Set the Wireless Security Method

From the Security drop-down list in the wireless access point configuration, you can select the level of the authentication method for your wireless connections. The available authentication methods, from least secure to most secure, are explained in this topic. Select the most secure authentication method that is supported by your wireless network clients.

  • Open — An Open network with no passphrase or encryption. Select Open only if you want to provide a guest wireless network without encryption.
  • WPA2 Personal — WPA2 is the latest and most secure protocol for 802.11a/b/g/n/ac devices. You must type a Passphrase that wireless users must use to connect to this SSID.
  • WPA2/WPA3 Personal — A mixed mode of WPA3 and WPA2 protocols. You must type a Passphrase that wireless users must use to connect to this SSID.
  • WPA3 Personal — WPA3 is the latest and most secure protocol for Wi-Fi 6 (802.11ax) devices. WPA3 enables Protected Management Frames (802.11w) for higher security. Wireless clients must also support 802.11ax to use WPA3. You must type a Passphrase that wireless users must use to connect to this SSID.
  • WPA2 Enterprise — The WPA2 protocol with enterprise RADIUS authentication.
  • WPA3 Enterprise — The WPA3 protocol with enterprise RADIUS authentication.

WPA2/WPA3 with Pre-Shared Keys

Wi-Fi Protected Access (WPA) methods use pre-shared keys for authentication. When you choose one of these methods, you configure a pre-shared key that all wireless devices must use to authenticate to the wireless access point.

WPA2/WPA3 with Enterprise Authentication

The WPA3 Enterprise and WPA2 Enterprise authentication methods use the IEEE 802.1X standard for network authentication. These authentication methods use the EAP (Extensible Authentication Protocol) framework to enable user authentication to an external RADIUS authentication server or to the Firebox (Firebox-DB). The WPA2 and WPA3 Enterprise authentication methods are more secure than pre-shared keys because users authenticate with their own credentials instead of a shared key.

For more information about these authentication methods, see Enterprise Authentication with RADIUS.

To use the Enterprise authentication methods, you must configure an external RADIUS authentication server, or configure the Firebox as an authentication server.

For more information about how to configure the settings for these authentication methods, see

About KRACK WPA/WPA2 Vulnerabilities

WatchGuard has addressed recent KRACK WPA/WPA2 vulnerabilities for Firebox wireless devices in Fireware v12.0.1 and higher.

In Fireware v12.0.2 and higher, you can enable the WPA/WPA2 vulnerability mitigation check box in the Wireless settings to mitigate KRACK WPA/WPA2 vulnerabilities in unpatched wireless clients. For more information, see About Firebox Wireless Configuration.

See Also

Set the Encryption Algorithm

Enterprise Authentication with RADIUS