Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
321322323324325326327328329330
Overview
Chapter 10: Working with Wireless Networks 307
Virtual Access Points
The Safe@Office appliance enables you to partition the primary WLAN into virtual access
points (VAPs). A VAP is a logical wireless network behind the Safe@Office appliance and
is a type of VLAN (see Configuring VLANs on page 216). Like other types of VLANs,
VAPs are isolated from each other and can have separate security policies, IP network
segments, and Traffic Shaper settings. This enables you to configure separate policies for
different groups of wireless users.
For example, you could assign different permissions to employees and guests using your
company's wireless network, by defining two VAPs called “Guest” and “Employee”. The
Guest VAP would use simple WPA-Personal encryption, and the security policy would
mandate that stations connected to this network can access the Internet, but not sensitive
company resources. You could configure Traffic Shaper bandwidth management to give
stations in the Guest network a low priority, and by enabling Secure HotSpot on this
network, you could define terms of use that the guest users must accept before accessing
the Internet. In contrast, the Employee VAP would use the more secure WPA2-Enterprise
(802.11i) encryption standard and allow employees to access company resources such as
the intranet.
You can configure up to three VAPs, in addition to the primary WLAN. For information
on configuring VAPs, see Configuring VAPs on page 333.
Wireless Distribution System Links
The Safe@Office appliance enables you to extend the primary WLAN's coverage area, by
creating a Wireless Distribution System (WDS). A WDS is a system of access points that
communicate with each other wirelessly via WDS links, without any need for a wired
backbone. For example, if your business has expanded across two buildings, and a single
access point no longer provides sufficient coverage, you can add another access point that
acts as a repeater. If it is impractical or costly to run wires between the access points, you
can connect them by configuring a WDS that includes both access points.
WDS is usually used together with bridge mode to connect the networks behind the access
points. For example, if you have two network segments, each of which is served by a