Wired Equivalent Protocol
(WEP) can be used to protect data as it is transmitted over the wireless network, but it provides no protection past the SonicWALL. It is designed to provide a minimal level of protection for transmitted data, and is not recommended for network deployments requiring a high degree of security.
Wi-Fi Protected Access
(WPA and WPA2) provides much greater security than WEP, but requires a separate authentication protocol, such as RADIUS, be used to authenticate all users. WPA uses a dynamic key that constantly changes, as opposed to the static key that WEP uses.
The SonicWALL security appliance provides a number of permutations of WEP and WPA
encryption.The following sections describe the available wireless security options:
Below is a list of available authentication types with descriptive features and uses for each:
WEP
WPA
WPA2
WPA2-AUTO
Both WPA and WPA2 support two protocols for storing and generating keys:
|
|
•
|
Pre-Shared Key
(PSK)
: PSK allows WPA to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.
|
|
|
•
|
Extensible Authentication Protocol (EAP)
: EAP allows WPA to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.
|
WPA2 also supports EAP and PSK protocols, but adds an optional AUTO mode for each
protocol. WPA2 EAP AUTO and WPA2 PSK AUTO try to connect using WPA2 security, but will default back to WPA if the client is not WPA2 capable.
Encryption Mode
: In the Authentication Type
field, select either WPA-PSK
, WPA2-PSK
, or WPA2-Auto-PSK
.
|
|
•
|
Cypher Type
: select TKIP. Temporal Key Integrity Protocol
(TKIP) is a protocol for enforcing key integrity on a per-packet basis.
|
|
|
•
|
Group Key Update
: Specifies when the SonicWALL security appliance updates the key. Select By Timeout
to generate a new group key after an interval specified in seconds. Select By Packet
to generate a new group key after a specific number of packets. Select Disabled
to use a static key.
|
|
|
•
|
Interval
: If you selected By Timeout
, enter the number of seconds before WPA automatically generates a new group key.
|
|
|
•
|
Passphrase
: Enter the passphrase from which the key is generated.
|
Click
Apply
in the top right corner to apply your WPA settings.
Encryption Mode
: In the Authentication Type
field, select either WPA-EAP
, WPA2-EAP
,
or WPA2-AUTO-EAP
.
|
|
•
|
Cypher Type
: Select TKIP. Temporal Key Integrity Protocol
(TKIP) is a protocol for enforcing key integrity on a per-packet basis.
|
|
|
•
|
Group Key Interval
: Eenter the number of seconds before WPA automatically generates a new group key.
|
|
|
•
|
Radius Server 1 IP
and Port
: Enter the IP address and port number for your primary RADIUS server.
|
|
|
•
|
Radius Server 2 IP
and Port
: Enter the IP address and port number for your secondary RADIUS server, if you have one.
|
Click
Apply
in the top right corner to apply your WPA settings.
The SonicWALL security appliance offers the following WEP encryption options:
|
|
•
|
WEP - Open system
: In open-system authentication, the SonicWALL allows the wireless client access without verifying its identity.
|
|
|
•
|
WEP -Shared key
: Uses WEP and requires a shared key to be distributed to wireless clients before authentication is allowed.
|
|
|
•
|
Both (Open System & Shared Key)
: The Default Key
assignments are not important as long as the identical keys are used in each field. If Shared Key
is selected, then the key assignment is important.
|
To configure wireless security on the SonicWALL, navigate to the
Wireless > Security
page and perform the following tasks:
|
Step 2
|
In the
Default Key
pulldown menu, select which key will be the default key.
|
|
Step 3
|
In the
Key Entry
menu, select if your keys will be Alphanumeric
or Hexadecimnal
.
|