User Guide

ManualsBrandsSonicwall ManualsElectronics802.11b VPN Access point

Page 24 SonicWALL Internet Security Appliance Administrator’s Guide

3 Configuring Wireless on the SOHO TZW

The SOHO TZW uses a wireless protocol called IEEE 802.11b, commonly known as Wi-Fi, and

sends data via radio transmissions. Wi-Fi transmission speed is usually faster than broadband

connection speed, but it is slower than Ethernet.

The SonicWALL SOHO TZW combines three networking components to offer a fully secure

wireless firewall: an 802.11b Access Point, a secure wireless gateway, and a stateful firewall

with flexible NAT and VPN termination and initiation capabilities. With this combination, the

SOHO TZW offers the flexibility of wireless without compromising network security.

Typically, the SOHO TZW is the access point for your wireless LAN and serves as the central

access point for computers on your LAN. In addition, it shares a single broadband connection

with the computers on your network. Since the SOHO TZW also provides firewall protection,

intruders from the Internet cannot access the computers or files on your network. This is

especially important for an “always-on” connection such as a cable modem or T1 line that is

shared by computers on a network.

However, wireless LANs are vulnerable to “eavesdropping” by other wireless networks which

means you should establish a wireless security policy for your wireless LAN. Wired Equivalent

Privacy, WEP, should not be used as your only security policy.

On the SOHO TZW, wireless clients connect to the Access Point layer of the firewall. Instead

of bridging the connection directly to the wired network, wireless traffic is first passed to the

Secure Wireless Gateway layer where the client is required to be authenticated via User Level

Authentication. Access to Wireless Guest Services (WGS) and Access Control Lists (ACL) are

managed by the SOHO TZW. It is also at this layer that the SOHO TZW has the capability of

enforcing WiFiSec, and IPSec-based VPN overlay for wireless networking. As wireless network

traffic sucessfully passes through these layers, it is then passed to the VPN-NAT-Stateful

firewall layer where WiFiSec termination, address translation, and access rules are applied. If

all of the security criteria is met, then wireless network traffic can then pass via one of the

following Distribution Systems (DS):

•LAN

•WAN

• Wireless Client on the WLAN

• VPN tunnel

Summary of content (18 pages)

PAGE 1
3 Configuring Wireless on the SOHO TZW The SOHO TZW uses a wireless protocol called IEEE 802.11b, commonly known as Wi-Fi, and sends data via radio transmissions. Wi-Fi transmission speed is usually faster than broadband connection speed, but it is slower than Ethernet. The SonicWALL SOHO TZW combines three networking components to offer a fully secure wireless firewall: an 802.
PAGE 2
Considerations for Using Wireless Connections • • • • • Mobility - if the majority of your network is laptop computers, wireless is more portable than wired connections. Convenience - wireless networks do not require cabling of individual computers or opening computer cases to install network cards. Speed - if network speed is important to you, you may want to consider using Ethernet connections rather than wireless connections.
PAGE 3
Wireless Guest Services (WGS) With your SOHO TZW, you can provide wireless guest services to wireless-equipped users who are not part of your corporate network, for example, a consultant or a sales person. You can offer authenticated wireless users access to the Internet through your SOHO TZW while preventing them from accessing your corporate LAN, or allowing them access to specific resources on the LAN and unencrypted access to the Internet.
PAGE 4
of interaction between the Global VPN Client and the user depends on the WiFiSec options selected by the administrator. WiFiSec IPSec terminates on the WLAN/LAN port, and is configured using the Group VPN Security Policy including noneditable parameters specifically for wireless access.
PAGE 5
WLAN Network Settings 2. Select Enable WLAN to activate the wireless feature of the SOHO TZW. Use the default IP address for the WLAN or choose a different private IP address. The default value works for most networks. Click Next to continue. Alert! You cannot use the same private IP address range as the LAN port of the SOHO TZW. WLAN 802.11b Settings 3. Enter a unique identifier for the SOHO TZW in the SSID field. It can be up to 32 alphanumeric characters in length and is case-sensitive.
PAGE 6
WLAN Security Settings 4. Select the desired security setting for the SOHO3 TZW. WiFiSec is the most secure and enforces IPSec over the wireless network. If you have an existing wireless network and want to use the SOHO TZW, select WEP + Stealth Mode. WiFiSec - VPN Client User Authentication 5. Select Give all users VPN Client privileges if all wireless clients use the SonicWALL Global VPN Client software.
PAGE 7
Wireless Guest Services 6. Enable Wireless Guest Services is selected by default. You can create guest wireless accounts to grant access to the WAN only. If you enable Wireless Guest Services, type a name for the account in the Account Name field, and a password in the Account Password field. The Account Lifetime is set to one hour by default, but you can enter a value and then select Minutes, Hours, or Days to determine how long the guest account is active.
PAGE 8
Congratulations! 8. Congratulations! You have successfully configured your WLAN port on the SOHO TZW.
PAGE 9
Configuring Additional Wireless Features The SonicWALL SOHO TZW has the following features available: • • • • • • WiFiSec Enforcement - an IPSec-based VPN overlay for wireless networking WEP Encryption - configureWired Equivalent Privacy (WEP) Encryption Beaconing and SSID Controls - manage transmission of the wireless signal. Wireless Client Communications - configure wireless client settings. Advanced Radio Settings MAC Filtering - use MAC addresses for allowing access or blocking access to the SOHO TZW.
PAGE 10
WLAN Settings Value WLAN: Enabled or Disabled WiFiSec: Enabled or Disabled SSID: Network Identification Information MAC Address: Serial Number of the SOHO TZW WLAN IP Address: IP address of the WLAN port WLAN Subnet Mask: Subnet information Channel Channel Number selected for transmitting wireless signal Link Status: Network speed in mbps, full or half duplex WEP Encryption: Enabled or Disabled ACL: Enabled or Disabled Wireless Guest Services Enabled or Disabled Wireless Firmware: As
PAGE 11
Wireless>Settings On the Wireless Settings page, you can enable or disable the WLAN port by selecting or clearing the Enable WLAN checkbox. WiFiSec Enforcement Select WiFiSec Enforcement to use IPSec-based VPN for access from the WLAN to the LAN, and also provide access from the WLAN to WAN independent of Wireless Guest Services. When WiFiSec Enforcement is selected, a second check box, Require WiFiSec for VPN Tunnel Traversal is selected by default.
PAGE 12
Deployment Scenario for WiFiSec and VPN Tunnel Traversal A site-to-site VPN tunnel is configured between Site 1 and Site 2, both sites using a SOHO TZW, and Site 1 has a wireless client on the LAN. When the wireless client at Site 1 attempts to send data to Site 2 over the VPN tunnel, all data is encrypted between the wireless client, the SOHO TZW at Site 1, and then over the Internet to Site 2. Insert Graphic Here To configure the WLAN Settings, log into the SonicWALL, and click Wireless, then Settings.
PAGE 13
Wireless>WEP Encryption WEP (Wired Equivalent Protocol) can be used to protect data as it is transmitted over the wireless network, but it provides no protection past the SonicWALL. It is designed to provide a minimal level of protection for transmitted data, and is not recommended for network deployments requiring a high degree of security. WEP Encryption Settings Open-system authentication is the only method required by 802.11b.
PAGE 14
Wireless>Advanced To access Advanced configuration settings for the SOHO TZW, log into the SonicWALL, click Wireless, and then Advanced. Beaconing & SSID Controls 1. Select Hide SSID in Beacon. 2. Select Block Response to Unspecified SSID 3. Type a value in milliseconds for the Beacon Interval. Decreasing the interval time makes passive scanning more reliable and faster because Beacon frames announce the network to the wireless connection more frequently. Wireless Client Communications 1.
PAGE 15
Advanced Radio Settings 1. Select High from the Transmit Power menu to send the strongest signal on the WLAN. 2. Select Short or Long from the Preamble Length menu. Short is recommended for efficiency and improved throughput on the wireless network. 3. The Fragmentation Threshold (bytes) is 2346 by default. Increasing the value means that frames are delivered with less overhead but a lost or damaged frame must be discarded and retransmitted. 4. The RTS Threshold (bytes) is 2432 by default.
PAGE 16
Wireless>MAC Filter List Wireless networking provides native MAC filtering capabilities which prevents wireless clients from authenticating and associating with the SOHO TZW. If you enforce MAC filtering on the WLAN, wireless clients must provide you with the MAC address of their wireless networking card. To set up your MAC Filter List, log into the SonicWALL, and click Wireless, then MAC Filter List. 1. Click Add to add a MAC address to the MAC Filter List. 2.
PAGE 17
Once the MAC address is added to the MAC Address List, you can select Allow or Block next to the entry. For example, if the user with the wireless card is not always in the office, you can select Block to deny access during the times the user is offsite. Click on the Notepad icon under Configure to edit the entry. Click on the Trashcan icon to delete the entry. To delete all entries, click Delete All.
PAGE 18
TIP! You can have Wireless Guest Accounts without configuring User Level Access. Wireless Guest Accounts are considered more temporary than permanent. 3. Type the number of wireless clients that can use the same Guest Account in the Maximum Concurrent Guests field. 4. To add a Guest Account, click Add. 5. Enable Account is selected by default. 6. Enter a name for Guest Account in the Account Name field. In the example above, it is “Joe User”. 7. Enter a password in the Account Password field. 8.