wifi 6 APs & Trusted Wireless Environment

Seems like there is a glaring feature omission for the new wi-fi 6 AP line - no WIPS feature, even though there seems to be that potential capability within at least 2 of the 3 current (new) wi-fi 6 APs.

So how does one implement WG's much touted Trusted Wireless Environment using only WG wi-fi 6 APs?

From the docs:
Trusted Wireless Environment with WIPS
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Wi-Fi-Cloud/manage_wirelessmanager/configuration/wips/twe_wips.html

Additionally, I have yet to find any info related to if the WPA3 implementation in the new wi-fi 6 AP address hacks such as Dragonblood, and others, have been addressed or not.
These WPA3 issues were brought to my attention via Secplicity videos a while back, so WG clearly knows about them.

So, how secure is my WG wi-fi 6 infrastructure?

Inquiring minds want to know

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Bruce,

    -WIPS is on the way for the new APs. You should see this follow the normal beta feature release in the future. The feature keys for USP licensed WiFi-6 APs will already have the TWE (Trusted Wireless Environment) item in their feature key.

    -Researching the 'dragonblood' attack:
    CVE-2019-13456 is related to an attack on the EAP handshake, and requires some specific things to be in place on the authenticating RADIUS server in order to be exploited. The main target of that exploit seems to be FreeRADIUS server -- this seems to have been patched by the FreeRADIUS team back in April 2020. If you're running a FreeRADIUS (or any other RADIUS server) I'd suggest ensuring you're on the latest release.

    CVE-2019-13377 requires a specific older version of HostAPD in order to be exploited. WatchGuard wireless products are already running HostAPD v2.8 or better, so should not be vulnerable to this attack.

    -James Carson
    WatchGuard Customer Support

  • edited February 2022

    As always, thanks for your info.

  • how much wifi 6 is faster than wifi 5
  • In my environment, some things are substantially faster using the wi-fi 6 AP330, even with my devices not being wi-fi 6 capable.
    The most obvious one for me is file backups over wi-fi, where I am seeing 25% faster backups using the AP330 compared with an AP300.
    My setup is low density, so I don't see some of the benefits of a wi-fi 6 AP.

    "While the nominal data rate improvement against 802.11ac is only 37%,[3]: qt  the overall throughput improvement (over an entire network) is 300% (hence High Efficiency).[5]: qt  This also translates to 75% lower latency."
    https://en.wikipedia.org/wiki/Wi-Fi_6

Sign In to comment.