SonicWALL 3 manual Wireless Node Count Enforcement, MAC Filter List, WiFiSec Enforcement

CHAPTER 22: Setting Up the WLAN Using the Wireless Wizard and Monitoring Your WLAN

Wireless Node Count Enforcement

Users on the WLAN are not counted towards the node enforcement on the SonicWALL. Only users on the LAN are counted towards the node limit.

MAC Filter List

The SonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless networking protocol provides native MAC address filtering capabilities. When MAC address filtering occurs at the 802.11 layer, wireless clients are prevented from authenticating and associating with the wireless access point. Since data communications cannot occur without authentication and association, access to the network cannot be granted until the client has given the network administrator the MAC address of their wireless network card.

The TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless uses WGS to overcome this limitation by moving MAC address filtering to the Secure Wireless Gateway layer. This allows wireless users to authenticate and associate with the Access Point layer of the SonicWALL, and be redirected to the WGS by the Secure Wireless Gateway where the user authenticates and obtains WLAN to WAN access.

Easy WGS MAC Filtering is an extension of WGS that simplifies the administrative burden of manually adding MAC addresses to the MAC Filter List. Users can add themselves to the MAC Filter List by providing a user name and password assigned to them by the SonicWALL administrator. WGS must be enabled on the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless before Easy MAC Filter List can be implemented.

WiFiSec Enforcement

Enabling WiFiSec Enforcement on the SonicWALL enforces the use of IPSec-based VPN for access from the WLAN to the WAN or LAN, and provides access from the WLAN to the WAN independent of WGS. Access from one wireless client to another is configured on the Wireless>Advanced page where you can disable or enable access between wireless clients.

WiFiSec uses the easy provisioning capabilities of the SonicWALL Global VPN client making it easy for experienced and inexperienced administrators to implement on the network. The level of interaction between the Global VPN Client and the user depends on the WiFiSec options selected by the administrator. WiFiSec IPSec terminates on the WLAN/LAN port, and is configured using the Group VPN Security Policy including noneditable parameters specifically for wireless access.