Policies_Wireless_Security_Snwls
Configuring Wireless Security Settings
This section describes how to configure wireless security settings. To configure the security settings, perform the following steps:
1. Select a wireless SonicWALL appliance.
2. Expand the Wireless tree and click Security. The fields on this screen will change depending on the Authentication Type that you select.
Open-system authentication is the only method required by 802.11b. In open-system authentication, the SonicWALL allows the wireless client access without verifying its identity.
Shared-key authentication uses Wired Equivalent Privacy (WEP) and requires a shared key to be distributed to wireless clients before authentication is allowed. The SonicWALL wireless security appliances provide the option of using Open System, Shared Key, or both when WEP is used to encrypt data. If Both Open System & Shared Key is selected, the Default Key assignments are not important as long as the identical keys are used each field. If Shared Key is selected, then the key assignment is important.
To configure WEP on the SonicWALL, perform the following tasks:
1. On the Policies panel, click Wireless, then Security.
2. Select a WEP authentication type from the Authentication Type list. Shared Key is selected by default.
If you selected Both (Open System & Shared Key) or Shared Key above, you must configure one or more keys and select the default. SonicOS supports the 802.11a and 802.11g standards, which includes 64-bit, 128-bit, and 152-bit encryption for WEP.
1. Select the default key to use, 1,2,3, or 4, from the Default Key pull-down list
2. Select the key type to be either Alphanumeric or Hexadecimal. The number of characters you enter is different for each because an alphanumeric (or ASCII) character contains 8 bits, and a hexadecimal character contains only 4 bits.
Table 11 WEP Encryption Key Types
|
3. Type your keys into each field.
4. For each key, select 64-bit, 128-bit, or 152-bit from the pull-down list next to the Key field. 152-bit is the most secure.
5. Click Update.
WPA and WPA2 Encryption Settings
You can configure Wi-Fi Protected Access as WPA or WPA2 in GMS. Either of these provides better security than WEP. WPA and WPA2 support two protocols for storing and generating keys:
• Extensible Authentication Protocol (EAP): EAP allows WPA/WPA2 to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.
• Pre-Shared Key (PSK): PSK allows WPA/WPA2 to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.
WPA EAP and WPA2 EAP support is only available in Access Point Mode. Bridge Mode supports WPA PSK and WPA2 PSK.
To configure WPA or WPA2 security on the SonicWALL, perform the following tasks:
1. On the Policies panel, click Wireless, then Security.
2. Under Encryption Mode, select a WPA or WPA2 authentication type from the Authentication Type list.
You can choose from the following authentication types:
• WPA-PSK
• WPA-EAP
• WPA2-PSK
• WPA2-EAP
• WPA2-AUTO-PSK
• WPA2-AUTO-EAP
The screen changes to display the configurable fields. The same configuration fields are displayed for all authentication types that employ PSK, and the same configuration fields are displayed for all authentication types that employ EAP.
For both PSK and EAP authentication types, the fields under WPA Settings are the same.
To configure the WPA Settings fields:
1. Select which EAPOL Version to support. EAPOL is Extensible Authentication Protocol EAP over LAN. EAPOL Version v2 provides better security, but may not be supported by some wireless clients.
2. Select one of the following in the Cipher Type pull-down list:
– TKIP -Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis.
– AES - Advanced Encryption Standard (AES) is a block cipher adopted as an encryption standard in 2002. It is widely used in symmetric key cryptography.
– Auto - Allows the SonicWALL to automatically select either TKIP or AES.
3. Select one of the following to determine when to update the key in the Group Key Update pull-down list:
– By Timeout - Generates a new group key after an interval specified in seconds.
– Disabled - Uses a static key that is never regenerated.
4. If you selected By Timeout, enter the number of seconds before WPA or WAP2 automatically generates a new group key into the Interval field.
For all authentication types involving PSK, do the following:
1. Type the passphrase from which the key is generated into the Passphrase field.
2. Do one of the following:
– To apply the settings, click Update.
– To clear all screen settings and start over, click Reset.
Extensible Authentication Protocol (EAP) Settings
For all authentication types involving EAP, the lower part of the screen displays fields for RADIUS configuration.
For all authentication types involving EAP, do the following:
1. Type the IP address of the primary RADIUS server into the Radius Server 1 IP field.
2. Type the port number used to communicate with the primary RADIUS server into the Port field.
3. Type the password for access to the primary Radius Server into the Radius Server 1 Secret field.
4. Type the IP address of the secondary RADIUS server into the Radius Server 2 IP field.
5. Type the port number used to communicate with the secondary RADIUS server into the Port field.
6. Type the password for access to the secondary Radius Server into the Radius Server 2 Secret field.
7. Do one of the following:
– To apply the settings, click Update.
– To clear all screen settings and start over, click Reset.