Wireless Mac Filter - Fortinet FortiGate Series Administration Manual

System Wireless

Wireless MAC Filter

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Security mode Select the security mode for the wireless interface. Wireless users must use
the same security mode to be able to connect to this wireless interface.
None — has no security. Any wireless user can connect to the wireless
network.
WEP64 — 64-bit web equivalent privacy (WEP). To use WEP64 you must
enter a Key containing 10 hexadecimal digits (0-9 a-f) and inform wireless
users of the key.
WEP128 — 128-bit WEP. To use WEP128 you must enter a Key containing 26
hexadecimal digits (0-9 a-f) and inform wireless users of the key.
WPA — Wi-Fi protected access (WPA) security. To use WPA you must select
a data encryption method. You must also enter a pre-shared key containing at
least eight characters or select a RADIUS server. If you select a RADIUS
server the wireless clients must have accounts on the RADIUS server.
WPA2 — WPA with more security features. To use WPA2 you must select a
data encryption method and enter a pre-shared key containing at least eight
characters or select a RADIUS server. If you select a RADIUS server the
wireless clients must have accounts on the RADIUS server.
WPA2 Auto — the same security features as WPA2, but also accepts wireless
clients using WPA security. To use WPA2 Auto you must select a data
encryption method You must also enter a pre-shared key containing at least 8
characters or select a RADIUS server. If you select a RADIUS server the
wireless clients must have accounts on the RADIUS server.
Key Enter the security key. This field appears when selecting WEP64 or WEP128
security.
Data Encryption Select a data encryption method to be used by WPA, WPA2, or WPA Auto.
Select TKIP to use the Temporal Key Integrity Protocol (TKIP). Select AES to
use Advanced Encryption Standard (AES) encryption. AES is considered
more secure that TKIP. Some implementations of WPA may not support AES.
Pre-shared Key Enter the pre-shared key. This field appears when selecting WPA, WPA2, or
WPA2 Auto security.
RADIUS Server Select to use a RADIUS server when selecting WPA or WPA2 security. You
can use WPA or WPA2 Radius security to integrate your wireless network
configuration with a RADIUS or Windows AD server. Select a RADIUS server
name from the list. You must configure the Radius server by going to User >
RADIUS. For more information, see
RTS Threshold Set the Request to Send (RTS) threshold.
The RTS threshold is the maximum size, in bytes, of a packet that the
FortiWiFi will accept without sending RTS/CTS packets to the sending
wireless device. In some cases, larger packets being sent may cause
collisions, slowing data transmissions. By changing this value from the default
of 2346, you can configure the FortiWiFi unit to, in effect, have the sending
wireless device ask for clearance before sending larger transmissions. There
can still be risk of smaller packet collisions, however this is less likely.
A setting of 2346 bytes effectively disables this option.
Fragmentation Set the maximum size of a data packet before it is broken into smaller
packets, reducing the chance of packet collisions. If the packet is larger than
Threshold
the threshold, the FortiWiFi unit will fragment the transmission. If the packet
size less than the threshold, the FortiWiFi unit will not fragment the
transmission.
A setting of 2346 bytes effectively disables this option.
To improve the security of your wireless network, you can enable MAC address filtering on
the FortiWiFi unit. By enabling MAC address filtering, you define the wireless devices that
can access the network based on their system MAC address. When a user attempts to
access the wireless network, the FortiWiFi unit checks the MAC address of the user to the
list you created. If the MAC address is on the approved list, the user gains access to the
network. If the user is not in the list, the user is rejected.
Wireless MAC Filter
"RADIUS" on page 655.
221