SonicWALL SonicPoint NF Getting Started Manual

Getting Started Guide

SonicWALL Network Security Appliances

NETWORK SECURITY

SonicPoint-N Dual-Band

PROTECTION AT THE SPEED OF BUSINESS™

SonicWALL SonicPoint Getting Started Guide Page 2

SonicPoint Front/Back Panels

Status LEDs

3

A

n

t

e

n

a

C

o

n

e

c

t

i

o

n

s

M

o

u

n

t

i

n

g

P

l

a

t

e

R

e

l

e

a

s

e

R

e

s

e

t

B

u

t

o

n

L

A

N

/

P

o

E

P

o

r

t

C

o

n

s

o

l

e

P

o

r

t

P

r

o

v

i

d

e

s

P

o

E

(

p

o

w

e

r

e

d

)

E

t

h

e

r

n

e

t

c

o

n

e

c

t

i

o

n

t

o

S

o

n

i

c

W

A

L

a

p

l

i

a

n

c

e

W

L

A

N

z

o

n

e

.

P

r

e

s

a

n

d

h

o

l

d

t

o

m

a

n

u

a

l

y

r

e

s

e

t

h

e

S

o

n

i

c

P

o

i

n

t

i

n

t

o

S

a

f

e

M

o

d

e

P

r

o

v

i

d

e

s

m

a

n

a

g

e

m

e

n

t

c

o

n

e

c

t

i

o

n

u

s

i

n

g

C

L

I

-

>

D

B

9

c

a

b

l

e

(

f

o

r

c

o

m

a

n

d

l

i

n

e

m

a

n

a

g

e

m

e

n

t

o

n

l

y

)

.

Power

Test SafeMode

Wireless Link

Wireless Activity

1000mbps 100mbps 10Mbps

Ethernet Activity

Page 3 SonicPoint Front/Back Panels

SonicWALL SonicPoint Getting Started Guide Page 4

Before You Begin

In this Section:

This section provides a basic checklist of materials and information you will need before you begin.

• Check Package Contents - page 5

• What You Need to Begin - page 6

1

Page 5 Check Package Contents

Check Package Contents

Before continuing, ensure that your SonicPoint package contains the following materials:

SonicPoint-N Dual-Band Appliance Mounting Plate

Antennas (3)

Getting Started Guide

Anchor/Screw Kit

Getting Started Guide

COM

PREHENSIVE INTERNET SECURITY

SonicWALL SonicPoint Getting Started Guide Page 6

What You Need to Begin

Review the following checklist of items before you begin setup. The following items are needed for a successful 802.11n wireless

deployment using the SonicPoint-N Dual-Band appliance:

• A SonicWALL SonicPoint-N Dual-Band appliance

• SonicOS Enhanced 5.2 or higher, installed on one of the following SonicWALL UTM appliances:

• TZ 210 series

• NSA series

• E-Class NSA series

• An 802.3af compliant PoE injector or PoE-capable switch

• An active Internet connection

• A configured interface on the SonicWALL security appliance set to a zone type of “wireless”

• A location selected for placement of your SonicPoint such as a wall or ceiling

• Clients capable of 802.11n wireless communications

1

1. Although clients with 802.11a/b/g hardware are supported, the presence of these legacy clients within range of your network may affect the connection

speed of your 802.11n clients.

Page 7

SonicWALL SonicPoint Getting Started Guide Page 8

Introduction to Secure Wireless

In this Section:

This section contains excerpts from the SonicWALL Secure Wireless Network Integrated Solutions Guide.

The content is meant to provide a brief introduction to Radio Frequency (RF) technology as it

pertains to different deployment scenarios.

• Wireless RF Introduction - page 9

• Placing Access Points - page 11

• SonicWALL Wireless Firewalling - page 15

• Registering for a Free Copy of the SonicWALL Secure Wireless Network Integrated Solutions Guide - page 16

2

Page 9 Wireless RF Introduction

Wireless RF Introduction

There are currently four widely adopted standards for 802.11

wireless network types: a, b, g, and n. Although 802.11n is the

newest and highest capacity standard, each of the four

standards has its own strengths and weaknesses. This section

provides overviews of these standards.

The following section provides a brief overview of RF

technologies:

• Frequency Bands and Channels - page 9

• Data Rate and Useful Range - page 9

• 802.11 Comparison Chart - page 10

• Radio Frequency Barriers - page 10

• RF Interference - page 10

Frequency Bands and Channels

To allow multiple separate wireless networks in a shared and

confined space, the RF medium is divided into channels. For

devices in the 5GHz range (802.11a), this means the possibility

of up to 23 discrete channels. For devices using the 2.4GHz

range (802.11b, 802.11g), the wireless space is limited to a

maximum of 14 overlapping channels. As a result of these

overlapping channels, 2.4GHz technology provides only a total

of three discrete channels.

The newer 802.11n technology does not fit into either of these

categories, as it is capable of using both 2.4GHz and 5GHz, but

is limited to 14 overlapping channels for backward compatibility.

Data Rate and Useful Range

Different 802.11 standards provide different signal

optimizations:

• 802.11b – Provides long distance, although at a lower

maximum data rate (11Mbps per channel), than

802.11a/g/n. In addition, the low data rate can only be used

across 3 non-overlapping channels.

• 802.11a – Provides a high maximum data rate per channel

with the trade-off of shorter useful range. This standard

shines in high-traffic applications because its 54Mbps rate

is available over each of the 23 non-overlapping channels

in the 5GHz range.

• 802.11g – Provides a higher maximum data rate per

channel than 802.11b and a longer range than 802.11a.

However, because it resides in the 2.4GHz range, the

maximum data rate can only be used across three non-

overlapping channels.

• 802.11n – Provides the highest maximum data rate per

channel, double the speed of any previous standard and

double the useful range. In addition, 802.11n commonly

offers Multiple Input Multiple Output (MIMO) technology to

further increase transmission rates. This standard is

capable of using both the 5GHz and 2.4GHz ranges

simultaneously for enhanced throughput.

SonicWALL SonicPoint Getting Started Guide Page 10

802.11 Comparison Chart

The following table compares signal characteristics as they

apply to the current 802.11 standards:

*Of the channels available with this technology, only three (3) are discrete.

Radio Frequency Barriers

Determining the location of RF barriers can be a painful part of

the placement process, but keep in mind that they can be used

beneficially to block signals where you do not want coverage.

The following tables list common RF barrier types:

RF Interference

The following table lists several common sources of RF

interference:

**Most newer model microwave ovens have sufficient shielding to negate possible

RF interference.

802.11a 802.11b 802.11g 802.11n

USA Channels 23 11* 11* 11*

EU Channels 23 13* 13* 13*

Japan Channels 15 14* 14* 14*

Frequency Band 5GHz 2.4GHz 2.4GHz 2.4/5GHz

Max. Data Rate 54Mbps 11Mbps 54Mbps 180Mbps

Radius (Range) 90ft/25m 120ft/

35m

120ft/

35m

240ft/

70m

Barrier Type RF Signal

Blocking

Open air Very Low

Glass, drywall, cube partitions Low

Stone floors and walls (brick/marble/granite) Medium

Concrete, security glass, stacked books/paper High

Metal, metal mesh (chicken wire), re-enforced

concrete, water

Very High

Faraday cage Extremely High

Interference Source Possible RF

Interference

Band(s)

Affected

2.4GHz phones Entire range (hundreds

of feet)

802.11b/g/n

Bluetooth devices Within 30 feet 802.11b/g/n

Microwave oven** Within 10-20 feet 802.11b/g/n

Scientific and medical

equipment

Short distance, varies 802.11b/g/n

Off-network access

points

Entire range All

RF reflective objects Long-range wireless

bridging

All

Barrier Type RF Signal

Blocking

Page 11 Placing Access Points

Placing Access Points

Now let us take a look at some best practice examples of what

has been covered so far in this chapter. Physical placement of

an access point has a measurable effect on who can and

cannot access your wireless signal. Keeping outside users out

of your wireless range is often just as important as ensuring

your valid users have a strong wireless signal.

The following sections provide an overview of wireless access

point placement, signal strength, and signal direction in

common wireless deployment situations:

• Creating a Realistic Environment - page 11

• Making Hardware Decisions - page 11

• Upgrading to 802.11n Technology - page 12

• Solutions to RF Interference and Barriers - page 13

Creating a Realistic Environment

Be realistic when preparing the site for a wireless site survey.

The best time to conduct a site survey is not on a weekend or

after hours, but during a normal work day when the office is

busy. It is a good idea to include elements such as people,

closed doors, wireless test labs, and other objects that could

alter or interfere with the RF signal.

Making Hardware Decisions

The first decision in hardware is the access point. While access

point technology (802.11a/b/g/n) is one factor in determining

your placement, based on distance served and bandwidth

needed, taking note of other hardware-based factors is just as

important. Some of the more important hardware decisions

include:

• Number of access points versus user density – How

many wireless clients are served by one access point? If

too many users are serviced by a single access point,

maximum transfer rates are reached and that point may

become a bottleneck for the whole system. This is an

example where deciding coverage only in terms of signal

range may not be ideal.

• Bandwidth – This goes hand-in-hand with user density,

but also takes into consideration user type. How much data

is moving upstream and downstream for a given type of

user?

• Ethernet cabling – This is the point where wireless is not

actually wireless. Where are you running the powered

Ethernet (PoE) cable to and how are you securing that

cable? Also think of power requirements when running

multiple access points; is your PoE switch 802.3af

compliant and able to power all access points in your

deployment?

SonicWALL SonicPoint Getting Started Guide Page 12

• Hubs / Switches / UTM – Your wireless deployment has to

tie back into your UTM appliance and LAN resources at

some point. In between, there could be dozens or

hundreds of switches and hubs. What speed is needed for

your Ethernet connection to accommodate the number of

access points you are installing? Also consider where your

key networking devices are deployed and how they will

connect efficiently with your wireless appliances.

• Antennas – The standard antenna connectors used in

SonicPoint access points allow network administrators to

use third-party antennas when necessary.

Note: Before adding any type of third-party external

antennas, you must ensure that your proposed

deployment will operate within the laws provided

by your local governing body. In the United States,

the FCC provides these guidelines and laws.

Upgrading to 802.11n Technology

The following are a few infrastructure points to be aware of if

you are upgrading your current wireless network from

802.11a/b/g technology:

• Upgrade your Ethernet connections – In most cases,

802.11n wireless hardware requires more bandwidth than a

single (or even dual) 10/100 Ethernet connection can

handle. Gigabit Ethernet connectivity between the WLAN

and the LAN is required to take full advantage of 802.11n

speed.

• Power up that PoE – Most legacy PoE injectors do not

provide enough power to drive the multiple radios in

802.11n equipment. Part of your wireless network planning

should include verifying that your PoE equipment is 802.3af

compliant, and that a full 15 watts of power can be supplied

to each SonicPoint.

Page 13 Placing Access Points

Solutions to RF Interference and Barriers

These days, finding an environment with no RF interference or

noise is nearly impossible. Only if you are setting up an office in

a secluded redwood grove can you count on RF interference to

be a non-issue. Even then, the redwood trees might just be

among those fitted with high-gain cellular antennas, an all-too-

common occurrence today. Regardless, you should expect to

deal with some level of signal interference in your deployment.

Location A – Rogue access points or wireless test lab

• Problem – Wireless product test labs and other (non-

malicious) rogue access points are problems in many Wi-Fi

deployments. Even if the access points in question are

using different SSID nomenclature, channel overlapping is

almost sure to be a bandwidth buster for legitimate users.

• Solution – Either eliminate all rogue access points, or

force their owners to use a set channel that does not

overlap with your distributed wireless solution. For

dedicated wireless test labs, or areas that must be

secluded from RF noise, convert that specific area into a

Faraday cage, blocking a significant amount of wireless

signals from entering or leaving the room.

Note: The Faraday cage was developed by 19th century

inventor Michael Faraday. It demonstrates that a room

built of a conductive material will shield its contents

from electric or static electric currents. This effect also

exists for wireless radio transmissions, although to a

lesser extent.

A

C

B

SonicWALL SonicPoint Getting Started Guide Page 14

Location B – Spectrum noise for 2.4 GHz and 5 GHz

• Problem – Your phone system is partially wireless and

uses the 2.4GHz spectrum. Whenever someone in the

office takes a call, wireless connection speed is reduced in

the surrounding area, and to top it off, callers often

complain of white noise during their conversation.

• Solution – Give VoIP a try. VoIP will work in tandem with

your wireless network, instead of against it. Another option

is to try a phone that uses a different spectrum, or to go

completely wired for your phone service. For more on

SonicWALL VoIP implementation and capabilities, refer to

the Configuring VoIP SonicOS feature module available at:

http://www.sonicwall.com/us/support.html

Location C – Off-network access points

• Problem – Your neighbors need wireless, too!

Unfortunately, the walls that separate you are made of

drywall. The result is that their wireless signals plus your

wireless signals equals client confusion and RF noise.

Wireless clients in this area may have trouble connecting or

keeping a connection if your channels overlap with those of

your neighbors.

• Solution – Overpowering your neighbors with high-gain

antennas is an option, but not a particularly neighborly one.

Instead, you could simply use a different channel for

wireless access points bordering this wall and ensure that

your neighbors do the same. Performance in some dual-

channel wireless devices may take a hit, but it is better than

dropped connections—or unhappy neighbors.

Page 15 SonicWALL Wireless Firewalling

SonicWALL Wireless Firewalling

When a wireless device uses an access point to communicate

with a device on another subnet or on a completely different

network, traffic between the devices is forced to traverse the

network gateway. This traversal enables Unified Threat

Management (UTM) services to be enforced at the gateway.

Standard practice for wireless firewalling (where one wireless

client is communicating with another) bypasses many of the

critical UTM security services. The illustration below shows the

standard practice for wireless firewalling.

Many security products on the market share this potential

vulnerability when two users connected by a common hub or

wireless access point wish to exchange data.

SonicWALL addresses this security shortcoming by managing

the SonicPoint access points from the UTM appliance. This

allows complete control of the wireless space, including zone

enforcement of security services and complete firewalling

capabilities, as shown in the illustration below.

WLAN Zone

Security Services

?

Content Filtering Service

Client Anti-Virus Enforcement

Gateway Anti-Virus

Gateway Anti-Spyware

Intrusion Prevention Service

Other Security Appliance

WLAN Zone

Security Services

SonicWALL

appliance

SonicWALL

SonicPoint

Content Filtering Service

Client Anti-Virus Enforcement

Gateway Anti-Virus

Gateway Anti-Spyware

Intrusion Prevention Service

SonicWALL SonicPoint Getting Started Guide Page 16

Registering for a Free Copy of the

SonicWALL Secure Wireless Network

Integrated Solutions Guide

This wireless introduction is just a

small portion of what is included in

the SonicWALL Secure Wireless

Network Integrated Solutions Guide.

Look to this 512 page guide for a

comprehensive deployment solution

for almost any situation.

The first 1,000 customers to register

their SonicPoint appliance will

receive a FREE copy of the

SonicWALL Secure Wireless

Network Integrated Solutions

Guide.

Nearly forty percent of the world’s 1 billion+ Internet users are

wireless. It’s a truly staggering fact to think that the majority of

these wireless implementations are fundamentally insecure,

leaving users and private data at risk.

Many wireless network proprietors believe that the convenience

of wireless outweighs the possible risk of an insecure

implementation, or that secure wireless is far too complicated to

worry about deploying.

Throughout this book, the engineers and documentation

authors at SonicWALL prove the opposite is true. Wireless

networks can be made as secure as wired networks, and

deploying this type of security can be far less complicated than

you think. In this book, and through their massive product

offerings, SonicWALL gives you (the secure wireless network

hopeful) all of the planning, design, implementation, and

optimizing tools you need to do wireless. Securely.

Page 17 Registering for a Free Copy of the SonicWALL Secure Wireless Network Integrated Solutions Guide

SonicWALL SonicPoint Getting Started Guide Page 18

Registering Your Appliance

In this Section:

This section provides instructions for registering your SonicWALL SonicPoint appliance.

• Creating a MySonicWALL Account - page 19

• Registering and Licensing Your Appliance on MySonicWALL - page 19

• Using SonicWALL UTM Security Services for Wireless Clients - page 20

Note: Registration is an important part of the setup process and is necessary to receive the full benefits of SonicWALL security

services, firmware updates, and technical support.

3

Page 19 Creating a MySonicWALL Account

Creating a MySonicWALL Account

A MySonicWALL account is required for product registration. If

you already have an account, continue to the Registering and

Licensing Your Appliance on MySonicWALL section.

To create a MySonicWALL account:

1. In your browser, navigate to www.mysonicwall.com.

2. In the login screen, click the Not a registered user? link.

3. Complete the Registration form and click Register.

4. Verify that the information is correct and click Submit.

5. In the screen confirming that your account was created,

click Continue.

Registering and Licensing Your Appliance

on MySonicWALL

You must register your SonicWALL security appliance on

MySonicWALL to enable full functionality.

Tip: The first 1,000 customers to register their SonicPoint

will receive a coupon for a free copy of the SonicWALL

Secure Wireless Network Integrated Solutions Guide.

To register your SonicPoint, perform the following tasks:

1. Login to your MySonicWALL account. If you do not have an

account, you can create one at www.mysonicwall.com.

2. Enter the serial number of your product in the REGISTER

A PRODUCT field and click the Next button.

3. Type a friendly name for the appliance, select the

Product Group if any, type the authentication code into

the appropriate text boxes, and then click Register.

4. On the Product Survey page, fill in the requested

information and then click Continue.

5. To pair your SonicPoint with a SonicWALL UTM

appliance, navigate to the Service Management page

by clicking on the device you wish to pair with your

SonicPoint.

6. Scroll to the Associated Products section and click the

SonicWALL SonicPoint N link to associate your

SonicPoint with the appliance.

SonicWALL SonicPoint Getting Started Guide Page 20

Using SonicWALL UTM Security Services

for Wireless Clients

Remember that any security services you have purchased for

your SonicWALL UTM appliance can also be applied to wireless

clients. Simply enable the security services on the WLAN zone

or on a custom wireless zone, and your wireless traffic will be

protected along with your wired traffic.

If you have not yet purchased a security service subscription for

your SonicWALL UTM appliance, please speak with a sales

representative or visit www.mysonicwall.com to register for free

trials.

• To try a Free Trial of a service, click Try in the Service

Management page.

• To purchase a product or service, click Buy Now in the

Service Management page.

If you recently purchased security services, you will receive an

activation key. This key is emailed to you after online

purchases, or is on the front of the certificate that was included

with your purchase.

To activate existing licenses:

1. Log into mysonicwall.com and navigate to the My

Products page.

2. Select the registered product you want to manage.

3. Locate the product on the Service Management page and

click Enter Key in that row.

4. In the Activate Service page, type or paste your key into the

Activation Key field and then click Submit.

When activation is complete, MySonicWALL displays an

activation screen with service status and expiration information.

You have successfully registered your SonicWALL appliance,

and now you need to enable UTM security services on the

SonicWALL appliance itself. SonicWALL UTM security services

are not enabled by default.

La pagina sta caricando ...

SonicWALL SonicPoint NF Getting Started Manual

Questo manuale è adatto anche per

SonicWALL SonicPoint NF Getting Started Manual

in altre lingue

Documenti correlati

Altri documenti