SonicWALL SOHO TZW Troubleshooting
Contents
1. 9 Is the SOHO TZW using Wireless Guest Services If the SOHO TZW has Wireless Guest Services activated the SOHO TZW blocks all communications to the WAN until the wireless user authenticates to the SOHO TZW or connects to the SOHO TZW with the Global VPN Client Users are authenticated via HTTP web browser by intercepting the wireless user s attempt to connect to a webserver on the WAN side of the SOHO TZW For instance if a wireless user opens Microsoft Internet Explorer and attempts to access http www sonicwall com the SOHO TZW instead presents a login screen to the user which will require a username and password These user names and accounts must be configured on the SOHO TZW first please note that there are both permanent accounts and time based accounts that can be used for Wireless Guest Services Successful authentication then opens up WAN access for the wireless user for all policy allowed protocols and destinations Unsuccessful authentication causes the SOHO TZW to log the failed attempt and blocks the wireless user access Its important to note that Wireless Guest Services controls access to the WAN activating WGS blocks all guest users from accessing anything on the LAN even if there are policy entries created to permit it WGS overrides these entries Also note that the use of Wireless Guest Services requires the use of MAC Address filtering but that successful authentication of a guest user automatically allows the guest2. s MAC address to connect Because of this it is not necessary to manually input the MAC address of the guest user s wireless card on the SOHO TZW in fact if you do then those users will actually not get prompted with the WGS login 10 Is the SOHO TZW using WiFiSec If the SOHO TZW has WiFiSec Enforcement enabled it will only accept IPSec packets through the WLAN interface unless Wireless Guest Services is also enabled and if so it will force unencrypted attempts to access the WAN to first authenticate themselves This means that all wireless users must use the Global VPN Client to authenticate and connect to the SOHO TZW before being able to access any WAN or LAN resources policy permitting If the wireless user is unable to e connect to the SOHO TZW with the Global VPN Client check the following Make sure the wireless user s Global VPN Client is configured with the SOHO TZW s WLAN IP address and not its LAN or WAN IP address or if using more recent versions of the client make sure they re using the default Office Gateway entry This is a common mistake and should be the first thing checked Make sure the GroupVPN is active on the SOHO TZW by checking the Enable checkbox in the VPN Settings screen The GroupVPN is the built in connector for all incoming VPN Clients Make sure the keying mode is set appropriately preshared secret or certificates Make sure the policy has been set appropriate to the environment
3. Make sure the VPN terminates on the LAN WLAN port and not just the LAN port If requiring user authentication make sure the Require Authentication of VPN Clients via XAUTH checkbox is checked in the GroupVPN connector s advanced tab and that the accounts have been correctly set up on the SOHO TZW internal list or external RADIUS f not using simple key provisioning make sure the preshared key is configured and that users know it as they are prompted to enter it before the user amp password prompt Page 3 of 4 SONICWALL gt TECHnotes SonicWALL SOHO TZW Troubleshooting v1 3 11 Is the policy set up correctly By default the SOHO TZW is set to let all WLAN traffic access any destination and protocol via the WAN interface but not access any destination or protocol on the LAN If the wireless users need to access resources on the LAN side of the SOHO TZW it is necessary to create policy entries allowing this However doing so may compromise the security of the SOHO TZW To fully protect the LAN resources ensure that WiFiSec Enforcement is enabled and use the Virtual IP option on the GroupVPN connector Doing so will require wireless users to first connect to the SOHO TZW with the Global VPN Client which then assumes an IP address on the LAN side of the SOHO TZW Doing this ensures that any wireless user has been authenticated before they can access the LAN resources and bypasses the WLAN to LAN
4. 02 1x authentication for this network is unchecked When done click on the OK buttons to save all changes You may need to reboot the XP system and the SOHO TZW if you are switching WEP keys 6 Is the signal strength sufficient If all the settings are correct on each side and the wireless card still cannot connect to the SOHO TZW there may be environmental factors involved It may be that the wireless card is located too far from the SOHO TZW or that there is substantial signal interference occurring This may be the result of passive interference in the form of concrete or steel walls or active interference in the form of another wireless access point broadcasting on the same or adjacent channel It may also be the result of active interference from a microwave oven 2 4Ghz cordless phone x10 security systems baby monitoring systems or bluetooth devices Correcting this issue may require moving the wireless card closer to the SOHO TZW reorienting the antennas on the wireless card and SOHO TZW adjusting the power output on the SOHO TZW or purchasing a higher power wireless card In the case of active interference it may involve moving the SOHO TZW to a different channel where no interference occurs from any external sources This may require the use of a wireless sniffer or spectrum analyzer 7 Are the wireless card and SOHO TZW set for DHCP or Static IP If all the settings are correct on each side and the wireless card cannot a
5. TECHnotes SonicWALL SOHO TZW Troubleshooting Prepared by SonicWALL Inc 10 30 2003 Troubleshooting wireless connectivity issues can be a tricky process as it may involve environmental factors card driver software issues operating system issues and configuration issues on the SOHO TZW itself Most of the time wireless problems are described to you only as can t connect This whitepaper describes some of the most common wireless connectivity problems and how to resolve them Troubleshooting Checklist 1 Is the wireless card supported Check the SOHO TZW Wireless Card Support Matrix to determine if SonicWALL has successfully tested the wireless card and its software driver Alternately check to see if the wireless card has been WECA certified if it is not listed on the matrix It may be that the wireless card drivers are either outdated or that the card is not currently supported for use with the SOHO TZW 2 Is the wireless card installed correctly Check the system s OS to determine if the card s drivers have been installed correctly that the card shows up as enabled in the OS and if the OS s device manager shows the card as active and working properly It may be that the wireless card is physically present in the system but that the OS has not been configured correctly to utilize the card 3 Is the wireless card s management software able to see the SOHO TZW s SSID Most wireless cards have proprietar
6. blems have been found to be the following The OS is sending a DHCP request with requested IP as 169 254 183 186 instead of a DHCP Discover Our DHCP server drops these requests since the server ID sent in the request does not match with ours Our behaviour is according to the RFC specifications After the maximum retries of 4 the OS is then sending a DHCP Discover So we send a DHCP offer in return After this point there is no response from OS There has to be a reply from the DHCP Client in the form of a DHCP Request or DHCP Decline which OS does not seem to send Until Microsoft resolves this issue it may be necessary to statically assign all IP address information to the wireless adapter onboard the handheld device running PocketPC 2002 in order to connect it to the WLAN interface of the SOHO TZW 14 Is the wireless system attempting to log into an Active Directory network First off make sure that the WLAN to LAN rule allowing access to the LAN resources has the advanced Allow Fragmented Packets checkbox enabled Active Directory uses Kerberos as part of the login mechanism and because of this it is necessary to allow the fragmented authentication packets to pass between the WLAN and LAN It may help to activate NetBIOS pass through from the WLAN to LAN this option can be accessed by clicking on the Advanced button at the bottom right side of the firewall policy on the Firewall Access Rules section Also make
7. ccess any resources through the SOHO TZW check the wireless card s TCP IP settings If the SOHO TZW is set to issue DHCP addresses via the WLAN interface check to make sure there are available addresses and that the scope has been set up correctly If the SOHO TZW is not issuing DHCP addresses via the WLAN interface you will need to set the wireless card to use a unique static IP address from the same subnet attached to the SOHO TZW s WLAN interface the correct mask the SOHO TZW s WLAN IP address as the default gateway and the correct DNS WINS information for the user s environment If DHCP is in use and the card is unable to retrieve a lease from the SOHO TZW it may be necessary to issue the windows commands ipconfig release and ipconfig renew to obtain a lease or to reboot completely Page 2 of 4 SONICWALL gt TECHnotes SonicWALL SOHO TZW Troubleshooting v1 3 8 Is the SOHO TZW using MAC Filtering If the SOHO TZW is using MAC filtering then the SOHO TZW s administrator must add the wireless card s MAC address to the Wireless MAC Filter List as an Allow entry Most wireless card manufacturers list the MAC address on the bottom of the card but if it is not you can find the MAC address by installing the card and issuing the windows command ipconfig all Please note this is not necessary for Wireless Guest Services users as their MAC addresses are automatically added upon successful authentication
8. ked If your SOHO TZW s SSID name appears in the Available Networks box select it and then click on the Configure button to the right If you do not see it try clicking on the Refresh button Please note that if the SOHO TZW has been set to suppress SSID and not respond to Probe Request frames advanced settings then it is necessary to instead use the Add button below to manually enter in the SSID f you are using WEP check the boxes next to Data encryption WEP enabled and Network Authentication shared mode Both must be checked or it will not work Uncheck the box next to The key is provided to me automatically If using WEP enter the SOHO TZW s WEP key into the Network Key and Confirm Network Key fields f using WEP XP prior to Service Pack 1 will require you to select what type the key is alphanumeric hexidecimal and the key size 40 104 Please note that although the SOHO TZW lists different key sizes 64 128 they are actually the same For this purpose 40 64 and 104 128 After Service Pack 1 these drop down boxes are not shown and XP automatically determines the type and size f using WEP XP prior to Service Pack 1 has a different key index and uses 0 3 instead of 1 4 The SOHO TZW s key index uses 1 4 For this purpose 0 1 1 2 2 3 3 4 This was resolved in Service Pack 1 Click on the Association tab and make sure the box next to Enable IEEE 8
9. restriction the Wireless Guest Services users are subject to 12 Is the wireless radio in the SOHO TZW operating In rare instances the radio inside the SOHO TZW may not initialize correctly resulting in all wireless users being unable to associate even though LAN users are not experiencing any issues connecting through the SOHO TZW There are several ways to check the radio status first check the SOHO TZW s front panel to see if the amber test light the one with the wrench icon above it is lit or if the green on light is steadily flashing If either of these are occurring unplug the power cable from the SOHO TZW wait a minute then plug the power cable back in and wait for the test light to shut off The second method is to check via the Management GUI from a system on the LAN If you can log into the SOHO TZW and the management GUI either hangs when clicking on the Wireless section or the WLAN Statistics all report zero counts this means that the wireless radio is not operating If this happens unplug the power cable from the SOHO TZW wait a minute then plug the power cable back in and wait for the test light to shut off 13 Is the wireless device running PocketPC 2002 2003 and attempting to use DHCP There appears to be an intermittent issue with the DHCP client in the PocketPC 2002 2003 OS that can prevent it from obtaining a DHCP lease from the SOHO TZW According to the engineering staff the pro
10. structure mode instead of Ad Hoc Choosing the wireless data rate usually auto but depends upon environment Setting the power saving mode usually for laptops that wish to conserve battery Setting the authentication to Open System or Shared Key use Open System if no WEP Shared Key if WEP is used Setting to use short or long preamble must match setting on SOHO TZW Page 1 of 4 SONICWALL gt TECHnotes SonicWALL SOHO TZW Troubleshooting v1 3 5 Is Windows XP managing the card Windows XP has a built in wireless configuration program that is on by default and may cause problems if configured incorrectly It is strongly recommended that you disable this feature and instead use the management driver software that ships with the wireless card However if the XP configuration program must be used please note the following The wireless card s software drivers must be compatible with Microsoft s Wireless Zero Configuration service You can access the settings by clicking on the wireless card s icon in the system tray or by right clicking on the My Network Places icon on the desktop and double clicking on the wireless card s icon When the initial configuration screen appears it will list all of the wireless networks that it sees Click on the Advanced button on the lower left side of this screen Make sure the Use Windows to configure my wireless network settings box is chec
11. sure that the wireless systems are using internal WINS DDNS for resolution or manual HOSTS LMHOSTS entries for the LAN based systems that need to be accessed 15 Is the Preamble Length set correctly Most of the newer 802 11b wireless cards and their drivers are capable of using Short preambles which are more efficient and faster than the older Long type of preamble Some older cards and older drivers may not understand short preambles so it may be necessary to set this option to Long in order for them to associate Please note that this is a global setting so all wireless cards associating with the SOHO TZW will need to use the same setting Page 4 of 4 SONICWALL gt
12. y management software that allow the user to configure the required wireless settings but also note that Windows XP by default will attempt to configure wireless cards itself If the wireless card cannot see the SSID it may be out of range of the SOHO TZW and will need to be either moved or reoriented such that the wireless card s antennas can pick up the SSID broadcasts coming from the SOHO TZW If the SOHO TZW has been set to suppress SSID broadcasts and not answer to null SSID requests it may be necessary to manually input the SSID into the wireless card s setup tool Please note that some setup tools do not allow the user to do this and it may be necessary to reconfigure the SOHO TZW to broadcast SSID 4 Is the wireless card s management software configured correctly In order to properly associate and authenticate with the SOHO TZW the wireless cards must be configured to match the SOHO TZW s wireless settings Misconfiguring even one setting may result in the wireless card being unable to connect to the SOHO TZW The terms used by each manufacturer may differ and some of these may not even be present but the management software will probably include the following Selecting the SOHO TZW s SSID seeing it via broadcast or manually inputting it Selecting the SOHO TZW s WEP key strength 64 or 128 Selecting the WEP key type alphanumeric or hexidecimal Entering the WEP key s Selecting the WEP key to send Choosing Infra
Download Pdf Manuals
Related Search