WatchGuard AP225W review: Strong, secure and speedy

This affordable and feature-packed wireless AP offers great cloud management and unique security skills

WatchGuard AP225W

IT Pro Verdict

Pros

  • +

    Built-in WIPS support

  • +

    Robust management features

  • +

    Outstanding security support

Cons

  • -

    More advanced features may be overkill for SMBs

If you’re familiar with the company’s other products, you probably won’t be surprised to learn that WatchGuard’s diminutive AP225W makes security its top priority. It’s sold as a dual-band Wave 2 AP, but it actually has three radios inside– two providing regular wireless services, plus one dedicated to WatchGuard’s Wireless Intrusion Prevention System, or WIPS for short.

If you haven’t come across WIPS before, it’s a clever system that can sniff out rogue APs on your premises – such as unauthorised hardware using the same SSID as your real APs – and disrupt them so that no one can inadvertently connect. That might not be a threat you encounter every day, but consider the potential cost of a breach and you’ll quickly see the wisdom of playing it safe.

The AP225W can be managed using either WatchGuard’s Cloud Wi-Fi service or from one of the company’s Firebox security appliances. The option you choose affects the cost: the price above includes a year’s Total Wi-Fi subscription, which enables cloud management, location-based usage analysis and the Engage app for gathering guest demographics.

You should have no difficulty fitting the AP225W into your network: as well as the uplink/PoE+ port at the back, the unit offers three additional network ports at the bottom (the third of which presents an 802.3af PoE output), and two passthrough ports, allowing cable runs to be extended through the AP.

Getting set up via the cloud is swift. While WatchGuard doesn’t offer dedicated smartphone apps, the web portal works equally well on desktop and mobile platforms, and includes a quick-start option that automatically creates an initial set of SSIDs.

WatchGuard AP225W ports

Once we’d been through this short process, we connected the AP225W to our network, and watched it automatically appear in our cloud account and start broadcasting our SSIDs. The portal’s Discover page presents dashboard views for general connectivity, wireless performance, detected apps and WIPS status.

For more information on that last count, you can jump to the WIPS monitor page to check your security status and enable the feature that fires deauthorisation packets at rogues to prevent clients from associating with them. We tested this by connecting a Linksys LAPAC1750 AP to the lab network. This duly appeared in the portal as a rogue, and when we tried to connect to it from a Windows 10 client, we were immediately booted off, with the WIPS dashboard alerting us to the event. It’s impressively effective – just make sure your own APs are all authorised before enabling WIPS or they’ll get the same harsh treatment.

A neat feature of the WatchGuard cloud is its hierarchical approach. It presents a layered structure of folders, representing countries, cities, offices, departments and floors, and allows you to apply management templates at any level, defining settings to be inherited by all network devices and APs below that level.

You can configure settings using SSID profiles too, such as encryption standards, traffic shaping and QoS for voice and video traffic. Access controls include firewall rules for blocking specific apps, and if you choose to enable a splash page for guest users, you can include custom content and embed authentication plugins for a selection of social media sites including Facebook and Twitter.

Performance is respectable if not outstanding. We saw close-range file copies from a Windows 10 client with a Netgear Nighthawk AC1900 USB adapter average 54MB/sec; with the AP moved 10m away, speeds decreased to 47MB/sec.

Some of the AP225W’s features may seem like overkill for small businesses, but for the price, it’s hard to quibble. WatchGuard’s cloud portal provides a wealth of high-end wireless management tools, and the WIPS service adds advanced security features that you’d expect to pay far more for.

WatchGuard AP225W specifications

Swipe to scroll horizontally
Band supportWave 2 AC1200 dual-band 2.4GHz/5GHz 802.11ac
Radios2x2 MU-MIMO, 2x2 WIPS radio, 6 x internal aerials
Ports4 x Gigabit Ethernet (LAN/PoE+, 3 x LAN), 2 x passthrough ports
Additional features1yr support contract with advanced hardware replacement, 1yr Total Wi-Fi subscription, wall/ceiling mounting plate
Dimensions (WDH)186 x 124 x 26mm
Weight455g
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.