The firewall can parse authentication information contained in the syslog stream of supported wireless access points. Wi-Fi access points typically use authentication services such as RADIUS servers to authenticate users before allowing them to connect. The firewall monitors the syslog files sent by the Wi-Fi access points for the username and the associated IP address of logged-in users. Depending on the access point, the firewall receives login and/or logout information.
Supported Wi-Fi Access Points
- Aerohive (login only)
- Ruckus (login and logout)
- Aruba (login only)
- Aruba Instant (login only)
Before You Begin
Configure the Wi-Fi access point to stream the syslog to the firewall. For more information, see:
- Wi-Fi AP Authentication Aerohive Configuration
- Wi-Fi AP Authentication Aruba Configuration
- Wi-Fi AP Authentication Ruckus Wireless Configuration
Configure Wi-Fi AP Authentication
If the Wi-Fi access point is using an SSL-encrypted connection, the certificate can be imported from a PEM or PKCS12 file. For non-standard Wi-Fi access point syslog streaming ports, change the port in Advanced View.
- Go to USERS > External Authentication.
- Click the Wi-Fi tab.
- Select Enable Wi-Fi Access Point Authentication to enable integration with Wi-Fi.
- In the Auto Logout After field, enter the timeout in hours. Enter
0to disable the timeout.
- Click Add. The Add External Authentication Wi-Fi AP Endpoint window opens.
- Enter a descriptive name for your Wi-Fi access point.
- In the Source IP / Network field, enter the IP address or network for the Wi-Fi access point. E.g.,
- Select the Protocol used by the Wi-Fi access point to send the syslog.
- (SSL only) Enter the Subject Alternative Name of the SSL certificate.
- (SSL only) Select the SSL certificate from the drop-down list. You can upload or create certificates using the Certificate Manager. For more information, see How to Use and Manage Certificates with the Certificate Manager.
- Select the manufacturer of your Wi-Fi access point from the AP Model drop-down list.
- Click Save.
- Depending on the protocols used by the Wi-Fi AP endpoints, enter the UDP, TCP, or SSL Listen Port.
- Click Save.
You can now use the authentication information from your Wi-Fi access point.