Sonicwall 06E User Manual

SonicPoint_N_GSG.book Page 1 Friday, June 4, 2010 3:08 PM

SonicWALL
APL21-06E /APL21-083

SonicPoint-Ne / SonicPoint-Ni Getting Started Guide

SonicPoint_N_GSG.book Page 1 Friday, June 4, 2010 3:08 PM

SonicWALL SonicPoint-Ne / SonicPoint-Ni
Getting Started Guide

This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL SonicPoint-Ne / SonicPoint-Ni
wireless appliances in single-unit or distributed wireless deployments.

Setup

Step Procedure Est. Time

Before You Begin - page 3

1

Introduction to Secure Wireless - page 7

2

Registering Your Appliance - page 13

3

Configuring Your UTM Appliance for Wireless - page 17

4

Setting Up Your SonicPoint - page 23

5

Additional Configuration and Information

Support and Training Options - page 31

Product Safety and Regulatory Information - page 37

SonicWALL SonicPoint Getting Started Guide Page 1

SonicPoint_N_GSG.book Page 2 Friday, June 4, 2010 3:08 PM

SonicPoint Top Panel / Status LEDs

n

n

a

e

t

C

n

A

link

wlan

o

n

n

e

c

t

S

(

o

n

act

link

i

o

i

c

P

o

i

n

n

t

-

N

s

e

O

n

l

y

)

act

lan

Power

Test SafeMode

Status LEDs

link

act

link

wlan

lan

wlan

act

link

act

link

act

lan

Wireless Link

Wireless Activity

1000mbps 100mbps 10Mbps

Ethernet Activity

Power Port

Provides 12VDC power connection

(SonicPoint-Ne only)

Provides Power over Ethernet (PoE)

LAN/PoE Port

and Ethernet connection

Page 2 SonicPoint Top Panel / Status LEDs

l

a

n

c

o

n

s

o

l

e

Reset Button

Press and hold to manually reset

Console Port

Provides management connection using
CLI->DB9 cable (for command line management only)

SonicPoint_N_GSG.book Page 3 Friday, June 4, 2010 3:08 PM

Before You Begin

In this Section:

This section provides a basic checklist of materials and information you will need before you begin.

• Check Package Contents - page 4

• What You Need to Begin - page 5

1

1

SonicWALL SonicPoint Getting Started Guide Page 3

SonicPoint_N_GSG.book Page 4 Friday, June 4, 2010 3:08 PM

Check Package Contents

Before continuing, ensure that your SonicPoint package contains the following materials:

SonicPoint-Ne Appliance Checklist SonicPoint-Ni Appliance Checklist

This Getting Started Guide Document

SonicPoint-Ne Appliance

Mounting Kit (Ceiling Braces, Anchor and Screw Kit)

Front LED/Logo Cover Plate

Antennas (3)

Power Adaptor

a. The included power cord is intended for use in North America only.

a

Any Items Missing?

If any of the items corresponding to your product are missing from the package, please contact SonicWALL support.

This Getting Started Guide Document

SonicPoint-Ni Appliance

Mounting Kit (Ceiling Braces, Anchor and Screw Kit)

Front LED/Logo Cover Plate

A listing of the most current support documents are available online at:
<http://www.sonicwall.com/us/support.html>

Page 4 Check Package Contents

SonicPoint_N_GSG.book Page 5 Friday, June 4, 2010 3:08 PM

What You Need to Begin

The SonicWALL SonicPoint-Ne/Ni security appliances are centrally managed by SonicWALL NSA E-Class appliances. For more
information on deploying this SonicPoint with SonicWALL NSA series and TZ series platforms, contact your local SonicWALL sales
representative for the supported SonicOS releases. SonicPoints receive auto-firmware updates from the central gateway SonicWALL,
this device supports SonicOS 5.6.0.3 or higher releases.

In addition to the above SonicOS firmware and hardware requirements, ensure that your network deployment includes:

• An 802.3af compliant PoE injector or PoE-capable switch (optional when using the SonicPoint-Ne)

• An active Internet connection

• A configured interface on the SonicWALL security appliance set to a zone type of “wireless”

• A location selected for placement of your SonicPoint such as a wall or ceiling

• Clients capable of 802.11n wireless communications

1

1. Although clients with 802.11a/b/g hardware are supported, the presence of these legacy clients within range of your network may affect the connection
speed of your 802.11n clients.

SonicWALL SonicPoint Getting Started Guide Page 5

SonicPoint_N_GSG.book Page 6 Friday, June 4, 2010 3:08 PM

Page 6

SonicPoint_N_GSG.book Page 7 Friday, June 4, 2010 3:08 PM

Introduction to Secure Wireless

In this Section:

This section contains excerpts from the SonicWALL Secure Wireless Network Integrated Solutions Guide.
The content is meant to provide a brief introduction to Radio Frequency (RF) technology as it
pertains to different deployment scenarios.

• Wireless RF Introduction - page 8

• Placing Access Points - page 10

• SonicWALL Wireless Firewalling - page 12

2

2

SonicWALL SonicPoint Getting Started Guide Page 7

SonicPoint_N_GSG.book Page 8 Friday, June 4, 2010 3:08 PM

Wireless RF Introduction

There are currently four widely adopted standards for 802.11
wireless network types: a, b, g, and n. Although 802.11n is the
newest and highest capacity standard, each of the four
standards has its own strengths and weaknesses. This section
provides overviews of these standards.

The following section provides a brief overview of RF
technologies:

• Frequency Bands and Channels - page 8

• 802.11 Comparison Chart - page 8

• Radio Frequency Barriers - page 9

• RF Interference - page 9

Frequency Bands and Channels

To allow multiple separate wireless networks in a shared and
confined space, the RF medium is divided into channels. For
devices in the 5GHz range (802.11a), this means the possibility
of up to 23 discrete channels. For devices using the 2.4GHz
range (802.11b, 802.11g), the wireless space is limited to a
maximum of 14 overlapping channels. As a result of these
overlapping channels, 2.4GHz technology provides only a total
of three discrete channels.

The newer 802.11n technology does not fit into either of these
categories, as it is capable of using both 2.4GHz and 5GHz, but
is limited to 14 overlapping channels for backward compatibility.

802.11 Comparison Chart

The following table compares signal characteristics as they
apply to the current 802.11 standards:

802.11a 802.11b 802.11g 802.11n

# of Channels in USA 23 11 11 11

# of Channels in EU 23 13 13 13

# of Channels in Japan 15 14 14 14

Frequency Band 5GHz 2.4GHz 2.4GHz 2.4/5GHz

Max. Data Rate 54Mbps 11Mbps 54Mbps 150Mbps

300Mbps

Radius (Range) 90ft/25m 120ft/

35m

a. Full 300Mbps throughput is possible only in environments free from

2.4Ghz interference.

120ft/
35m

300ft/90m

Note: Although 802.11b/g/n standards provide between 11

and 14 channels, only 3 of those channels are fully
discrete (non-overlapping) channels.

For more information on this topic, refer to the
SonicWALL Secure Wireless Networking Integrated
Solutions Guide.

a

Page 8 Wireless RF Introduction

SonicPoint_N_GSG.book Page 9 Friday, June 4, 2010 3:08 PM

Radio Frequency Barriers

Determining the location of RF barriers can be a painful part of
the placement process, but keep in mind that they can be used
beneficially in an attempt to block signals where you do not
want coverage.

The following tables list some common RF barrier types:

Barrier Type RF Signal

Open air Very Low

Glass, drywall, cube partitions Low

Stone floors and walls (brick/marble/granite) Medium

Concrete, security glass, stacked books/paper High

Metal, metal mesh (chicken wire), re-enforced
concrete, water

Faraday cage Extremely High

Blocking

Very High

RF Interference

RF interference from home, office, and medical equipment is a
common source of frustration in wireless deployments from the
smallest home office to the largest multi-building campus.

The following table lists several common sources of RF
interference:

Interference Source Possible RF

2.4GHz phones Entire range (hundreds

Bluetooth devices Within 30 feet 802.11b/g/n

Microwave oven

Scientific and medical
equipment

Off-network access
points

RF reflective objects Long-range wireless

a. Most newer model microwave ovens have sufficient shielding to

a

negate possible RF interference.

Interference

of feet)

Within 10-20 feet 802.11b/g/n

Short distance, varies 802.11b/g/n

Entire range All

bridging

Band(s)
Affected

802.11b/g/n

All

SonicWALL SonicPoint Getting Started Guide Page 9

SonicPoint_N_GSG.book Page 10 Friday, June 4, 2010 3:08 PM

Placing Access Points

Physical placement of an access point has a measurable effect
on who can and cannot access your wireless signal. The
following sections provide an overview of wireless access point
placement, signal strength, and signal direction in common
wireless deployment situations:

• Making Hardware Decisions - page 10

• Solutions to RF Interference and Barriers - page 11

Tip: For the latest SonicPoint wireless deployment

information from switching recommendations to
site survey, see the SonicWALL SonicPoint

Deployment Best Practices Guide at:
<http://www.sonicwall.com/us/support.html>

Making Hardware Decisions

The first decision in hardware is the access point. While access
point technology (802.11a/b/g/n) is one factor in determining
your placement, based on distance served and bandwidth
needed, taking note of other hardware-based factors is just as
important.

Some of the more important hardware decisions include:

• Number of access points versus user density – If too
many users are serviced by a single access point,
maximum transfer rates are reached and that point may
become a bottleneck for the whole system.

• Bandwidth – How much data is moving upstream and
downstream for a given type of user?

• Ethernet cabling – Where are you running the powered
Ethernet (PoE) cable to and how are you securing that
cable. Is your PoE switch able to power all access points?

• Hubs / Switches / UTM – Your wireless deployment has to
tie back into your UTM appliance and LAN resources at
some point. What speed is needed for your Ethernet
connection to accommodate the number of access points
you are installing? Also consider where your key
networking devices are deployed and how they will connect
efficiently with your wireless appliances.

• Upgrade your Ethernet connections for 802.11n – In
most cases, 802.11n wireless hardware requires more
bandwidth than a single (or even dual) 10/100 Ethernet
connection can handle. Gigabit Ethernet connectivity
between the WLAN and the LAN is required to take full
advantage of 802.11n speed.

• Power up that PoE for 802.11n – Part of your wireless
network planning should include verifying that your PoE
equipment is 802.3af compliant, and that a full 15 watts of
power can be supplied to each SonicPoint.

Page 10 Placing Access Points

SonicPoint_N_GSG.book Page 11 Friday, June 4, 2010 3:08 PM

Solutions to RF Interference and Barriers

These days, finding an environment with no RF interference or
noise is nearly impossible. Only if you are setting up an office in
a secluded redwood grove can you count on RF interference to
be a non-issue. Even then, the redwood trees might just be
among those fitted with high-gain cellular antennas, an all-too­common occurrence today. Regardless, you should expect to
deal with some level of signal interference in your deployment.

A

C

B

Location A – Rogue access points or wireless test lab

• Problem – Wireless product test labs and other (non-

malicious) rogue access points are problems in many Wi-Fi
deployments.

• Solution – Either eliminate all rogue access points, or

force their owners to use a set channel that does not
overlap with your distributed wireless solution.

Location B – Spectrum noise for 2.4 GHz and 5 GHz

• Problem – Your phone system is partially wireless and

uses the 2.4GHz spectrum.

• Solution – Give VoIP a try. VoIP will work in tandem with

your wireless network, instead of against it. For more on
SonicWALL VoIP implementation and capabilities, refer to
the Configuring VoIP SonicOS feature module available at:

http://www.sonicwall.com/us/support.html

Location C – Off-network access points

• Problem – Your neighbors need wireless, too!

Unfortunately, only a few sheets of drywall separate you.
Solution – Overpowering your neighbors with high-gain
antennas is an option, but not a particularly neighborly one.
Instead, you could simply use a different channel for
wireless access points bordering this wall and ensure that
your neighbors do the same. Performance in some dual­channel wireless devices may take a hit, but it is better than
dropped connections—or unhappy neighbors.

SonicWALL SonicPoint Getting Started Guide Page 11

SonicPoint_N_GSG.book Page 12 Friday, June 4, 2010 3:08 PM

SonicWALL Wireless Firewalling

When a wireless device uses an access point to communicate
with a device on another subnet or on a completely different
network, traffic between the devices is forced to traverse the
network gateway. This traversal enables Unified Threat
Management (UTM) services to be enforced at the gateway.

Standard practice for wireless firewalling (where one wireless
client is communicating with another) bypasses many of the
critical UTM security services. The illustration below shows the
standard practice for wireless firewalling.

?

Other Security Appliance

Content Filtering Service

Client Anti-Virus Enforcement

Gateway Anti-Virus

Gateway Anti-Spyware

Intrusion Prevention Service

Security Services

WLAN Zone

Many security products on the market share this potential
vulnerability when two users connected by a common hub or
wireless access point wish to exchange data.

SonicWALL addresses this security shortcoming by managing
the SonicPoint access points from the UTM appliance. This
allows complete control of the wireless space, including zone
enforcement of security services and complete firewalling
capabilities, as shown in the illustration below.

SonicWALL

SonicPoint

link

act

act

link

wlan

lan

WLAN Zone

SonicWALL

appliance

Content Filtering Service

Client Anti-Virus Enforcement

Gateway Anti-Virus

Gateway Anti-Spyware

Intrusion Prevention Service

Security Services

Page 12 SonicWALL Wireless Firewalling

SonicPoint_N_GSG.book Page 13 Friday, June 4, 2010 3:08 PM

Registering Your Appliance

3

In this Section:

This section provides instructions for registering your SonicWALL SonicPoint appliance.

• Creating a MySonicWALL Account - page 14

• Registering and Licensing Your Appliance on MySonicWALL - page 14

• Using SonicWALL UTM Security Services for Wireless Clients - page 15

Note: Registration is an important part of the setup process and is necessary to receive the full benefits of SonicWALL security

services, firmware updates, and technical support.

3

SonicWALL SonicPoint Getting Started Guide Page 13