SonicWall Package Aids WLAN Security

By Andrew Garcia  |  Posted 2004-07-26 Email Print this article Print
 
 
 
 
 
 
 

The company's Distributed Wireless Solution unites functions but doesn't scale well.

SonicWall Inc.'s Distributed Wireless Solution merges the security benefits of wireless gateways with the access point management features of wireless switch systems on a single platform that provides wireless LAN encryption, packet and application layer filtering, user authentication, access point management, and rogue detection.



Click here to read the full review of Distributed Wireless Solution.

SonicWall Inc.'s Distributed Wireless Solution merges the security benefits of wireless gateways with the access point management features of wireless switch systems on a single platform that provides wireless LAN encryption, packet and application layer filtering, user authentication, access point management, and rogue detection.

However, Distributed Wireless Solution, which started shipping last month, does not scale as well as competitive offerings, and administrators could encounter some tricky management woes.

eWEEK Labs tested Distributed Wireless Solution using two 802.11 a-/b-/g-compliant SonicPoint access points (priced at $645 each) and SonicWall's new Gigabit-Ethernet-enabled Pro 5060f firewall appliance (which starts at $12,495) running SonicOS Enhanced 2.5.0.2 firmware.

The Pro 5060f firewall appliance manages SonicPoint configuration profiles, pushing the proper network settings and security parameters to the access points. The Pro 5060f performs packet and application-layer filtering on all traffic by terminating all connections from wireless clients. (The appliance includes a one-year subscription to SonicWall's Intrusion Prevention Service).

Hardware provisioning was straightforward in tests. We configured several SonicPoint Provisioning Profiles, which let us determine default network names, radio-frequency characteristics and encryption requirements. Each profile is assigned to a zone determined by a connection to a physical port on the appliance.

When SonicPoints first boot up, they request profile information from the appliance via a Layer 2 broadcast protocol and automatically configure themselves according to their zone.

Each SonicPoint has two configuration profiles: the centrally managed profile and a stand-alone-mode profile to which the device defaults when a governing appliance is not available. We see limited benefits to this, however: If the governing appliance goes out of service, DHCP (Dynamic Host Configuration Protocol) and gateway services are likely to fail as well, denying access to users beyond the local subnet.

Stand-alone profiles must be configured manually and individually (via SonicWall's own Secure HTTP interface) to at least change the default administrative password and IP address. (Each unit automatically defaults to the same IP address.) This need for individual configuration negates much of the appeal of "thin" access points.

In tests, clients roaming among SonicPoints in the same zone maintained connection-based sessions, although handoff times could be high.

Roaming among zones on the same appliance requires administrators to install SonicWall Global VPN software on all client machines, and roaming to a different appliance requires a full reauthentication because Distributed Wireless Solution doesn't have a master controller for the entire network.

SonicWall could improve management from browsers other than Internet Explorer. Tests using Mozilla 1.7 and FireFox 0.91 revealed display irregularities that omitted some key management pages and mislabeled others.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.com's Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.

Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page

 
 
 
 
 
 
 
 
 
























 
 
 
 
 
 

Submit a Comment

Loading Comments...
























 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date