Tips for wireless deployment

Symantec.com > Enterprise > Support > Knowledge Base

Tips for wireless deployment

Question/Issue:
This document provides information and instruction on general wireless deployment with Symantec™ Gateway Security 300 Series appliances.

Solution:
The Symantec Gateway Security 300 Series appliance provides for optional use of wireless networking. To use this feature, you must purchase the Symantec wireless radio card to install in your Symantec Gateway Security 300 Series appliance. Wireless network is only supported with the Symantec wireless radio card.

Physical planning
Like a wired LAN, you must plan for hardware location before setting up the network. The access point is your wireless user's connection to your network and the Internet, so it must be located where the access point and the user's wireless network card can communicate easily. The location of the access point is crucial for optimal wireless network performance. There are different considerations when doing physical planning for a wireless network. Before you begin installing your wireless network, review the following guidelines regarding placement of the access point:

Sensitivity and range are inversely proportional to throughput.
The closer the wireless client is to the access point, the better the data rate. Ensure that you have enough access points close enough together to ensure seamless coverage. See Overlapping access points on page 12 of the Symantec Gateway Security 300 Series Wireless Implementation Guide.
Place the access point as high as you can for best reception.
The appliance has holes on the bottom of the appliance where you may mount it on a wall. See "Extending the access point range" on page 12 of the Symantec Gateway Security 300 Series Wireless Implementation Guide.
Place the access point away from clutter.
Open areas have a better reception range. Physical obstructions like cubicles, metal shelving, or steel pillars can lower performance. Avoid metal barriers.

Extending the access point range
The wireless card by itself can receive a signal from a wireless client. Placing the appliance as high and as far away from clutter helps reception. Attaching a range extending antenna with an MC type connector (such as Orinoco™ IEEE Range Extender) to the wireless card increases and directs the range of the access point. The antenna increases the reception and signal that the access point uses, as well as letting you mount the appliance and point the antenna in the direction where the majority of your wireless users access the appliance. You can extend the access point range before or after installation.

To attach a wireless antenna to the wireless card

Turn off the appliance by pressing the power button.
Attach the cord from the antenna to the antenna port on the end of the wireless card.
Turn on the appliance by pressing the power button.

Overlapping access points
To create an extended WLAN, you use multiple access points, with one acting as a primary and the remainder acting as secondary. You connect the secondary access points to the primary access point with an Ethernet cable from LAN port to LAN port. There is a limit of 15 secondary access points in a WLAN. See “Configuring access points” on page 19 of the Symantec Gateway Security 300 Series Wireless Implementation Guide.
When planning your network, ensure that the access points are close enough together to ensure seamless roaming for your clients. Use the following table to plan the location of your primary and secondary access points.

Protocol	Location	Range/Speed
802.11b	Indoors	125 feet (38.1 meters) at 11 Mbps 750 feet (228.6 meters) at 1 Mbps
802.11b	Outdoors	450 feet (137.2 meters) at 11 Mbps 1800 feet (548.6 meters) at 1 Mbps
802.11g	Indoors	125 feet (38.1 meters) at 54 Mbps 750 feet (228.6 meters) at 5 Mbps
802.11g	Outdoors	450 feet (137.2 meters) at 15 Mbps 1800 feet (548.6 meters) at 1 Mbps

The following diagram shows a primary access point with two secondary access points. Each concentric circle represents decreased reception. Plan to overlap the ranges of your primary and secondary access points. Also plan to assign channel numbers from different parts of the range of available channel numbers to the access points so that the channels do not overlap.

Client planning
In preparation for clients to connect to your wireless network, you must ensure that they have the proper hardware and software for a successful experience. Also, as administrator, you must configure the appliance for your clients to use antivirus policy enforcement (AVpe) and VPN for secure networks.

Wireless NICs
The appliance's wireless functionality has been tested with and supports the network adapter cards in the following list:

LinkSys Model WPC55AG Wireless A+G notebook adapter
US Robotics Model 5410 802.11g wireless turbo card
3Com Model sl-1110
Intel Pro 2011 802.11b
Netgear Model WG511 802.11b/g 54 Mbps wireless PC card
Cisco Air 802.11b PCM352 with integrated antenna
Dlink DWL650 2.4 ghz 802.11b
LinkSys WPC11 802.11b
Netgear 802.11b MA701 for PDA
LinkSys 802.11b WCF11 type II for PDAs
Hawking CF100w for pocket PC

VPN client
For optimal wireless security, you can require that all wireless LAN users go through a VPN tunnel. If you select this option, each user must have a VPN client, such as Symantec Client VPN.
As the administrator of the appliance, you must also provide each client with the following information for them to enter into the client software:

IP address of the main gateway (not a roaming IP)
Shared secret
If you are using RADIUS authentication, user name (client ID) and password (shared secret). See the Symantec Gateway Security 300 Series Administrator's Guide for more information about RADIUS authentication.

Document ID: 2004041910560154
Last Modified: 04/10/2008
Date Created: 04/19/2004
Product(s): Symantec Gateway Security 300 Series, Symantec Gateway Security 400 Series
Release(s): 320, 360, 360R, 440, 460, 460R, SGS 440, SGS 460, SGS 460R