WatchGuard AP225W review: Strong, secure and speedy
This affordable and feature-packed wireless AP offers great cloud management and unique security skills
If you’re familiar with the company’s other products, you probably won’t be surprised to learn that WatchGuard’s diminutive AP225W makes security its top priority. It’s sold as a dual-band Wave 2 AP, but it actually has three radios inside– two providing regular wireless services, plus one dedicated to WatchGuard’s Wireless Intrusion Prevention System, or WIPS for short.
If you haven’t come across WIPS before, it’s a clever system that can sniff out rogue APs on your premises – such as unauthorised hardware using the same SSID as your real APs – and disrupt them so that no one can inadvertently connect. That might not be a threat you encounter every day, but consider the potential cost of a breach and you’ll quickly see the wisdom of playing it safe.
The AP225W can be managed using either WatchGuard’s Cloud Wi-Fi service or from one of the company’s Firebox security appliances. The option you choose affects the cost: the price above includes a year’s Total Wi-Fi subscription, which enables cloud management, location-based usage analysis and the Engage app for gathering guest demographics.
You should have no difficulty fitting the AP225W into your network: as well as the uplink/PoE+ port at the back, the unit offers three additional network ports at the bottom (the third of which presents an 802.3af PoE output), and two passthrough ports, allowing cable runs to be extended through the AP.
Getting set up via the cloud is swift. While WatchGuard doesn’t offer dedicated smartphone apps, the web portal works equally well on desktop and mobile platforms, and includes a quick-start option that automatically creates an initial set of SSIDs.
Once we’d been through this short process, we connected the AP225W to our network, and watched it automatically appear in our cloud account and start broadcasting our SSIDs. The portal’s Discover page presents dashboard views for general connectivity, wireless performance, detected apps and WIPS status.
For more information on that last count, you can jump to the WIPS monitor page to check your security status and enable the feature that fires deauthorisation packets at rogues to prevent clients from associating with them. We tested this by connecting a Linksys LAPAC1750 AP to the lab network. This duly appeared in the portal as a rogue, and when we tried to connect to it from a Windows 10 client, we were immediately booted off, with the WIPS dashboard alerting us to the event. It’s impressively effective – just make sure your own APs are all authorised before enabling WIPS or they’ll get the same harsh treatment.
A neat feature of the WatchGuard cloud is its hierarchical approach. It presents a layered structure of folders, representing countries, cities, offices, departments and floors, and allows you to apply management templates at any level, defining settings to be inherited by all network devices and APs below that level.
You can configure settings using SSID profiles too, such as encryption standards, traffic shaping and QoS for voice and video traffic. Access controls include firewall rules for blocking specific apps, and if you choose to enable a splash page for guest users, you can include custom content and embed authentication plugins for a selection of social media sites including Facebook and Twitter.
Performance is respectable if not outstanding. We saw close-range file copies from a Windows 10 client with a Netgear Nighthawk AC1900 USB adapter average 54MB/sec; with the AP moved 10m away, speeds decreased to 47MB/sec.
Some of the AP225W’s features may seem like overkill for small businesses, but for the price, it’s hard to quibble. WatchGuard’s cloud portal provides a wealth of high-end wireless management tools, and the WIPS service adds advanced security features that you’d expect to pay far more for.
WatchGuard AP225W specifications
Wave 2 AC1200 dual-band 2.4GHz/5GHz 802.11ac
2x2 MU-MIMO, 2x2 WIPS radio, 6 x internal aerials
4 x Gigabit Ethernet (LAN/PoE+, 3 x LAN), 2 x passthrough ports
1yr support contract with advanced hardware replacement, 1yr Total Wi-Fi subscription, wall/ceiling mounting plate
186 x 124 x 26mm
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Security best practices for PostgreSQL
Securing data with PostgreSQLDownload now
Transform your MSP business into a money-making machine
Benefits and challenges of a recurring revenue modelDownload now
The care and feeding of cloud
How to support cloud infrastructure post-migrationWatch now