SonicWALL SonicPoint User manual
COMPREHENSIVE INTERNET SECURITY™
SonicWALL SonicPoint
Quick Start Guide
SonicWALL SonicPoint Quick Start Guide Page 1
SonicPoint Quick Start Guide
Thank you for purchasing a SonicWALL SonicPoint. The SonicPoint is a key component of SonicWALL’s
Distributed Wireless Solution to secure wireless networks. The SonicPoint provides secure wireless
access to your network using the SonicWALL Global VPN Client (SonicWALL GVC) or Global Security
Client (SonicWALL GSC) on wireless clients combined with integrated management from a SonicWALL
TZ 170 or PRO series security appliance running SonicOS Enhanced 2.5 (or higher).
The SonicPoint Quick Start Guide provides instructions for setting up your SonicWALL SonicPoint,
configuring your SonicWALL security appliance to manage the SonicPoint and support secure WiFiSec
connections from wireless clients, and setup wireless clients to securely connect to your network using the
SonicWALL Global VPN Client or Global Security Client. After you complete this guide, refer to the
SonicWALL SonicOS Enhanced 2.5 Administrator’s Guide for more detailed information.
Note: The latest version of the SonicPoint Quick Start Guide, SonicPoint Administrator’s Guide, SonicOS
Enhanced 2.5 Administrator’s Guide, and all other SonicWALL product documentation is available on the
SonicWALL web site at <http://www.sonicwall.com/services/documentation.html>.
Before You Begin
Check Package Contents
• One SonicWALL SonicPoint
• One SonicPoint Quick Start Guide
• One SonicPoint Regulatory Statement
• One SonicPoint Resource CD
• One Ethernet cable
• One 12 volt DC power supply
• One power cord*
• One mounting plate
• One wall mount kit
*A power cord is included only with units shipped to North America.
Any Items Missing?
If any items are missing from your package, contact SonicWALL, Inc.
•Web:<http://www.sonicwall.com/support/>
• Phone: (888) 777-1476
Page 2
Overview of the SonicWALL SonicPoint Hardware
The front panel of the SonicPoint has the following six LEDs (from left to right):
•Power - The Power LED blinks when the device is powering up. After the SonicPoint is powered up,
the Power LED turns steady.
•WLAN 2.4 GHz Radio - The 2.4 GHz Radio LED blinks at a constant rate when the SonicPoint is
ready to receive traffic, and blinks at a variable rate while transferring data with connected 802.11g/b
stations.
•WLAN 5.0 GHz Radio - The 5 GHz Radio LED blinks at a constant rate when the SonicPoint is ready
to receive traffic, and blinks at a variable rate while transferring data with connected 802.11a stations.
•LAN 10/act - The LAN 10/act LED blinks to indicate 10Mb LAN activity.
•LAN link - The LAN link LED illuminates steadily to indicate physical layer connectivity.
•LAN 100/act - The LAN 100/act LED blinks to indicate 10Mb LAN activity.
The back panel of the SonicPoint has the following three connections:
•Power - Connect the 12.0 volt DC power supply connector to the power port, if you are not using the
SonicWALL Power over Ethernet Injector (SonicWALL PoE Injector) through the LAN connector.
•LAN / PoE - To connect the SonicPoint to your SonicWALL PRO series security appliance, connect an
Ethernet cable to the SonicPoint LAN port. If you are not using the 12.0 volt DC power supply, connect
the SonicWALL PoE Injector to the SonicPoint LAN port.
•Console - To display bootup and diagnostic messages through the command-line interface (CLI),
connect one end of an RS-232 serial cable to the SonicPoint console port and the other end to your
work station.
Power
LAN:
Link, 10/100, Activity Console Port
LAN Port
Power
2.4 GHz
Radio
5.0 GHz
Radio
WLAN WLAN Power over Ethernet
SonicWALL SonicPoint Quick Start Guide Page 3
What You Need to Get Connected
• A SonicWALL SonicPoint
• A SonicWALL PRO series security appliance running SonicOS Enhanced 2.5 (or higher)
• An interface on the SonicWALL security appliance configured as part of a Wireless zone
• A location selected for placement of your SonicPoint. You can mount the SonicPoint on any surface,
on the wall, or the ceiling. For mounting instructions, refer to the SonicPoint Regulatory Statement
included in your SonicPoint package.
• SonicWALL GVC or SonicWALL GSC running on your wireless clients
SonicPoint Configuration Steps
Setting up your SonicPoint as part of a complete SonicWALL Distributed Wireless Solution involves the
following steps:
Step 1: “Applying Power to the SonicPoint” on page 3
Step 2: “Configuring a Wireless Zone” on page 4
Step 3: “Configuring the Default SonicPoint Profile” on page 6
Step 4: “Connecting the SonicPoint to the Network” on page 8
Step 5: “Enabling Secure Wireless Connections” on page 9
Step 6: “Connecting Wireless Clients to the SonicPoint” on page 13
Step 7: “Registering Your SonicPoint” on page 16
Note: The configuration steps in this guide cover setting up your SonicPoint in managed mode as part of
the SonicWALL Distributed Wireless Solution. To manage the SonicPoint in stand-alone mode, refer to the
SonicWALL SonicPoint Administrator’s Guide, available on your resource CD or from the SonicWALL web
site at <http://www.sonicwall.com/services/documentation.html>.
Applying Power to the SonicPoint
Attach the power supply to the power cord. Plug the power adapter into the SonicPoint and plug the
other end into a power outlet.
The Power light turns green when power is applied to the SonicPoint.
1
Page 4
Applying Power with the SonicWALL Power over Ethernet Injector
If you are using the SonicWALL Power over Ethernet Injector (SonicWALL PoE Injector), you do not need
to plug a separate power cord into the SonicPoint. The SonicPoint has the option of receiving power
through the Ethernet cable inserted into its LAN port for enhanced deployment flexibility.
Note: For more information on the SonicWALL PoE Injector, visit <http://www.sonicwall.com/products>.
To apply power with the SonicWALL PoE injector:
1. Plug the power cord of the SonicWALL PoE injector into the power outlet.
2. Connect an Ethernet cable to the Data and Power out port on the SonicWALL PoE injector and
connect the other end of the cable to the LAN port on the back of your SonicPoint.
Configuring a Wireless Zone
SonicOS Enhanced 2.5 (or higher) running on a SonicWALL security appliance provides you with
a Wireless zone type. SonicOS automatically searches for SonicPoints connected to a Wireless
zone and configures them with the default profile for that zone. SonicOS only allows traffic from a
SonicPoint to pass through a Wireless zone. All traffic coming into the zone from a device other
than a SonicPoint is dropped. SonicOS Enhanced 2.5 (or higher) offers a default Wireless zone
called the “WLAN” zone.
Note: You can create custom Wireless zones to manage different levels of security. When you create the
new zone, select Wireless for the Zone Type. For instructions on creating custom zones, refer to the
SonicWALL SonicOS Enhanced Administrator’s Guide, available on your resource CD or from the
SonicWALL web site at <http://www.sonicwall.com/services/documentation.html>.
SonicWALL
PoE Injector
Data in
Data and
Power out
To SonicWALL security appliance
To power source
Ethernet cable
LAN
2
SonicWALL SonicPoint Quick Start Guide Page 5
Configuring a WLAN Zone Interface on the SonicWALL Security Appliance
To configure an interface on the WLAN zone:
1. With a web browser, connect to your SonicWALL security appliance and open the SonicOS
management interface.
2. Click on Network in the left-navigation menu.
3. In the Network > Interfaces page, select a port or interface to assign to the WLAN zone. On a TZ 170
appliance, select the OPT port. On a PRO series appliance, select an unassigned interface
(X2 through X5). Click the edit icon .
4. In the Edit Interface window, select WLAN from the Zone list.
5. Enter an IP address range and netmask for the interface in the IP Address and Subnet Mask field.
For example, an IP address range of 172.32.16.1 and a subnet of 255.255.255.0. Click OK.
6. Use this interface when you connect a SonicPoint to your SonicWALL PRO series security appliance.
Then the SonicPoint is automatically connected to the Wireless zone.
Note: You can assign several interfaces to the same Wireless zone.
Page 6
Configuring the Default SonicPoint Profile
When you connect a SonicPoint to a Wireless zone interface on your security appliance running
SonicOS Enhanced 2.5 (or higher), SonicOS automatically configures the SonicPoint with the
settings in the default SonicPoint profile for that zone.
You can manage the profile and therefore manage all SonicPoints on your network from your SonicWALL
security appliance. The SonicPoint profile is applied to the SonicPoint automatically when you connect the
SonicPoint to a WLAN zone.
To configure the default SonicPoint Profile:
1. Open the management interface of your SonicWALL security appliance.
2. Click on Wireless in the left-navigation menu, and then click on SonicPoints.
3. In the SonicPoint Provisioning Profiles list, select the default SonicPoint profile and click the edit
icon .
3
SonicWALL SonicPoint Quick Start Guide Page 7
4. In the Edit SonicPoint Profiles window, you can configure the radio settings and the SSIDs of the
SonicPoints in the WLAN zone. You should at least set the SSIDs in the 802.11a Radio tab and in the
802.11g Radio tab to a recognizable value. The default is SonicWALL, but you can assign any SSID
value.
Note: You can add additional profiles and assign them to different Wireless zones. For more information
about configuring a SonicPoint from the SonicOS management interface, refer to the SonicWALL SonicOS
Enhanced 2.5 Administrators Guide. The latest version of the SonicWALL SonicOS Enhanced 2.5
Administrator’s Guide is available on the SonicWALL web site at
<http://www.sonicwall.com/services/documentation.html>.
Page 8
Connecting the SonicPoint to the Network
If you are not using a SonicWALL PoE Injector, connect one end of an Ethernet cable to the
WLAN zone interface that your created earlier on the SonicWALL security appliance and the
other end of the cable to either the LAN port on the SonicPoint, or any Layer 2 hub or switch.
If you are using a SonicWALL PoE Injector, connect one end of the Ethernet cable to the WLAN zone
interface that you created earlier and the other end of the cable to the Data in port on the SonicWALL PoE
Injector. Connect the Data and Power out port on the SonicWALL PoE Injector to the LAN port on your
SonicPoint.
The link LED lights up to indicate an active connection.
Note: It takes approximately one minute for the SonicWALL security appliance to auto-provision the
SonicPoint. At the end of this process, your SonicPoint is configured with the settings in the default
SonicPoint provisioning profile.
Your SonicPoint should automatically display in the list on the Wireless > SonicPoints page. If it does not:
• Check that the SonicPoint is properly connected to the SonicWALL security appliance.
• Make sure the interface the SonicPoint is connected to is configured as part of a Wireless zone (WLAN
by default).
• Click the Synchronize SonicPoints button near the top-right corner of the page.
4
SonicWALL SonicPoint Quick Start Guide Page 9
Enabling Secure Wireless Connections
Enabling a secure wireless connection through your SonicPoint involves the following
configuration steps in the management interface of your SonicWALL security appliance and on
the wireless clients:
•“Verifying WiFiSec Enforcement is Enabled on the WLAN Zone” on page 9
•“Enabling the WLAN GroupVPN Policy on Your Wireless Zone” on page 10
•“Configuring Users with Authenticated Access to the GroupVPN Policy” on page 11
Verifying WiFiSec Enforcement is Enabled on the WLAN Zone
WiFiSec is a security protocol that uses IPSec VPN over the wireless connection to maintain security.
WiFiSec enforcement is enabled by default on the WLAN zone.
Note: By following these steps, your SonicPoint provides the highest level of wireless security possible. If
you do not want to enable WiFiSec for wireless client connections, you can disable WiFiSec enforcement
in step 4 of the following procedure. If you disable WiFiSec enforcement, proceed to Step 7, “Registering
Your SonicPoint” on page 16.
To verify WiFiSec is enforced on the WLAN zone:
1. In the management interface of your SonicWALL security appliance, click on Network in the left-
navigation menu, and then click on Zones under Network.
2. In the list of zones on the Network > Zones page, click the edit icon in the same line as your
Wireless zone.
3. In the Edit Zone window, click the Wireless tab.
5
Page 10
4. In the Wireless tab, verify that the WiFiSec Enforcement box is checked and click OK.
Enabling the WLAN GroupVPN Policy on Your Wireless Zone
Enabling the default WLAN GroupVPN policy on your Wireless zone allows wireless clients to securely
access your network using SonicWALL GVC or SonicWALL GSC.
Note: If you are using a custom Wireless zone, you need to add a GroupVPN policy for the Wireless zone.
See the SonicWALL SonicOS Enhanced Administrator’s Guide, available on your resource CD or from the
SonicWALL web site at <http://www.sonicwall.com/services/documentation.html>, for instructions on
adding GroupVPN policies.
To enable the WLAN GroupVPN policy:
1. In the management interface of your SonicWALL security appliance, click on VPN in the left-navigation
menu, and then click on Settings under VPN.
2. In the list of VPN policies on the VPN > Settings page, check the box under Enable for the WLAN
GroupVPN policy.
SonicWALL SonicPoint Quick Start Guide Page 11
To make connecting wireless clients to your secure wireless network easier, you can specify that all
SonicWALL GVC or SonicWALL GSC connections use the default shared secret value, generated by the
SonicWALL security appliance. If you do not configure the WLAN GroupVPN policy with this setting,
wireless clients are prompted for the shared secret value, which they must enter before establishing a
WiFiSec connection.
To enable the automatic downloading of the shared secret to SonicWALL GVC or SonicWALL GSC clients
with the WLAN GroupVPN policy:
1. In the list of VPN policies on the VPN > Settings page, click the edit icon in the same line as your
WLAN GroupVPN policy.
2. In the VPN Policy window, click on the Client tab.
3. In the Client page, check the Use Default Key for Simple Client Provisioning checkbox and
click OK.
Configuring Users with Authenticated Access to the GroupVPN Policy
You can configure authenticated VPN access for individual users or configure VPN access for a group
using the SonicWALL security appliance’s local user’s database or using an external RADIUS server.
Note: For more information on configuring the SonicWALL security appliance to use RADIUS for
authenticating VPN clients, refer to the SonicWALL SonicOS Enhanced 2.5 Administrator’s Guide,
available on your resource CD or from the SonicWALL web site at
<http://www.sonicwall.com/services/documentation.html>.
Page 12
To add an individual user to the SonicWALL security appliance’s local user database for VPN access:
1. In the management interface of your SonicWALL security appliance, click on Users in the left-
navigation menu, and then click on Local Users under Users.
2. In the Users > Local Users page, click Add User.
3. In the Add User window:
•Settings: Enter the Name and Password of the user
•Group: Select the groups the user should belong to. The user automatically has any VPN access
configured for the group.
•VPN Access: Select the networks, subnets, and IP addresses the user should have access to
when connected via GroupVPN. For example, All WAN IP, WLAN Subnets, LAN Primary Subnets,
and WLAN RemoteAccess Networks.
4. Click OK.
To configure VPN access for a group:
1. In the management interface of your SonicWALL security appliance, click on Users in the
left-navigation menu, and then click on Local Groups under Users.
2. In the Users > Local Groups page, click the edit icon in the same line as any group displayed in
the Local Groups table, or click Add Group to create acustom group. For more information on
configuring Local Groups, refer to the “Managing Local Users and Local Groups” chapter in the
SonicOS Enhanced 2.5 Administrator’s Guide.
SonicWALL SonicPoint Quick Start Guide Page 13
3. In the Edit Group window, click the VPN Access tab. Select the networks, subnets, and IP addresses
the user should have access to when connected via GroupVPN. For example, WLAN Subnets and
WLAN RemoteAccess Networks.
4. Click OK.
Connecting Wireless Clients to the SonicPoint
For wireless clients to connect to your WLAN zone, they need:
•A wireless network card installed and configured for the SonicPoint’s SSID
•SonicWALL GVC or SonicWALL GSC installed and configured for a secure wireless connection
Connecting to the SonicPoint Wireless Network
You connect to the wireless network according to the requirements of your client operating system. Your
wireless client may automatically detect and display the SonicPoint’s SSID in a list of available wireless
networks or you may need to manually configure your wireless card with the SonicPoint’s SSID.
6
Page 14
Establishing Secure Wireless Connections
For a wireless client to securely connect to the SonicPoint using WiFiSec, the SonicWALL Global VPN
Client (GVC) and SonicWALL Global Security Client (GSC) must be installed and configured. Installing and
configuring SonicWALL GVC involves the following procedures:
• Installing the SonicWALL GVC or SonicWALL GSC Using the Setup Wizard
• Creating an Office Gateway Connection Profile Using the New Connection Wizard
• Establishing a WiFiSec VPN Connection Via the SonicPoint Using the WLAN GroupVPN Policy
Installing the SonicWALL GVC or SonicWALL GSC using the Setup Wizard
If necessary, install the SonicWALL GVC. It is available either as the standalone SonicWALL GVC or as
the SonicWALL GVC component of SonicWALL GSC. Follow the instructions in the Setup Wizard to
install SonicWALL GVC or SonicWALL GSC.
Note: For complete product documentation on SonicWALL GVC or SonicWALL GSC, visit the SonicWALL
web site at <http://www.sonicwall.com/services/documentation.html>.
To create an Office Gateway connection profile using the New Connection Wizard:
1. In your Windows Start Menu, Choose Start > Programs > SonicWALL Global VPN Client. The first
time you open SonicWALL GVC, the New Connection Wizard automatically launches.
If the New Connection Wizard does not display, click the New Connection Wizard icon on the far left
side of the toolbar to launch it. Click Next.
2. In the Choose Scenario page, select Office Gateway.Click Next.
3. In the Completing the New Connection Wizard page select any of the following options:
•SelectCreate a desktop shortcut to this connection, if you want to create a shortcut icon on
your desktop for this VPN connection.
•SelectEnable this connection when the program is launched, if you want to automatically
establish this VPN connection when you launch the SonicWALL Global VPN Client.
4. Click Finish. The new VPN connection policy appears in the SonicWALL Global VPN Client window.
SonicWALL SonicPoint Quick Start Guide Page 15
To establish a WiFiSec VPN connection via the SonicPoint using the WLAN GroupVPN policy:
1. In the SonicWALL Global VPN Client window, double-click the Office Gateway profile. The
Connection Warning dialog box is displayed, which informs you that all traffic that is not going to the
secured VPN gateway will be blocked.
2. Click Yes to continue.
3. In the Enter Username/Password dialog box, enter the authentication credentials for the user
configured on the SonicWALL security appliance’s local user database for access to the WLAN
GroupVPN.
4. Click OK. You now have secure wireless access to all the networks, subnets, and addresses you
assigned the user access.
Page 16
Registering Your SonicPoint
Once you have set up your SonicPoint, you can register it at mySonicWALL.com. Registering your
SonicPoint provides you with access to SonicWALL technical support for the device.
You register a SonicPoint on mySonicWALL.com as a child device to the registered SonicWALL security
appliance with which you are managing the SonicPoint. Therefore, you must have a mySonicWALL.com
account already set up and have your security appliance registered before you can register your SonicPoint.
Note: mySonicWALL.com registration information is not sold or shared with any other company.
To register your SonicPoint:
1. In your web browser, log into your account at <http://www.mySonicWALL.com>.
2. In the list of registered products, click on the link for the SonicWALL security appliance you are using
to manage the SonicPoint.
3. At the bottom of the Service Management page under the Child Product Type heading, click the
SonicPoint link.
4. In the My Product - Associated Products page, enter the serial number of the SonicPoint. You can
also enter a friendly name, which mySonicWALL.com uses to communicate with you about the
SonicPoint.
5. Click Register, and your SonicPoint is registered and associated with the security appliance you are
using to manage it.
7
SonicWALL SonicPoint Quick Start Guide Page 17
SonicPoint Radio Frequencies and Bands
The SonicPoint supports:
Radio Frequency Bands
Radio Operating Channels
Dynamic Frequency Selection (DFS) is supported.
802.11a 802.11b/g
5.15-5.35 GHz 2.412 - 2.462 GHz (US, Canada, Taiwan)
5.25-5.35 GHz (Taiwan) 2.412 - 2.472 GHz (Europe ETSI)
5.725-5.825 GHz 2.412 - 2.484 GHz (Japan)
5.725-5.825 GHz (Taiwan)
5.725-5.825 GHz no turbo (Korea)
802.11a 802.11b/g
US & Canada: 12 CHs (FCC) US & Canada: 1 CH~11CH (FCC)
Europe: 19 CHs Europe: 1 CH~13CH (ETSI)
Japan: 4 CHs Japan: 14 CHs
Singapore: 12 CHs
Taiwan: 7 CHs
SonicWALL,Inc.
1143 Borregas Avenue T: 408.745.9600 www.sonicwall.com
Sunnyvale,CA 94089-1306 F: 408.745.9300
© 2004 SonicWALL, Inc . SonicWALL is a registered trademark of SonicWALL, Inc . Other product and company names mentioned herein may be
trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
P/ N 232- 000499- 01
Rev A 07/04
Other manuals for SonicPoint
2
Table of contents
Other SonicWALL Wireless Router manuals
