Set the Wireless Authentication Method

From the Encryption (Authentication) drop-down list in the wireless access point configuration, you can select the level of the authentication method for your wireless connections. The eight available authentication methods, from least secure to most secure, are explained in the subsequent sections. Select the most secure authentication method that is supported by your wireless network clients.

If your device runs Fireware v11.0-v11.3.x, the available authentication methods are different. For more information, see Set the Wireless Authentication Method in the Fireware WatchGuard System Manager v11.3.x Help.

WPA and WPA2 with Pre-Shared Keys

WPA (PSK) and WPA2 (PSK) Wi-Fi Protected Access methods use pre-shared keys for authentication. WPA (PSK) and WPA2 (PSK) are more secure than WEP shared key authentication. When you choose one of these methods, you configure a pre-shared key that all wireless devices must use to authenticate to the wireless access point.

Your wireless Firebox supports three wireless authentication settings that use pre-shared keys:

  • WPA ONLY (PSK) — Accepts connections from wireless devices configured to use WPA with pre-shared keys.
  • WPA/WPA2 (PSK) — Accepts connections from wireless devices configured to use WPA or WPA2 with pre-shared keys.
  • WPA2 ONLY (PSK) — Accepts connections from wireless devices configured to use WPA2 with pre-shared keys authentication. WPA2 implements the full 802.11i standard; it does not work with some older wireless network cards.

WPA and WPA2 with Enterprise Authentication

The WPA Enterprise and WPA2 Enterprise authentication methods use the IEEE 802.1X standard for network authentication. These authentication methods use the EAP (Extensible Authentication Protocol) framework to enable user authentication to an external RADIUS authentication server or to the Firebox (Firebox-DB). The WPA Enterprise and WPA2 Enterprise authentication methods are more secure than WPA/WPA2 (PSK) because users authenticate with their own credentials instead of a shared key.

Wireless Fireboxes that run Fireware v11.4 and higher support three WPA and WPA2 Enterprise wireless authentication methods:

  • WPA Enterprise — Accepts connections from wireless devices configured to use WPA Enterprise authentication.
  • WPA/WPA2 Enterprise — Accepts connections from wireless devices configured to use WPA Enterprise or WPA2 Enterprise authentication.
  • WPA2 Enterprise — Accepts connections from wireless devices configured to use WPA2 Enterprise authentication. WPA2 implements the full 802.11i standard; it does not work with some older wireless network cards.

For more information about these authentication methods, see WPA/WPA2 Enterprise Authentication with RADIUS.

To use the Enterprise authentication methods, you must configure an external RADIUS authentication server, or configure the Firebox as an authentication server.

For more information about how to configure the settings for these authentication methods, see

Open System and Shared Key

The Open System and Shared Key authentication methods use WEP encryption. WEP is not as secure as WPA2 and WPA (Wi-Fi Protected Access). We recommend you do not use these less secure methods unless your wireless clients do not support WPA or WPA2.

  • Open System — Open System authentication allows any user to authenticate to the access point. This method can be used with no encryption or with WEP encryption.
  • Shared Key — Only those wireless clients that have the shared key can connect. Shared Key authentication can be used only with WEP encryption.

See Also

Set the Encryption Level

WPA/WPA2 Enterprise Authentication with RADIUS

Give Us Feedback     Get Support     All Product Documentation     Technical Search