WatchGuard AP420 review

WatchGuard’s AP420 teams up seriously secure wireless networks with slick cloud management and tons of features

Editor's Choice
  • Robust management console; Strong detection and quarantine options; Excellent speeds
  • Expensive;

SMBs that want plenty of management choices and tight wireless security will love WatchGuard's AP420. It can be managed as a standalone AP, remotely via WatchGuard's FireBox UTM appliances or taken into the cloud with the Wi-Fi Cloud service.

This Wave 2 AC2500 dual-band AP looks pricey but it has another trick up its sleeve: it has not two, but three radios. Along with the 2.4GHz and 5GHz variety, the WP420 has a WIPS (wireless intrusion prevention system) radio designed to sniff out unauthorized wireless APs and quarantine them.

Advertisement - Article continues below

WIPS calms your concerns about wireless containment as the AP420 only takes an interest in APs that are physically wired into the same network. It has a very particular set of skills and if someone tries to sneak their own AP onto the LAN, it will find it, will alert you to its presence and, if intrusion prevention is enabled, will disable it.

WIPS requires a Wi-Fi Cloud account and we started deployment by using its Go portal to create wireless SSID profiles. All you do is provide a name, choose an encryption scheme, enter a key and you're done.

We tested using AP420 and AP320 devices and soon as they were powered on and linked to our cloud account, they received the relevant default template and started advertising the secure SSIDs. Our next stop was the main Wi-Fi Cloud portal. This opens with a Launchpad providing quick access to sections for management, demographics analysis and an Engage app for creating marketing campaigns for guest user portals.

Advertisement - Article continues below
Advertisement - Article continues below

The management portal provides a customizable dashboard showing everything you need to know about wireless networks, clients and rogue APs. Templates provide full control over wireless networks and include settings for all four WatchGuard AP models, where you choose the SSIDs to be assigned to them.

SSIDs can have a captive portal, walled garden, rules-based traffic and application firewalls, traffic shaping and QoS for voice and video traffic. BYOD onboarding redirects smartphones and tablets to an authorization URL or walled garden, you can enforce black and white MAC address lists and enable automatic packet capture for failed client connections.

WIPS works passively out of the box, where it identified 47 APs in our vicinity and classed those with no physical LAN connection as external. We connected a ZyXEL dual-radio AP to the LAN which popped up in the portal as a rogue and to test containment, we logged a Windows client onto the AP and enabled WIPS intrusion prevention.

Advertisement - Article continues below

It took two minutes for the change to propagate from the cloud portal but when it did, our wireless client was kicked off the AP and kept from associating with it. WIPS defaults to disrupting rogue APs by firing 'deauth' packets at up to two 11n and two 11ac channels but you can change to blocking, interrupting or degrading levels depending on how many channels you want affected and lock the list of authorised APs to stop more being added.

The AP420 is a good performer as well with real world file copies using a 5GHz 11ac connection on a Windows 10 Pro desktop averaging 60MB/sec at close range dropping to 56MB/sec at 10 metres. Coverage is good too, as the SweetSpots app on our iPad only registered a loss of signal after we got 45 metres down the main building corridor.

The AP420 isn't cheap but SMBs that want enterprise class wireless security and central management will find it will be money well spent. The cloud portal is one of the best we've yet seen, performance is great and WatchGuard's WIPS delivers smart wireless security.


The AP420 isn't cheap but SMBs that want enterprise class wireless security and central management will find it will be money well spent. The cloud portal is one of the best we've yet seen, performance is great and WatchGuard's WIPS delivers smart wireless security.

Dual band 2.4GHz/5GHz 802.11ac 4 x 4 MU-MIMO 2 x 2 WIPS radio internal aerials 2 x Gigabit (LAN and PoE+) USB 2 Kensington lock ceiling/wall mounting plates 220 x 220 x 57mm WDH 1.3kgs 1yr support contract with advanced hardware replacement 1yr Wi-Fi Cloud subscription

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now

Most Popular

Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020