Introduction
46
SonicOS 5.8.1 Administrator Guide
–
EAPOL packet flood
–
Weak WEP IV
• SMTP Authentication - SonicOS Enhanced supports RFC 2554, which defines an SMTP
service extension that allows the SMTP client to indicate an authentication method to the
server, perform an authentication protocol exchange, and optionally negotiate a security
layer for subsequent protocol interactions. This feature helps prevent viruses that attack the
SMTP server on port 25.
• Generic DHCP Option Support - SonicOS Enhanced supports generic DHCP
configuration, which allows vendor-specific DHCP options in DHCP server leases.
• DHCP Server Lease Cross-Reboot Persistence - DHCP Server Lease Cross-Reboot
Persistence provides the ability to record and return to DHCP server lease bindings across
power cycles. The SonicWALL security appliance does not have to depend on dynamic
network responses to regain its IP address after a reboot or power cycle.
• Custom IP Type Service Objects - SonicOS Enhanced supports Custom IP Type Service
Objects, allowing administrators to augment the predefined set of Service Objects.
• Dynamic Address Objects - SonicOS Enhanced supports two changes to Address
Objects:
–
MAC - SonicOS Enhanced will resolve MAC AOs to an IP address by referring to the
ARP cache on the SonicWALL.
–
FQDN - Fully Qualified Domain Names (FQDN), such as ‘www.sonicwall.com’, will be
resolved to their IP address (or IP addresses) using the DNS server configured on the
SonicWALL. Wildcard entries are supported through the gleaning of responses to
queries sent to the sanctioned DNS servers.
• Virtual Access Points - A “Virtual Access Point” (VAP) is a multiplexed instantiation of a
single physical Access Point (AP) so that it presents itself as multiple discrete Access
Points. To wireless LAN clients, each Virtual AP appears to be an independent physical AP,
when there is actually only a single physical AP. Before Virtual AP feature support, wireless
networks were relegated to a One-to-One relationship between physical Access Points and
wireless network security characteristics, such as authentication and encryption. For
example, an Access Point providing WPA-PSK security could not simultaneously offer
Open or WPA-EAP connectivity to clients. If Open or WPA-EAP were required, they would
need to have been provided by a separate, distinctly configured APs. This forced WLAN
network administrators to find a solution to scale their existing wireless LAN infrastructure
to provide differentiated levels of service. With the Virtual APs (VAP) feature, multiple VAPs
can exist within a single physical AP in compliance with the IEEE 802.11 standard for the
media access control (MAC) protocol layer that includes a unique Basic Service Set
Identifier (BSSID) and Service Set Identified (SSID). This allows segmenting wireless
network services within a single radio frequency footprint of a single physical access point
device.
VAPs allow the network administrator to control wir
eless user access and security settings
by setting up multiple custom configurations on a single physical interface. Each of these
custom configurations acts as a separate (virtual) access point, and can be grouped and
enforced on single or multiple physical SonicPoint access points simultaneously. You can
configure up to eight VAPs per SonicPoint access point.
• Layer 2 Bridge Mode - SonicOS Enhanced supports Layer 2 (L2) Bridge Mode, a new
method of unobtrusively integrating a SonicWALL security appliance into any Ethernet
network. L2 Bridge Mode is similar to the SonicOS Enhanced Transparent Mode in that it
enables a SonicWALL security appliance to share a common subnet across two interfaces,
and to perform stateful and deep-packet inspection on all traversing IP traffic, but it is
functionally more versatile.