Introduction
38
SonicOS Enhanced 4.0 Administrator Guide
–
Ad-Hoc station
–
Unassociated station
–
Wellenreiter attack
–
NetStumbler attack
–
EAPOL packet flood
–
Weak WEP IV
• SMTP Authentication - SonicOS Enhanced 4.0 supports RFC 2554, which defines an
SMTP service extension that allows the SMTP client to indicate an authentication method
to the server, perform an authentication protocol exchange, and optionally negotiate a
security layer for subsequent protocol interactions. This feature helps prevent viruses that
attack the SMTP server on port 25.
• Generic DHCP Option Support - SonicOS Enhanced 4.0 supports generic DHCP
configuration, which allows vendor-specific DHCP options in DHCP server leases.
• DHCP Server Lease Cross-Reboot Persistence - SonicOS Enhanced 4.0 introduces
DHCP Server Lease Cross-Reboot Persistence, which provides the ability to record and
return to DHCP server lease bindings across power cycles. The SonicWALL security
appliance does not have to depend on dynamic network responses to regain its IP address
after a reboot or power cycle. This feature is supported on all SonicWALL PRO platforms.
It is not supported on SonicWALL TZ platforms.
• Custom IP Type Service Objects - SonicOS Enhanced 4.0 introduces support for Custom
IP Type Service Objects, allowing administrators to augment the pre-defined set of Service
Objects.
• Dynamic Address Objects - SonicOS Enhanced 4.0 supports two changes to Address
Objects:
–
MAC - SonicOS Enhanced 4.0 will resolve MAC AOs to an IP address by referring to
the ARP cache on the SonicWALL.
–
FQDN - Fully Qualified Domain Names (FQDN), such as ‘www.sonicwall.com’, will be
resolved to their IP address (or IP addresses) using the DNS server configured on the
SonicWALL. Wildcard entries are supported through the gleaning of responses to
queries sent to the sanctioned DNS servers.
• Virtual Access Points - A “Virtual Access Point” (VAP) is a multiplexed instantiation of a
single physical Access Point (AP) so that it presents itself as multiple discrete Access
Points. To wireless LAN clients, each Virtual AP appears to be an independent physical AP,
when there is actually only a single physical AP. Before Virtual AP feature support, wireless
networks were relegated to a one-to-one relationship between physical Access Points and
wireless network security characteristics, such as authentication and encryption. For
example, an Access Point providing WPA-PSK security could not simultaneously offer
Open or WPA-EAP connectivity to clients. If Open or WPA-EAP were required, they would
need to have been provided by a separate, distinctly configured APs. This forced WLAN
network administrators to find a solution to scale their existing wireless LAN infrastructure
to provide differentiated levels of service. With the Virtual APs (VAP) feature, multiple VAPs
can exist within a single physical AP in compliance with the IEEE 802.11 standard for the
media access control (MAC) protocol layer that includes a unique Basic Service Set
Identifier (BSSID) and Service Set Identified (SSID). This allows segmenting wireless
network services within a single radio frequency footprint of a single physical access point
device.