User guide
Using the EAP Authenticator
434 Check Point Safe@Office User Guide
Workflows
The Safe@Office built-in EAP authenticator can be used to authenticate wireless clients or
wired clients connecting to appliance ports.
Using the EAP Authenticator for Authentication of Wireless Clients
To use the EAP authenticator for authentication of wireless clients
1. Configure the Safe@Office appliance as follows:
a. Configure the desired wireless network for use with the EAP
authenticator.
For information on configuring the primary WLAN, see Manually Configuring a
Wireless Network on page 321. For information on configuring a VAP, see
Configuring Virtual Access Points on page 333.
Note: The Security field must set to 802.1x or WPA-Enterprise, and the Authentication
Server field must be set to Internal User Database.
b. Ensure that the Safe@Office appliance has a certificate installed in the
Safe@Office Portal's VPN > Certificate page.
The certificate can be any of the following:
A self-signed certificate generated by the Safe@Office appliance, version
8.0 or later.
If a self-signed certificate is installed on the appliance, but was generated by
an earlier firmware version, you must generate a new certificate. For
instructions on generating a self-signed certificate, see Generating a
Certificate on page 660.
A certificate received from the Service Center.
c. Export the Safe@Office appliance's CA certificate.
See Exporting the Safe@Office Appliance CA Certificate on page 669.
d. For each client that should be allowed to connect to the Safe@Office
appliance, add a user with Network Access permissions to the local user
database.