Manualshelf

User Guide

ManualsBrandsSonicwall ManualsElectronics802.11b VPN Access point
12345678910
Page 26 SonicWALL Internet Security Appliance Administrator’s Guide
Wireless Guest Services (WGS)
With your SOHO TZW, you can provide wireless guest services to wireless-equipped users
who are not part of your corporate network, for example, a consultant or a sales person. You
can offer authenticated wireless users access to the Internet through your SOHO TZW while
preventing them from accessing your corporate LAN, or allowing them access to specific
resources on the LAN and unencrypted access to the Internet.
When WGS is active, wireless clients can authenticate and associate with the Access Layer of
the SonicWALL. When a Web browser is launched, the wireless user is prompted to provide a
user name and password to gain access to WGS. The browser is redirected to the HTTP
(unencrypted) management address of the SOHO TZW, but the user name and password is
not transmitted. Instead, a secure hash is transmitted rendering the information useless to
anyone “eavesdropping” on the network. After authentication, WGS is tracked and controlled
by the client MAC address as well as Account and Session lifetimes.
In order to take advantage of Wireless Guest Services, you must provide a guest with a user
name and password which they use to authenticate themselves using HTTP and a Web
browser, creating a secure HTTP session. For more information on configuring Wireless Guest
Services, see page X, Configuring Wireless Guest Services.
Easy ACL (Access Control Lists)
802.11 wireless networking protocol provides native MAC address filtering capabilities. When
MAC address filtering occurs at the 802.11 layer, wireless clients are prevented from
authenticating and associating with the wireless access point. Since data communications
cannot occur without authentication and association, access to the network cannot be granted
until the client has given the network administrator the MAC address of their wireless network
card.
The SOHO TZW uses its WGS to overcome this limitation by moving MAC address filtering to
the Secure Wireless Gateway layer. This allows wireless users to authenticate and associate
with the Access Point layer of the SonicWALL, and be redirected to the WGS by the Secure
Wireless Gateway where the user authenticates and obtains WLAN to WAN access.
Easy ACL is an extension of WGS that simplifies the administrative burden of manually adding
MAC addresses to the ACL. Users can add themselves to the ACL by providing a user name
and password assigned to them by the SonicWALL administrator. WGS must be enabled on
the SOHO TZW before Easy ACL can be implemented.
WiFiSec Enforcement
Enabling WiFiSec Enforcement on the SonicWALL enforces the use of IPSec-based VPN for
access from the WLAN to the LAN, and provides access from the WLAN to the WAN
independent of WGS. Access from one wireless client to another is configured on the
Wireless>Advanced page where you can disable or enable access between wireless clients.
WiFiSec uses the easy provisioning capabilities of the SonicWALL Global VPN client making it
easy for experienced and inexperienced administrators to implement on the network. The level