Table of ContentsPreviousNextIndex

SonicWALL, Inc.


Wireless/Settings

Wireless > Settings

The Wireless > Settings page allows you to configure your wireless settings.

On the Wireless>Settings page, you can enable or disable the WLAN port by selecting or clearing the Enable WLAN checkbox.

Wireless Radio Mode

Select either Access Point to configure the SonicWALL as the default gateway on your network or select Wireless Bridge from the Radio Role menu to configure the SonicWALL to act as an intermediary wireless device.

Note: WPA support is only available in Access Point Mode. WPA support is not available in Wireless Bridge Mode.

Wireless Settings

Enable WLAN Radio: Check this checkbox to turn the radio on, and enable wireless networking. Click Apply in the top right corner of the administrative interface to have this setting take effect.

Schedule: The schedule determines when the radio is on to send and receive data. The default value is Always on. The Schedule list displays the schedule objects you create and manage in the System > Schedule page. The default choices are:

SSID: The default value, sonicwall, for the SSID can be changed to any alphanumeric value with a maximum of 32 characters.

Radio Mode: Select your preferred radio mode from the Radio Mode menu. The TZ 170 Wireless supports the following modes:

Regulatory: Specifies the regulatory domain--the country whose radio broadcasting rules the security appliance must obey. FCC - North America is displayed as the Regulatory Domain. This field is determined by the ROM code, and cannot be changed by the user.

Country Code: Specifies the country whose radio broadcasting rules the security appliance must obey.

Channel: Select the channel for transmitting the wireless signal from the Channel menu. An AutoChannel setting allows the TZ 170 Wireless to automatically detect and set the optimal channel for wireless operation based upon signal strength and integrity. AutoChannel is the default channel setting, and it displays the selected channel of operation to the right. Alternatively, an operating channel within the range of your regulatory domain can be explicitly defined.

Secure Wireless Bridging

Wireless Bridging is a feature that allows two or more physically separated networks to be joined over a wireless connection. The TZ 170 Wireless provides this capability by shifting the radio mode at remote networks from Access Point mode to Wireless Bridge mode. Operating in Wireless Bridge mode, the TZ 170 Wireless connects to another TZ 170 Wireless acting as an access point, and allows communications between the connected networks via the wireless bridge.

Secure Wireless Bridging employs a WiFiSec VPN policy, providing security to all communications between the wireless networks. Previous bridging solutions offered no encryption, or at best, WEP encryption.

Configuring a Secure Wireless Bridge

When switching from Access Point mode to Wireless Bridge mode, all clients are disconnected, and the navigation panel on the left changes to reflect the new mode of operation.

To configure a secure wireless bridge, follow these steps:

  1. Click Wireless, then Settings.
  2. In the Wireless Radio Mode section, select Wireless Bridge from the Radio Role menu. The TZ 170 Wireless updates the interface. The left-navigation menu changes to reflect the choices that apply to configuring a secure wireless bridge.
  3. In the left-navigation menu, click Status under Wireless. Any available access point is displayed at the bottom of the Status page. Click the Connect icon to establish a wireless bridge to another TZ 170 Wireless.
  4. In the left-navigation menu, click Settings under Wireless. Configure the WLAN settings for the wireless connection as follows:
    1. Configure the SSID on all TZ 170 Wireless to the SSID of the Access Point.
    2. Configure the WLAN for all TZ 170 Wireless must be on the same subnet.
    3. LAN IP address for all TZ 170 Wireless must be on different subnets.

For example, in the previous network diagram, the TZ 170 Wireless are configured as follows:

Network Settings for the Example Network

Device
Mode
SSID
Channel
LAN IP Address
WLAN IP Address
TZ 170 Wireless1
Access Point
myWLAN
1
10.10.10.254/24
172.16.31.1/24
TZ 170 Wireless2
Wireless Bridge
myWLAN
1 (auto)
10.20.20.254/24
172.16.31.2/24
TZ 170 Wireless3
Wireless Bridge
myWLAN
1 (auto)
10.30.30.254/24
172.16.31.3/24
TZ 170 Wireless4
Access Point
otherWLAN
6
10.30.30.253/24
172.16.31.1/24

Wireless Bridging (without WiFiSec)

To provide compatibility with other non-WiFiSec wireless access points, the TZ 170 Wireless supports a non-secure form of wireless bridging, but insecure wireless communications should only be employed when data is non-sensitive. By default, WiFiSec Enforcement is enabled on Wireless Settings for Wireless Bridge Mode. To connect to a non-WiFiSec access point, this checkbox must be disabled. Since VPN tunnels are not established in non-secure Wireless Bridging deployments, traffic routes must be clearly defined for both the Access Point and the Bridge Mode sites:

- Referring to the example above, the default route on TZ 170 Wireless2 and TZ 170 Wireless3 is set via their WLAN interfaces to 172.16.31.1.

Configuring VPN Policies for the Access Point and Wireless Bridge

Access Point

After Wireless Settings are defined, the WiFiSec connections (VPN Policies) must be configured. The VPN Policies are defined as would any other site-to-site VPN policy, typically with the following in mind:

Referring to the example network, the Access Point TZ 170 Wireless has the following two VPN Policies defined:

Configuration for VPN Policies

  1. Click Network.
  2. Under Local Networks, select Choose local network from list and select LAN Interface IP.
  3. Under Destination Networks, select Choose destination network from list and select or create an address object for the destination (Site_A - 10.20.20.0 or Site_B - 10.30.30.0 in the example).


  4. Click Advanced.
  5. Select Enable Keep Alive.
  6. Select Enable Windows Networking (NetBIOS) Broadcast.
  7. Click OK to close the window, and then click Apply for the settings to take effect on the SonicWALL.

Wireless Bridge VPN Policy

The Wireless Bridge VPN Policy is configured as follows:

  1. Click VPN, then Configure.
  2. Select IKE using Preshared Secret from the IPsec Keying Mode menu.
  3. Enter a name for the SA in the Name field.
  4. Type the IP address of the Access Point in the IPsec Gateway field. In our example network, the IP address is 172.16.31.1.
  5. Select Use this VPN Tunnel as default route for all Internet traffic from the Destination Networks section.

Click OK to close the window, and then click Apply for the settings to take effect on the security appliance.


www.SonicWALL.com
SonicWALL, Inc.
http://www.sonicwall.com
1160 Bordeaux Drive
Sunnyvale, CA 94089-1209
Table of ContentsPreviousNextIndex