|
|
|
|
|
Wi-Fi Protected Access Enterprise (WPA-Enterprise) and 802.1x are Network Access Control (NAC) protocols that can be used to authenticate users connecting to the Check Point UTM-1 appliance. Both WPA-Enterprise and 802.1x can be used to control access to the wireless network; however, WPA-Enterprise has the added capability of encrypting transmitted data, and 802.1x can be used to secure connections to the UTM-1 appliance's LAN and DMZ ports as well.
Traditionally, WPA-Enterprise and 802.1x require installing an external Remote Authentication Dial-In User Service (RADIUS) server. When a user tries to authenticate using 802.1x or WPA-Enterprise, the UTM-1 appliance sends the entered user credentials to the RADIUS server. The server then checks whether the RADIUS database contains a matching set of credentials. If so, then the user is logged in.
While purchasing and configuring a RADIUS server may pose little challenge for a large enterprise, such a solution may be costly and complex, and may therefore be unsuitable for smaller networks. In such cases, it is recommended to configure the UTM-1 appliance's built-in Extended Authentication Protocol (EAP) authenticator, which allows using the local user database, enabling the use of WPA-Enterprise or 802.1x without an external RADIUS server.