1
|
Navigate to SonicPoint > SonicPoints page.
|
2
|
To add a new SonicPoint AC profile, click the Add SonicPoint AC Profile button.
or To edit an existing AC profile, click the Configure icon on the same row as the profile you want to edit. |
The Add/Edit SonicPoint AC Profile dialog appears.
You configure the SonicPoint AC through options on these tabs:
The Add/Edit SonicPoint Profile General tab.
In the General tab, configure the desired settings:
Optionally, check Retain Settings to have the SonicPoint ACs provisioned by this profile retain customized settings until system restart or reboot. This option is not selected by default. If you select this option, the Edit button becomes active and the Retain Settings dialog displays.
1
|
If you are editing an existing SonicPoint AC profile, click the Edit button. The Retain Settings dialog displays.
|
•
|
Click the Retain All Settings check box; all the other options become dimmed.
|
3
|
Click OK.
|
4
|
Optionally, select Enable RF Monitoring to enable wireless RF Threat Real Time Monitoring and Management. This option is not selected by default.
|
5
|
Enter a prefix for the names of all SonicPoint ACs connected to this zone in the Name Prefix field. This prefix assists in identifying SonicPoint AC on a zone. When each SonicPoint AC is provisioned, it is given a name that consists of the name prefix and a unique number, for example: SonicPoint AC 126008.
|
6
|
Select the country where you are operating the SonicPoint ACs from the Country Code drop-down menu. The country code determines which regulatory domain the radio operation falls under.
|
7
|
From the EAPOL Version drop-down menu, select the version of EAPoL (Extensible Authentication Protocol over LAN) to use: v1 or v2. The default is v1, but v2 provides better security.
|
Optionally, you can assign a SonicPoint AC to an 802.11ac Virtual Access Point (VAP) group. The drop-down menus allow you to create a new VAP group. For more information on VAPs, see SonicPoint > Virtual Access Point.
1
|
From the Radio 0 Basic Virtual AP Group drop-down menu, select the VAP group that you want.
|
2
|
From the Radio 1 Basic Virtual AP Group drop-down menu, select the VAP group that you want.
|
1
|
In the SSL VPN Server field, enter the IP address of the SSL VPN server.
|
2
|
In the User Name field, enter the User Name of the SSL VPN server.
|
3
|
In the Password field, enter the Password for the SSL VPN server.
|
4
|
In the Domain field, enter the domain that the SSL VPN server is located in.
|
5
|
Check the Auto-Reconnect box for the SonicPoint to auto-reconnect to the SSL VPN server.
|
The Radio 0 Basic and Radio 1 Basic tabs are similar and have only a few differences, which are noted in the steps.
1
|
The options change depending on the mode you select.
1
|
Select Enable Radio to automatically enable the 802.11ac radio bands on all SonicPoint ACs provisioned with this profile. This option is selected by default.
|
•
|
From the Enable Radio drop-down menu, select a schedule for when the 802.11n radio is on or create a new schedule; default is Always on. You can create a new schedule by selecting Create new schedule.
|
2
|
Select your preferred radio mode from the Mode drop-down menu. The wireless security appliance supports the modes shown in Mode Options:
|
Select this mode if only 802.11a clients access your wireless network. |
||
TIP: For 802.11n clients only, for optimal throughput speed solely, SonicWall recommends the 802.11n Only radio mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication compatibility.
|
NOTE: The available 801.11n Radio 0/1 Settings options change depending on the mode selected. If the wireless radio is configured for a mode that:
|
NOTE: If you select this option, choose either Standard - 20MHz Channel or Wide - 40 MHz Channel as the Radio Band. The Primary Channel and Standard Channel drop-down menus then display a choice of available sensitive channels.
|
NOTE: This option only appears on the Radio 0 Basic tab as the Radio 1 Basic does not have a wireless speed connection mode of at least 5 GHz.
|
•
|
Does not support 802.11n, select a channel from the Channel drop-down menu.
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. This is the default setting. Use Auto unless you have a specific reason to use or avoid specific channels.
|
7
|
For (802.11n only): from the Radio Band drop-down menu, select the band for the 802.11n radio:
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. Both the Primary Channel and Secondary Channel are set to Auto also. This is the default setting.
|
•
|
Standard - 20 MHz Channel—Specifies that the 802.11n radio will use only the standard 20 MHz channel. When this option is selected, the Standard Channel drop-down menu is displayed instead of the Primary Channel and Secondary Channel options.
|
•
|
Standard Channel—This drop-down menu only displays when the 20 MHz channel is selected. By default, this is set to Auto, which allows the appliance to set the optimal channel based on signal strength and integrity.
|
•
|
Wide - 40 MHz Channel—Specifies that the 802.11n radio will use only the wide 40 MHz channel. When this option is selected, the Primary Channel and Secondary Channel drop-down menus are active:
|
•
|
Primary Channel—By default this is set to Auto. Optionally, you can specify a specific primary channel. The available channels are the same as for 802.11a in Step 5.
|
•
|
Secondary Channel—Is set to Auto regardless of the setting of Primary Channel.
|
8
|
Enable Short Guard Interval—Specifies the short guard interval of 400ns (as opposed to the standard guard interval of 800ns).
|
The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long).
Ensure the wireless client also can support aggregation to avoid compatibility issues.
9
|
The Enable MIMO option enables/disables MIMO (multiple-input multiple output). Enabling this option increases 802.11n throughput by using multiple-input/multiple-output antennas. This option is enabled by default for all 802.11n modes and is dimmed to ensure it is not disabled. The option is activated and selected by default if 5GHZ 802.11a Only or 2.4GHz 802.11g Only mode is selected. Ensure the wireless client also can support these antennas to avoid compatibility issues. If the 802.11a or 502.11g client cannot support these antennas, disable the option by deselecting it.
|
NOTE: If a VAP was selected in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab, this section is not available. Instead, the Virtual Access Point Encryption Settings section is displayed.
|
The options change depending on the authentication type you select:
For how to configure the Wireless Security settings, see Wireless Security section.
NOTE: This section displays only if a VAP was selected from the Radio 0 Basic/1 Virtual AP Group drop-down menus in the Virtual Access Point Settings section of the General tab.
|
For how to configure the Virtual Access Point Encryption Settings settings, see Virtual Access Point Encryption Settings Section.
For how to configure the ACL Enforcement settings, see ACL Enforcement section.
The Radio 0 Advanced and Radio 1 Advanced tabs are quite similar.
The options on the Radio 0 Advanced and Radio 1 Advanced tabs are the same except that Radio 0 Advanced has the Fragmentation Threshold (bytes) field.
1
|
Select Hide SSID in Beacon to have the SSID send null SSID beacons in place of advertising the wireless SSID name. Sending null SSID beacons forces wireless clients to know the SSID before connecting. By default, this option is unchecked.
|
2
|
From the Schedule IDS Scan drop-down menu, select a schedule for the IDS (Intrusion Detection Service) scan. Select a time when there are fewer demands on the wireless network to minimize the inconvenience of dropped wireless connections. You can create your own schedule by selecting Create new schedule or disable the feature by selecting Disabled, the default.
|
3
|
From the Data Rate drop-down menu, select the speed at which the data is transmitted and received. Best (default) automatically selects the best rate available in your area given interference and other factors. Or you can manually select a data rate, from a minimum of 1 Mbps to a maximum of 54 Mbps.
|
4
|
From the Transmit Power drop-down menu, select the transmission power. Transmission power effects the range of the SonicPoint.
|
•
|
5
|
From the Antenna Diversity drop-down menu, select the method that determines which antenna the SonicPoint uses to send and receive data.
|
•
|
Best: This is the default setting. When Best is selected, the SonicPoint automatically selects the antenna with the strongest, clearest signal. In most cases, Best is the optimal setting.
|
•
|
1: Select 1 to restrict the SonicPoint to use antenna 1 only. Facing the rear of the SonicPoint, antenna 1 is on the left, closest to the power supply.
|
•
|
2: Select 2 to restrict the SonicPoint to use antenna 2 only. Facing the rear of the SonicPoint, antenna 2 is on the right, closest to the console port.
|
6
|
In the Beacon Interval (milliseconds) field, enter the number of milliseconds between sending wireless SSID beacons. The minimum interval is 100 milliseconds, the maximum is 1000 milliseconds, and the default is 100 milliseconds.
|
7
|
In the DTIM Interval field, enter the DTIM interval in milliseconds. The minimum number of frames is 1, the maximum is 255, and the default is 1.
|
For 802.11 power-save mode clients of incoming multicast packets, the Delivery Traffic Indication Message (DTIM) interval specifies the number of beacon frames to wait before sending a DTIM.
8
|
In the Fragmentation Threshold (bytes) field, enter the number of bytes of fragmented data you want the network to allow. Fragment wireless frames to increase reliability and throughput in areas with RF interference or poor wireless coverage. Lower threshold numbers produce more fragments. The minimum threshold is 256 bytes, the maximum is 2346 bytes, and the default is 2346 bytes.
|
9
|
In the RTS Threshold (bytes) field, enter the threshold for a packet size, in bytes, at which a request to send (RTS) will be sent before packet transmission. Sending an RTS ensures that wireless collisions do not take place in situations where clients are in range of the same access point, but may not be in range of each other. The minimum threshold is 256 bytes, the maximum is 2346 bytes, and the default is 2346 byes.
|
10
|
In the Maximum Client Associations field, enter the maximum number of clients you want each SonicPoint using this profile to support on this radio at one time. The minimum number of clients is 1, the maximum number is 128, and the default number is 32.
|
11
|
In the Station Inactivity Timeout (seconds) field, enter the maximum length of wireless client inactivity before Access Points age out the wireless client, in seconds. The minimum period is 60 seconds, the maximum is 36000 seconds, and the default is 300 seconds.
|
12
|
From the WMM (Wi-Fi Multimedia) drop-down menu, select whether a WMM profile is to be associated with this profile:
|
•
|
Disabled (default)
|
•
|
Create new WMM profile. If you select Create new WMM profile, the Add Wlan WMM Profile dialog displays. For information about configuring a WMM profile, see Configuring Wi-Fi Multimedia Parameters.
|
13
|
Select Enable Short Slot Time to allow clients to disassociate and reassociate more quickly. Specifying this option increases throughput on the 802.11n/g wireless band by shortening the time an access point waits before relaying packets to the LAN. By default, this option is not selected.
|
14
|
Select Does not allow Only 802.11b Clients to Connect if you are using Turbo G mode and, therefore, are not allowing 802.11b clients to connect. Specifying this option limits wireless connections to 802.11g clients only. By default, this option is not selected.
|
15
|
Select Enable Green AP to allow the SonicPoint ACe/ACi/N2 radio to go into sleep mode. This saves power when no clients are actively connected to the SonicPoint. The SonicPoint will immediately go into full power mode when any client attempts to connect to it. Green AP can be set on each radio independently, Radio 0 (5GHz) and Radio 1 (2,4GHz).
|
16
|
In the Green AP Timeout(s) field, enter the timeout value in seconds that the access point will wait while it has no active connections before it goes into sleep mode. The timeout values can range from 10 seconds to 600 seconds. The default value is 20 seconds.
|
In the Sensor tab, you enable or disable Wireless Intrusion Detection and Prevention (WIDP) mode.
1
|
Select Enable WIDF sensor to have the SonicPoint operate as a dedicated WIDP sensor.
|
2
|
From the drop-down menu, select the schedule for when the SonicPoint operates as a WIDP sensor or select Create new schedule… to specify a different time; default is Always on.
|