Solved

Use Sonicpoints on the X0 (LAN Port)

Posted on 2013-12-03
3
2,541 Views
Last Modified: 2013-12-23
Hello All,
We have a sonicpoint that is plugged into the same switch as the rest of the network due to building restrictions. So all of the network lines and sonicpoint come to the sonicwall to x0. Is there a way to set this up? The sonicwall won't event detect that the sonicpoint is there.
Its a TZ125. Please help.
0
Comment
Question by:portillosjohn
  • 2
3 Comments
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39694069
Hi portillosjohn,

What is the model of the SonicWALL, e.g. (TZ215, NSA 3600, etc)?

X0 is reserved by default for the LAN. You need to assign another port, say X2, other than X0 and X1 (WAN) to the SonicPoint. Here is a step-by-step on how to do so:

Part One: Configuration on the SonicWALL Appliance

1. Assigning an available Interface to the WLAN Zone

A Wireless interface is an interface that has been assigned to a Wireless zone and is used to support SonicWALL SonicPoint secure access points.

1. Log into the SonicWALL Management GUI, go to Network > Interfaces.
2. Click on the Configure icon in the Configure column for the Interface you want to modify. The Edit Interface window is displayed. You can configure X2 through X9, Opt, a VLAN sub-interface or a PortShield interface.
3. In the Zone list, select WLAN or a custom Wireless zone.
4. Enter the IP address (172.16.31.1) and subnet mask (255.255.255.0) of the Zone in the IP Address and Subnet Mask fields.
5. In the SonicPoint Limit field, select the maximum number of SonicPoints allowed on this interface. (you can accept the default value)
6. Enter any optional comment text in the Comment field. This text is displayed in the Comment column of the Interface table.
7. Uncheck all supported management protocol(s): HTTP, HTTPS, SSH, Ping, SNMP, and/or SSH. (We are not allowing wireless clients to manage the SonicWALL to ensure complete security).
8. Click OK.

2. Configuring the WLAN Zone

1. Go to Network > Zones; Click the Edit icon for the WLAN zone. The Edit Zone window is displayed.
2. In the General tab, uncheck Allow Interface Trust. Select any of the following settings to enable the SonicWALL Security Services on the WLAN Zone.
      – Enforce Content Filtering Service - Enforces content filtering on multiple interfaces in the same Trusted, Public and WLAN zones.
      – Enforce Client Anti-Virus Service - Enforces managed anti-virus protection on multiple interfaces in the same Trusted, Public or WLAN zones. SonicWALL Client Anti-Virus manages an anti-virus client application on all clients on the zone.
      – Enable Gateway Anti-Virus - Enforces gateway anti-virus protection on multiple interfaces in the same Trusted, Public or WLAN zones. SonicWALL Gateway Anti-Virus manages the anti-virus service on the SonicWALL appliance.
      – Enable IPS - Enforces intrusion detection and prevention on multiple interfaces in the same Trusted, Public or WLAN zones.
      – Enable Anti-Spyware Service - Enforces anti-spyware detection and prevention on multiple interfaces in the same Trusted, Public or WLAN zones.
      – Enforce Global Security Clients - Enforces security policies for Global Security Clients on multiple interfaces in the same Trusted, Public or WLAN zones.
3. Click the Wireless tab, select Only allow traffic generated by a SonicPoint to allow only traffic from SonicWALL SonicPoints to enter the WLAN Zone interface. This allows maximum security of your WLAN.
4. Uncheck SSL-VPN Enforcement (if enabled: requires all traffic that enters into the WLAN Zone be authenticated through a SonicWALL SSL-VPN appliance)
5. Uncheck WiFiSec Enforcement. (All wireless clients must connect to the SonicWALL via the SonicWALL Global VPN Client if they wish to access anything (policy-allowed LAN resources, policy-allowed WAN access, and other wireless clients)).
6. When WiFiSec Enforcement is enabled, you can specify services that are allowed to bypass the WiFiSec enforcement by checking WiFiSec Exception Service and then selecting the service you want to exempt from WiFiSec enforcement.
7. Uncheck Require WiFiSec for Site-to-Site VPN Tunnel Traversal (if enabled: requires WiFiSec security for all wireless connections through the WLAN zone that are part of a site-to-site VPN.)
8. Uncheck Trust WPA traffic as WiFiSec. (This allows WPA to be used as an alternative to WiFiSec.)
9. Under the SonicPoint Settings heading, select the SonicPoint Provisioning Profile you want to apply to all SonicPoints connected to this zone. Whenever a SonicPoint connects to this zone, it will automatically be provisioned by the settings in the SonicPoint Provisioning Profile, unless you have individually configured it with different settings.
10. Click the Guest Services tab. Uncheck Enable Wireless Guest Services (You can enable this if you are planning to provide Wireless Guest Users but we're focusing on just getting it setup first and foremost)
11. Click OK to apply these settings to the WLAN zone.

3. Configuring SonicPoint Profiles (Wireless settings – enabling WPA-PSK encryption)

SonicPoint Provisioning Profiles provide a scalable and highly automated method of configuring and provisioning multiple SonicPoints across a Distributed Wireless Architecture. SonicPoint Profile definitions include all of the settings that can be configured on a SonicPoint, such as radio settings for the 2.4GHz and 5GHz radios, SSID’s, and channels of operation. Once you have defined a SonicPoint profile, you can apply it to a Wireless zone.
1. Go to SonicPoint > SonicPoints.
2. To add a new profile click Add below the list of SonicPoint provisioning profiles. To edit an existing profile, select the profile and click the edit icon in the same line as the profile you are editing.
3. In the General tab of the Add Profile window, specify:
      – Select Enable SonicPoint.
      – Name Prefix: Enter a prefix for the names of all SonicPoints connected to this zone. When each SonicPoint is provisioned, it is given a name that consists of the name prefix and a unique number, for example: “SonicPoint 126008.”
      – Country Code: Select the country where you are operating the SonicPoints. The country code determines which regulatory domain the radio operation falls under.
4. In the 802.11g tab, Configure the radio settings for the 802.11g (2.4GHz band) radio:
      – Select Enable 802.11g Radio
      – SSID: Enter a recognizable string for the SSID of each SonicPoint using this profile. This is the name that will appear in clients’ lists of available wireless connections. (For example: SonicLAB)
TIP: If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint to another.
      – ACL Enforcement: Select this to enforce Access Control by allowing or denying traffic from specific devices. Select a MAC address group from the Allow List to automatically allow traffic from all devices with MAC addresses in the group. Select a MAC address group from the Deny List to automatically deny traffic from all devices with MAC addresses in the group. The deny list is enforced before the Allow list.
      – Authentication Type: Select WPA – PSK and enter a Passphrase (Min 8 - Max 63 characters)
5. In the 802.11g Advanced tab, configure the performance settings for the 802.11g radio. For most 802.11g advanced options, the default settings give optimum performance.

The settings in the 802.11a Radio and 802.11a Advanced tabs are similar to the settings in the 802.11g Radio and 802.11g Advanced tabs.

4. Connecting a SonicPoint Device to the SonicWALL Appliance

1. Now go ahead and physically connect the SonicPoint LAN port to the WLAN Interface port on the SonicWALL Appliance

TIP: If you had already connected the SonicPoint; unplug and plug-in the cable from the port, this will ensure that the SonicPoint provisioning profile is accurately synchronized.

Part Two: Configure the Wireless client computer

1. Connectivity using the Wireless client for initial association with the WLAN Zone.

Add clients as you typically would to the SSID and test the Connection: You should be able to access the LAN resources of the SonicWALL.Let me know how it goes!
0
 

Author Comment

by:portillosjohn
ID: 39714301
It worked great. I can't join the domain nor logon to the domain from the WLAN. Should I be able to ?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39716061
Yes, by default Zone are denied access. Go to Network > Access Rules and change WLAN > LAN from deny to allow and the same with LAN > WLAN.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now