Check Point UTM-1 Edge User Manual page 286

Overview
Security Description
Protocol
WPA-Personal: The WPA-Personal security method (also called WPA-PSK) is a variation of
password WPA-Enterprise that does not require an authentication server. WPA-
authentication, Personal periodically changes and authenticates encryption keys. This is
encryption called rekeying.
This option is recommended for small networks, which want to authenticate
and encrypt wireless data, but do not want to install a RADIUS server.
This security method is not supported for WDS links.
Note: The appliance and the wireless stations must be configured with the
same passphrase.
WPA2 (802.11i) The WPA2 security method uses the more secure Advanced Encryption
Standard (AES) cipher, instead of the RC4 cipher used by WPA and WEP.
When using WPA-Enterprise or WPA-Personal security methods, the UTM-1
appliance enables you to restrict access to the wireless network to wireless
stations that support the WPA2 security method. If this setting is not selected,
the UTM-1 appliance allows clients to connect using both WPA and WPA2.
This security method is not supported for WDS links.
Note: For increased security, it is recommended to enable the UTM-1 internal VPN
Server for users connecting from your internal networks, and to install
SecuRemote/SecureClient on each computer in the wireless network. This ensures
that all connections from the wireless network to the LAN are encrypted and
authenticated. For information, see Internal VPN Server on page 475 and Setting
Up Your UTM-1 Appliance as a VPN Server on page 476.
272 Check Point UTM-1 Edge User Guide