Guest Services; Inter-Guest Communications; Dynamic Address Translation; Bypass Guest Authentication - SonicWALL SonicPoint Administrator's Manual

:

Guest Services

Guest Services are designed to provide guest users with wireless access to public resources, such as
the Internet, or a number of "walled-garden" (explicitly allowed) sites. Adding to the capabilities of
WGS on the SonicWALL TZ Series 170 Wireless, the Guest Services feature on the SonicOS
Enhanced offers:
• Profiles to allow for template based account generation.
• Bulk Account generation to create multiple accounts at once.
• Limited Admin access to Guest Services management pages.
• Integration of Guest Services user accounts into the Local User/Group account structure.
Guest Services controls on SonicOS Enhanced 2.5 will be integrated into the Zone configuration
pages, and will be uniquely configurable on every Wireless Zone instance. In other words, it will be
possible to provide WGS on a user created "Working Zone" while not providing guest access on the
default "WLAN Zone", or to provide one set of Guest Services options on one Wireless Zone, and a
completely different set of options on another.
In addition to providing the ability to accept wired traffic, disabling SonicPoint enforcement has the
additional benefit of being able to provide Wireless Guest Services to wired hosts. All features of
Wireless Guest Services will function for wired guests exactly as they do for wireless guests, including
authentication page redirection and Lightweight Hotspot Messaging (LHM) and DAT.

Inter-guest Communications

The option to enable inter-guest communications allows for Guest Services users to communicate
with each other for the purpose of peer-to-peer networking, WiFi VoIP communications, gaming, etc.
Inter-guest communications controls occur at the Wireless Gateway layer, below the Firewall Access
Rules, and will not manifest itself in the Access Rule table. If IP addresses are known or predictable, it
will still be possible to create Access Rules to further control Guest user traffic. DAT (Dynamic
Address Translation) Guest users will not be able to communicate with each other, regardless of Inter-
guest Communication settings.

Dynamic Address Translation

Dynamic Address Translation allows for Guest clients to use any IP addressing scheme and DNS
settings rather than requiring them to reside on a pre-scribed L3 subnet. This allows for statically
addressed guests to use Guest Services without having to reconfigure their client settings.

Bypass Guest Authentication

Bypass Guest Authentication can be enabled for the "All MAC Addresses" address object, providing
un-authenticated Guest Services access to all users, or MAC Addresses can be specified (individually
as a group) to provide unauthenticated Internet access to certain Stations. This is useful in providing
Internet access to pre-defined users, or to devices that lack the ability to authenticate (such as WiFi-
SIP VoIP phones, or other browser-less wireless networking devices).

Customizable Authentication Pages

It is possible to define either an external URL or text/html-based header and footer information the
authentication page for users authenticating on a Wireless Zone interface rather than presenting the
default SonicWALL auth.html authentication page. This allows for the sort of customizability required
for hotspot, business, or hospitality environments. It is also now possible to define a post-
authentication page, that is, a page to which the user will be automatically redirected after successful
authentication. This can be used to present such things as usage policy information or custom portal
pages.
20
S WALL S P
ONIC ONIC OINT
A ' G
DMINISTRATOR S UIDE