Enterprise Authentication with RADIUS
To add another layer of security when your users connect to your wireless network, you can enable enterprise authentication methods on your wireless Firebox or WatchGuard AP managed by a Gateway Wireless Controller.
The available enterprise authentication methods are WPA2 Enterprise or WPA3 Enterprise. These authentication methods are based on the IEEE 802.1X standard, that uses the EAP (Extensible Authentication Protocol) framework to enable user authentication.
The Enterprise authentication methods are more secure than pre-shared keys because users must first have the correct authentication method configured, and then authenticate with their own enterprise credentials instead of one shared key that is known by everyone who uses the wireless access point. If the authentication method information is not correct, the user cannot connect, and is not allowed access to your network.
Enterprise Authentication on WatchGuard APs
To use Enterprise authentication on a WatchGuard AP, you must configure an external RADIUS server. For WatchGuard APs, you configure the RADIUS server settings to enable the AP to contact the RADIUS server in the SSID security settings. The AP then sends client authentication requests to the configured authentication server.
For information about how to configure Enterprise authentication on a WatchGuard AP, go to Configure SSID Security Settings.
Enterprise Authentication on Firebox Wireless Models
To use Enterprise authentication on a Firebox wireless model, you can configure an external RADIUS server or you can configure the Firebox as an authentication server. The Firebox wireless device sends client authentication requests to the configured authentication server (RADIUS server or Firebox-DB).
For information about how to configure Enterprise authentication on a Firebox wireless device, go to Set the Wireless Security Method.
Types of Firebox Authentication