By Andrew Garcia  |  Posted 2004-07-26 Print this article Print

SonicWall Inc.s Distributed Wireless Solution merges the security benefits of wireless gateways with the access point management features of wireless switch systems on a single platform that provides wireless LAN encryption, packet and application layer filtering, user authentication, access point management, and rogue detection.

However, Distributed Wireless Solution, which started shipping last month, does not scale as well as competitive offerings, and administrators could encounter some tricky management woes.

eWEEK Labs tested Distributed Wireless Solution using two 802.11 a-/b-/g-compliant SonicPoint access points (priced at $645 each) and SonicWalls new Gigabit-Ethernet-enabled Pro 5060f firewall appliance (which starts at $12,495) running SonicOS Enhanced firmware.

The Pro 5060f firewall appliance manages SonicPoint configuration profiles, pushing the proper network settings and security parameters to the access points. The Pro 5060f performs packet and application-layer filtering on all traffic by terminating all connections from wireless clients. (The appliance includes a one-year subscription to SonicWalls Intrusion Prevention Service).

Hardware provisioning was straightforward in tests. We configured several SonicPoint Provisioning Profiles, which let us determine default network names, radio-frequency characteristics and encryption requirements. Each profile is assigned to a zone determined by a connection to a physical port on the appliance.

When SonicPoints first boot up, they request profile information from the appliance via a Layer 2 broadcast protocol and automatically configure themselves according to their zone.

Each SonicPoint has two configuration profiles: the centrally managed profile and a stand-alone-mode profile to which the device defaults when a governing appliance is not available. We see limited benefits to this, however: If the governing appliance goes out of service, DHCP (Dynamic Host Configuration Protocol) and gateway services are likely to fail as well, denying access to users beyond the local subnet.

Stand-alone profiles must be configured manually and individually (via SonicWalls own Secure HTTP interface) to at least change the default administrative password and IP address. (Each unit automatically defaults to the same IP address.) This need for individual configuration negates much of the appeal of "thin" access points.

In tests, clients roaming among SonicPoints in the same zone maintained connection-based sessions, although handoff times could be high.

Roaming among zones on the same appliance requires administrators to install SonicWall Global VPN software on all client machines, and roaming to a different appliance requires a full reauthentication because Distributed Wireless Solution doesnt have a master controller for the entire network.

SonicWall could improve management from browsers other than Internet Explorer. Tests using Mozilla 1.7 and FireFox 0.91 revealed display irregularities that omitted some key management pages and mislabeled others.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.

Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel