Related Topics
Set the Wireless Authentication Method
From the Encryption (Authentication) drop-down list in the wireless access point configuration, you can select the level of the authentication method for your wireless connections. The eight available authentication methods, from least secure to most secure, are explained in this topic. Select the most secure authentication method that is supported by your wireless network clients.
KRACK WPA/WPA2 Vulnerabilities
WatchGuard has addressed recent KRACK WPA/WPA2 vulnerabilities for Firebox wireless devices in Fireware v12.0.1 and higher.
In Fireware v12.0.2 and higher, you can enable the WPA/WPA2 vulnerability mitigation check box in the Wireless settings to mitigate KRACK WPA/WPA2 vulnerabilities in unpatched wireless clients. For more information, see Enable Firebox Wireless.
WPA and WPA2 with Pre-Shared Keys
WPA (PSK) and WPA2 (PSK) Wi-Fi Protected Access methods use pre-shared keys for authentication. WPA (PSK) and WPA2 (PSK) are more secure than WEP shared key authentication. When you choose one of these methods, you configure a pre-shared key that all wireless devices must use to authenticate to the wireless access point.
Your wireless Firebox supports three wireless authentication settings that use pre-shared keys:
- WPA ONLY (PSK) — Accepts connections from wireless devices configured to use WPA with pre-shared keys.
- WPA/WPA2 (PSK) — Accepts connections from wireless devices configured to use WPA or WPA2 with pre-shared keys.
- WPA2 ONLY (PSK) — Accepts connections from wireless devices configured to use WPA2 with pre-shared keys authentication. WPA2 implements the full 802.11i standard; it does not work with some older wireless network cards.
WPA and WPA2 with Enterprise Authentication
The WPA Enterprise and WPA2 Enterprise authentication methods use the IEEE 802.1X standard for network authentication. These authentication methods use the EAP (Extensible Authentication Protocol) framework to enable user authentication to an external RADIUS authentication server or to the Firebox (Firebox-DB). The WPA Enterprise and WPA2 Enterprise authentication methods are more secure than WPA/WPA2 (PSK) because users authenticate with their own credentials instead of a shared key.
Wireless Fireboxes that run Fireware v11.4 and higher support three WPA and WPA2 Enterprise wireless authentication methods:
- WPA Enterprise — Accepts connections from wireless devices configured to use WPA Enterprise authentication.
- WPA/WPA2 Enterprise — Accepts connections from wireless devices configured to use WPA Enterprise or WPA2 Enterprise authentication.
- WPA2 Enterprise — Accepts connections from wireless devices configured to use WPA2 Enterprise authentication. WPA2 implements the full 802.11i standard; it does not work with some older wireless network cards.
For more information about these authentication methods, see WPA/WPA2 Enterprise Authentication with RADIUS.
To use the Enterprise authentication methods, you must configure an external RADIUS authentication server, or configure the Firebox as an authentication server.
For more information about how to configure the settings for these authentication methods, see
- Use a RADIUS Server for Wireless Authentication
- Use the Firebox as an Authentication Server for Wireless Authentication
Open System and Shared Key
The Open System and Shared Key authentication methods use WEP encryption. WEP is not as secure as WPA2 and WPA (Wi-Fi Protected Access). We recommend you do not use these less secure methods unless your wireless clients do not support WPA or WPA2.
- Open System — Open System authentication allows any user to authenticate to the access point. This method can be used with no encryption or with WEP encryption.
- Shared Key — Only those wireless clients that have the shared key can connect. Shared Key authentication can be used only with WEP encryption.