We were planning to rollout the new Bold to our corporate users. Currently we are running BES v4.3.

We would like to control the WiFi features and our security department only allows the WiFi enabled if we can only enable WPA2.

I checked the current BES policy and I think the only option I have is enabling the PSK. However, from what I read, PSK allows WPA and WPA2.

Does anyone know whether it can only enable WPA2 thru BES policy? What about the newer version v5?

Thanks in advance

I think your security department doesn't understand what the BES is providing to them. The type of encryption used on the Wi-Fi access point is only important to communications that don't travel via the BES. The BES uses DES3 or AES (or only AES is you set it up that way) and RSA. Much superior to WPA2 using pre-shared keys.

The WPA2 (or WPA or WEP for that matter) only encrypt the "over the air" portion of the Wi-Fi communications. From the access point, through the internet to the final destination would all be plain text (unless using SSL/TLS). The BES nicely takes care of this by providing encryption end to end from the Blackberry device to the BES server regardless of how it is carried.

Thank you for the info.

I will bring it up to our security team.

I spoke to the security department as well, trying to convince the management. Unforunately, they want it restrict WiFi option. They do however, allows WPA and WPA2 only.

I tried it at the IT Policy, as well in the WLAN Policy. But I couldn't get it working.

I can disable WLAN option displaying on the device. I can also restrict user on creating WLAN profile.

But I can't restrict user to pick PSK only even I have select the security type to 'PSK'.

Please advice, Thx

What you are looking to do is not an option. Frankly, it doesn't even make much sense.

What's the WLAN and IT Policy | WLAN settings are for?

There are options in the policy to restrict the selection (like PSK, Open security etc) but it can't be implement.

Thanks

Those policy settings are for the auto-configuration of a single WiFi connection by the BES administrator.
It's a way to setup a WiFi connection on the device so that the user doesn't need to do it manually.

You're misunderstanding the policy settings.

Thanks for the clarification. I misunderstood the policy as well. In my company I was looking for a way to prohibit acces to open wifi.
Ah well , such is life