SonicWall Inc.s Distributed Wireless Solution merges the security benefits of wireless gateways with the access point management features of wireless switch systems on a single platform that provides wireless LAN encryption, packet and application layer filtering, user authentication, access point management, and rogue detection. However, Distributed Wireless Solution, which started shipping last month, does not scale as well as competitive offerings, and administrators could encounter some tricky management woes.The Pro 5060f firewall appliance manages SonicPoint configuration profiles, pushing the proper network settings and security parameters to the access points. The Pro 5060f performs packet and application-layer filtering on all traffic by terminating all connections from wireless clients. (The appliance includes a one-year subscription to SonicWalls Intrusion Prevention Service). Hardware provisioning was straightforward in tests. We configured several SonicPoint Provisioning Profiles, which let us determine default network names, radio-frequency characteristics and encryption requirements. Each profile is assigned to a zone determined by a connection to a physical port on the appliance. When SonicPoints first boot up, they request profile information from the appliance via a Layer 2 broadcast protocol and automatically configure themselves according to their zone. Each SonicPoint has two configuration profiles: the centrally managed profile and a stand-alone-mode profile to which the device defaults when a governing appliance is not available. We see limited benefits to this, however: If the governing appliance goes out of service, DHCP (Dynamic Host Configuration Protocol) and gateway services are likely to fail as well, denying access to users beyond the local subnet. Stand-alone profiles must be configured manually and individually (via SonicWalls own Secure HTTP interface) to at least change the default administrative password and IP address. (Each unit automatically defaults to the same IP address.) This need for individual configuration negates much of the appeal of "thin" access points. In tests, clients roaming among SonicPoints in the same zone maintained connection-based sessions, although handoff times could be high. Roaming among zones on the same appliance requires administrators to install SonicWall Global VPN software on all client machines, and roaming to a different appliance requires a full reauthentication because Distributed Wireless Solution doesnt have a master controller for the entire network. SonicWall could improve management from browsers other than Internet Explorer. Tests using Mozilla 1.7 and FireFox 0.91 revealed display irregularities that omitted some key management pages and mislabeled others. Technical Analyst Andrew Garcia can be reached at firstname.lastname@example.org. Check out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.
eWEEK Labs tested Distributed Wireless Solution using two 802.11 a-/b-/g-compliant SonicPoint access points (priced at $645 each) and SonicWalls new Gigabit-Ethernet-enabled Pro 5060f firewall appliance (which starts at $12,495) running SonicOS Enhanced 126.96.36.199 firmware.