WPA2/WPA3- Enterprise Support on TZW’s running in Station Mode (STA)

On Gen 7 TZ wireless firewalls, when Radio Role is set to Station Mode (Wireless Station or Access Point & Station), until now the following three authentication types were supported: Open, WPA2-Auto-PSK and WPA3-PSK.

Starting SonicOS 7.2.0, WPA3/WPA2-EAP authentication type is also supported which can be used for stronger security using EAP-PEAP and EAP-TLS. 

This article shows how to use the new WPA3/WPA2-EAP authentication method.

Configure Authentication Type with EAP-PEAP (Identity/Password):

1. Navigate to DEVICE|Internal Wireless|Settings page.
2. Switch Radio Role to Station Mode and input wireless connection related configuration(SSID, mode etc.)
   
   
3. Click Accept.
4. Navigate to DEVICE|Internal Wireless|Security page.
5. Select Authentication Type as WPA3/WPA2-EAP. Enter the Identity and Password.
6. Click Accept.
   
   
7. Navigate to DEVICE|Internal Wireless|Status page to verify the Link Status as Connected.
   
   

Configure Authentication Type with EAP-TLS (Certification):

1. Navigate to DEVICE|Internal Wireless|Settings page.
2. Switch Radio Role to Station Mode and input wireless connection related configuration(SSID, mode etc.)
   
   
3. Click Accept.
4. Navigate to DEVICE|Settings|Certificates page and make sure valid certificate is present which will be used for the authentication.
   
   
5. Navigate to DEVICE|Internal Wireless|Security page.
6. Select Authentication Type as WPA3/WPA2-EAP. Select the appropriate Certificate from the dropdown box and enter the Identity.
7. Click Accept.
   
   
8. Navigate to DEVICE|Internal Wireless|Status page to verify the Link Status as Connected.