Chapter 32: Viewing WLAN Settings, Statistics, and Station Status

Wireless Overview

Note: The wireless features described apply only to SonicWALL appliances equipped with internal wireless hardware, such as the TZ series, the NSA 220W, and the NSA 250MW.

The SonicWALL Wireless security appliances support wireless protocols called IEEE 802.11b, 802.11g, and 802.11n commonly known as Wi-Fi, and send data via radio transmissions. The SonicWALL wireless security appliance combines three networking components to offer a fully secure wireless firewall: an Access Point, a secure wireless gateway, and a stateful firewall with flexible NAT and VPN termination and initiation capabilities. With this combination, the wireless security appliance offers the flexibility of wireless without compromising network security.

Typically, the wireless security appliance is the access point for your wireless LAN and serves as the central access point for computers on your LAN. In addition, it shares a single broadband connection with the computers on your network. Since the wireless security appliance also provides firewall protection, intruders from the Internet cannot access the computers or files on your network. This is especially important for an “always-on” connection such as a DSL or T1 line that is shared by computers on a network.

However, wireless LANs are vulnerable to “eavesdropping” by other wireless networks which means you should establish a wireless security policy for your wireless LAN. On the wireless security appliance, wireless clients connect to the Access Point layer of the firewall. Instead of bridging the connection directly to the wired network, wireless traffic is first passed to the Secure Wireless Gateway layer where the client is required to be authenticated via User Level Authentication. Wireless access to Guest Services and MAC Filter Lists are managed by the wireless security appliance.

If all of the security criteria are met, then wireless network traffic can then pass via one of the following Distribution Systems (DS):

• LAN
• WAN
• Wireless Client on the WLAN
• DMZ or other zone on Opt port
• VPN tunnel

Considerations for Using Wireless Connections

• Mobility - if the majority of your network is laptop computers, wireless is more portable than wired connections.
• Convenience - wireless networks do not require cabling of individual computers or
  opening computer cases to install network cards.
• Speed - if network speed is important to you, you may want to consider using Ethernet connections rather than wireless connections.
• Range and Coverage - if your network environment contains numerous physical barriers or interference factors, wireless networking may not be suitable for your network.
• Security - wireless networks have inherent security issues due to the unrestricted nature of the wireless transmissions. However, the wireless security appliance is a firewall and has NAT capabilities which provides security, and you can use WPA or WPA2 to secure data transmissions.

Note: For the latest information about regulatory approvals and restrictions for SonicWALL wireless devices, please see the Product Documentation pages for your product under Support on www.sonicwall.com. Each device has a unique regulatory document or Getting Started Guide that provides the relevant information.

Recommendations for Optimal Wireless Performance

• Place the wireless security appliance near the center of your intended network. This can also reduce the possibility of eavesdropping by neighboring wireless networks.
• Minimize the number of walls or ceilings between the wireless security appliance and the receiving points such as PCs or laptops.
• Try to place the wireless security appliance in a direct line with other wireless components. Best performance is achieved when wireless components are in direct line of sight with each other.
• Building construction can make a difference on wireless performance. Avoid placing the wireless security appliance near walls, fireplaces, or other large solid objects. Placing the wireless security appliance near metal objects such as computer cases, monitors, and appliances can affect performance of the unit.
• Metal framing, UV window film, concrete or masonry walls, and metallic paint can reduce signal strength if the wireless security appliance is installed near these types of materials.
• Installing the wireless security appliance in a high place can help avoid obstacles and improve performance for upper stories of a building.
• Neighboring wireless networks and devices can affect signal strength, speed, and range of the wireless security appliance. Also, devices such as cordless phones, radios, microwave ovens, and televisions may cause interference on the wireless security appliance.

Adjusting the Antennas

The antennas on the wireless security appliance can be adjusted for the best radio reception. Begin with the antennas pointing straight up, and then adjust as necessary. Note that certain areas, such as the area directly below the wireless security appliance, get relatively poor reception. Pointing the antenna directly at another wireless device does not improve reception. Do not place the antennas next to metal doors or walls as this can cause interference.

Wireless Node Count Enforcement

Users connecting to the WLAN or connecting through the SonicWALL GroupVPN are not counted towards the node enforcement on the SonicWALL. Only users on the LAN and non-Wireless zones on the Opt port are counted towards the node limit.

The Station Status table lists all the wireless nodes connected.

MAC Filter List

The SonicWALL wireless security appliance networking protocol provides native MAC address filtering capabilities. When MAC address filtering is enabled, filtering occurs at the 802.11 layer, wireless clients are prevented from authenticating and associating with the wireless access point. Since data communications cannot occur without authentication and association, access to the network cannot be granted until the client has given the network administrator the MAC address of their wireless network card.