WatchGuard AP420 review

WatchGuard’s AP420 teams up seriously secure wireless networks with slick cloud management and tons of features

Editor's Choice
Price
£771
  • Robust management console; Strong detection and quarantine options; Excellent speeds
  • Expensive;

SMBs that want plenty of management choices and tight wireless security will love WatchGuard's AP420. It can be managed as a standalone AP, remotely via WatchGuard's FireBox UTM appliances or taken into the cloud with the Wi-Fi Cloud service.

This Wave 2 AC2500 dual-band AP looks pricey but it has another trick up its sleeve: it has not two, but three radios. Along with the 2.4GHz and 5GHz variety, the WP420 has a WIPS (wireless intrusion prevention system) radio designed to sniff out unauthorized wireless APs and quarantine them.

WIPS calms your concerns about wireless containment as the AP420 only takes an interest in APs that are physically wired into the same network. It has a very particular set of skills and if someone tries to sneak their own AP onto the LAN, it will find it, will alert you to its presence and, if intrusion prevention is enabled, will disable it.

WIPS requires a Wi-Fi Cloud account and we started deployment by using its Go portal to create wireless SSID profiles. All you do is provide a name, choose an encryption scheme, enter a key and you're done.

Advertisement
Advertisement - Article continues below

We tested using AP420 and AP320 devices and soon as they were powered on and linked to our cloud account, they received the relevant default template and started advertising the secure SSIDs. Our next stop was the main Wi-Fi Cloud portal. This opens with a Launchpad providing quick access to sections for management, demographics analysis and an Engage app for creating marketing campaigns for guest user portals.

The management portal provides a customizable dashboard showing everything you need to know about wireless networks, clients and rogue APs. Templates provide full control over wireless networks and include settings for all four WatchGuard AP models, where you choose the SSIDs to be assigned to them.

SSIDs can have a captive portal, walled garden, rules-based traffic and application firewalls, traffic shaping and QoS for voice and video traffic. BYOD onboarding redirects smartphones and tablets to an authorization URL or walled garden, you can enforce black and white MAC address lists and enable automatic packet capture for failed client connections.

WIPS works passively out of the box, where it identified 47 APs in our vicinity and classed those with no physical LAN connection as external. We connected a ZyXEL dual-radio AP to the LAN which popped up in the portal as a rogue and to test containment, we logged a Windows client onto the AP and enabled WIPS intrusion prevention.

It took two minutes for the change to propagate from the cloud portal but when it did, our wireless client was kicked off the AP and kept from associating with it. WIPS defaults to disrupting rogue APs by firing 'deauth' packets at up to two 11n and two 11ac channels but you can change to blocking, interrupting or degrading levels depending on how many channels you want affected and lock the list of authorised APs to stop more being added.

The AP420 is a good performer as well with real world file copies using a 5GHz 11ac connection on a Windows 10 Pro desktop averaging 60MB/sec at close range dropping to 56MB/sec at 10 metres. Coverage is good too, as the SweetSpots app on our iPad only registered a loss of signal after we got 45 metres down the main building corridor.

The AP420 isn't cheap but SMBs that want enterprise class wireless security and central management will find it will be money well spent. The cloud portal is one of the best we've yet seen, performance is great and WatchGuard's WIPS delivers smart wireless security.

Verdict

The AP420 isn't cheap but SMBs that want enterprise class wireless security and central management will find it will be money well spent. The cloud portal is one of the best we've yet seen, performance is great and WatchGuard's WIPS delivers smart wireless security.

Dual band 2.4GHz/5GHz 802.11ac 4 x 4 MU-MIMO 2 x 2 WIPS radio internal aerials 2 x Gigabit (LAN and PoE+) USB 2 Kensington lock ceiling/wall mounting plates 220 x 220 x 57mm WDH 1.3kgs 1yr support contract with advanced hardware replacement 1yr Wi-Fi Cloud subscription

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019