category, you can click the header of each category widget. You can also click any item in any category widget to filter the data on the Summary tab on that item.

You can use the same method available on the Front Panel Dashboard page to see more details about connections on the Gateway Wireless Controller Summary page. To see more details about any of the information in a widget, or to pivot on the details in a widget, simply click a detail in that widget. The information in the widget is updated based on the new selection.

For example, in the Access Points list, if you click AP1, all of the other widgets are filtered to show only Top Users, Top SSIDs, and Top Manufacturers for AP1. You can then click the Top Users widget header to see the full list of users on AP1.

Total Users

This is the number of clients that are currently connected to an AP managed by this device. More detail about client connections is available on the Wireless Clients tab.

Total Bytes

The total amount of data in bytes sent and received by the connected clients.

Bytes Sent

The total amount of data in bytes sent by the connected clients.

Bytes Received

The total amount of data in bytes received by the connected clients.

Online Access Points

This is the number of APs managed by this device that are currently online and available for use.

Offline Access Points

This is the number of APs managed by this device that are cannot be contacted by the Gateway Wireless Controller.

Unactivated Access Points

This is the number of new APs that have not yet been activated with WatchGuard.

Inactive Access Points

This is the number of APs that do not have a current valid AP license subscription or the activation status is unknown. For more information, go to About Gateway Wireless Controller AP Licenses.

Available SSIDs

This is the number of SSIDs currently configured on your APs. You can have many SSIDs configured for each AP.

For more information about SSIDs for APs, go to Configure WatchGuard AP SSIDs.

Access Point Firmware

This section includes information about the versions of firmware available for your APs. Review the available firmware versions to determine if the versions of firmware on your APs is outdated.

Manage Firmware

Use this option to see the Access Point Firmware updates that are available for your APs and download the available updates from WatchGuard. For more information, go to the Update AP Firmware on the Gateway Wireless Controller section.

Top Users

This is the list of connected users that use the most bandwidth. For each user, the MAC Address, bytes sent, bytes received, and total number of bytes appear.

Top Access Points by Bytes

This is the list of the connected APs that use the most bandwidth. For each AP, the name of the AP, bytes sent, bytes received, total number of bytes, and number of connected users appear.

Top Access Points by User

This is the list of the connected APs with the most connected users. For each AP, the name of the AP, bytes sent, bytes received, total number of bytes, and number of connected users appear.

Top SSID by Bytes

This is the list of the SSIDs that use the most bandwidth. For each SSID, the name of the AP, bytes sent, bytes received, total number of bytes, and number of connected users appear.

Top SSID by Users

This is the list of the SSIDs with the most connected users. For each SSID, the name of the AP, bytes sent, bytes received, total number of bytes, and number of connected users appear.

Top Manufacturers by Bytes

This is the list of wireless network interface manufacturers for connected wireless clients that use the most bandwidth. The manufacturer name might be different from the brand of the wireless client device.

For each device manufacturer, the bytes sent, bytes received, total number of bytes, and number of connected users appear.

Top Manufacturers by Users

This is the list of wireless network interface manufacturers for wireless clients that have the most connected users. The manufacturer name might be different from the brand of the wireless client device.

For each device manufacturer, the bytes sent, bytes received, total number of bytes, and number of connected users appear.

In Firebox System Manager, the Summary section of the Gateway Wireless Controller tab includes basic connection information for your APs and clients connected to your APs.

Access Points

This is the number of APs managed by this Firebox that are currently online and available for use.

APs managed by this device that are currently not online and are unavailable for use appear in parenthesis.

Available SSIDs

This is the number of SSIDs currently configured on your APs. You can have many SSIDs configured for each AP.

For more information about SSIDs for APs, go to Configure WatchGuard AP SSIDs.

Connected Clients

This is the number of client computers that are currently connected to an AP managed by this device. More detail about client connections is available on the Wireless Clients tab.

Bytes Sent/Received

The total amount of data in bytes sent and received by the connected clients.

The WAP Firmware Available section shows the current AP firmware versions that are available for each AP model. You can check for available firmware updates for your AP, and then upgrade the firmware on your AP from the Gateway Wireless Controller. For more information, go to the Firmware Updates and Upgrade sections.

Firmware Updates

In the Gateway Wireless Controller, you can see the versions of firmware available for each of your AP models. You can download new versions of the firmware for each of your AP models to your Firebox and upgrade the firmware version on each of your APs.

  1. On the Summary tab, in the Summary section, click Manage Firmware.
    The Access Point Firmware dialog box appears, with a list of AP models, the current version of AP firmware installed on the Firebox for each AP model, and the version available for each AP models.

Screen shot of the Access Point Firmware Updates dialog box

  1. Review the Installed Version and Available Version for each of your AP models.
  2. To remove the current versions of firmware on your Firebox for all AP models, click Remove All Firmware.
  3. To download the available firmware version for an AP model, adjacent to that model, click Download.
    A downloading message appears. When the firmware has download ed to your Firebox, a download completion message appears.
  4. Click Close.

You can now upgrade the firmware version you downloaded to each of your APs of that model, as described in the Upgrade section.

  1. In the WAP Firmware Available section, click Manage Firmware.
    The Access Point Firmware dialog box appears, with a list of AP models, the current firmware version on your Firebox for each AP model, and the version available for each AP models.

Screen shot of the Access Point Firmware Updates dialog box

  1. Review the Installed Version and Available Version for each of your AP models.
  2. To remove the current versions of firmware on your Firebox for all AP models, click Remove All Firmware.
  3. To download the available firmware version for an AP model, adjacent to that model, click Download.
    The Access Point Firmware dialog box appears. If you are not logged in as a user with Device Administrator credentials, you must provide Device administrator credentials before you can download the firmware updates to your Firebox.
  4. In the User Name and Passphrase text boxes, type the user credentials for a user account with Device Administrator credentials.
    A downloading message appears. When the firmware has download ed to your Firebox, a download completion message appears.
  5. Click Close.

You can now upgrade the firmware version you downloaded to each of your APs of that model, as described in the Upgrade section.

Access Points

On the Gateway Wireless Controller Access Points tab in Fireware Web UI and Firebox System Manager, you can see all of the APs that are managed by your Firebox. For each AP, this information appears:

Name

This is the unique, friendly name you assign to the AP when you add or edit an Access Point in the Gateway Wireless Controller configuration settings.

Status

In this column, the current status of each AP paired with this Firebox appears.

  • Online — The AP is enabled and can communicate with the Firebox.
  • Not Trusted — The AP is not in a trusted state. For more information, go to AP Trust Store.
  • Unreachable — The AP cannot be contacted by the Firebox, or the AP is not able to connect to the Firebox on port UDP 2529.
  • Discovered — The AP has been discovered by the Firebox, but is not yet online.
  • Updating Firmware — The AP firmware is being updated.
  • Updating Configuration — An update to the AP configuration is in progress.
  • Authenticating — The AP is authenticating to the Gateway Wireless Controller. If the status does not change from Authenticating to Online, the passphrase on the AP may not match the passphrase on the Gateway Wireless Controller. For information about how to resolve a passphrase mismatch, go to About AP Passphrases.
  • Cloud Managed — An AP on your network that is managed by WatchGuard Wi-Fi Cloud and not the Gateway Wireless Controller.

Bytes

The number of bytes of data through the AP.

Clients

The number of client devices connected to the AP.

SSIDs

This column shows the name of each SSID you have configured for the APs paired with this Firebox.

For more information about SSIDs for APs, go to Configure WatchGuard AP SSIDs.

IP Address

This is the IP address assigned to the AP.

Radio 1 (Fireware v12.3 and lower)

This column shows the radio frequency and channel that the AP Radio 1 uses.

In Fireware v12.3.1 and higher, this information appears in the AP details pop-up window when you click on an AP.

For more information about radio settings, go to Configure AP Radio Settings.

Radio 2 (Fireware v12.3 and lower)

If your AP has two radios, this column shows the radio frequency and channel that the AP Radio 2 uses.

In Fireware v12.3.1 and higher, this information appears in the AP details pop-up window when you click on an AP.

For more information about which APs have dual radios, go to About AP Configuration.

Version

This is the firmware version on the AP.

Model

This is the model number for the AP.

For more information about the available AP models, go to About AP Configuration.

Uptime

The amount of time the AP has been online.

Activation Status (Fireware v12.5.1 and higher)

In the Activation Status column, you can view the license activation status for each AP:

  • Activated — The AP is activated with a valid Basic Wi-Fi AP subscription. If you also manage Total or Secure Wi-Fi APs in WatchGuard Wi-Fi Cloud, the APs are displayed as (Activated: Total/Secure).
  • Activated (Expiring )— The AP is activated with a valid AP subscription that expires in less than 90 days.
  • Expired — The AP license is expired. The AP will continue to run in its last known configuration, but you cannot configure or monitor the AP until the license is updated.
  • Not Activated — The AP has not been activated in your WatchGuard account.
  • Not Available — The Gateway Wireless Controller cannot determine the activation status. This status can occur when the Gateway Wireless Controller cannot communicate with WatchGuard servers.

For more information about AP licensing, go to About Gateway Wireless Controller AP Licenses.

AP Actions

For each AP in the Access Points list, you can also select an option from the Actions drop-down list to complete these tasks:

Site Survey

To detect other active wireless access points in the same area, you can complete a site survey.

  1. From the Access Points list, select the AP.
  2. From the Actions drop-down list, select Site Survey.

For more information about how to perform a site survey, go to the Perform a Site Survey section in the topic Monitor AP Status.

Log Messages

To see the log messages generated by an AP:

  1. From the Access Points list, select the AP.
  2. From the Actions drop-down list, select Log Messages.

Network Statistics

To see a report of network statistics information from the AP:

  1. From the Access Points list, select the AP.
  2. From the Actions drop-down list, select Network Statistics.

The network statistics report includes interface statistics (names, MAC and IP addresses, and traffic counters), routing table details, and ARP table details for the AP.

Flash Power LED

To make the power LED on the AP flash:

  1. From the Access Points list, select the AP.
  2. From the Actions drop-down list, select Flash Power LED.
    The Flash Power LED dialog box appears. If you are not logged in as a user with Device Administrator credentials, you must provide Device administrator credentials.
  3. In the User Name and Passphrase text boxes, type the user credentials for a user account with Device Administrator credentials.
  4. Click OK.
    The LED flashes for several minutes.

This is helpful when you need to identify a specific AP, particularly if you use the Disable LEDs option to operate your AP in stealth mode to hide the use of wireless activity.

Reboot 

To restart an AP:

  1. From the Access Points list, select the AP.
  2. From the Actions drop-down list, select Reboot.
    The Reboot dialog box appears. If you are not logged in as a user with Device Administrator credentials, you must provide Device administrator credentials.
  3. In the User Name and Passphrase text boxes, type the user credentials for a user account with Device Administrator credentials.
  4. Click OK.
    The AP restarts.

Unreachable appears in the Status column for an AP while it reboots. When the AP reboot is complete, Online appears in the Status column.

Upgrade

To upgrade the firmware on an AP:

  1. From the Access Points list, select the AP.
  2. From the Actions drop-down list, select Upgrade.
    A confirmation message appears.
  3. Click Yes.

Trust an AP

To help prevent potential security issues from factory reset, unauthorized, or compromised APs in your deployment, the Gateway Wireless Controller will not manage or monitor an AP that is not trusted. For more information, go to AP Trust Store.

To trust an AP:

  1. Select one or more APs.
  2. Click Action.
  3. Select Mark Trusted.

Reset Trust Store

If any of your APs might have been compromised, such as APs that have been tampered with, reset, or are no longer under your control, we recommend that you reset the Trust Store.

For more information, go to AP Trust Store.

Get AP Feature Key

(Fireware v12.5.1 and higher)

Connect to WatchGuard servers to update the activation status and AP feature key automatically on the Gateway Wireless Controller.

Update AP Feature Key

(Fireware v12.5.1 and higher)

Manually import an AP feature key to your Gateway Wireless Controller. You can view the AP feature key from your WatchGuard Support Center account. Copy and paste the feature key contents into the text box, or import the feature key as a file.

Reset to Factory Default

To reset an AP to the factory-default settings:

  1. From the Access Points list, select the AP.
  2. From the Actions drop-down list, select Reset to Factory Default.
    A confirmation message appears.
  3. Click Yes.

For more detailed procedures related to the tasks you can complete when you monitor your APs, go to Monitor AP Status.

Wireless Clients

On the Gateway Wireless Controller Wireless Clients tab in Fireware Web UI and Firebox System Manager, you can see a list of the client devices that are connected to your APs.

Access Point (Web UI) or Filter by AP (FSM)

To filter the list of connected client devices by the AP that each client is connected to, select an option from the Access Point drop-down list. The options include All and the name of each AP paired with this Firebox.

SSID (Web UI) or Filter by SSID (FSM)

To filter the list of connected client devices by the SSID that each client is connected to, select an option from the SSID drop-down list. The options include All and the name of each SSID that is configured on your APs paired with this Firebox.

Manufacturer (Web UI Only, Fireware v12.3 and lower)

To filter the list of connected client devices by the manufacturer of the client device, select an option from the Manufacturer drop-down list. The options include All and the name of each manufacturer for the client devices connected to an AP paired with this Firebox.

Hostname

This is the host name of the client device. This column only appears if your APs use the Firebox as a DHCP server.

To sort the list by the host name, click the Hostname column header.

IP Address

This is the IP address of the client device. This column only appears if your APs use the Firebox as a DHCP server.

To sort the list by the IP address, click the IP Address column header.

To see more information about the connections for this client device, click the IP address and then click a link to see the client device: View in FireWatch or View in Traffic Monitor.

Screen shot of the Wireless Clients page with the IP address links to FireWatch and Traffic Monitor

Screen shot of Firewatch with information for one IP address
Example of the FireWatch page with only information for the selected IP address.

Screen shot of the Traffic Monitor page filtered for an IP address
Example of the Traffic Monitor page with only traffic for the selected IP address.

MAC (Web UI Only)

This is the MAC address assigned to the client device. To sort the list by the MAC address, click the MAC column header.

Manufacturer (Web UI Only, Fireware v12.3 and lower)

This is the manufacturer of the client device.

In Fireware v12.3.1 and higher, this information appears in the client details pop-up window when you click on a client MAC address.

Sent

This is the amount of data that the client device has sent while connected to the AP.

Received

This is the amount of data that the client device has received while connected to the AP.

Signal

This shows the signal strength of the connection between the client device and the AP.

SSID

This is the name of the SSID that the client device is connected to.

Access Point

This is the name of the AP that the client device is connected to.

Radio (Fireware v12.3 and lower)

This column shows the radio channel on the AP that the wireless client device uses.

In Fireware v12.3.1 and higher, this information appears in the client details pop-up window when you click on a client MAC address.

Mode (Fireware v12.3 and lower)

This is the 802.11 wireless mode that the client device uses. For example, b, N, or AC.

In Fireware v12.3.1 and higher, this information appears in the client details pop-up window when you click on a client MAC address.

Location

The location of the client. This information is derived from the description of the AP to which the client is connected. In Fireware Web UI, you must select a client to see the location details.

Disconnect Client

To disconnect a client device from an AP, from the Wireless Clients list, select the client device and click Disconnect Client.

For more detailed procedures related to the tasks you can complete when you monitor Wireless Clients, go to Monitor Wireless Clients.

External BSSIDs

On the Gateway Wireless Controller External BSSIDs tab in Fireware Web UI and Firebox System Manager, you can see a list of access point devices that are not part of your network. You can scan for all access point devices, or for only rogue access points. You can complete a scan to find any conflicts in your area with the SSID and channel that your wireless devices use.

  1. Select the External BSSIDs tab.
  2. If the External BSSIDs list is not automatically populated, click Rescan External BSSIDS.
    The Gateway Wireless Controller scans the area and the access point devices that are not part of your network appear.

Screen shot of the Gateway Wireless Controller External BSSIDs tab

  1. To scan for only rogue access points, select the Show only rogue access points check box.
    The list is updated to only include rogue access points.

Screen shot of the External BSSIDs tab

  1. To update the list of external devices in the area, click Rescan External BSSIDs.
    The Gateway Wireless Controller scans the area for external devices. The external BSSIDs and rogue access points in your area appear in the list, unless you select the Show only rogue access points check box.

Screen shot of the External BSSIDs tab with a scan in progress

  1. To sort the list by the SSID, click the SSID column header.
  1. Select the External BSSIDs tab.
  2. If the External BSSIDs list is not automatically populated, click Rescan External BSSIDS.
    The Rescan External BSSIDs dialog box appears.

Screen shot of the Rescan External BSSIDs dialog box

  1. Specify the user credentials for a user with Device Administrator privileges. Click OK.
    The Gateway Wireless Controller scans the area and the access point devices that are not part of your network appear.

Screen shot of the Gateway Wireless Controller > External BSSIDs tab with scan results

  1. To see only rogue access points, from the Filter by AP drop-down list, select Rogue Access Points.
    The list is updated to only include rogue access points.

Screen shot of the GWC > External BSSIDs tab with Rogue Access Points selected

  1. To update the list of external devices in the area, click Rescan External BSSIDs.
    The Gateway Wireless Controller scans the area for external devices. The external BSSIDs and rogue access points in your area appear in the list, unless you select to show only Rogue Access Points.
  2. To sort the list by the SSID, click the SSID column header.

The External BSSIDs tab includes this information:

MAC Address

This is the MAC address assigned to the external BSSID or rogue access point.

SSID

This is the SSID assigned to the external BSSID or rogue access point.

Channel

This is the wireless channel used by the external BSSID or rogue access point.

Rogue Access Point

This shows an icon for the channel conflict level of the rogue access point device identified by the scan.

For more information about channel conflict levels, go to Use Gateway Wireless Controller Maps.

Related Topics

Configure APs with the Gateway Wireless Controller

WatchGuard Wireless Solutions

Use Gateway Wireless Controller Maps