Some days you are the bear and others you are the fish …


Today, I’m the fish.  Let me explain …

I’m a fan of Sonicwall firewalls, that’s pretty plain to see if you have read much of this blog.  And I have been something of a fan of their wireless extensions, the SonicPoint’s and the SonicPoint management built into the firewalls.  What really got me going on the SonicPoints was the management and the ability to build “Virtual Access Points”; I really liked those features.  But, to be truthful, the actual operation of the SonicPoints has always been somewhat disappointing due to the relatively high number of problems that seem to crop up with them compared to “simpler” devices.

I’ve always been able to mostly tune them up but I’ve hit a wall in the last few weeks that has made me stand back and reassess the use of these things.

We have two installations at two different clients that use multiple SonicPoints.  One install uses two of the “dual radio” units (2.4GHz and 5GHz) and the other uses 6 of the regular 2.4GHz units.  Both installations are in what could be termed “dirty” RF environments; lots of other radios in the area, lots of congestion, lots of channel overlap.  A nightmare environment for the most part in terms of access point configuration in other words.  And while I have lots of knobs that I can turn in the management interface, I cannot “tune” the devices to the point where I can make them provide reliable, stable connections to client devices.  The maddening thing about all of this is it appears that “cheap”, dumb access points in the same environments CAN provide reliable, stable connections in the same conditions albeit without all of the “security” the SonicPoints provide.

I have looked at other providers and, of course, scoured the ‘Net for answers, and the inescapable conclusion I’m reaching is that SonicPoints are an ongoing source of frustration for many, many users.  The idea of combining wireless with firewall-based management and security is a good one in theory but possibly not so great in execution. 

I’m also going to admit that planning and successfully executing a multi-access point installation is something of a black art that I have not mastered.  You certainly do need the correct tools to perform the site survey (a wifi analyzer on your phone does NOT constitute a site survey …) and you need to use access points that are well understood, well supported/documented and that you know will work with your critical devices (don’t laugh, there are many devices that “clash” with various access points, just ask the vendors of specialized devices like mobile printers to get that particular sob story).  Frankly, it is probably worth the extra money to turn to a vendor that specializes in wireless to design and install your multi access point installation and let all of the frustration be theirs and not yours.

In my case I think I’ve got the dual access point install sort of sorted out.  And my customer with the bigger installation has been extremely gracious abut the whole thing while deciding that we need to look elsewhere for the critical wireless install in his warehouse (ie Cisco devices and a big wireless installation outfit).

I have relearned an invaluable lesson:  concentrate on those things that you are good at and defer to those that are better at the things you are not good at.  And when it comes to something that can be as complicated and fraught with tripwires as a large wireless installation, it is best to defer to the experts with the products that work.

Sorry, Sonicwall, but I won’t be doing the SonicPoint dance any further.  I love your firewalls but your wireless is no longer on my dance card.

4 responses to “Some days you are the bear and others you are the fish …

  1. There are quite a few things to consider with deployment of SonicPoints and with newer firmware you have GUI-based features for channel-choice etc.

    The performance and reliability depends not only of channel-choice, but whether you use 2.4Ghz or 5Ghz, whether you have autochannel or not, whether you have aggregation and short guard interval enabled (screws with Apple devices sometime), whether you have short or long preamble length etc.

    In a congested enviroment you may even need to access the “hidden” diag-page and tweak the “SonicPoint-Ni/Ne Noise Sensitivity Level” as well as whether the SonicPointN should “Reboot When Noise Safe Mode Detected”


    1. Dennis:

      Your points are all valid but all of that was already tried in the situations I describe. I’ve been dealing with Sonicwall devices for 16 years, more than half that with SonicPoints. They have always been something of a pain in the backside. When they work, they work brilliantly but when they don’t the pain is not worth the hassle. Sonicwall has released a new generation of SonicPoint devices and I’m hopeful that they will be a lot better than what has come before them. But I can’t willingly recommend them to my customers because of past experience, I’ll let others try and describe their experiences in a positive light before I dip my toe back into that particular pond. In the meantime I’ll stick with enGenius AP’s as they seem to work really well, have decent cost points and don’t give me headaches like the SonicPoints.

      1. You are quite correct in that “older” SonicPoint H/W could manifest strange performance-problem in congested environments. I worked 7 years as an SonicWALL SE (2005-2012) and during that time I think the H/W revision of the SonicPoints was changed a couple of times.

        As you say the new 802.11ac SonicPoints seems to be promising and I understand that the radiochip for the 802.11n version is quite improved compared to the older models.

        We are deplying some of these new SonicPoints on some of our sites and I am quite excited to see how they perform under load.

        1. Dennis:

          Thanks! Please ping me and let me know how they work. Like I said before, I’m not inclined to go there at this point but if people have good experiences with them I might change my mind!


Comments are closed.