ZyXEL Communications ZyWall USG20-VPN User Manual page 482

Table 194 Configuration > Object > AP Profile > SSID > Security Profile > Add/Edit Security Profile
LABEL DESCRIPTION
The following fields are available if you set Security Mode to wpa2 or wpa2-mix.
PSK Select this option to use a Pre-Shared Key with WPA encryption.
Pre-Shared Key Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including
spaces and symbols) or 64 hexadecimal characters.
Cipher Type Select an encryption cipher type from the list.
•
•
•
Idle Timeout Enter the idle interval (in seconds) that a client can be idle before authentication is
discontinued.
Group Key Update Enter the interval (in seconds) at which the AP updates the group WPA encryption key.
Timer
Pre-Authentication This field is available only when you set Security Mode to wpa2 or wpa2-mix and
enable 802.1x authentication.
Enable or Disable pre-authentication to allow the AP to send authentication
information to other APs on the network, allowing connected wireless clients to switch
APs without having to re-authenticate their network connection.
Management Frame This field is available only when you select wpa2 or wpa2-mix in the Security Mode
Protection field and set Cipher Type to aes.
Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or
WPA2. But 802.11 management frames, such as beacon/probe response, association
request, association response, de-authentication and disassociation are always
unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows
APs to use the existing security mechanisms (encryption and authentication methods
defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent
wireless DoS attacks.
Select the check box to enable management frame protection (MFP) to add security to
802.11 management frames.
Select Optional if you do not require the wireless clients to support MFP. Management
frames will be encrypted if the clients support MFP.
Select Required and wireless clients must support MFP in order to join the AP's wireless
network.
OK Click OK to save your changes back to the USG.
Cancel Click Cancel to exit this screen without saving your changes.
Chapter 29 Object
auto - This automatically chooses the best available cipher based on the cipher in
use by the wireless client that is attempting to make a connection.
tkip - This is the Temporal Key Integrity Protocol encryption method added later to
the WEP encryption protocol to further secure. Not all wireless clients may support
this.
aes - This is the Advanced Encryption Standard encryption method. It is a more
recent development over TKIP and considerably more robust. Not all wireless clients
may support this.
USG20(W)-VPN Series User's Guide
482