Aller à :navigation, rechercher
Wiki

Wifi function

De Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht
 

























































rules. }}






























Wifi function of a UTM Black Dwarf, RC100 and RC 200

Last adaptation to the version: 12.1 (01.2021)

New:
  • Support for WPA3
  • Translation
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 → Netzwerk →NetzwerkkonfigurationTab WLAN


WLAN functionality

  • The Wi-Fi is available in the devices "Black Dwarf", "RC100" and "RC200" from the time of delivery or as a retrofit kit.
  • The devices/retrofit kits can only be obtained from Securepoint GmbH or Wortmann AG.
  • Foreign products are not supported.
    • Detailed instructions for retrofitting can be found here.
  • Attention: This WiFi setup guide is not a bridge configuration. The Wi-Fi IP circle must be in an independent subnet.
    As with any DMZ, rules and HideNATs may need to be created to allow access to the Internet/local network.
    If a bridge is to be set up in which the Wi-Fi and the internal network are in the same IP network, the corresponding Instructions for Bridging must be used.

    • Call up the Wi-Fi configuration in the → Network →Network configurationTab WLAN menu.


    Setup
    Operation mode: 802.11g Sets the speed and, if necessary, the frequency of the transmission.
    Operation mode: Description:
    802.11a 54 MBit/s, 5 GHz
    802.11b 11 Mbit/s, 2,4 GHz
    802.11g 54 MBit/s, 2,4 GHz
    802.11an 802.11n with up to 300 MBit/s, 5GHz
    Depending on the settings of the HT Capabilities of the client
    802.11gn 802.11n with up to 300 MBit/s, 2,4GHz
    Depending on the settings of the HT Capabilities of the client
    Country code: DE The country code is used to determine which frequencies and which signal strength may be used.
    Channel: AUTO The channel can be set individually or selected automatically, depending on the mode.
    Save Saves the settings and closes the input dialogue.
    Print WLAN QR codes

    Print WLAN QR codes

    		Creates an html page with access codes in QR format for the WLANs and opens the print dialogue of the browser.

    WLAN Wizard

    Add WLAN     		Opens the Wi-Fi wizard
    Depending on the WLAN hardware available, up to 4 WLANs may be possible.

    Step 1 - IP address

    Step 1 - IP address
    BSS: wlan0 Interface Name - is predefined and cannot be changed. (is part of the Basic service Set)
    IP address: 192.168.177.1/24 IP address of the Wi-Fi interface.
  • The address of the interface also automatically determines the network used for the WLAN.
  • The network selected for the WLAN (in this case 192.168.177.0/24) must under no circumstances match any other network on the appliance!

    • Step 2 - SSID

    Step 2 - SSID
    Network Name (SSID): TTT-Point-WLAN The name of the network with which the WLAN is displayed on other devices.
    SSID-Broadcast: On When activated, the WLAN is displayed for other devices.

    Step 3 - Authentication

    Step 3 - Authentication
    Security Mode: WPA Considered unsafe and only present for backwards compatibility.
    WPA2 Standard with increased safety
    WPA3
    from v12
    		 Standard with highest available safety.
    Management Mode: PSK Pre Shared Key. The base station and mobile device must have the same PSK (≙password). The security of the encryption depends directly on the length and complexity of the PSK! Short or easily guessed PSKs jeopardise network security.
    A secure PSK is automatically suggested, which can be regenerated with .
    SAE Simultaneous Authentication of Equals: (Only with WPA3)
    . Also uses a PSK, but uses an improved method for key exchange.
    A unique but different Pairwise Master Key (PMK) is derived from the password for each client. Despite the use of a password that is the same for all clients, each client receives its own PMK. Pairwise Transient Keys (PTK) are derived from the PMK by means of a four-way handshake between the WiFi client and the authentication server.
    EAP Extensible Authentication Protocol / WPA Enterprise: Authentication via a Radius Server. (This is set under → Authentication →Radius Authentication).
    OWE Opportunistic Wireless Encryption: Encrypted connections without a password. Can be used for the Captive Portal, for example.

    Step 4 - Zones

    Step 4 - Zones
    New Zone: On Creates a new zone for the Wi-Fi.
  • Each Wi-Fi needs its own zone.
  • A separate zone (with its own port filter rules) can be created for each WLAN
    		•
    Auto-generate rules: On Creates a port filter rule set for this interface with {spc any
  • These are only used to temporarily put the network into operation and should definitely be replaced by dedicated port filter rules!
    (Menu → Firewall →Portfilter)
  • If the transparent mode of the HTTP proxy is to be used, this must also be configured: → Applications →HTTP ProxyTab Transparent Mode Button Add Transparent Rule
    • Generate DHCP Pool: On Creates a DHCP pool with the selected network and the interface IP al router address. Edit in the DHCP Pools tab.
    Finish Completing the wizard and saving the settings

    Edit WLAN settings

    Edit WLAN settings
    Tab General
    BSS Anyideas Interface Name - is predefined and cannot be changed. (is part of the Basic service Set)
    List of configured WLANs (max. 2)
    Depending on the WLAN hardware available, up to 4 WLANs may be possible.
    Network Name (SSID) TTT-Point-WLAN The name of the network with which the WLAN is displayed on other devices.
    SSID-Broadcast On When activated, the WLAN is displayed for other devices.

    Tab Authentication
    Settings as in wizard step 3
    Additionally for WPA or WPA2:
    Encryption: CCMP Encryption protocol based on the Advanced Encryption Standard (AES).
    A 128-bit key with a 48-bit initialisation vector is used.
    TKIP Uses simple encryption.
  • Use is strongly discouraged!
    Not available when using WPA3.
    • Tab Options
    AP Isolate: On End devices can only reach the firewall in the WLAN network. Clients in the same WLAN network cannot reach each other.
    Wi-Fi Multimedia (WMM): On End devices can tag their frames, which affects the priority.
    Management Frame Protection (MFP): Deaktiviert
    Optional
    Erforderlich    		 Enables encryption of the communication for the establishment and operation of the data connection according to IEEE 802.11w
    Increases network security and prevents e.g. Man in the Middle attacks.
    Requires WPA2 or WPA3
    WPA Group Rekeying: 600(default) The entered value indicates the time interval in seconds by which the encryption is renegotiated.
    Beacon-Interval:: 100(default) Frequency in ms with which the base station transmits general information and management packets with identification data, to inform about its presence
    In fact, the value given is kμs (kilomicroseconds). One kμs corresponds to 1.024 milliseconds or 0.001024 seconds



    Récupérée de "https://wiki.securepoint.de/index.php?title=UTM/NET/WLAN_v12.1&oldid=89597"