Filter
Top Products
74
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
C
HAPTER
11:
Configuring Zones
4
Click the Wireless tab.
5
In the Wireless Settings section, select WiFiSec Enforcement to require that all traffic that
enters into the WLAN Zone interface be either IPSec traffic, WPA traffic, or both. With WiFiSec
Enforcement enabled, all non-guest wireless clients connected to SonicPoints attached to an
interface belonging to a Zone on which WiFiSec is enforced are required to use the strong security
of IPSec. The VPN connection inherent in WiFiSec terminates at the “WLAN GroupVPN”, which
you can configure independently of “WAN GroupVPN” or other Zone GroupVPN instances.
6
If you have enabled WiFiSec Enforcement, you can select Require WiFiSec for Site-to-Site
VPN Tunnel Traversal to require WiFiSec security for all wireless connections through the WLAN
zone that are part of a site-to-site VPN.
7
Click Trust WPA traffic as WiFiSec to accept WPA as an allowable alternative to IPSec. Both
WPA-PSK (Pre-shared key) and WPA-EAP (Extensible Authentication Protocol using an external
802.1x/EAP capable RADIUS server) will be supported on SonicPoints.
8
Under the SonicPoint Settings heading, select the SonicPoint Provisioning Profile you want to
apply to all SonicPoints connected to this zone. Whenever a SonicPoint connects to this zone, it
will automatically be provisioned by the settings in the SonicPoint Provisioning Profile, unless you
have individually configured it with different settings.
9
Click the Guest Services tab. You can choose from the following configuration options for
Wireless Guest Services:
Enable inter-guest communication - allows guests connecting to SonicPoints in this WLAN
Zone to communicate directly and wirelessly with each other.
Bypass Guest Authentication - allows a SonicPoint running WGS to integrate into
environments already using some form of user-level authentication. This feature automates the
WGS authentication process, allowing wireless users to reach WGS resources without
requiring authentication. This feature should only be used when unrestricted WGS access is
desired, or when another device upstream of the SonicPoint is enforcing authentication.
Enable Dynamic Address Translation (DAT) - Wireless Guest Services (WGS) provides spur
of the moment “hotspot” access to wireless-capable guests and visitors. For easy connectivity,
WGS allows wireless users to authenticate and associate, obtain IP settings from the TZ 170
Wireless DHCP services, and authenticate using any web-browser. Without DAT, if a WGS
user is not a DHCP client, but instead has static IP settings incompatible with the TZ 170
Wireless WLAN network settings, network connectivity is prevented until the user’s settings
change to compatible values.
Dynamic Address Translation (DAT) is a form of Network Address Translation (NAT) that
allows the TZ 170 Wireless to support any IP addressing scheme for WGS users. For example,
the TZ 170 Wireless WLAN interface is configured with its default address of 172.16.31.1, and
one WGS client has a static IP Address of 192.168.0.10 and a default gateway of 192.168.0.1,
while another has a static IP address of 10.1.1.10 and a gateway of 10.1.1.1, and DAT enables
network communication for both of these clients.
Bypass Guest Authentication - allows guests connecting from the device or network you
select to connect without requiring guest authentication. Select the MAC address, IP Address,
or subnet for which to bypass authentication.
Redirect SMTP traffic to - redirects SMTP traffic incoming on this zone to an SMTP server you
specify. Select the address object to redirect traffic to.
Deny Networks - blocks traffic from the networks you name. Select the subnet, address group,
or IP address to block traffic from.
Pass Networks - automatically allows traffic through the WLAN zone from the networks you
select.
Custom Authentication Page - redirects users to a custom authentication page when they
first connect to a SonicPoint in the WLAN zone. Click Configure to set up the custom
authentication page. Enter either a URL to an authentication page or a custom challenge
statement in the text field, and click OK.