AP Trust Store

To help prevent potential security issues caused by factory reset, unauthorized, or compromised APs, the Gateway Wireless Controller creates trust records for each AP in your deployment. This Trust Store makes sure the Gateway Wireless Controller cannot give data (for example, passphrases and other sensitive information about your wireless deployment) to untrusted APs.

The Gateway Wireless Controller does not communicate with APs that are not trusted. If an AP is not trusted, wireless data functions on the AP continue to operate, but the Gateway Wireless Controller does not manage or monitor that AP.

APs that are paired with a Gateway Wireless Controller for the first time are automatically trusted.

Trust records use the IP address of the AP. If the IP address of the AP changes, the AP is no longer trusted. To prevent loss of trust status because of dynamic IP address changes, we recommend you use either DHCP reservations or static IP addresses for your APs.

AP Trust Status

APs without a known trust record have a status of Not Trusted on the Gateway Wireless Controller Access Points page.

An AP can have a status of Not Trusted for these reasons:

  • The AP has been reset to a factory-default configuration
  • The AP's IP address has changed to a new IP address
  • The AP might have been compromised

Screen shot of Gateway Wireless Controller Dashboard page - Not Trusted AP device status

You can configure the Firebox to send an alarm notification when the trust state of an AP changes. To configure notification settings, go to Configure Gateway Wireless Controller Settings.

Trust an AP

Before you can manage and monitor an AP with the Gateway Wireless Controller, the AP must be trusted. Before you trust an AP, make sure it is a known AP in your deployment.

  1. Select Dashboard > Gateway Wireless Controller.
    The Gateway  Wireless Controller page appears.
  2. Select the Access Points tab.
  3. Select one or more APs.
  4. From the Action drop-down list, select Mark Trusted.
    The device status changes from Not Trusted to Online.

Screen shot of Access Points - Mark Trusted action

  1. Select the Gateway Wireless Controller tab.
  2. Select the Access Points tab.
  3. Select one or more APs.
  4. From the Actions drop-down list, select Mark Trusted.
    The device status changes from Not Trusted to Online.

Screen shot of Firebox System Manager - Access Points - Mark Trusted action

Reset the Trust Store

If any of your APs might have been compromised, for example, if APs have been tampered with, reset, or are no longer under your control, we recommend that you reset the Trust Store.

You cannot reset the Trust Store for a single AP. You must reset the Trust Store and trust all of your known APs again.

  1. Select Network > Gateway Wireless Controller.
  2. Select the Settings tab.
  3. Click Reset Trust Store.

Screen shot of Gateway Wireless Controller Settings - Reset Trust Store button

  1. Select the Gateway Wireless Controller tab.
  2. Select the Access Points tab.
  3. Click Reset.

Screen shot Firebox System Manager - Gateway Wireless Controller - Reset Trust Store

Disable the Trust Store

If you do not want to use the trust security feature, you can disable the Trust Store. If you disable the Trust Store all APs are considered trusted.

  1. Select Network > Gateway Wireless Controller.
  2. Select the Settings tab.
  3. Select the Disable the Trust Store mechanism and trust all WatchGuard APs check box.
  4. Click Save.

Screen shot of Gateway Wireless Controller settings - Disable Trust Store

  1. Select Network > Gateway Wireless Controller.
  2. Click Settings.
  3. Select the Disable the Trust Store mechanism and trust all WatchGuard APs check box.
  4. Save the configuration.

Screen shot of Policy Manager - Gateway Wireless Controller settings - Disable Trust Store

Related Topics

Configure Gateway Wireless Controller Settings