Home » Wi-Fi networks and VPN networks » Wi-Fi profiles and VPN profiles » Creating and configuring Wi-Fi profiles

Creating and configuring Wi-Fi profiles

You can use Wi-Fi® configuration settings and optional VPN configuration settings to manage BlackBerry® devices that can operate on both mobile and Wi-Fi networks.

You can manage the configuration settings for user accounts that are associated with a BlackBerry® Enterprise Server by creating Wi-Fi profiles. You can create and assign one or more Wi-Fi profiles to a user account, using a process that is similar to the process you use to create an IT policy and assign it to a user account.

For more information, see the BlackBerry Enterprise Server Feature and Technical Overview.

Prerequisites: Creating Wi-Fi profiles and VPN profiles

You must install and configure wireless access points for your organization’s enterprise Wi-Fi® network. Perform the following actions:

Verify that the access points comply with the IEEE® 802.11a™ standard, IEEE® 802.11b™ standard, or IEEE® 802.11g™ standard.
Verify the number of connections for each access point to make sure that the access points can manage additional traffic.
Verify that users can roam between access points.
Refer to the documentation for the access points to complete a site survey and assign channels.
If your organization does not use a switched enterprise Wi-Fi network and your organization has multiple subnets, configure the subnets to cover the same physical area. The configuration can affect how users send or receive calls.
Assign an SSID to each access point or each group of access points that share an SSID.
If users can roam between the access points, configure all of the relevant SSID profiles on each access point.
If your organization uses NAT traversal, verify that the access points support NAT traversal.

You must configure authentication and encryption for the access points. Perform the following actions:

Configure authentication using a supported authentication method. For example, if your organization uses layer 2 access security, verify that your organization uses one of the supported layer 2 security methods.
Configure encryption using a supported encryption method.

If your organization’s environment requires a VPN concentrator, configure a VPN concentrator for VPN access security using IPsec VPN. See the administrator for your organization’s firewall or VPN concentrator to determine the appropriate configuration settings.

You must configure firewall settings. Perform the following actions:

If your organization use a proxy firewall, configure the proxy server so that it is transparent to users.
Verify that the IP addresses for the BlackBerry® Domain that are relevant to your organization’s environment are permitted addresses.
Verify that the Wi-Fi network can connect to the BlackBerry Router.
Verify that you add the IP address of the BlackBerry Router to the DNS server.

Configure the ports for the Wi-Fi network.

You must configure access to the DHCP server and DNS server. Perform the following actions:

If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server.
If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access the DHCP server.
Use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access one or more DNS servers.

If your organization uses an AAA server, you must configure it. Perform the following actions:

Configure the AAA server to support the Wi-Fi authentication method that your organization uses.
Permit all access points to use the AAA server.

If you configure service-specific access security, create a captive portal login.

You must configure user accounts in your organization's environment. Perform the following actions:

Create authentication credentials for the user accounts.
If your organization uses EAP-TLS, EAP-TTLS, or PEAP authentication methods, permit the BlackBerry® Enterprise Server to access to the PKI infrastructure and certificates.

Add the MAC addressses of every BlackBerry device that you permit to access a specific enterprise Wi-Fi network (an allowed list) or prevent from accessing a specific enterprise Wi-Fi network (a restricted list) to the controller for each access point.

Connection types and port numbers for a Wi-Fi network

Port assignments might vary by mobile network provider.

Item	Connection type	Default port number	Where to configure the connection
incoming connection from a BlackBerry® device to the BlackBerry Router	TCP	4101	Windows® registry
outgoing connection from a BlackBerry device to the BlackBerry Router for a direct Wi-Fi® connection to the BlackBerry® Infrastructure	TCP	443	—

Configure a Wi-Fi profile on a BlackBerry device

You can instruct BlackBerry® device users to perform the following task if you want users to configure a Wi-Fi® profile for the Wi-Fi networks that you did not create a Wi-Fi profile for in the BlackBerry® Administration Service. By default, new Wi-Fi profiles appear at the end of the Wi-Fi profile list on the BlackBerry device.

On the Home screen or in the application list, click Manage Connections.
Click Set Up Wi-Fi Network.
Perform the instructions on the screen.
On the Wi-Fi Setup Complete screen, perform any of the following actions:
- To change the order of the Wi-Fi profiles, click Prioritize Wi-Fi Profiles.
- To specify registration information for the Wi-Fi network, click Wi-Fi Hotspot Login.
Click Finish.

Create a Wi-Fi profile

In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
Click Create Wi-Fi profile.
In the Name field, type a name for the Wi-Fi® profile.
Click Save.

After you finish: Configure the Wi-Fi profile.

Create a Wi-Fi profile based on an existing Wi-Fi profile

In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
Click Manage Wi-Fi profiles.
Click the name of the Wi-Fi® profile that you want to copy.
Click Copy profile.
Type a name for the new Wi-Fi profile.
Click Save.

After you finish: Configure the Wi-Fi profile.

Configure a Wi-Fi profile

In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
Click Manage Wi-Fi profiles.
Click the name of a Wi-Fi® profile.
Click Edit profile.
On the Wi-Fi profile settings tab, change the values for the configuration settings.
Click Save All.

After you finish:

For information about the Wi-Fi configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide.
If the Wi-Fi network includes a captive portal, verify that you changed the WLAN Enable Authentication Page option to True to permit users to access the captive portal using the WLAN Login browser on their BlackBerry devices.
To update the BlackBerry device information immediately, resend the IT policy to the BlackBerry device.

Assign a Wi-Fi profile to a user account

You can assign more than one Wi-Fi® profile to a user account.

Before you begin: Create and configure a Wi-Fi profile.

In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand User.
Click Manage users.
Search for one or more user accounts.
Click the name of the user account that you want to assign a Wi-Fi profile to.
Click Edit user.
On the Wi-Fi profiles tab, in the Wi-Fi profile name section, in the drop-down list, click the Wi-Fi profile.
If required, in the Wi-Fi user specific settings section, specify the login information for the Wi-Fi profile.
Click the Add icon.
Click Save all.

When you assign a Wi-Fi profile to a user account, the BlackBerry Administration Service creates a job to deliver the resulting object to the BlackBerry device.

Assign a Wi-Fi profile to a group

You can assign one or more Wi-Fi® profiles to a group.

Before you begin: Create and configure a Wi-Fi profile.

In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Group.
Click Manage groups.
In the Manage groups section, click the group that you want to assign a Wi-Fi profile to.
On the Wi-Fi profiles tab, click Edit group.
In the Available Wi-Fi profiles list, click the profile that you want to assign to the group and click Add. Repeat for any additional profiles that you want to assign to the group.
Click Save all.

When you assign a Wi-Fi profile to a group that has at least one user account assigned to it, the BlackBerry Administration Service creates jobs to deliver the resulting objects to BlackBerry devices.