Jump to:navigation, search
Wiki































De.png
En.png
Fr.png






Wifi function of a UTM Black Dwarf, RC100 and RC 200
Last adaptation to the version: 12.6.0
New:
notempty
This article refers to a Resellerpreview

12.1 11.6

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115
Network Network Configuration  Area WLAN


WLAN functionality

  • The Wi-Fi is available in the devices "Black Dwarf", "RC100" and "RC200" from the time of delivery or as a retrofit kit.
  • The devices/retrofit kits can only be obtained from Securepoint GmbH or Wortmann AG.
  • Foreign products are not supported.
    • Detailed instructions for retrofitting can be found here.
  • Attention: This WiFi setup guide is not a bridge configuration. The Wi-Fi IP circle must be in an independent subnet.
    As with any DMZ, rules and HideNATs may need to be created to allow access to the Internet/local network.
    If a bridge is to be set up in which the Wi-Fi and the internal network are in the same IP network, the corresponding Instructions for Bridging must be used.
  • A maximum of 28 clients can connect to the WLAN of the UTM

  • Call up the Wi-Fi configuration in the Network Network configuration  Area WLAN menu.


    Setup
    Caption Value Description WLAN Setup UTMuser@firewall.name.fqdnNetworkNetwork configuration UTM v12.6 WLAN Einstellungen-en.png
    Operation mode: 802.11g Sets the speed and, if necessary, the frequency of the transmission.
    Operation mode: Description:
    802.11a 54 MBit/s, 5 GHz
    802.11b 11 Mbit/s, 2,4 GHz
    802.11g 54 MBit/s, 2,4 GHz
    802.11an 802.11n with up to 300 MBit/s, 5GHz
    Depending on the settings of the HT Capabilities of the client
      
    802.11gn 802.11n with up to 300 MBit/s, 2,4GHz
    Depending on the settings of the HT Capabilities of the client
      
    Country code: DE The country code is used to determine which frequencies and which signal strength may be used.
    The frequencies used and the transmission power can be found in a Wikipedia article.
      
    Channel: AUTO The channel can be set individually or selected automatically, depending on the mode.
    Beacon-Interval: 100Link=(default) Frequency in ms with which the base station transmits general information and management packets with identification data, to inform about its presence
      
    Save and close Saves the settings and closes the input dialogue.


    Print WLAN QR codes

    Print WLAN QR codes

    Creates an html page with access codes in QR format for the WLANs and opens the print dialogue of the browser. UTM v12.1 WLAN QR-Codes.png


    WLAN Wizard

    Add WLAN
    Opens the Wi-Fi wizard
    Depending on the WLAN hardware available, up to 4 WLANs may be possible.

    Step 1 - IP address

    Step 1 - IP address
    BSS: wlan0 Interface Name - is predefined and cannot be changed. (is part of the Basic service Set) Add WLAN UTMuser@firewall.name.fqdnNetworkNetwork configuration UTM v12.6 WLAN hinzufuegen Schritt 1-en.pngStep 1 - IP address
    IP address: 192.168.177.1/24 IP address of the Wi-Fi interface.
  • The address of the interface also automatically determines the network used for the WLAN.
  • The network selected for the WLAN (in this case 192.168.177.0/24) must under no circumstances match any other network on the appliance!
  • Step 2 - SSID

    Step 2 - SSID
    Network Name (SSID): TTT-Point-WLAN The name of the network that other devices must specify for a connection UTM v12.6 WLAN hinzufuegen Schritt 2-en.png
    Step 2 - SSID
    SSID-Broadcast: On When activated, the WLAN is displayed for other devices.

    Step 3 - Authentication

    Step 3 - Authentication
    Security Mode: WPA
  • Considered unsafe and only present for backwards compatibility.
  • UTM v12.6 WLAN hinzufuegen Schritt 3-en.png
    Step 3 - Authentication
    WPA2 Standard with increased safety
    WPA3 Standard with highest available safety.
    Management Mode: PSK Pre Shared Key. The base station and mobile device must have the same PSK (≙password). The security of the encryption depends directly on the length and complexity of the PSK! Short or easily guessed PSKs jeopardise network security.
    A secure PSK is automatically suggested, which can be regenerated with .
    SAE Simultaneous Authentication of Equals: (Only with WPA3)
    . Also uses a PSK, but uses an improved method for key exchange.
    A unique but different Pairwise Master Key (PMK) is derived from the password for each client. Despite the use of a password that is the same for all clients, each client receives its own PMK. Pairwise Transient Keys (PTK) are derived from the PMK by means of a four-way handshake between the WiFi client and the authentication server.
      
    EAP Extensible Authentication Protocol / WPA Enterprise: Authentication via a Radius Server. (This is set under Authentication Radius Authentication ).
    OWE Opportunistic Wireless Encryption: Encrypted connections without a password. Can be used for the Captive Portal, for example.

    Step 4 - Zones

    Step 4 - Zones
    New Zone: On Creates a new zone for the Wi-Fi.
  • Each Wi-Fi needs its own zone.
  • A separate zone (with its own port filter rules) can be created for each WLAN
  • UTM v12.6 WLAN hinzufuegen Schritt 4-en.png
    Step 4 - Zones
    Auto-generate rules: On Creates a port filter rule set for this interface with {spc any
  • These are only used to temporarily put the network into operation and should definitely be replaced by dedicated port filter rules!
    (Menu → Firewall →Portfilter)
  • If the transparent mode of the HTTP proxy is to be used, this must also be configured: → Applications →HTTP ProxyTab Transparent Mode Button Add Transparent Rule
  • Generate DHCP Pool: On Creates a DHCP pool with the selected network and the interface IP al router address. Edit in the DHCP Pools section.
    Finish Completing the wizard and saving the settings

    Edit WLAN settings

    Edit WLAN settings
    Area General
    BSS Anyideas Interface Name - is predefined and cannot be changed. (is part of the Basic service Set) Network configuration UTMuser@firewall.name.fqdn Network UTM v12.6 Netzwerkkonfiguration WLAN-en.png
    List of configured WLANs (max. 2)
    Depending on the WLAN hardware available, up to 4 WLANs may be possible.
      
    Network Name (SSID) TTT-Point-WLAN The name of the network that other devices must specify for a connection
    SSID-Broadcast On When activated, the WLAN is displayed for other devices.

    Area Authentication
    Settings as in wizard step 3
    Additionally for WPA or WPA2:
    Encryption: CCMP Encryption protocol based on the Advanced Encryption Standard (AES).
    A 128-bit key with a 48-bit initialisation vector is used.
      
    TKIP Uses simple encryption.
  • Use is strongly discouraged!
    Not available when using WPA3.
  • Area Options
    AP Isolate: On End devices can only reach the firewall in the WLAN network. Clients in the same WLAN network cannot reach each other. Edit WLAN UTMuser@firewall.name.fqdn Network Network configuration UTM v12.6 Netzwerkkonfiguration WLAN bearbeiten-en.png
    WLAN connection settings
    Wi-Fi Multimedia (WMM): On End devices can tag their frames, which affects the priority.
    Management Frame Protection (MFP): Deaktiviert
    Optional
    Erforderlich
    Enables encryption of the communication for the establishment and operation of the data connection according to IEEE 802.11w
    Increases network security and prevents e.g. Man in the Middle attacks.
    Requires WPA2 or WPA3
    WPA Group Rekeying: 600(default) The entered value indicates the time interval in seconds by which the encryption is renegotiated.