User guide
Using the EAP Authenticator
Chapter 13: Setting Your Security Policy 433
b. Click OK.
The rule is deleted.
Using the EAP Authenticator
Wi-Fi Protected Access Enterprise (WPA-Enterprise) and 802.1x are Network Access
Control (NAC) protocols that can be used to authenticate users connecting to the Check
Point Safe@Office appliance. Both WPA-Enterprise and 802.1x can be used to control
access to the wireless network; however, WPA-Enterprise has the added capability of
encrypting transmitted data, and 802.1x can be used to secure connections to the
Safe@Office appliance's LAN and DMZ ports as well.
Traditionally, WPA-Enterprise and 802.1x require installing an external Remote
Authentication Dial-In User Service (RADIUS) server. When a user tries to authenticate
using 802.1x or WPA-Enterprise, the Safe@Office appliance sends the entered user
credentials to the RADIUS server. The server then checks whether the RADIUS database
contains a matching set of credentials. If so, then the user is logged in.
While purchasing and configuring a RADIUS server may pose little challenge for a large
enterprise, such a solution may be costly and complex, and may therefore be unsuitable for
smaller networks. In such cases, it is recommended to configure the Safe@Office
appliance's built-in Extended Authentication Protocol (EAP) authenticator, which allows
using the local user database, enabling the use of WPA-Enterprise or 802.1x without an
external RADIUS server.