SonicWALL Network Settings for the Example Network, Wireless Bridging without WiFiSec, 143

Wireless Bridging (without WiFiSec)

To provide compatibility with other non-WiFiSec wireless access points, the TZ 170 Wireless supports a non-secure form of wireless bridging, but insecure wireless communications should only be employed when data is non-sensitive. By default, WiFiSec Enforcement is enabled on Wireless Settings for Wireless Bridge Mode. To connect to a non-WiFiSec access point, this checkbox must be disabled. Since VPN tunnels are not established in non-secure Wireless Bridging deployments, traffic routes must be clearly defined for both the Access Point and the Bridge Mode sites:

•The default route on the Bridge Mode TZ 170 Wireless must from the WLAN interface to the WLAN interface of the connecting Access Point TZ 170 Wireless.

ŠReferring to the example above, the default route on TZ 170 Wireless2 and TZ 170 Wireless3 is set via their WLAN interfaces to 172.16.31.1.

•Static routes must be entered on the Access Point TZ 170 Wireless to route back to the LAN sub- nets of the Bridge Mode TZ 170 Wireless.

ŠReferring to the example network, TZ 170 Wireless1 must have static routes to 10.20.20.x/24 via 172.16.31.2 and to 10.30.30.x/24 via 172.16.31.3

Configuring VPN Policies for the Access Point and Wireless Bridge

Access Point

After Wireless Settings are defined, the WiFiSec connections (VPN Policies) must be configured. The VPN Policies are defined as would any other site-to-site VPN policy, typically with the following in mind:

•The Access Point TZ 150 Wireless/TZ 170 Wireless must specify the destination networks of the remote sites.

•The Access Point TZ 150 Wireless/TZ 170 Wireless must specify its LAN management IP address as the Default LAN Gateway under the Advanced tab.

•The Wireless Bridge Mode TZ 170 Wireless must be configured to use the tunnel as the default route for all internet traffic.