notempty
notempty
notempty Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!
notempty
Der Artikel für die neueste Version steht hier
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht
Wifi function of a UTM Black Dwarf, RC100 and RC 200
Last adaption: 12.1 (01.2021)
New:
- Support for WPA3
- Translation
notempty
This article refers to a Resellerpreview
WLAN functionality
- The Wi-Fi is available in the devices "Black Dwarf", "RC100" and "RC200" from the time of delivery or as a retrofit kit.
- The devices/retrofit kits can only be obtained from Securepoint GmbH or Wortmann AG.
- Detailed instructions for retrofitting can be found here.
As with any DMZ, rules and HideNATs may need to be created to allow access to the Internet/local network.
If a bridge is to be set up in which the Wi-Fi and the internal network are in the same IP network, the corresponding Instructions for Bridging must be used.
Call up the Wi-Fi configuration in the Tab WLAN menu.
Operation mode: | Sets the speed and, if necessary, the frequency of the transmission. | ||||||||||||
| |||||||||||||
Country code: | The country code is used to determine which frequencies and which signal strength may be used. Die genutzten Frequenzen und die Sendeleistung lassen sich in einem Wikipedia-Artikel nachlesen. | ||||||||||||
Channel: | The channel can be set individually or selected automatically, depending on the mode. | ||||||||||||
Saves the settings and closes the input dialogue. | |||||||||||||
Print WLAN QR codes |
Creates an html page with access codes in QR format for the WLANs and opens the print dialogue of the browser. | ||||||||||||
WLAN Wizard |
Opens the Wi-Fi wizard Depending on the WLAN hardware available, up to 4 WLANs may be possible.
| ||||||||||||
Step 1 - IP addressStep 1 - IP address | |||||||||||||
BSS: | wlan0 | Interface Name - is predefined and cannot be changed. (is part of the Basic service Set) | |||||||||||
IP address: | 192.168.177.1/24 | IP address of the Wi-Fi interface. | |||||||||||
Step 2 - SSIDStep 2 - SSID | |||||||||||||
Network Name (SSID): | TTT-Point-WLAN | The name of the network with which the WLAN is displayed on other devices. | |||||||||||
SSID-Broadcast: | On | When activated, the WLAN is displayed for other devices. | |||||||||||
Step 3 - AuthenticationStep 3 - Authentication | |||||||||||||
Security Mode: | Considered unsafe and only present for backwards compatibility. | ||||||||||||
Standard with increased safety | |||||||||||||
from v12 |
Standard with highest available safety. | ||||||||||||
Management Mode: | Pre Shared Key. The base station and mobile device must have the same PSK (≙password). The security of the encryption depends directly on the length and complexity of the PSK! Short or easily guessed PSKs jeopardise network security. A secure PSK is automatically suggested, which can be regenerated with . | ||||||||||||
Simultaneous Authentication of Equals: (Only with WPA3) . Also uses a PSK, but uses an improved method for key exchange. A unique but different Pairwise Master Key (PMK) is derived from the password for each client. Despite the use of a password that is the same for all clients, each client receives its own PMK. Pairwise Transient Keys (PTK) are derived from the PMK by means of a four-way handshake between the WiFi client and the authentication server. | |||||||||||||
Extensible Authentication Protocol / WPA Enterprise: Authentication via a Radius Server. (This is set under | ).|||||||||||||
Opportunistic Wireless Encryption: Encrypted connections without a password. Can be used for the Captive Portal, for example. | |||||||||||||
Step 4 - ZonesStep 4 - Zones | |||||||||||||
New Zone: | On | Creates a new zone for the Wi-Fi. |
|||||||||||
Auto-generate rules: | On | Creates a port filter rule set for this interface with {spc any (Menu ) | |||||||||||
Generate DHCP Pool: | On | Creates a DHCP pool with the selected network and the interface IP al router address. Edit in the DHCP Pools tab. | |||||||||||
Completing the wizard and saving the settings | |||||||||||||
Edit WLAN settingsEdit WLAN settings | |||||||||||||
Tab General | |||||||||||||
BSS | Anyideas | Interface Name - is predefined and cannot be changed. (is part of the Basic service Set) | |||||||||||
Network Name (SSID) | TTT-Point-WLAN | The name of the network with which the WLAN is displayed on other devices. | |||||||||||
SSID-Broadcast | On | When activated, the WLAN is displayed for other devices. | |||||||||||
Tab Authentication | |||||||||||||
Settings as in wizard step 3 Additionally for WPA or WPA2: | |||||||||||||
Encryption: | Encryption protocol based on the Advanced Encryption Standard (AES). A 128-bit key with a 48-bit initialisation vector is used. | ||||||||||||
Uses simple encryption. Not available when using WPA3. | |||||||||||||
Tab Options | |||||||||||||
AP Isolate: | On | End devices can only reach the firewall in the WLAN network. Clients in the same WLAN network cannot reach each other. | |||||||||||
Wi-Fi Multimedia (WMM): | On | End devices can tag their frames, which affects the priority. | |||||||||||
Management Frame Protection (MFP): | Enables encryption of the communication for the establishment and operation of the data connection according to IEEE 802.11w Increases network security and prevents e.g. Man in the Middle attacks. Requires WPA2 or WPA3 | ||||||||||||
WPA Group Rekeying: | 600(default) | The entered value indicates the time interval in seconds by which the encryption is renegotiated. | |||||||||||
Beacon-Interval:: | 100(default) | Frequency in ms with which the base station transmits general information and management packets with identification data, to inform about its presence In fact, the value given is kμs (kilomicroseconds). One kμs corresponds to 1.024 milliseconds or 0.001024 seconds |