SonicWALL routers provide excellent security by enabling secure communications with remote employees and wireless users. The device's wireless configuration wizard simplifies the task of configuring secure wireless communications. Here's how you configure wireless security on a SonicWALL device.
Wireless networking is a business necessity within most organizations. From traveling employees to guest visitors, wireless networks often prove the best method for connecting these users to e-mail, the Internet and local file shares.
Numerous challenges arise when wireless networks are deployed. Besides ensuring a wireless access point produces sufficient radio strength throughout a work area, such network communications also must be secure. In addition to making it difficult for unauthorized users to access the wireless network, organizations must take steps to encrypt data that passes between wireless devices and the wireless access point itself.
Several SonicWALL routers boast wireless connectivity. As with most any wireless-enabled router today, SonicWALL models also feature security technologies aimed at protecting wireless transmissions.
Wireless-specific versions of SonicWALL’s TZ 150, TZ 170, TZ 180 and TZ 190 models support wireless networks. All of SonicWALL’s latest PRO series devices (including the 1260, 2040, 3060, 4060, 4100 and 5060 models) support optional 802.11 wireless networking.
Combined with an appropriate TZ or PRO model, SonicWALL SonicPoint devices enable extending secure wireless technology throughout an entire facility. A TZ 170 appliance, for example, automatically detects SonicPoints deployed on the network. Security settings can then be configured from the TZ 170’s interface, which enables centralized administration. Here’s what’s involved configuring wireless network settings and security using a SonicWALL TZ 170 appliance.
SonicWALL Wireless Configuration Wizard
To access SonicWALL’s Wireless Configuration Wizard, log on to the SonicWALL router, then click the Wireless button found within the left navigation bar of SonicWALL’s Web-based management interface. The Wireless Status page will be displayed. Click the Wireless Wizard button that appears toward the top-right of the screen.
The SonicWALL Wireless Configuration Wizard will appear. Click the Next button to proceed with the wireless administration utility.
The wizard’s first step will appear as seen in Figure A. Step one addresses wireless local area network (WLAN) network settings. You must specify the WLAN IP address and subnet mask before continuing. In addition, a checkbox is provided for enabling Windows networking support between the wired local area network and the WLAN. Be sure to check the box to enable communication between the LAN and WLAN. Then, click Next.
Step one of the Wireless Configuration Wizard requires specifying a WLAN IP address and subnet mask.
Step two requires setting the Service Set ID (SSID), radio mode, country code and channel. The SonicWALL wizard provides a blank field for specifying the SSID. The default SSID is sonicwall. Consider changing the SSID to a value that reveals nothing about the organization or office in which it is deployed. I typically deploy SSIDs as HomeNetwork and BusinessNetwork, as doing so provides potential hackers with less information about a network (particularly in more heavily populated areas such as apartments and office parks).
On most SonicWALL routers, including the popular TZ 170 wireless model, three radio modes are available: 2.4GHz 802.11 b, 2.4GHz 802.11g or 2.4GHz 802.11g and b Mixed mode. Using the provided drop-down menu, select the mode you wish to use within your organization.
It’s a good idea to change the default SSID when deploying any wireless network.
Units shipped within North America typically feature two country codes: United States (US) and Canada. Using the Country Code drop-down menu, specify the appropriate code.
The last item to configure within Step 2: WLAN 802.11b/g Settings is the channel. Channels one through 11 are available options. Or, AutoChannel is an alternative choice and, in fact, the default. Choosing AutoChannel allows the wireless network equipment to automatically negotiate the best channel settings. Once the channel is specified, clicking Next continues to the next step.
Step 3: WLAN Security Settings enables configuring one of three security modes for the
SonicWALL wireless router. The three security mode choices are:
- WiFiSec VPN Security – The default selection, WiFiSec VPN Security creates an IPSec-powered VPN over which the wireless traffic travels.
- WEP + Stealth Mode – Utilizes Wired Equivalent Protection (WEP) to secure wireless communications.
- Connectivity – Implements wireless communications featuring no encryption or access controls.
When selecting WiFiSec VPN Security and clicking Next, the Step 4: WiFiSec – VPN Client User Authentication page appears. This step helps create a user name and password for a new user with VPN client access privileges. The WLAN WiFiSec security setting will enable the SoniCWALL Group VPN feature. If you wish to edit user privileges, you can log on to the SonicWALL router’s Web-based administrative interface and edit user permissions by clicking Users | Settings.
After a user name and password are supplied, click Next to proceed to the wizard’s fifth step. The Step 5: Wireless Guest Services screen allows you to enable guest wireless access while also specifying the guest account name, password and account and session lifetimes.
Once these values are supplied, click Next to view a Wireless Configuration Summary. Clicking Apply prompts the SonicWALL Configuration Wizard to apply the settings and configuration parameters you’ve entered into the wizard. When the wizard completes, a confirmation page should then appear (with a Finish button being the only available option).
The Wireless Configuration Summary confirms settings, and enables administrators to review configuration details, before the wizard makes changes.
If, when completing the Wireless Configuration Wizard, you select WEP + Stealth Mode in Step 3, the wizard’s fourth step will prompt you to provide WEP information. The Step 4: WEP + Stealth Mode Settings screen enables configuring 64- or 128-bit WEP encryption. Select the value you require from the WEP Key Mode drop-down box. Once the WEP mode is specified, you must enter the actual WEP key, which you can do using alphanumeric or hexadecimal text. Select the appropriate radio button and click Next. Completing the wizard, using WEP and Stealth Mode Settings, then completes the same as when selecting WiFiSec VPN Security.
Wireless Status Information
With the wizard complete, the SonicWALL’s wireless network configuration goes live. You may confirm proper configuration by logging on to the SonicWALL appliance and clicking Wireless. The Wireless | Status page appears. In addition to displaying WLAN Settings, the menu also displays WLAN Statistics and Station Status information as shown in Figure D.
The SonicWALL Wireless Status screen displays critical WLAN information.
Within WLAN Settings, the SonicWALL Web-based administration interface tracks whether the WLAN is enabled, as well as the active SSID, WLAN IP address, WLAN subnet mask, channel in use, radio transmission rate, authentication type, MAC filter status and more.
The WLAN Statistics menu tracks receive and transmission statistics for unicast and multicast frames, total packets, total bytes, discards, aborted frames and more.
Station Status, meanwhile, lists the names, signal strength and authentication status, among other items, for all wirelessly connected systems.
Editing wireless settings
In the event preconfigured wireless network settings must be changed, repeating the Wireless Configuration Wizard is unnecessary. Instead, you can manually edit required settings. To manually update WLAN settings, log on to the SonicWALL router and click Wireless from the SonicWALL Web-based management console. Six items appear within the Wireless sub-navigation menu: Status, Settings, WEP/WPA Encryption, Advanced, MAC Filter List and IDS. Figure E shows what it looks like.
SonicWALL’s Wireless Settings sub menu enables tweaking the WLAN IP address, subnet mask, SSID and more.
To disable the wireless LAN, change security and encryption parameters or update the radio role (Access Point and Wireless Bridge are the two options), change SSID or re-configure WLAN IP address, radio mode, country code or channel, click Settings. Make the required changes within the Settings menu, then click the Apply button to save and enable the changes.
To actually change encryption authentication type (such as migrating from WEP to WPA), click the WEP/WPA Encryption button found on the SonicWALL’s left navigation bar. Using the WEP/WPA Encryption menu, you can configure encryption level and security keys.
From the Advanced menu, reached by clicking the Advanced button from within the Wireless sub-navigation menu, you can adjust beacon interval (and hid the SSID within the beacon). You can also specify the maximum number of permitted client associations (the default is 32 on the TZ 170). Other Advanced settings include antenna diversity and transmission power. Once changes are made, remember the Apply button must be pressed to save and implement any updates that are made. Should you wish to return Advanced settings to factory presets, click the Restore Default Settings button, which is found at the very bottom of the page.
Organizations wishing to allow or deny wireless connections to specific systems can implement MAC filtering. When MAC addresses are entered into the SonicWALL’s MAC Filter List, you can choose to Allow or Block communications for each device that is entered. You can also enter comments, such as Guest system or Unknown workstation from neighboring company, within a Comment field to help other IT professionals better understand why certain systems have been allowed or denied specific wireless access.
To filter devices based on their media access control addresses, click MAC Filter List and then click the Add button. Supply the MAC address of the system, supply any relevant comment, and then (using the Action drop-down menu) specify Allow or Block. When you’re done, click OK to add the entry to the MAC Filter List.
SonicWALL’s wireless-equipped routers also include intrusion detection capabilities. Click IDS from the Wireless sub menu to access the feature. Besides logging nearby access points (within the Discovered Access Points section), the IDS page allows you to enable probing, flood detection and rogue access points. Using the Authorized Access Points menu, you can add specific entries for access points for which you wish to allow WLAN operation. Just click the Add button, enter the station’s BSSID and any relevant comment, then click OK.
SonicWALL routers provide excellent security by enabling secure communications with remote employees and wireless users. The device’s wireless configuration wizard simplifies the task of configuring secure wireless communications. Sometimes settings must be tweaked or customized, however. The SonicWALL’s Web-based management interface simplifies the process of not only monitoring active WLAN connections, but customizing wireless communications as required.