• Configure authentication using a supported authentication method. For example, if your organization uses layer 2
access security, verify that your organization uses one of the supported layer 2 security methods.
• Configure encryption using a supported encryption method.
If your organization’s environment requires a VPN concentrator, configure a VPN concentrator for VPN access security
using IPsec VPN. See the administrator for your organization’s firewall or VPN concentrator to determine the appropriate
configuration settings.
You must configure firewall settings. Perform the following actions:
• If your organization use a proxy firewall, configure the proxy server so that it is transparent to users.
• Verify that the IP addresses for the BlackBerry Domain that are relevant to your organization’s environment are
permitted addresses.
• Verify that you add the IP address of the BlackBerry Router to the DNS server.
Configure the ports for the Wi-Fi network.
You must configure access to the DHCP server and DNS server. Perform the following actions:
• If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server.
• If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the
BlackBerry device can access the DHCP server.
• Use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access one or
more DNS servers.
If your organization uses an AAA server, you must configure it. Perform the following actions:
• Configure the AAA server to support the Wi-Fi authentication method that your organization uses.
• Permit all access points to use the AAA server.
If you configure service-specific access security, create a captive portal login.
You must configure user accounts in your organization's environment. Perform the following actions:
• Create authentication credentials for the user accounts.
• If your organization uses EAP-TLS, EAP-TTLS, or PEAP authentication methods, permit the BlackBerry Enterprise
Server to access to the PKI infrastructure and certificates.
Add the MAC addressses of every BlackBerry device that you permit to access a specific enterprise Wi-Fi network (an
allowed list) or prevent from accessing a specific enterprise Wi-Fi network (a restricted list) to the controller for each access
point.
Connection types and port numbers for a Wi-Fi network
Port assignments might vary by mobile network provider.
Administration Guide
Creating and configuring Wi-Fi profiles and VPN profiles
236