Wifi function of a UTM Black Dwarf, RC100 and RC 200
Last adaptation to the version: 12.6.0
New:
- Updated to Redesign of the webinterface
- Hinweis auf maximale Anzahl an WLAN-Clients
WLAN functionality
- The Wi-Fi is available in the devices "Black Dwarf", "RC100" and "RC200" from the time of delivery or as a retrofit kit.
- The devices/retrofit kits can only be obtained from Securepoint GmbH or Wortmann AG.
- Detailed instructions for retrofitting can be found here.
As with any DMZ, rules and HideNATs may need to be created to allow access to the Internet/local network.
If a bridge is to be set up in which the Wi-Fi and the internal network are in the same IP network, the corresponding Instructions for Bridging must be used.
Call up the Wi-Fi configuration in the Area WLAN menu.
Caption | Value | Description | UTMuser@firewall.name.fqdnNetworkNetwork configuration | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Operation mode: | Sets the speed and, if necessary, the frequency of the transmission. | ||||||||||||
| |||||||||||||
Country code: | The country code is used to determine which frequencies and which signal strength may be used. The frequencies used and the transmission power can be found in a Wikipedia article. | ||||||||||||
Channel: | The channel can be set individually or selected automatically, depending on the mode. | ||||||||||||
Beacon-Interval: | 100(default) | Frequency in ms with which the base station transmits general information and management packets with identification data, to inform about its presence | |||||||||||
Save and close | Saves the settings and closes the input dialogue. | ||||||||||||
Print WLAN QR codes |
Creates an html page with access codes in QR format for the WLANs and opens the print dialogue of the browser. | ||||||||||||
WLAN Wizard |
Opens the Wi-Fi wizard Depending on the WLAN hardware available, up to 4 WLANs may be possible.
| ||||||||||||
Step 1 - IP address | |||||||||||||
BSS: | wlan0 | Interface Name - is predefined and cannot be changed. (is part of the Basic service Set) | UTMuser@firewall.name.fqdnNetworkNetwork configuration | ||||||||||
IP address: | IP address of the Wi-Fi interface. | ||||||||||||
Step 2 - SSID | |||||||||||||
Network Name (SSID): | TTT-Point-WLAN | The name of the network that other devices must specify for a connection | |||||||||||
SSID-Broadcast: | On | When activated, the WLAN is displayed for other devices. | |||||||||||
Step 3 - Authentication | |||||||||||||
Security Mode: | |||||||||||||
Standard with increased safety | |||||||||||||
Standard with highest available safety. | |||||||||||||
Management Mode: | Pre Shared Key. The base station and mobile device must have the same PSK (≙password). The security of the encryption depends directly on the length and complexity of the PSK! Short or easily guessed PSKs jeopardise network security. A secure PSK is automatically suggested, which can be regenerated with . | ||||||||||||
Simultaneous Authentication of Equals: (Only with WPA3) . Also uses a PSK, but uses an improved method for key exchange. A unique but different Pairwise Master Key (PMK) is derived from the password for each client. Despite the use of a password that is the same for all clients, each client receives its own PMK. Pairwise Transient Keys (PTK) are derived from the PMK by means of a four-way handshake between the WiFi client and the authentication server. | |||||||||||||
Extensible Authentication Protocol / WPA Enterprise: Authentication via a Radius Server. (This is set under | ).|||||||||||||
Opportunistic Wireless Encryption: Encrypted connections without a password. Can be used for the Captive Portal, for example. | |||||||||||||
Step 4 - Zones | |||||||||||||
New Zone: | On | Creates a new zone for the Wi-Fi. |
|||||||||||
Auto-generate rules: | On | Creates a port filter rule set for this interface with {spc any (Menu ) | |||||||||||
Generate DHCP Pool: | On | Creates a DHCP pool with the selected network and the interface IP al router address. Edit in the DHCP Pools section. | |||||||||||
Completing the wizard and saving the settings | |||||||||||||
Edit WLAN settingsEdit WLAN settings | |||||||||||||
Area General | |||||||||||||
BSS | Anyideas | Interface Name - is predefined and cannot be changed. (is part of the Basic service Set) | UTMuser@firewall.name.fqdn Network List of configured WLANs (max. 2)
| ||||||||||
Network Name (SSID) | TTT-Point-WLAN | The name of the network that other devices must specify for a connection | |||||||||||
SSID-Broadcast | On | When activated, the WLAN is displayed for other devices. | |||||||||||
Area Authentication | |||||||||||||
Settings as in wizard step 3 Additionally for WPA or WPA2: | |||||||||||||
Encryption: | Encryption protocol based on the Advanced Encryption Standard (AES). A 128-bit key with a 48-bit initialisation vector is used. | ||||||||||||
Uses simple encryption. Not available when using WPA3. | |||||||||||||
Area Options | |||||||||||||
AP Isolate: | On | End devices can only reach the firewall in the WLAN network. Clients in the same WLAN network cannot reach each other. | UTMuser@firewall.name.fqdn Network Network configuration WLAN connection settings
| ||||||||||
Wi-Fi Multimedia (WMM): | On | End devices can tag their frames, which affects the priority. | |||||||||||
Management Frame Protection (MFP): | Enables encryption of the communication for the establishment and operation of the data connection according to IEEE 802.11w Increases network security and prevents e.g. Man in the Middle attacks. Requires WPA2 or WPA3 | ||||||||||||
WPA Group Rekeying: | 600(default) | The entered value indicates the time interval in seconds by which the encryption is renegotiated. | |||||||||||