This article will show you how to manage several access points (APs) on one firewall, even though it's located elsewhere. If you want to manage all branch APs on only one firewall, you can do this with this article. Business with multiple locations needs to manage Wi-Fi system from a centralized location. Is this possible? Yes, if a VPN connection is established between the MAIN site and each BRANCH office.
The MAIN site has an ATP100 and BRANCH office USG Flex 100. The ATP 100 acts as an AP Controller to manage the access point. The BRANCH office uses a USG Flex 100 that does not have the AP Controller feature, or you want to manage the APs from one location.
Table of Content
1. Supported equipment table
2. Set up a VPN connection between your sites
3. Main Site Firewall (AP controller) - settings
4. Remote Site Firewall - settings
5. Connect AP
1) Supported equipment table
This will help ensure that your equipment meets the requirements, i.e. the Firewall supports the AP controller function, and access points can be managed by the AP controller.
2) Site-to-Site VPN
Set up a VPN connection between your sites. Detailed instructions can be found in our other article. Please use the link: VPN - Configure IPSec Site-To-Site VPN.
3) Main Site Firewall (AP controller) settings
By default, Zywall services use the main routing table, so without adding the static route, the AP controller will not be able to reach the AP through the VPN tunnel (Site-to-Site VPN). Therefore, we need to add a rule to the "Static route"
Frewall > Configuration > Routing > Static Route
4) Remote Site Firewall settings
To avoid having to specify the controller's IP address on each access point. We can do this with the Firewall, which will work for all remote site access points. To do this, we use the CAPWAP protocol - is a standard, interoperable networking protocol that enables a central wireless LAN Access Controller to manage a collection of Wireless Termination Points.
Frewall > Configuration > Interface > Ethernet
1. Select the subnet in which the APs are located. In our case, it is LAN1
2. Find the "Advance" block
3. Click "Add"
4. In the "Options" field, select CAPWAP AP
5. In the "First IP Addresses", enter the address of your AP controller
6. Click "Ok"
5) Connect AP
Connect the AP to the Firewall directly or using a switch, as shown in the image at the top of this article. Go to the web GUI of the main Firewall that acts as an AP controller
Frewall > Configuration > AP Management > Mgmt. AP List
You see that the AP is added, but it is offline.
It may take 1-2 minutes for the AP status to change.
1. Make sure your access point is on the list of supported devices
2. Check if your access point is on the list
3. Try accessing the web GUI of the remote access point from the controller's AP network
4. Reboot the access point
5. Reset the access point to factory settings using the "Reset" button