Solution Overview
What is VPN over Access Point?
You can create a secure VPN tunnel between a WatchGuard Cloud-managed Access Point and a cloud-managed Firebox. A VPN tunnel offers a better and more secure way for remote workers to connect back to the corporate data center using IKEv2 (IKE Version 2) with no user configuration required. Access Point VPN is currently only supported with a cloud-managed Firebox.
Support Remote Work with Confidence
Secure Connectivity Made Simple for Remote Teams
Reliable access to corporate resources is essential for remote employees to stay productive. Traditional VPN solutions often create complexity, require manual setup, and may not support all devices.
With VPN over Access Point, your team gets enterprise-grade security without the headaches:
- Always-On Protection – All traffic is automatically secured through an encrypted tunnel.
- No Manual Setup – Employees simply connect to WiFi; the access point handles the VPN.
- Works Anywhere – Home, office, or even a hotel room — just plug in and go.
- Device-Friendly – Laptops, smartphones, game consoles, and even IoT devices can securely connect.
Unlike traditional VPN clients, VPN-over-AP delivers both strong protection and seamless user experience, making it the ideal solution for organizations that support remote or hybrid workers.
Features & Benefits
Why VPN-over-Access Point is Better
Our solution combines the security of enterprise VPNs with the simplicity of plug-and-play WiFi. Here’s how it makes life easier for both IT teams and end users:
Two-Factor Authentication
Works seamlessly with WatchGuard AuthPoint and other MFA solutions, adding an extra layer of protection without additional hardware.
Always-On Connectivity
The VPN tunnel automatically reconnects if interrupted. Even after sleep mode, the connection restores instantly.
Windows Pre-Logon Support
Employees can sign into a Windows domain securely, even when working remotely. Credentials can be synced for simple login.
Seamless Roaming
Move between networks (WiFi, 4G/5G, LAN) without dropping the VPN. Perfect for mobile workers who switch between environments.
Built-in Security Firewall
Friendly Net Detection automatically applies the right firewall rules depending on whether the network is trusted or not ideal for retail, kiosks, or public hotspots.
Access Point VPN Requirements
To set up and use VPN-over-Access Point, make sure your environment meets the following requirements.
System Requirements
- Varpath managed firewall
- Varpath managed access point
Network Requirements
- UDP port 500
- UDP port 4500
- (ESP IP Protocol 50 is not required separately, it’s encapsulated in UDP 4500 for NAT traversal.)
Get a Secure VPN Solution
Ready to simplify remote connectivity? Let’s make sure your employees can connect safely and seamlessly from anywhere, on any device.
