SonicPoint Provisioning Profiles

Policy Configuration : Managing SonicPoints

SonicPoint Provisioning Profiles

When a SonicPoint unit is first connected and powered up, it has a factory default configuration (IP address 192.168.1.20, username: admin, password: password). Upon initializing, it attempts to find a Dell SonicWALL firewall with which to peer. If it is unable to find a peer device, it enters into a standalone mode of operation with a separate standalone configuration allowing it to operate as a standard Access Point.

If the SonicPoint does locate, or is located by a peer firewall through the Dell SonicWALL Discovery Protocol, an encrypted exchange between the two units occurs, and the profile assigned to the relevant Wireless zone is used to automatically configure (provision) the newly added SonicPoint unit.

As part of the provisioning process, SonicOS on the peer firewall assigns the discovered SonicPoint device a unique name, and records its MAC address and the interface and zone on which it was discovered. It can also automatically assign the SonicPoint an IP address, if so configured, so that the SonicPoint can communicate with an authentication server for WPA-EAP support. SonicOS then uses the profile associated with the relevant zone to configure the 2.4GHz and 5GHz radio settings.

SonicPoint Provisioning Profiles provide a scalable and highly automated method of configuring and provisioning multiple SonicPoints across a Distributed Wireless Architecture. SonicPoint Profile definitions include all of the settings that can be configured on a SonicPoint, such as radio settings for the 2.4GHz and 5GHz radios, SSID’s, and channels of operation.

When a SonicPoint is initially connected to an interface, the firewall uses the provisioning profile associated with the zone of the interface to create a SonicPoint entry. It can take up to 5 minutes for the entry to be created. You can modify the SonicPoint entry to configure the access point name, radio frequency mode, authentication type, and other settings specific to the SonicPoint.

For deployments of multiple SonicPoints that need the same provisioning settings, you can create a custom provisioning profile in the upper section of the SonicPoint > SonicPoints page. In the Network > Zones page, you can edit the WLAN zone and specify this profile on the Wireless tab. Any SonicPoints connecting to an interface in the WLAN zone will then be provisioned with the assigned profile.

Each Wireless zone can be configured with one SonicPoint profile. Any profile can apply to any number of zones.

SonicOS includes default provisioning profiles for SonicPoint AC, SonicPoint N, and SonicPoint NDR. You can modify these profiles or create new ones.

Modifications to profiles do not affect units that have already been provisioned and are in an operational state. Configuration changes to operational SonicPoint devices can occur in two ways:

•

Via manual configuration changes to the SonicPoint entry—Appropriate when a single, or a small set of changes are to be affected, particularly when that individual SonicPoint requires settings that are different from the profile assigned to its zone.

•

Via un-provisioning—Deleting a SonicPoint unit effectively un-provisions the unit, or clears its configuration and places it into a state where it automatically engages the provisioning process anew with its peer GMS device. This technique is useful when the profile for a zone is updated or changed, and the change is set for propagation. It can be used to update firmware on SonicPoints, or to simply and automatically update multiple SonicPoint units in a controlled fashion, rather than changing all peered SonicPoints at the same time that can cause service disruptions.

To configure SonicPoint profiles, see Configuring a SonicPoint Profile

Table 11. Default SonicPoint N Profile

802.11a Radio

802.11g Radio

802.11n Radio

Enable 802.11a
Radio

Yes - Always on

Enable 802.11g
Radio

Yes - Always on

Enable 802.11n
Radio

Yes - Always on

SSID

sonicwall

SSID

sonicwall

SSID

sonicwall-D790
(where D790 is an example; this is determined by the hardware address)

Radio Mode

54Mbps - 802.11a

Radio Mode

2.4 GHz 54Mbps - 802.11g

Radio Mode

2.4 GHz - 802.11n/g/b Mixed

Channel

AutoChannel

Channel

AutoChannel

Channel

AutoChannel

ACL Enforcement

Disabled

ACL Enforcement

Disabled

ACL Enforcement

Disabled

Authentication
Type

WEP - Both
Open System & Shared Key

Authentication
Type

WEP - Both
Open System & Shared Key

Authentication
Type

WEP - Both
Open System & Shared Key

Schedule IDS Scan

Disabled

Schedule IDS Scan

Disabled

Schedule IDS Scan

Disabled

Data Rate

Best

Data Rate

Best

Data Rate

Best

Antenna Diversity

Best

Antenna Diversity

Best

Antenna Diversity

Best

802.11a Radio		802.11g Radio		802.11n Radio
Enable 802.11a Radio	Yes - Always on	Enable 802.11g Radio	Yes - Always on	Enable 802.11n Radio	Yes - Always on
SSID	sonicwall	SSID	sonicwall	SSID	sonicwall-D790 (where D790 is an example; this is determined by the hardware address)
Radio Mode	54Mbps - 802.11a	Radio Mode	2.4 GHz 54Mbps - 802.11g	Radio Mode	2.4 GHz - 802.11n/g/b Mixed
Channel	AutoChannel	Channel	AutoChannel	Channel	AutoChannel
ACL Enforcement	Disabled	ACL Enforcement	Disabled	ACL Enforcement	Disabled
Authentication Type	WEP - Both Open System & Shared Key	Authentication Type	WEP - Both Open System & Shared Key	Authentication Type	WEP - Both Open System & Shared Key
Schedule IDS Scan	Disabled	Schedule IDS Scan	Disabled	Schedule IDS Scan	Disabled
Data Rate	Best	Data Rate	Best	Data Rate	Best
Antenna Diversity	Best	Antenna Diversity	Best	Antenna Diversity	Best