manualshive.com logo in svg

SonicWALL SonicPoint, Руководство администратора


Поделиться
Скачать
background image

10

S

ONIC

WALL S

ONIC

P

OINT

 A

DMINISTRATOR

S

 G

UIDE

 : 

facilitate recovery from compromised states of operation. When the SonicPoint is operating in 
SafeMode, it will be possible to upload a new firmware image using FTP. This is different from 
SonicOS devices which use an HTTP POST for firmware uploads. Under normal conditions, it will not 
be necessary to manually update firmware using with FTP on the SonicPoint. SonicPoint firmware is 
embedded within SonicOS and updates are automatically performed while operating in Managed 
Mode as part of the auto-provisioning process.

Operating in Managed Mode requires L2 connectivity to a security appliance interface assigned to a 
Wireless Zone. The Wireless Zone type has certain unique characteristics:

Additional configuration tabs for 'Wireless' and 'Guest Services'. The 'Wireless' and 'Guest 
Services' tabs have the following default settings:

Š

WiFiSec Enforcement Enabled.

Š

Require WiFiSec for Site-to-Site VPN Tunnel Traversal.

Š

Trust WPA traffic as WiFiSec.

Š

SonicPoint Provisioning Profile set to 'SonicPoint.'

Š

Wireless Guest Services Disabled.

Enforces that all traffic that enters the zone arrive from a SonicPoint. All other traffic will be 
dropped (i.e. traffic from wired network systems, or wireless traffic originating from a non-
SonicPoint device). You cannot use a third-party wireless Access Point device in a Wireless Zone.

The only Zone type on which SDP and SSPP operate.

The only Zone type on which Guest Services, and WiFiSec enforcement is available.

The size of the subnet mask will vary with the number of SonicPoint devices available. For more 
details on this, see the following section.

A DHCP scope will be activated on Wireless Zones, and based on the platform, the top range of 
addresses will be reserved for SonicPoints. Refer to the table on page 3 for platform specific 
numbers.

The IP Address assigned to the Wireless Zone interface may not conflict with the SonicPoint 
address reservations described above (for example, for a /24 subnet on a PRO4060, the assigned 
address must be .238 or below).

The WLAN GroupVPN (the default Wireless Zone) will NOT be activated by default, due to the fact 
that an interface must first be added to correctly auto-create Access Rules. The WLAN GroupVPN 
must be manually activated, and upon activation will employ the following WiFiSec optimized 
default settings:

Š

HTTP and HTTPS Management using this SA Enabled.

Š

Require authentication of VPN clients using XAUTH.

Š

User Group for XAUTH Users set to Trusted Users.

Š

Cache XAUTH User Name and Password on Client set to Single Session.

Š

Allow Connections to All Secured Gateways.

Š

Set Default Route as this Gateway.

Note: In SonicOS Enhanced, WLAN is the default instance of the Wireless zone type. You can modify 
the WLAN zone or create a new zone of the Wireless type. 

When in Managed Mode, operating parameters for SonicPoint units will be controlled by the peered 
SonicWALL security appliance. If a security appliance discovers a SonicPoint for which it has no 
stored configuration, it will consider that SonicPoint to be unprovisioned, and it will use the Zone’s 
assigned SonicPoint Profile to auto-provision the SonicPoint. This can occur in the following cases:

The SonicPoint had never been previously provisioned.

The SonicPoint had been provisioned, but was manually deleted using the SonicOS GUI.

The SonicPoint was provisioned by one security appliance, and then moved to a different security 
appliance that contains no stored configuration for that SonicPoint.

Содержание SonicPoint

Страница 1: ...COMPREHENSIVE INTERNET SECURITY SonicWALL SonicPoint and SonicPoint G Administrator s Guide Secure Wireless Solution...

Страница 2: ...ation 20 Bypass Guest Authentication 20 Customizable Authentication Pages 20 SMTP Redirection 21 Enabling External Guest Services 21 MAC Filtering Using MAC Address Objects 22 SonicPoint Profiles 22 A...

Страница 3: ...face 36 System Status 36 36 System Settings 36 37 System Firmware 37 37 System Restart 37 37 Network Interfaces 38 Wireless Status 38 Wireless 802 11a Radio 39 Wireless 802 11a Advanced 39 Wireless 80...

Страница 4: ...12 months that the product will be free from defects in materials and workmanship under normal use This Limited Warranty is not transferable and applies only to the original end user of the product S...

Страница 5: ...CLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS BUSINESS INTERRUPTION LOSS OF INFORMATION OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT OR FOR SPECIAL INDIRECT...

Страница 6: ...MINISTRATOR S GUIDE v Current Documentation Check the SonicWALL documentation Web site for that latest versions of this manual and all other SonicWALL product documentation http www sonicwall com supp...

Страница 7: ...vi SONICWALL SONICPOINT ADMINISTRATOR S GUIDE...

Страница 8: ...rough a SonicWALL security appliance in Managed Mode or on its own in Stand Alone Mode For more detailed instructions on managing a SonicPoint in Managed Mode see the SonicWALL SonicOS Enhanced 2 5 Ad...

Страница 9: ...oint hardware The SonicWALL SonicPoint hardware includes SonicPoint IEEE 802 11a b g SonicPoint G IEEE 802 11g b Overview of the SonicWALL SonicPoint Hardware The SonicPoint contains both 2 4 and 5 0...

Страница 10: ...SONICWALL SONICPOINT ADMINISTRATOR S GUIDE 3 Supported Platforms The following figure details the rear view of the SonicPoint 802 11 a b g Power LAN Port Power over Ethernet Console Port...

Страница 11: ...SONICWALL SONICPOINT ADMINISTRATOR S GUIDE The SonicPoint G contains only the 2 4 GHz Radio WLAN The following figure details the front view of the SonicPoint G Power 2 4 GHz Radio Link 10 100 Activit...

Страница 12: ...ks at a variable rate while transferring data with connected 802 11a stations LAN 10 act The LAN 10 act LED blinks to indicate 10Mb LAN activity LAN link The LAN link LED illuminates steadily to indic...

Страница 13: ...r on the bottom of the SonicPoint To register your SonicPoint 1 In your Web browser log into your account at https www mySonicWALL com 2 In the list of registered products click on the link for the So...

Страница 14: ...page when you are done SonicPoint Overview As the proliferation of wireless networking continues it becomes increasingly important to support more diverse and more geographically expansive wireless ne...

Страница 15: ...total recommended number of SonicPoints per appliance Feature Platform Tri Mode Dual Band Dual Radio 802 11a b g operation for simultaneous support of 802 11a and 802 11g b clients SonicPoint 802 11a...

Страница 16: ...nts maintain their Stand Alone and Managed Mode configurations separately so that they do not conflict with or overwrite one another SonicPoints will dynamically transition from one mode to the other...

Страница 17: ...e will be activated on Wireless Zones and based on the platform the top range of addresses will be reserved for SonicPoints Refer to the table on page 3 for platform specific numbers The IP Address as...

Страница 18: ...ed SonicPoint device that is a SonicPoint for which security appliance has no stored configuration Changing the configuration on an operational SonicPoint requires modification to that SonicPoint s se...

Страница 19: ...b Layer 2 connectivity between SonicPoints and the managing SonicWALL appliance is required Wireless Zone interfaces will automatically recognize when a SonicPoint has been connected using the SonicWA...

Страница 20: ...ess Zone to accept either SonicPoint sourced traffic as well as traffic sourced from any other host Packets will continue to be tagged as they pass through the SonicPoint Providing the ability to allo...

Страница 21: ...s Point Secure Wireless Gateway and the Firewall into a single unit providing full firewall Access Rule applicability to all wireless traffic on that individual unit Wireless Firewalling within the Se...

Страница 22: ...twork 192 168 168 0 255 255 255 0 VPN 172 16 17 0 Network 172 16 17 0 255 255 255 0 VPN 172 16 18 0 Network 172 16 18 0 255 255 255 0 VPN 172 16 20 0 Network 172 16 20 0 255 255 255 0 VPN From Host To...

Страница 23: ...oints Consider the above example where there are two SonicPoints connected to the WLAN Zone where WiFiSec is enforced SonicPoint1 does not have WPA enabled but WPA is enabled and is Trusted as WiFiSec...

Страница 24: ...the client s ability to send and receive data during the scanning process This varies from vendor to vendor Some clients cleverly employ power saving to make this process more seamless they signal the...

Страница 25: ...the following configuration In the above configuration the WLAN Zone has WiFiSec enforced but the WLAN GroupVPN does not have Use DHCP to obtain Virtual IP for this Connection enabled ClientA associat...

Страница 26: ...ope As ClientA moves from SonicPoint1 to SonicPoint2 both of which use the same SSID corpNet roaming occurs within the same L2 segment When ClientA re associates the physical adapter IP address 10 1 1...

Страница 27: ...st communications controls occur at the Wireless Gateway layer below the Firewall Access Rules and will not manifest itself in the Access Rule table If IP addresses are known or predictable it will st...

Страница 28: ...bound e mail for all hotspot visitors regardless of their client software configurations Note The potential for using this sort of arrangement for spamming must be mitigated by anti spam software runn...

Страница 29: ...onicWALL Discovery Protocol SDP is a layer 2 protocol employed by SonicPoints and devices running SonicOS Enhanced 2 5 and higher SDP is the foundation for the automatic provisioning of SonicPoint uni...

Страница 30: ...aged Mode two additional SonicPoint transitions have been defined to help provide uninterrupted connectivity and high availability The first such transition is specific to configurations wherein two S...

Страница 31: ...detected resulting in Managed Mode but then becomes unavailable such as it is powered off or physically disconnected from the SonicPoint the SonicPoint will poll at a longer interval 6 minutes and the...

Страница 32: ...o The LED blinks at a constant rate when the SonicPoint is ready to receive traffic using the 5 GHz radio 802 11a and blinks at a variable rate when transferring data LAN 10 activity The LAN 10 act LE...

Страница 33: ...optional If you do not assign a default profile for a zone SonicPoints in that zone will use the first profile in the list Assign one or more interfaces to the Wireless zone Attach the SonicPoints to...

Страница 34: ...settings for the 802 11a 5GHz band radio Enable 802 11a Radio Check this to automatically enable the 802 11a radio bands on all SonicPoints provisioned with this profile Note 802 11a radio settings o...

Страница 35: ...dio For most 802 11a advanced options the default settings give optimum performance Hide SSID in Beacon Check this option to have the SSID broadcast as part of the wireless beacon rather than as a sep...

Страница 36: ...tings are appropriate when you allow both the SonicPoint b and g clients to be present at the same time Since g clients transmit at a high rate the b clients that operate at a slower rate cannot under...

Страница 37: ...Hz radio settings Modifications to profiles will not affect units that have already been provisioned and are in an operational state Configuration changes to operational SonicPoint devices can occur i...

Страница 38: ...riate for the amount of devices you have The undiscriminating addressing requirement sometimes proved unnecessary or disruptive To configure a number of SonicPoint access points perform the following...

Страница 39: ...t device 2 Navigate to the System Administration page 3 From the Download URL section of the page change the path of the SonicPoint image retrieval point in the SonicPoint Download URL http field Make...

Страница 40: ...nnected SonicPoints and displays updated settings on the page Enable and Disable Individual SonicPoints You can enable or disable individual SonicPoints on the Wireless SonicPoints page 1 Check the bo...

Страница 41: ...cations are restored or the SonicPoint is deleted from the SonicOS device s table Updating Firmware If the SonicOS security appliance detects that it has a firmware update available for a SonicPoint i...

Страница 42: ...Management Interface 1 Configure your management station If you are connecting to the LAN port on the SonicPoint directly from your managements station or through only the PoE injector you need to co...

Страница 43: ...f the SonicOS Management Interface see Managing SonicPoints in Managed Mode for instructions on managing the SonicPoint in Stand Alone Mode System Status System Settings Provides a view of operating p...

Страница 44: ...an interface to upload new firmware using FTP Requires access to an external FTP server hosting a SonicPoint Firmware image SonicPoint firmware can be downloaded from a SonicOS Enhanced 2 5 or greate...

Страница 45: ...38 SONICWALL SONICPOINT ADMINISTRATOR S GUIDE Network Interfaces Wireless Status Configuration of LAN IP netmask and default gateway View statistics for both radios and associated Station status...

Страница 46: ...NICWALL SONICPOINT ADMINISTRATOR S GUIDE 39 Managing the SonicPoint in Stand Alone Mode Wireless 802 11a Radio Wireless 802 11a Advanced 802 11a 5GHz Radio settings Advanced 802 11a 5GHz Radio setting...

Страница 47: ...40 SONICWALL SONICPOINT ADMINISTRATOR S GUIDE Wireless 802 11g Radio Wireless 802 11g Advanced 802 11g b 2 4GHz Radio settings Advanced 802 11g b 2 4GHz Radio settings...

Страница 48: ...image The default IP address of the Safe Mode and Stand Alone GUI is 192 168 1 20 Safe Mode does not require a login while Stand Alone Mode employs a default username of admin and a password of passw...

Страница 49: ...ating in to the factory defaults It does not reset the configuration for the other mode Depending on the mode the SonicPoint is operating in and the amount of time you press the reset button the Sonic...

Страница 50: ...the FCC regulatory domain it supports and additional 5 channels with channel frequencies of 5200 5240 5280 5765 and 5805Mhz The 2 4Ghz 802 11g b radio supports a maximum of 14 channels depending on t...

Страница 51: ...Sensitivity typical 802 11a 82dBm 6Mbps 81dBm 9Mbps 79dBm 12Mbps 78dBm 18Mbps 75dBm 24Mbps 72dBm 36Mbps 70dBm 48Mbps 68dBm 54Mbps 802 11b g 91dBm 1Mbps 90dBm 2Mbps 89dBm 5 5Mbps 84dBm 6Mbps 82dBm 9Mb...

Страница 52: ...mes mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change with out notice T 408 745 9600 F 408 745 9300 www so...

Отзывы:

Нет отзывов

Похожие инструкции для SonicPoint

IBM 51 Troubleshooting Manual preview
51
Бренд: IBM Страницы: 248
Panasonic KX-UDS124 Important Information Manual preview
KX-UDS124
Бренд: Panasonic Страницы: 44
LaCie 5big Network 2 Datasheet preview
5big Network 2
Бренд: LaCie Страницы: 4
LaCie d2 Network 2 Datasheet preview
d2 Network 2
Бренд: LaCie Страницы: 4
LaCie 2big Network 2 Datasheet preview
2big Network 2
Бренд: LaCie Страницы: 4
National Instruments NI PCIe-8255R Quick Start Manual preview
NI PCIe-8255R
Бренд: National Instruments Страницы: 16
National Instruments NI 9403 Operating Instructions Manual preview
NI 9403
Бренд: National Instruments Страницы: 23
Grasslin TOWERCHRON DP72 Programming Manual preview
TOWERCHRON DP72
Бренд: Grasslin Страницы: 2
XtendLan XL-HCW224C User Manual preview
XL-HCW224C
Бренд: XtendLan Страницы: 52
DCB BROADCAST POLLING FRAD BPF-14 BU Manual preview
BROADCAST POLLING FRAD BPF-14 BU
Бренд: DCB Страницы: 28
Zhone 6388-A1-XXX Technical Specifications preview
6388-A1-XXX
Бренд: Zhone Страницы: 2
National Instruments NI 9229E Operating Instructions Manual preview
NI 9229E
Бренд: National Instruments Страницы: 26
Buffalo BS-GS2008P Quick Setup Manual preview
BS-GS2008P
Бренд: Buffalo Страницы: 2
Ubiquiti airMAX NanoBridge M NBM3 Quick Start Manual preview
airMAX NanoBridge M NBM3
Бренд: Ubiquiti Страницы: 24
Planet VC-820M Quick Installation Manual preview
VC-820M
Бренд: Planet Страницы: 2
Valcom VIP-997 Manual preview
VIP-997
Бренд: Valcom Страницы: 4
ZyXEL Communications GS-1116A Supplementary Manual preview
GS-1116A
Бренд: ZyXEL Communications Страницы: 1
IBEX Westermo Ibex-RT-330-5G Series Manual preview
Westermo Ibex-RT-330-5G Series
Бренд: IBEX Страницы: 36

Бренды по названию

Популярные бренды

Загрузить еще бренды