Wireless_DWIT_WEP_WPA_Encryption

Wireless > Security

Note	When the SonicWALL wireless security appliance is configured in Access Point mode, this page is called Security . When the appliance is configured in Wireless Bridge mode, this page is called WEP Encryption .

Wired Equivalent Protocol (WEP) can be used to protect data as it is transmitted over the wireless network, but it provides no protection past the SonicWALL. It is designed to provide a minimal level of protection for transmitted data, and is not recommended for network deployments requiring a high degree of security.

Wi-Fi Protected Access (WPA and WPA2) provides much greater security than WEP, but requires a separate authentication protocol, such as RADIUS, be used to authenticate all users. WPA uses a dynamic key that constantly changes, as opposed to the static key that WEP uses.

The SonicWALL security appliance provides a number of permutations of WEP and WPA encryption.The following sections describe the available wireless security options:

•	“Authentication Overview”

•	“WPA/WPA2 Encryption Settings”

•	“WEP Encryption Settings”

Authentication Overview

Below is a list of available authentication types with descriptive features and uses for each:

WEP

•	Lower security

•	For use with older legacy devices, PDAs, wireless printers

WPA

•	Good security (uses TKIP)

•	For use with trusted corporate wireless clients

•	Transparent authentication with Windows log-in

•	No client software needed in most cases

WPA2

•	Best security (uses AES)

•	For use with trusted corporate wireless clients

•	Transparent authentication with Windows log-in

•	Client software install may be necessary in some cases

•	Supports 802.11i “Fast Roaming” feature

•	No backend authentication needed after first log-in (allows for faster roaming)

WPA2-AUTO

•	Tries to connect using WPA2 security.

•	If the client is not WPA2 capable, the connection will default to WPA.

WPA/WPA2 Encryption Settings

Both WPA and WPA2 support two protocols for storing and generating keys:

•	Pre-Shared Key (PSK) : PSK allows WPA to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.

•	Extensible Authentication Protocol (EAP) : EAP allows WPA to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.

WPA2 also supports EAP and PSK protocols, but adds an optional AUTO mode for each protocol. WPA2 EAP AUTO and WPA2 PSK AUTO try to connect using WPA2 security, but will default back to WPA if the client is not WPA2 capable.

Note	WPA support is only available in Access Point Mode. WPA support is not available in Bridge Mode.

WPA2 and WPA PSK Settings

Encryption Mode : In the Authentication Type field, select either WPA-PSK , WPA2-PSK , or WPA2-Auto-PSK .

WPA Settings

•	Cypher Type : select TKIP. Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis.

•	Group Key Update : Specifies when the SonicWALL security appliance updates the key. Select By Timeout to generate a new group key after an interval specified in seconds. Select By Packet to generate a new group key after a specific number of packets. Select Disabled to use a static key.

•	Interval : If you selected By Timeout , enter the number of seconds before WPA automatically generates a new group key.

Preshared Key Settings (PSK)

•	Passphrase : Enter the passphrase from which the key is generated.

Click Apply in the top right corner to apply your WPA settings.

WPA2 and WPA EAP Settings

Encryption Mode : In the Authentication Type field, select either WPA-EAP , WPA2-EAP , or WPA2-AUTO-EAP .

WPA Settings

•	Cypher Type : Select TKIP. Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis.

•	Group Key Interval : Eenter the number of seconds before WPA automatically generates a new group key.

Extensible Authentication Protocol Settings (EAP)

•	Radius Server 1 IP and Port : Enter the IP address and port number for your primary RADIUS server.

•	Radius Server 1 Secret : Enter the password for access to Radius Server

•	Radius Server 2 IP and Port : Enter the IP address and port number for your secondary RADIUS server, if you have one.

•	Radius Server 2 Secret : Enter the password for access to Radius Server

Click Apply in the top right corner to apply your WPA settings.

WEP Encryption Settings

The SonicWALL security appliance offers the following WEP encryption options:

•	WEP - Open system : In open-system authentication, the SonicWALL allows the wireless client access without verifying its identity.

•	WEP -Shared key : Uses WEP and requires a shared key to be distributed to wireless clients before authentication is allowed.

•	Both (Open System & Shared Key) : The Default Key assignments are not important as long as the identical keys are used in each field. If Shared Key is selected, then the key assignment is important.

To configure wireless security on the SonicWALL, navigate to the Wireless > Security page and perform the following tasks:

Step 1

Select the appropriate authentication type from the Authentication Type list.

Step 2

In the Default Key pulldown menu, select which key will be the default key.

Step 3

In the Key Entry menu, select if your keys will be Alphanumeric or Hexadecimnal .


WEP - 64-bit	WEP - 128-bit	WEP - 152-bit
Alphanumeric - 5 characters (0-9, A-Z)	Alphanumeric - 13 characters	Alphanumeric - 16 characters
Hexadecimal - 10 characters (0-9, A-F)	Hexadecimal - 26 characters	Hexadecimal - 32 characters

Step 4

You can enter up to four keys. For each key, select whether it will be 64-bit, 128-bit, or 152-bit. The higher the bit number, the more secure the key is.

Step 5

Enter the keys.

Step 6

Click Apply .