Transcription
SonicWall Wireless Network SecuritySecure, high-speed wireless solutionsSonicWall Wireless Network Securitysolutions combine high-performance IEEE802.11ac Wave 2 wireless technologywith industry-leading next-generationfirewalls. The result is a superior experiencefor WiFi users that’s as secure as anywired connection.The solutions are based on: SonicWall SonicWave series indoorand outdoor wireless access points(APs) which support the 802.11acWave 2 wireless standardSonicWall TZ, NSA and SuperMassivefirewalls, which use deep packetinspection technology to detect andeliminate threats over wired andwireless networksSuperior user experienceSonicWave APs take advantage of thecapabilities in 802.11ac Wave 2 and a built-in2.5 GbE port to deliver high-speed wirelessperformance. Other features, including4x4 MU-MIMO and beamforming, improveperformance in higher density environmentswhen using bandwidth-intensive applicationssuch as HD multimedia, and cloud andmobile apps.Each SonicWave access point includesthree radios. The third radio is dedicatedto security and performs rogue APdetection, passive scanning and packetcapturing. With four transmitting andfour receiving antennas, SonicWave APsare engineered to optimize signal quality,range and reliability for wireless devices.SonicWave APs supports fast roaming, sothat users can roam from one location toanother seamlessly. Feature-rich portfolioincludes air-time fairness, band steering,and signal analysis tools for monitoring andtroubleshooting.Comprehensive threat preventionSonicWall firewalls scan all wireless trafficcoming into and going out of the networkusing deep packet inspection technologyand then remove harmful threats such asmalware and intrusions, even over SSL/TLSencrypted connections. Other security andcontrol capabilities such as content filtering,application control and intelligence andCapture Advanced Threat Protection provideadded layers of protection. The WirelessNetwork Security solution also integratesadditional security-related features includingwireless intrusion detection and prevention,virtual access point segmentation, wirelessguest services, RF monitoring and wirelesspacket capture.Benefits: Superior user experience–– 802.11ac Wave 2–– 4x4 MU-MIMO–– 2.5 GbE port–– Band steering–– BeamformingSimplified deployment and centralizedmanagement–– AirTime FairnessAccess point deployment and setup aregreatly simplified, reducing total cost ofownership (TCO). Integrated into everySonicWall firewall is a wireless controllerthat auto-detects and auto-provisionsSonicWave APs across the network.–– Access point dynamic VLANsManagement and monitoring for wirelessand security are handled centrally throughthe firewall or through SonicWall GlobalManagement System, providing networkadministrators with a single pane of glassfrom which to manage all aspects ofthe network.Withstand rugged conditionsThe SonicWave 432o industrial-grade outdoorAP is built to withstand rough outdoorconditions with industrial-grade enclosure.This AP is IP67 rated which ensuresprotection against dust and water immersion.–– Fast roaming Comprehensive threat prevention–– Deep packet inspectiontechnology–– SSL/TLS decryption andinspection–– Dedicated third scanning radio–– Virtual access point segmentation–– Wireless intrusion detection andprevention Simplified deployment andcentralized management–– Auto-detection and provisioning–– Wireless signal analysis tools–– Single-pane-of-glass management Low total cost of ownership–– Integrated wireless accesscontroller–– Green AP–– Indoor and outdoor models
SonicWave Series Access Points: SonicWave 432eExternal high-gain antennasLED indicatorsLAN2LAN15 GHz2.4 GHzTestPowerWLANPortsUSBLAN1 (2.5 GbE)/PoE LAN2Radio frequency coverage maps2.4 GHz Vertical2.4 GHz 551052401802551052401202251352101501951655 GHz Vertical180165015Horizontal plane (floor)5 GHz 28575-2045-53006030Vertical 120240135225150210195180165Console
SonicWave Series Access Points: SonicWave 432iInternal antennasLED indicatorsLAN2LAN15 GHz2.4 GHzTestPowerWLANPortsUSBLAN1 (2.5 GbE)/PoELAN2Radio frequency coverage maps2.4 GHz Vertical2.4 GHz 51052401802551052401202251352101501951655 GHz Vertical180165015Horizontal plane (floor)5 GHz 28575-2045Vertical 0-25255105240120225135210150195180165Console
SonicWave Series Access Points: SonicWave 432oLED indicatorsExternal 2.4 GHz and 5 GHzhigh-gain antennas5 GHzWLAN2.4 GHzLAN2LAN1PowerPortsExternal 2.4 GHz and 5 GHzhigh-gain antennasLAN1 (2.5 GbE)/PoE InLAN2/PSE OutRadio frequency coverage maps2.4 GHz Vertical2.4 GHz 95180345090-501352101655 GHz Vertical150195180165345015Horizontal plane (floor)5 GHz 027045-10300-2028530031560165Vertical e
SonicPoint Series Access Points: SonicPoint ACeExternal high-gain antennasLED indicatorsLAN2LAN15 GHz2.4 GHzTestPowerWLANPortsUSBAC PowerLAN1/PoELAN2Radio frequency coverage mapsRadio frequency coverage maps2.4 GHz Vertical2.4 GHz 2513521018016534501513521015019590-252551202255 GHz Vertical150195180165345015Horizontal plane (floor)5 GHz 53005330300315575-15-20165Vertical 180165Console
SonicPoint Series Access Points: SonicPoint ACiInternal antennasLED indicatorsLAN2LAN15 GHz2.4 GHzTestPowerWLANPortsUSBLAN1/PoELAN2Radio frequency coverage mapsRadio frequency coverage maps2.4 GHz Vertical2.4 GHz 8016534501590-501352105 GHz Vertical150195180165345015Horizontal plane (floor)5 GHz 0300-2028530031560165Vertical 3027090-50255105240120225135210150195180165Console
SonicPoint Series Access Points: SonicPoint N2External high-gain antennasLED indicatorsLAN2LAN15 GHz2.4 GHzTestPowerWLANPortsUSBLAN1/PoELAN2Radio frequency coverage mapsRadio frequency coverage maps2.4 GHz Vertical2.4 GHz 012022513521013521015018090-252551202251655 GHz Vertical150195180165345015Horizontal plane (floor)5 GHz 31545-53005330300315775-15-20165Vertical 0165Console
SonicWave feature summarySuperior user experienceFeatureDescriptionHigh-speed wireless performanceand rangeSonicWave access points are based on the 802.11ac Wave 2 standard, which can achieve a PHY rateof up to 2.34 Gbps while maintaining a higher performance level at greater ranges depending onenvironmental conditions.Enhanced signal qualityThe 802.11ac standard operates in the 5 GHz frequency band, which has fewer wireless devicescompeting for airspace and is therefore less prone to signal interference.Increased wireless reliabilityThe increase in bandwidth capacity and greater number of spatial streams combined with4x4 MU-MIMO and the improved processing offered by 802.11ac, result in more reliable wirelesscoverage.MU-MIMOMU-MIMO (Multi-user, multiple-input, multiple-output) technology enables simultaneouslytransmission from the access point to numerous wireless clients instead of just one.Band steeringBand steering improves the user experience by steering dual-band clients to automatically connect tothe less crowded 5 GHz frequency band leaving the more crowded 2.4 GHz frequency for legacy clients.BeamformingBeamforming improves wireless performance and range by focusing the wireless signal on an individualclient instead of spreading the data transmission equally in all directions.AirTime FairnessAirTime Fairness distributes air time equally among connected clients, ensuring faster clients get moredata in their time while slower clients receive less.FairNet wirelessbandwidth allocationFairNet guarantees a minimum amount of bandwidth to each wireless client in order to preventdisproportionate bandwidth consumption by a single user.Comprehensive wireless securityFeatureDescriptionReassembly-Free Deep PacketInspection technologySonicWall next-generation firewalls tightly integrate Reassembly-Free Deep Packet Inspection (RFDPI)technology to scan all inbound and outbound traffic on wired and wireless networks and eliminateintrusions, ransomware, spyware, viruses and other threats before they enter the network.SSL/TLS decryption and inspectionThe SonicWall firewall decrypts and inspects SSL/TLS traffic on the fly, without proxying, for malware,intrusions and data leakage, and applies application, URL and content control policies in order to protectagainst threats hidden in SSL/TLS-encrypted traffic.Dedicated third scanning radioSonicWave access points include a dedicated that performs continual scanning of the wireless spectrumfor rogue access points plus additional security functions that help with PCI compliance.Wireless intrusion detection andpreventionWireless intrusion detection and prevention scans the wireless network for unauthorized (rogue) accesspoints and then the managing firewall automatically takes countermeasures, such as preventing anyconnections to the device.Wireless guest servicesWireless guest services enables administrators to provide internet-only access for guest users. Thisaccess is separate from internal access and requires guest users to securely authenticate to a virtualaccess point before access is granted.Lightweight hotspot messagingLightweight hotspot messaging extends the SonicWall wireless guest services model of differentiatedinternet access for guest users, enabling extensive customization of the authentication interface andthe use of any kind of authentication scheme.Captive portalCaptive portal forces a user’s device to view a page and provide authentication through a web browserbefore internet access is granted.Virtual access point segmentationAdministrators can create up to eight SSIDs on the same access point, each with its own dedicatedauthentication and privacy settings. This provides logical segmentation of secure wireless networktraffic and secure customer access.8
Comprehensive wireless security, con'tFeatureDescriptionCloud ACLAn extension to local ACL, cloud ACL is deployed and managed from a centralized RADIUS server in thecloud. This eliminates local ACL scalability issues, enabling organizations to configure authenticationaccounts based on their specific requirements. In addition, MAC authentication can be enforced onall WiFi-enabled devices even if they are not capable of 802.1x support. This adds another layer ofprotection to the wireless network.Multi-RADIUS authenticationMulti-RADIUS Authentication provides enterprise-class redundancy by enabling organizations todeploy multiple RADIUS servers in active/passive mode for high availability. Should the primaryRADIUS server fail, the managing SonicWall firewall discovers the failure and switches to the secondaryserver, ensuring wireless devices can continue to authenticate. Further, multi-RADIUS authenticationcan be supported on each virtual access point and configured for WPA-Enterprise, WPA2-Enterprise orWPA2-Auto-Enterprise mode.Granular securitypolicy enforcementNetwork administrators can implement and enforce firewall rules on all wireless traffic and control allwireless client communications to any host on the network — wired or wireless.Simplified deployment and centralized managementFeatureDescriptionSimplified setup and centralizedmanagementSonicWave access points are automatically detected, provisioned and updated by the wireless controllerin the managing SonicWall SuperMassive, NSA or TZ Series firewall. WLAN administration is alsohandled directly from the managing firewall, simplifying setup and centralizing ongoing management.Wireless planning toolTo optimize access point placement before deployment, the wireless planning tool providescomprehensive visualization of the WiFi environment including obstacles that impact signalperformance plus both covered and non-covered zones.Floor plan viewFloor plan view is a WiFi planning tool that enables users to upload or create a floor plan and placeSonicWave access points appropriately to ensure required wireless coverage.Topology viewTopology view is a WiFi tool that automatically maps devices and how they are connected in the wirelessnetwork architecture in order to aid in troubleshooting.Plenum ratedSonicWave access points are plenum rated for safe installation in air-handling spaces such as in or abovesuspended ceilings.Multiple power optionsSonicWave access points are powered from a SonicWall IEEE 802.11at Power over Ethernet (PoE)Injector or third-party device for easy deployment where electrical outlets are not readily accessible.Light controlsWith dimmable LEDs (excluding power), SonicPoints fit perfectly into environments that need discreetwireless coverage.Broad standards and protocolssupportSonicWave access points support a wide range of wireless standards and security protocols, including802.11 a/b/g/n/ac, WPA2 and WPA. This allows organizations to leverage prior investments in devicesthat are incapable of supporting higher encryption standards.Low total cost of ownershipFeatureDescriptionLow TCOFeatures such as simplified deployment, single pane of glass management for both wireless and security,and no need to purchase a separate wireless controller drastically reduce an organization’s cost to addwireless into a new or existing network infrastructure.MiFi extenderMiFi Extender enables the attachment of a 3G/4G/LTE modem to the SonicWave access point for use aseither the primary WAN or as a secondary failover WAN link for business continuity.Bluetooth Low EnergySonicWave access points include a Bluetooth Low Energy radio that enables the use of ISM (industrial,scientific and medical) applications for healthcare, fitness, retail beacons, security and homeentertainment over a low energy link.Green access pointsSonicWave access points reduce costs by supporting green access points, which enables both radiosto enter sleep mode for power saving when no clients are actively connected. The access point will exitsleep mode once a client attempts to associate with it.9
Wireless Network Security scenariosSonicWall Wireless Network Security is the ideal solution for organizations of all sizes and types looking to build a secure, high-speed wirelessnetwork. Deploying SonicWave 802.11ac Wave 2 access points in combination with a SonicWall next-generation firewall provides enterpriseclass wireless performance and security for businesses, schools, hospitals and other organizations.Small networks — Retail store/medical or dental office deploymentsWireless pointof sale terminalWireless VoIPphonesBack office serversSonicWallSonicWave 432e PoE injectorSecure WPA2SonicWall NSA firewallSecure wirelesszones withreassembly-freedeep packetinspection scanningInternetSonicWall PoE injectorSonicWave 432iWirelesstabletsWireless guest servicesWirelesslaptopsSecure WPA2Advanced Gateway Security Suite includes Capture Advanced Threat Protection, Gateway Security, Content Filtering and 24x7 support.SonicWall Wireless Network Security isperfect for small offices, such as retailbusinesses, school classrooms, medical/dental businesses and banks. By combiningSonicWave series wireless accesspoints with a SonicWall firewall, theseorganizations can quickly extend wirelessnetwork access while providing deep packetinspection for both wired and wirelesstraffic at the gateway before allowingaccess to sensitive resources. SonicWallPartner Enabled ServicesNeed help to plan, deployor optimize your SonicWallsolution? SonicWall AdvancedServices Partners aretrained to provide you withworld class professionalservices. Learn more atwww.sonicwall.com/PES.10wireless guest services offers passwordenforced customer access to the Internet,while virtual access points provide logicalsegmentation of secure wireless networktraffic and in-the-clear customer access.Features SonicWave access points providemulti-gigabit wireless performancewith greater signal range andreliability. SonicWave access points are autodiscovered and auto-configured bythe central management gateway,easing deployment. SonicWave access points enableemployees to securely accessnetwork resources from the wirelessnetwork using SSL VPN or WPA2. Virtual access points create securesegmentation between trusted anduntrusted wireless users by allowingbroadcast of up to eight unique SSIDs. Deep packet inspection technologydetects and eliminates vulnerabilitiesand threats across all inbound andoutbound wireless traffic. Key security services, such asapplication control and contentfiltering, are enforced over thewired and wireless LANs. SonicWall wireless guestservices and lightweight hotspotmessaging enable organizationsto offer customers wirelessInternet access from a customizedauthentication interface. SonicWave access points allow thededication of one radio to rogueaccess detection while the other twosupport users, helping achieve andmaintain regulatory compliance.
Wireless Network Security scenariosSonicWall Wireless Network Security is the ideal solution for organizations of all sizes and types looking to build a secure, high-speed wirelessnetwork. Deploying SonicWave 802.11ac Wave 2 access points in combination with a SonicWall next-generation firewall provides enterpriseclass wireless performance and security for businesses, schools, hospitals and other organizations.Distributed networks — Enterprise/campus deploymentsSonicWave 432iSonicWallPoE injectorCentral / Site HeadquartersSonicWall NSA firewallSonicWave 432iWireless pointof sale terminalSonicWallPoE injectorWireless VoIPphonesRogue access point2 Floor Engineering 2Secure wirelesszones withreassembly-freedeep packetinspectionscanningndRemoteBranchSite 1Secure WPA2SonicWave 432ePoE switchSonicWave 432oSonicWallPoE injectorSonicWall NSA firewallBack office servers1st Floor Sales 1Wireless pointof sale terminalWireless VoIPphonesSonicWave 432eInternetOutdoorLocationSite 2Secure WPA2VPNSecured traffic tocentral siteSonicWallPoE injectorSonicWall SuperMassive firewallLobby Wireless Guest nd monitoringof securitypolicies andSonicWalldevices acrosswired andwireless LANsAdvanced Gateway Security Suite includes Capture Advanced Threat Protection, Gateway Security, Content Filtering and 24x7 support.In distributed network environments thathave a higher density of client associations,such as businesses with remote andbranch offices, college campuses, schooldistricts and healthcare provider networks,SonicWave wireless access points with802.11ac Wave 2 technology providesuperior wireless signal performance,range and quality. Employees, students andcustomers can securely access networkresources on the wireless network usingSSL VPN or WPA2. Using SonicWall
The SonicWall firewall decrypts and inspects SSL/TLS traffic on the fly, without proxying, for malware, intrusions and data leakage, and applies application, URL and content control policies in order to protect . for rogue access points plus additional security functions that help with PCI
