Filter
Top Products
Introduction
39
SonicOS Enhanced 4.0 Administrator Guide
In SonicOS Enhanced 4.0, VAPs allow the network administrator to control wireless user
access and security settings by setting up multiple custom configurations on a single
physical interface. Each of these custom configurations acts as a separate (virtual) access
point, and can be grouped and enforced on single or multiple physical SonicPoint access
points simultaneously. You can configure up to eight VAPs per SonicPoint access point.
• Layer 2 Bridge Mode - SonicOS Enhanced 4.0 supports Layer 2 (L2) Bridge Mode, a new
method of unobtrusively integrating a SonicWALL security appliance into any Ethernet
network. L2 Bridge Mode is similar to the SonicOS Enhanced Transparent Mode in that it
enables a SonicWALL security appliance to share a common subnet across two interfaces,
and to perform stateful and deep-packet inspection on all traversing IP traffic, but it is
functionally more versatile.
L2 Bridge Mode employs a secure learning bridge architecture, enabling it to pass and
inspect traffic types that cannot be handled by many other methods of transparent security
appliance integration. Using L2 Bridge Mode, a SonicWALL security appliance can be non-
disruptively added to any Ethernet network to provide in-line deep-packet inspection for all
traversing IPv4 TCP and UDP traffic. Unlike other transparent solutions, L2 Bridge Mode
can pass all traffic types, including IEEE 802.1Q VLANs, Spanning Tree Protocol, multicast,
broadcast, and IPv6, ensuring that all network communications will continue uninterrupted.
L2 Bridge Mode provides an ideal solution for networks that already have an existing
firewall, and do not have immediate plans to replace their existing firewall but wish to add
the security of SonicWALL Unified Threat Management (UTM) deep-packet inspection,
such as Intrusion Prevention Services, Gateway Anti-Virus, and Gateway Anti Spyware.
The following feature enhancements are included in SonicOS Enhanced 4.0:
• Enhanced Packet Capture - SonicOS Enhanced 4.0 provides an enhanced version of the
Packet Capture feature. Enhanced Packet Capture contains improvements in both
functionality and flexibility, including the following:
–
Capture control mechanism with improved granularity for custom filtering
–
Display filter settings independent from capture filter settings
–
Packet status indicating dropped, forwarded, generated, or consumed
–
Three-window output in the user interface that provides the packet list, decoded output
of selected packet, and hexadecimal dump of selected packet
–
Export capabilities that include text, HTML, hex dump, and CAP file format
–
Automatic buffer export to FTP server when full
–
Bidirectional packet capture based on IP address and port
–
Configurable wrap-around of capture buffer when full
• User Authentication - There are a number of enhancements to user authentication in
SonicOS Enhanced 4.0, including optional case-sensitive user names, optional
enforcement of unique login names, support for MSCHAP version 2, and support for VPN
and L2TP clients changing expired passwords (when that is supported by the back-end
authentication server and protocols used). Note that for this purpose there is a new setting
on the VPN > Advanced page to cause RADIUS to be used in MSCHAP mode when
authenticating VPN client users.
• IP Helper Scalability - SonicOS Enhanced 4.0 provides enhancements to the IP Helper
architecture to support large networks. Improvements include changes to DHCP relay and
Net-BIOS functionality. DHCP relay over VPN is now fully integrated.
• Diagnostics Page Tool Tips - SonicOS Enhanced 4.0 incorporates self-documenting
mouse-over descriptions for diagnostic controls in the graphical user interface.