Filter
Top Products
Network > Zones
199
SonicOS Enhanced 4.0 Administrator Guide
–
X5 IP
Step 8 In the SSL-VPN Service list, select the service or group of services you want to allow for clients
authenticated through the SSL-VPN.
Step 9 Select WiFiSec Enforcement to require that all traffic that enters into the WLAN Zone interface
be either IPsec traffic, WPA traffic, or both. With WiFiSec Enforcement enabled, all non-guest
wireless clients connected to SonicPoints attached to an interface belonging to a Zone on which
WiFiSec is enforced are required to use the strong security of IPsec. The VPN connection
inherent in WiFiSec terminates at the “WLAN GroupVPN”, which you can configure
independently of “WAN GroupVPN” or other Zone GroupVPN instances. If you select both
WiFiSec Enforcement, and SSL-VPN Enforcement, the Wireless zone will allow traffic
authenticated by either a SSL-VPN or an IPsec VPN.
Step 10 If you have enabled WiFiSec Enforcement, you can specify services that are allowed to
bypass the WiFiSec enforcement by checking WiFiSec Exception Service and then selecting
the service you want to exempt from WiFiSec enforcement.
Step 11 If you have enabled WiFiSec Enforcement, you can select Require WiFiSec for Site-to-Site
VPN Tunnel Traversal to require WiFiSec security for all wireless connections through the
WLAN zone that are part of a site-to-site VPN.
Step 12 Select Trust WPA traffic as WiFiSec to accept WPA as an allowable alternative to IPsec. Both
WPA-PSK (Pre-shared key) and WPA-EAP (Extensible Authentication Protocol using an
external 802.1x/EAP capable RADIUS server) will be supported on SonicPoints.
Step 13 Under the SonicPoint Settings heading, select the SonicPoint Provisioning Profile you
want to apply to all SonicPoints connected to this zone. Whenever a SonicPoint connects to
this zone, it will automatically be provisioned by the settings in the SonicPoint Provisioning
Profile, unless you have individually configured it with different settings.
Step 14 Click the Guest Services tab. You can choose from the following configuration options for
Wireless Guest Services:
–
Enable Wireless Guest Services - Enables guest services on the WLAN zone.
–
Enable inter-guest communication - Allows guests connecting to SonicPoints in this
WLAN Zone to communicate directly and wirelessly with each other.
–
Bypass AV Check for Guests - Allows guest traffic to bypass Anti-Virus protection.