Archive for February, 2010

Setting Up SonicWALL’s SonicPoints

Tuesday, February 23rd, 2010

99% of this is from Page 23 of the SonicWALL Network Security Appliances – SonicPoint-N Dual-Band Getting Started Guide, the other 1% makes it worth reprinting.

Configuring Wireless Access

This section describes how to configure SonicPoints with a
SonicWALL UTM appliance.

SonicWALL SonicPoints are wireless access points specially engineered to work with SonicWALL UTM appliances. Before you can manage SonicPoints in the management interface, perform the following steps:
-Configuring Provision Profiles
-Configuring a Wireless Zone
-Configuring the Network Interface

Configuring Provision Profiles
SonicPOint Profile defines settings that can be configured on a SonicPoint, such as radio SSIDs, and channels of operation.

These profiles make it easy to apply basic settings to a wireless zone, especially when that zone contains multiple SonicPoints When a SonicPoint is connected to a zone, it is automatically provisioned with the profile assigned to that zone. If a SonicPoint is connected to a zone that does not have a custom profile assigned to it, the default profile “SonicPoint-N” is used.

To add a new profile:
1. Navigate to the SonicPoint > SonicPoints page in the SonicOS interface.
2. Click Add SonicPointN below the list of SonicPoint provisioning profiles.
3. The Add/Edit SonicPoint Profile window displays settings you can enable and/or modify.

Settings Tab:
1. Select Enable SonicPoint
2. Enter a Name Prefix to be used internally as the first part of the name for each SonicPoint provisioned
3. Select the Country Code for the area of operation

802.11n Radio Tab
1. Select Enable Radio
2. Optionally, select a schedule for he radio to be enabled from the drop-down list. The most common work and weekend hour schedules are pre-populated for selection.
3. Select a Radio Mode to dictate the radio frequency band(s). The default settings is 2.4GHz 802.11n/g/b Mixed.
4. Enter an SSID. This is the access point name that will appear in clients’ lists of available wireless connections.
5. Select a Primary Channel and Secondary Channel. You may choose AutcChannel and Secondary Channel. You may choose AutoChannel unless you have a reason to use or avoid specific channels.
6. Under WEP/WPA Encryption, select the Authentication Type of your wireless network. SonicWALL recommends using WPA2 as the authentication type.
7. Fill in the fields specific to the authentication type that you selected. The remaining files change depending on the selected authentication type.
8. Optionally, under ACL Enforcement, select Enable MAC Filter List to enforce Access Control by allowing or denying traffic from specific devices. Select a MAC address object group from the Allow List or Deny List to automatically allow or deny traffic to and from all devices with MAC addresses in the group. The Deny List is enforced before the Allow List.

Advanced Tab:
Configure the advanced radio settings for the 802.11n radio. For most 802.11n advanced options, the default settings give optimum performance. For a full description of the fields on this tab, see the SonicOS Enhanced Administrator’s Guide.

Configuring a Wireless Zone

You can configure a wireless zone on eh Network > Zones page. Typically, you will configure the WLAN zone for use with SonicPoints.

To configure a standard WLAN zone:
1. On the Network > Zones page in the WLAN row, click the icon in the Configure column.
2. Click on General tab.
3. Select the Allow Interface Trust setting to automate the creation of Access Rules to allow traffic to flow between the interfaces within the zone, regardless of which interfaces to which the zone is applied. For example, if the WLAN Zone has both the X2 and X3 interfaces assigned to it, selecting the Allow Interface Trust checkbox on the WLAN Zone creates the necessary Access Rules to allow hosts on these interfaces to communicate with each other.
4. Select the check boxes for the security services to enable on this zone. Typically, you would enable Gateway Anti-Virus, IPS, and Anti-Spyware (IF YOU HAVE THE LICENSES). If your wireless clients are all running SonicWALL Client Anti-Virus, select Enable Client AV Enforcement Service.
5. Click on the Wireless Tab.
6. Select Only allow traffic generated by a SonicPoint to allow only traffic from SonicWALL SonicPoints to enter the WLAN Zone interface. This provides the maximum security on your WLAN.
7. Optionally, click the Guest Services tab to configure guest Internet access solely, or in tandem with secured access. For information about configuring Guest Services, see the SonicOS Enhanced Administrator’s Guide.
8. When finished, click OK.

Configuring the Network Interface

Each SonicPoint or group of SonicPoints must be connected to a physical network interface that is configured for Wireless. SonicOS by default provides a standard wireless zone (WLAN), which can be applied to any available interface.

To configure a network interface using the standard wireless (WLAN) zone:
1. Navigate to the Network > Interfaces page and click the Configure button for the interface to which your SonicPoints will be connected.
2. Select WLAN for the Zone type.
3. Select Static for the IP Assignment.
4. Enter a static IP Address in the field. Any private IP is appropriate for this field, as long as it does not interfere with the IP address range of any of your other interfaces.
5. Enter a Subnet Mask.
6. Optionally, choose a SonicPoint Limit for this interface. This option helps limit resources on port by port basis when using SonicPoints across multiple ports.
7. Optionally, choose to allow Management and User Login mechanisms if they make sense in your deployment. Remember that allowing login from a wireless zone can pose a security threat, especially if you or your users have not set strong passwords.

Verifying Operation

To verify that the SonicPoint is provisioned and operational, navigate to the SonicPoint > SonicPoints page in the SonicOS management interface. The SonicPoint displays an “operational” status in the SonicPointNs table.

Connect to WIFI and ensure that you can browse the Internet.

Script for Populating Jabber Buddy Lists in iChat

Monday, February 22nd, 2010

Note: Uses a Jabber server hosted on yourfqdn.

The 10.6 OS X ichat server has an autobuddy feature, but this feature only works with a user’s original shortname: if they have multiple shortname aliases, these additional shortnames will not have a buddy list associated with them when they login, as the jabber database keys off of the logged in name: each shortname maintains it’s own buddy list, and aliases are not handled by autobuddy population.

To get around this limitation I have created a shell script residing at: /usr/local/bin/createAutoBuddyLists.sh. This script when ran traverses the Open Directory user database and inits jabber accounts for all user shortnames (using /usr/bin/jabber_autobuddy –inituser shortname@yourfqdn). This creates an active record for that shortname. After this is created for all shortnames in the system, the script then calls /usr/bin/jabber_autobuddy -m, which creates a buddy list for all users that contains an entry for all active records.

Unfortunately there is no way to auto-fire this script when a new user alias is added, it must be run by hand. To do so, after creating a new user account (or add a new shortname to an existing account) simply open a terminal window and type the following command:

sudo /usr/local/bin/createAutoBuddyLists.sh

You will then be prompted for authentication. Once you authenticate, the script will process and create/init the appropriate accounts and ensure that they are buddied with all existing users.

Contents of /usr/local/bin/createAutoBuddyLists.sh:
#!/bin/bash

PATH=/usr/bin

## Specify search base
declare -x SEARCHBASE=”/LDAPv3/127.0.0.1″

## Specify our jabber domain
declare -x JABBERDOMAIN=”yourFQDN”

## Iterate through all of our OD users
for user in $(dscl $SEARCHBASE list /Users); do
case “$user” in
“root”)
continue;;
vpn_*)
continue;;
esac

echo “Resolving aliases for: $user”
## Read all shortnames for the user
for shortname in $(dscl -url $SEARCHBASE read /Users/$user RecordName | grep -v RecordName | sed -e ‘s/^\ //g’); do
echo “Initing jabber for username: $shortname”
## Init the shortname
jabber_autobuddy –inituser “${shortname//%20/ }@$JABBERDOMAIN”
done
done

## Populate all inited accounts
jabber_autobuddy -m

Visit our booth at Macworld 2010

Thursday, February 11th, 2010

Come visit our booth at Macworld 2010 on the expo floor. We are located in Booth 566C and have a bunch of free schwag to give out.

We also have a number of sessions this year:

Hands-on Snow Leopard Server: Collaboration Services with Charles Edge
2/10 – 1:00PM to 3:00PM

Push: The Next Generation of Collaboration is Snow Leopard Server with Charles Edge
2/11 – 4:30PM to 6:00PM

Advanced Integration with Final Cut Server with Beau Hunter
2/12 – 3:30PM to 5:00PM

iPhone Mass Deployment with Zack Smith
2/13 – 2:30PM to 4:00PM

We hope to see you there!

Blackberry BIS Setup, Websites and Providers

Wednesday, February 3rd, 2010

You will want to create an IMAP or POP account *Not an OWA account* If you create an OWA account it will not sync in real time.

To setup a IMAP or POP account you must:

1. create an account on one of the following websites below.

2. Enter in the PIN# and the ESN# (located under the battery and outside the box).

3. Fill in the user name (usually their E-mail address) and then the wrong password twice for the site to give you more options.

4. Next go through the setup using your own configurations and settings or it will default to OWA. Once finished the user should get an activation E-mail. From there you should be able to test.

A list of providers and their BIS sites can be found in the following list:

Website Wireless Provider

Aether https://webclient.blackberry.net/WebMail/Window.jsp?site=aether

Alltel http://www.alltel.blackberry.com/

AT&T/Cingular http://bis.na.blackberry.com/html?brand=mycingular

Bell Canada http://bis.na.blackberry.com/html?brand=bell

CBeyond https://webclient.blackberry.net/WebMail/Window.jsp?site=cbeyond

Cellular South https://webclient.blackberry.net/WebMail/Window.jsp?site=csouth1

CellularOne https://bis.na.blackberry.com/html?brand=cellularone

Cincinnati Bell https://bis.na.blackberry.com/html?brand=cinbell

Dobson Cellular https://bis.na.blackberry.com/html?brand=dobsoncellular

Earthlink Wireless http://webclient.blackberry.net/WebMail/Window.jsp?site=earthlink

Edge Wireless https://webclient.blackberry.net/WebMail/Window.jsp?site=edgewireless

Fido https://webclient.blackberry.net/WebMail/Window.jsp?site=fido

Nextel/Sprint https://bis.na.blackberry.com/html?brand=nextel

Rogers Wireless https://bis.na.blackberry.com/html?brand=rogers

SkyTel https://webclient.blackberry.net/WebMail/Window.jsp?site=skytel

TeleCommunication Systems https://webclient.blackberry.net/WebMail/Window.jsp?site=tcs

T-Mobile Austria http://www.instantemail.t-mobile.at/

T-Mobile Germany http://www.instantemail.t-mobile.de/

Tmobile UK http://instantemail.t-mobile.co.uk/

T-Mobile USA http://www.t-mobile.com/bis/

US Cellular https://webclient.blackberry.net/WebMail/Window.jsp?site=uscellular

Verizon Wireless https://bis.na.blackberry.com/html?brand=vzw

Vodafone Germany http://mobileemail.vodafone.de