Fixed Wireless Technology

(Part III) Taming Wireless Security Blues with Bluesocket—continued

Monitoring and Logging
WG monitoring and logging features are clean, useful, and easy to use. However, the information presented may leave you thirsting for more detail.

Monitoring is supported through the Active Connections page (left). Every station with a known IP (assigned by DHCP or configured into the MAC list) appears on this page, along with IP and MAC address and the time they became active. Authenticated clients also display assigned role, username, authentication type, and current/average bandwidth. System names, VPN type, and tunnel status are indicated by pop-up labels and highlights. The list can be filtered or sorted by user, role, or start time. This Active Connections page is refreshed at a configurable interval, making it an excellent "dashboard" for your WG. You can also log clients off from this page. The only shortcoming we spotted is that every WG in a mesh must be monitored independently.

Events can be logged locally, sent to one SYSLOG server, or both. Session accounting records may also be stored locally or sent to one or more RADIUS servers. Because each WG keeps separate internal logs, sending records to external servers is a good way to create combined persistent logs for the entire WG mesh. For example, here are a few raw records from our SYSLOG, followed an example from the GUI:

Sep 10 16:30:20 blue-slave WG-1000: obj=user&obj_id=&obj_name=&msg= Added user #0 at [00:02:2d:04:e4:b4]/192.168.20.18 from eth1 with role #1 Un-registered. Sep 10 16:31:14 blue-slave WG-1000: obj=user&obj_id=3&obj_name=demo&msg= Added user #3 demo at [00:02:2d:04:e4:b4]/192.168.20.18 from eth1 with role #9 Demo. Sep 10 16:31:14 blue-slave WG-1000: obj=user&obj_id=3&obj_name=demo&msg= Login RADIUS user #3 demo at 192.168.20.18 as role #9 Demo.

The Log page lets you filter records by time, level, type, username, or text message (right). Records can be sorted by these, record number, or index. Results can be downloaded in CSV or HTML format, and font size can be adjusted. These features aid readability and make it easy to locate records for a given client. If only there were records noting when tunnel establishment succeeds or fails, when fail-over kicks in, or when packet drops hit a threshold. You might not want to see this detail every day, but there are certainly times when a "debug level" log option would come in handy.

The GUI also includes a Summary page of User, Interface, and DHCP info and a Diagnostics page with CPU, memory, disk, and log space stats. The Diagnostics page also provides useful debugging commands like ping, traceroute, arp, netstat, and ps. We found it handy that ICMP can be sent out any interface. If Bluesocket wants to keep the Log page simple, perhaps IPsec or packet traces could be displayed through this Diagnostics page in some future release.

Help and Support
Online help (the Admin Guide PDF) is easy to navigate and understand; context sensitive help would be a nice addition. Channel partners also have access to a solid collection of tech notes, marketing material, and current software through a password-protected section of Bluesocket's website.

Partners are responsible for first line support; Bluesocket provides second tier support. During our eval, Bluesocket's staff was responsive, helpful, and persistent. In two cases, support recreated our configuration in Bluesocket's lab to identify possible causes. In comparison to larger vendors, we found Bluesocket's support process less formal, more personalized. Email and phone support is available from 4am to 5pm EST, Monday through Friday. We believe a 24x7 support option will be required as Bluesocket's customer base grows in number and size.

The product warranty includes overnight hardware replacement for 90 days, replacement-after-return for one year, and software updates/upgrades for one year. Annual hardware and software service renewals are also available.

According to Patrick Rafter, Director of Corporate Communications for Bluesocket, VARs can apply to be channel partners by sending email to partners@bluesocket.com. "Partners usually come to us by recommendation from other partners or customers," said Rafter. "We select partners that have experience—many are certified Cisco or Checkpoint resellers. They must also have a track record of wireless deployments and security expertise."

Rafter said Bluesocket trains partner staff, makes joint sales calls, and participates in bids.

"We do hand-holding with end users to help the VAR be successful and to help the end user be successful," said Rafter. "We won't deploy without a solid solution to secure and manage those WLANs." There are, of course, limits. "We can't be all things to all people—we have to spend our money carefully. When there's a capability we can't provide, we don't immediately say 'we'll do that.' We indicate whether and when we can provide it."

< Back to page 1: Maintenance and High Availability

Go to page 2: > Customer Feedback