To add another layer of security when your users connect to your wireless network, you can enable enterprise authentication methods on your Firebox wireless device or WatchGuard AP device. The available enterprise authentication methods are WPA Enterprise, WPA2 Enterprise, or WPA/WPA2 Enterprise. These authentication methods are based on the IEEE 802.1X standard, which uses the EAP (Extensible Authentication Protocol) framework to enable user authentication.
The WPA Enterprise and WPA2 Enterprise authentication methods are more secure than WPA/WPA2 (PSK) because users must first have the correct authentication method configured, and then authenticate with their own enterprise credentials instead of one shared key that is known by everyone who uses the wireless access point. If the authentication method information is not correct, the user cannot connect, and is not allowed access to your network.
WPA and WPA2 on WatchGuard AP Devices
To use WPA or WPA2 Enterprise authentication on a WatchGuard AP device, such as an AP300, you must configure an external RADIUS server. For WatchGuard AP devices, you configure the RADIUS server settings to enable the AP device to contact the RADIUS server in the SSID security settings. The AP device then sends client authentication requests to the configured authentication server.
For information about how to configure WPA/WPA2 Enterprise authentication on a WatchGuard AP device, see Configure SSID Security Settings.
WPA and WPA2 on Firebox Wireless Models
To use WPA or WPA2 Enterprise authentication on a Firebox wireless model, such as a T50-W, you can configure an external RADIUS server or you can configure the Firebox as an authentication server. The Firebox wireless device sends client authentication requests to the configured authentication server (RADIUS server or Firebox-DB).
For information about how to configure WPA/WPA2 Enterprise authentication on a Firebox wireless device, see Set the Wireless Authentication Method.