Benutzeranleitung / Produktwartung TZ 190 des Produzenten SonicWALL
Zur Seite of 843
C OM P REHENSIVE INTERN ET S ECURI T Y SonicOS 4.0 Enhanced Administrator’s Guide SonicWALL Internet Security Appliances For the SonicWALL TZ 180 and TZ 190.
.
iii SonicOS Enhanced 4.0 Administrator Guide Table of Contents Table of Contents ..... ............................................... ..................................... iii Part 1: Introduction Chapter 1: Preface . . . . . . . . . . . . . . . . . .
iv SonicOS Enhanced 4.0 Administrator Guide Part 2: System Chapter 4: Viewing the Soni cWALL Security Dashboard . . . . . . . . . . . 47 System > Security Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 SonicWALL Security Dashboard Overview .
v SonicOS Enhanced 4.0 Administrator Guide Chapter 8: Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 System > Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Digital Certificates Overview .
vi SonicOS Enhanced 4.0 Administrator Guide Chapter 13: Using Diagnos tic Tools & Restarting th e Appliance . . . . 125 System > Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Tech Support Report . .
vii SonicOS Enhanced 4.0 Administrator Guide Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Configuring the LAN and OPT Interfaces (Static) . . . . . . . . . . . . . . . 141 Configuring Advanced Settings for the Inte rface .
viii SonicOS Enhanced 4.0 Administrator Guide Chapter 17: Configuring Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Network > Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 How Zones Work .
ix SonicOS Enhanced 4.0 Administrator Guide Chapter 21: Configuring NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Network > NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 NAT Policies Table .
x SonicOS Enhanced 4.0 Administrator Guide Chapter 25: Setting Up Web Proxy Forwarding . . . . . . . . . . . . . . . . . . 305 Network > Web Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Configuring Automatic Pr oxy Forwarding (Web Onl y) .
xi SonicOS Enhanced 4.0 Administrator Guide Chapter 30: Configuring Advanced Wireless Settings . . . . . . . . . . . . . 339 Wireless > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Beaconing & SSID Controls .
xii SonicOS Enhanced 4.0 Administrator Guide Part 5: WWAN Chapter 34: Configuring Wireless WAN (TZ 190 only) . . . . . . . . . . . . . 371 WWAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Wireless WAN Overview .
xiii SonicOS Enhanced 4.0 Administrator Guide Chapter 40: Configuring Advanced Access Ru le Settings . . . . . . . . . . 433 Firewall > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Detection Prevention .
xiv SonicOS Enhanced 4.0 Administrator Guide Chapter 45: Managing Quality of Service . . . . . . . . . . . . . . . . . . . . . . . 467 Firewall > QoS Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467 Classification .
xv SonicOS Enhanced 4.0 Administrator Guide Chapter 50: Configuring DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . . 587 VPN > DHCP over VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587 DHCP Relay Mode . .
xvi SonicOS Enhanced 4.0 Administrator Guide Part 11: Security Services Chapter 54: Managing SonicWALL Security Services . . . . . . . . . . . . . 687 SonicWALL Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687 Security Services Summary .
xvii SonicOS Enhanced 4.0 Administrator Guide Chapter 57: Managing SonicWALL Gatew ay Anti-Virus Service . . . . . 715 Security Services > Gateway Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . 715 SonicWALL GAV Multi- Layered Approach .
xviii SonicOS Enhanced 4.0 Administrator Guide Chapter 59: Activating Anti-Spyware Service . . . . . . . . . . . . . . . . . . . . 745 Security Services > Anti-Spyware Service . . . . . . . . . . . . . . . . . . . . . . 745 SonicWALL Gateway Anti-Virus, Anti -Spyware, and IPS Activation 746 Creating a mySonicWALL.
xix SonicOS Enhanced 4.0 Administrator Guide Chapter 64: Configuring Syslog Settin gs . . . . . . . . . . . . . . . . . . . . . . . . 775 Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775 Syslog Settings .
xx SonicOS Enhanced 4.0 Administrator Guide Chapter 72: Configuring VPN Policies with the VPN Policy Wizard . . 827 Wizards > VPN Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827 Using the VPN Policy Wizard . . .
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 21 PART 1 Introduction.
22 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
23 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 1 Chapter 1: Preface Preface Copyright Notice © 2007 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software des.
About this Guide 24 SonicOS Enhanced 4.0 Administrator Guide Limited Warranty SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case commencing not more than nine.
About this Guide 25 SonicOS Enhanced 4.0 Administrator Guide Note Always check <http//: www.sonicwall.co m/se rvices/documentation.html> for the latest version of this manual as well as other SonicWALL products and se rvices documentation. Organization of this Guide The SonicWALL SonicOS Enhanced 4.
About this Guide 26 SonicOS Enhanced 4.0 Administrator Guide • Dynamic DN S - configure the SonicWALL to dynamical ly register its WAN IP address with a DDNS service provider.
About this Guide 27 SonicOS Enhanced 4.0 Administrator Guide Part 12 Log This part covers managing the SonicWALL secu rity appliance’s enhanced logging, alerting, and reporting features. The Soni cWALL security appliance’s logging features provide a comprehensive set of log categories for m onitoring security and network activities.
About this Guide 28 SonicOS Enhanced 4.0 Administrator Guide Tip Useful information about security features and configurations on your SonicWALL. Note Important information on a feature that requires callout for special attention.
About this Guide 29 SonicOS Enhanced 4.0 Administrator Guide Current Documentation Check the SonicWALL documentation Web si te for that latest versions of this manual and all other SonicWALL product documentation. http://www.sonicwall. com/us /Support.
About this Guide 30 SonicOS Enhanced 4.0 Administrator Guide.
31 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 2 Chapter 2: Common Criteria Guide Common Criteria The purpose of this chapter is to define the Common Criteria-compliant operation of SonicWALL Internet Se curity Appliances.
Common Criteria 32 SonicOS Enhanced 4.0 Administrator Guide • GMS Remote Management • Syslog Logging • SonicPoint • Hardware Failover Before installing the SonicWALL Internet Security Appliance, the device should be examined for evidence of tampering.
Common Criteria 33 SonicOS Enhanced 4.0 Administrator Guide Related Documents Several other SonicWALL documents provide in formation relating to the Common Criter ia evaluated configuration of Soni cWALL Internet Secur ity Appliances. Those documents are described here.
Common Criteria 34 SonicOS Enhanced 4.0 Administrator Guide.
35 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 3 Chapter 3: Introduction Introduction SonicOS Enhanced 4.0 is the most powerful SonicOS operating s ystem designed for the SonicWALL PRO 4060, and the PRO 5060. What’s New in SonicOS Enhanced 4.0 SonicOS Enhanced 4.
Introduction 36 SonicOS Enhanced 4.0 Administrator Guide appliances have been associated as a hardware failover pair on mysoni cwall.com, you can enable this feature by selecting Enable Stateful Synchronization in the Hardware Failover > Advanced page.
Introduction 37 SonicOS Enhanced 4.0 Administrator Guide CLI (SSH or serial console). For instance, if a CLI session go es to the config level, it will ask you if you want to preempt an administrator who is at conf ig level in the GUI or an SSH session.
Introduction 38 SonicOS Enhanced 4.0 Administrator Guide – Ad-Hoc station – Unassociated station – Wellenreiter attack – NetStumbler attack – EAPOL packet flood – Weak WEP IV • SMTP Authentication - SonicOS Enhanced 4.
Introduction 39 SonicOS Enhanced 4.0 Administrator Guide In SonicOS Enhanced 4.0, VAPs allow the network administrator to control wireless user access and security settings by setting up multiple custom config urations on a single physical interface.
Introduction 40 SonicOS Enhanced 4.0 Administrator Guide • BWM Rate Limiting - SonicOS Enhanced 4.0 enhances the Bandwidth Management feature to provide rate limiti ng functionality. You can now creat e traffic policies that specify maximum rates for Layer 2, 3, or 4 network traffic.
Introduction 41 SonicOS Enhanced 4.0 Administrator Guide Navigating the Ma nagement Interface Navigating the SonicWALL management interface includes a hierarchy of menu buttons on the navigation bar (left si de of your browser window). When you click a menu button, related management functions are displayed as submenu items in the na vigation bar.
Introduction 42 SonicOS Enhanced 4.0 Administrator Guide If the settings are contained in a secondary window within the management interface, when you click OK , the settings are automatically appli ed to the SonicWALL security appliance.
Introduction 43 SonicOS Enhanced 4.0 Administrator Guide • Clicking on the edit icon displays a window for editing the settings. • Clicking on the delete icon deletes a table entry • Moving the pointer over the comment icon displays text from a Comment field entry.
Introduction 44 SonicOS Enhanced 4.0 Administrator Guide.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 45 PART 2 System.
46 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
47 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 4 Chapter 4: Viewing the SonicWALL Security Dashboard System > Security Dashboard This chapter describes how to us e the SonicWALL Security Dashboard featur e on a SonicWALL security appliance.
System > Security Dashboard 48 SonicOS Enhanced 4.0 Administrator Guide What is the Security Dashboard? The SonicWALL Security Dashboard provides reports of the latest threat protection data fr om a single SonicWALL appliance and aggregated threat protection data from SonicWALL security appliances deployed globally.
System > Security Dashboard 49 SonicOS Enhanced 4.0 Administrator Guide Benefits The Security Dashboard provides the latest threat protection information to keep you informed about potential threats being block ed by SonicWALL security appliances.
System > Security Dashboard 50 SonicOS Enhanced 4.0 Administrator Guide How Does the Security Dashboard Work? The SonicWALL Security Dashboard provides global and appliance-level threat protection statistics. At the appliance level, threat pr otection data from your SonicWALL security appliance is displayed.
System > Security Dashboard 51 SonicOS Enhanced 4.0 Administrator Guide SonicWALL Security Dashboa rd Configuration Overview The SonicWALL Security Dashboard can be conf igured to display global or appliance-level statistics, to display statistics for different time periods, and to generate a custom PDF file.
System > Security Dashboard 52 SonicOS Enhanced 4.0 Administrator Guide Selecting Custom Time Interval The SonicWALL Security Dashboard reports defaul t to a view of reports from the “Last 14 Days,” providing an aggregate view of threats blocked during that time period.
System > Security Dashboard 53 SonicOS Enhanced 4.0 Administrator Guide Note Your SonicWALL security appliance must be c onfigured for Internet connectivity and must be connected to the Internet to use the Registration & License Wizard.
System > Security Dashboard 54 SonicOS Enhanced 4.0 Administrator Guide To purchase SonicWALL security services using the SonicWALL Registration & License Wizard, perform the following steps: Step 1 Log in to the SonicWALL appliance management interface.
System > Security Dashboard 55 SonicOS Enhanced 4.0 Administrator Guide Step 5 If you have a mysonicwall.com account, enter your username and password in the Username and Password fields. If you do not have a mysonicwal l.com account, select the radio button next to Create a sonicwall.
System > Security Dashboard 56 SonicOS Enhanced 4.0 Administrator Guide Note If you used an existing mysonicwall.com account by providing your username and password, you will not see this page. Skip to the next step. Step 7 Select the checkbox next to the se rvice you want to purchase and click Next .
System > Security Dashboard 57 SonicOS Enhanced 4.0 Administrator Guide Step 9 The mysonicwall.com page is launched in a separate browser window. Follow the on-screen instructions to complete the purchas e of So nicWALL security services. Step 10 After you have purchased the security ser vices , return to the wizard window.
System > Security Dashboard 58 SonicOS Enhanced 4.0 Administrator Guide Step 11 The Congratulations page disp lays. You have successfu lly pur chased and synchronized your security services .
System > Security Dashboard 59 SonicOS Enhanced 4.0 Administrator Guide Related Features SonicWALL Registration & License Wizard - Use the SonicWALL R egistration & License Wizard to purchase SonicWALL security servic es directly from your SonicWALL security appliance management interface.
System > Security Dashboard 60 SonicOS Enhanced 4.0 Administrator Guide.
61 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 5 Chapter 5: Viewing Status Information System > Status The System > Status page provides a comprehensive collec tion of information an d links to help you manage your SonicWALL security appl iance and SonicWALL Security Services licenses.
System > Status 62 SonicOS Enhanced 4.0 Administrator Guide • Setup Wizard - This wizard helps you quickly configure the SonicWALL security appliance to secure your Internet (WAN) and LAN connections.
System > Status 63 SonicOS Enhanced 4.0 Administrator Guide Latest Alerts Any messages relating to system errors or atta cks a re displayed in this section. Attack messages include AV Alerts, forbidden e-mail atta chments, fraudulent certif icates, etc.
System > Status 64 SonicOS Enhanced 4.0 Administrator Guide Registering Your SonicWALL Security Appliance Once you have established your Internet c onnection, it is recommended you register your SonicWALL security appliance.
System > Status 65 SonicOS Enhanced 4.0 Administrator Guide To create a mySonicWALL.co m account from the SonicWAL L management interface: Step 1 In the Security Services section on the System > Status page, click the Register link in Your SonicWALL is not registered.
System > Status 66 SonicOS Enhanced 4.0 Administrator Guide Registering Your SonicW ALL Security Appliance If you already have a mySonicWALL.com account, follow these steps to register your security appliance: Step 1 In the Security Services section on the System > Status page, click the Register link in Your SonicWALL is not registered.
67 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 6 Chapter 6: Managing SonicWALL Licenses System > Licenses The System > Licenses page provides links to activa te, upgrade, or renew SonicWAL L Security Services licenses.
System > Licenses 68 SonicOS Enhanced 4.0 Administrator Guide Excluding a Node When you exclude a node, you block it from c onnecting to your network through the security appliance. Excluding a node creates an address object for that IP addr ess and assigns it to the Node License Exclusion List address group.
System > Licenses 69 SonicOS Enhanced 4.0 Administrator Guide Manage Security Services Online To activate, upgrade, or renew services, click the link in To Activate, Upgrade, or Renew services, click here . Click the link in To synchronize licenses with mySonicWALL.
System > Licenses 70 SonicOS Enhanced 4.0 Administrator Guide Manual Upgrade Manual Upgrade allows you to activate your servic es by typing the service activation key supplied with the service subscription not acti vate d on mySonicWALL.co m. Type the activation key from the product into the Enter upgrade key field and click Submit .
System > Licenses 71 SonicOS Enhanced 4.0 Administrator Guide From the Management In terface of your SonicWALL Security Appliance Step 1 Make sure your SonicWALL security appliance is running SonicOS Standard or Enhanced 2.
System > Licenses 72 SonicOS Enhanced 4.0 Administrator Guide.
73 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 7 Chapter 7: Configuring Administration Settings System > Administration The System Administration page prov ides settings for the configur ation of SonicWALL security appliance for secure and remote management.
System > Administration 74 SonicOS Enhanced 4.0 Administrator Guide Changing the Administrator Password To set a new password for SonicWALL Management Interface access, type the old password in the Old Password field, and the new password in the New Password field .
System > Administration 75 SonicOS Enhanced 4.0 Administrator Guide The Password must be changed every (days) setting requires users to change their passwords after the designated num ber of days has elapsed. When a user attempts to login with an expired password, a pop-up window will pr ompt the user to enter a new password.
System > Administration 76 SonicOS Enhanced 4.0 Administrator Guide Multiple Administrators SonicOS Enhanced provides the ability for mult iple administrators to access the SonicOS Management Interface simultaneously. For more information on Multiple Administrators, see the “Multiple Administrator Support Overview” section on page 590 .
System > Administration 77 SonicOS Enhanced 4.0 Administrator Guide Web Management Settings The SonicWALL security appliance can be managed using HTTP or HTTPS and a Web browser. Both HTTP and HTTPS are enabled by default. The default port for HTTP is port 80, but you can configure access through another por t.
System > Administration 78 SonicOS Enhanced 4.0 Administrator Guide SSH Management Settings If you use SSH to manage the Son icWALL appliance, you can change the SSH port for additional security. T he default SSH port is 22 . Advanced Management You can manage the SonicWALL security app liance using SNMP or SonicWALL Global Management System.
System > Administration 79 SonicOS Enhanced 4.0 Administrator Guide To enable SNMP on the SonicWALL security app liance, log into the Management interface and click System , then Administration. Select the Enab le SNMP checkbox, and then click Configure .
System > Administration 80 SonicOS Enhanced 4.0 Administrator Guide Enable GMS Management You can configure the SonicW ALL security appliance to be managed by SonicWALL Global Management System (SonicWALL GMS).
System > Administration 81 SonicOS Enhanced 4.0 Administrator Guide the GMS installation, and enter the IP address in the NAT Device IP Address field. The default VPN policy settings are di splayed at the bottom of the Configure GMS Settings window.
System > Administration 82 SonicOS Enhanced 4.0 Administrator Guide • HTTPS - If this option is selected, HTTPS m anagement is allowed from two IP addresses: the GMS Primary Agent and the Standby Agent IP address.
System > Administration 83 SonicOS Enhanced 4.0 Administrator Guide The default URL http://help.m ysonicwall.com/application s/vpnc lient displays the SonicWALL Global VPN Client download site. You can point to any URL where you provide the SonicWALL Global VPN Client application.
System > Administration 84 SonicOS Enhanced 4.0 Administrator Guide.
85 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 8 Chapter 8: Managing Certificates System > Certificates To implement the use of certific ates for VPN policies, you must locate a source for a valid CA certificate from a third party CA service.
System > Certificates 86 SonicOS Enhanced 4.0 Administrator Guide • OpenSSL • VeriSign Certificates and Ce rtificate Requests The Certificate and Certificate Requests section provides all the settings for managing CA and Local Certificates.
System > Certificates 87 SonicOS Enhanced 4.0 Administrator Guide Certificate Details Clicking on the icon in the Details column of the Cert ificates and Certificate Requests table lists informatio.
System > Certificates 88 SonicOS Enhanced 4.0 Administrator Guide Importing a Certificate Authority Certificate To import a certificate from a certif icate authority, perform these steps: Step 1 Click Import . The Import Certificate window is displayed.
System > Certificates 89 SonicOS Enhanced 4.0 Administrator Guide Importing a Local Certificate To import a local certificate, perform these steps: Step 1 Click Import . The Import Certificate window is displayed. Step 2 Enter a certificate name in the Certificate Name field.
System > Certificates 90 SonicOS Enhanced 4.0 Administrator Guide Importing a CRL You can import the CRL by manually downloadi ng the CRL and then importing it into the SonicWALL security appliance. Step 1 Click on the Import certificate revocation list icon.
System > Certificates 91 SonicOS Enhanced 4.0 Administrator Guide To generate a local certificate, follow these steps: Step 1 Click the New Signing Request button.
System > Certificates 92 SonicOS Enhanced 4.0 Administrator Guide.
93 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 9 Chapter 9: Configuring Time Settings System > Time The System > Time page defines the time and date setti ngs to time stamp log events, to automatically update SonicWALL Security Se rvices, and for other internal purposes.
System > Time 94 SonicOS Enhanced 4.0 Administrator Guide If you want to set your time manually, uncheck Set time automatical ly usi ng NTP . Select the time in the 24-hour format using the Time (h h:mm:ss) menus and the date from the Date menus.
95 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 10 Chapter 10: Setting Schedules System > Schedules The System > Schedules page allows you to create and manage schedule objects for enforcing schedule times for a variety of SonicWALL security appliance features.
System > Schedules 96 SonicOS Enhanced 4.0 Administrator Guide The Schedules table displays all your predef ine d and custom schedules. In the Schedules table, there are th ree default schedules: Work Hours , Aft er Hours , and Weekend Hours .
System > Sche dules 97 SonicOS Enhanced 4.0 Administrator Guide Adding a Schedule To create schedules, click Add . The Add Schedule window is displayed. Step 1 Enter a name for the schedule in the Name field. Step 2 Select the days of the week to apply to the schedule or select All .
System > Schedules 98 SonicOS Enhanced 4.0 Administrator Guide.
99 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 11 Chapter 11: Managing SonicWALL Security Appliance Firmware System > Settings This System > Settings page allows you to manage your SonicWALL security appliance’s SonicOS versions and preferences.
System > Settings 100 SonicOS Enhanced 4.0 Administrator Guide Settings Import Settings To import a previously saved preferences file into the SonicWALL secu rity appliance, follow these instructions: Step 1 Click Import Settings to import a previously exported pr eferences file into the SonicWALL security appliance.
System > Settings 101 SonicOS Enhanced 4.0 Administrator Guide • Boot to your choice of firmware and system settings. • Manage system backups. • Easily return your SonicWALL security appliance to the previous system state.
System > Settings 102 SonicOS Enhanced 4.0 Administrator Guide – Uploaded Firmware - the latest uploaded version from mySonicWALL.com. – Uploaded Firmware with Factory Default Settings - the latest version uploaded with factory default settings.
System > Settings 103 SonicOS Enhanced 4.0 Administrator Guide SafeMode - Rebooting the So nicWALL Security Appliance SafeMode allows easy firmware and preferences management as well as quick recovery from uncertain configuration states. It is no longer necessary to reset the firmware by pressing and holding the Reset button on the appliance.
System > Settings 104 SonicOS Enhanced 4.0 Administrator Guide Note Clicking Boot next to any firmware image overwrit es the existing current firmware image making it the Current Firmware image. Click Boot in the firmware row of your choice to restart the SonicWALL security appliance.
105 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 12 Chapter 12: Using SonicWALL Packet Capture System > Packet Capture This chapter contains the following sections: • “Packet Capture Overvi.
System > Packet Capture 106 SonicOS Enhanced 4.0 Administrator Guide • PPP negotiations details You can configure the packet capture feature in the SonicOS Enhanced user interface (UI). The UI provides a way to configure the capture criteria, display settings, and file export settings, and displays the captured packets.
System > Packet C apture 107 SonicOS Enhanced 4.0 Administrator Guide Refer to the figure below to see a high level vi ew of the packet capture subsystem.
System > Packet Capture 108 SonicOS Enhanced 4.0 Administrator Guide Accessing Packet Capture in the UI This section describes how to access the packet capture tool in the S onicOS UI. Ther e are two ways to access the Packet Capture screen. Step 1 Log in to the SonicOS UI as admin.
System > Packet C apture 109 SonicOS Enhanced 4.0 Administrator Guide Starting packet capture Step 1 Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on page 108 . Step 2 Under Packet Capture , optionally click Reset .
System > Packet Capture 110 SonicOS Enhanced 4.0 Administrator Guide • Egress - The SonicWALL appliance interface on which the packet was captured when sent out – The subsystem type abbreviation is shown in parentheses.
System > Packet C apture 111 SonicOS Enhanced 4.0 Administrator Guide About the Packet Detail Window When you click on a packet in the Captured Packets window, the packet header fields ar e displayed in the Packet Detail window. The di splay will vary depending on the type of packet that you select.
System > Packet Capture 112 SonicOS Enhanced 4.0 Administrator Guide • “Configuring Advanc ed Settings” on page 119 • “Restarting FTP logging” on page 120 Configuring General Settings T.
System > Packet C apture 113 SonicOS Enhanced 4.0 Administrator Guide You can specify up to ten Ethernet types s eparated by commas. Currently, the following Ethernet types are supported: ARP, IP, PPPoE-SES, and PPPoE-DIS. The latter two can be specified by PPPoE alone.
System > Packet Capture 114 SonicOS Enhanced 4.0 Administrator Guide To configure Packet Capture complete the following steps: Step 1 Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on page 108 . Step 2 Under Packet Capture , click Configure .
System > Packet C apture 115 SonicOS Enhanced 4.0 Administrator Guide Configuring Display Filter Settings This section describes how to c onfigure packet capture display filt er settings. The values that you provide here are compared to corresponding fi elds in the captured packets, and only those packets that match are displayed.
System > Packet Capture 116 SonicOS Enhanced 4.0 Administrator Guide SonicOS Enhanced adds one of four possibl e packet status values to each captured packet: forwarded, generated, consumed, a nd dropped. You can select one or more of these status values to match when displaying packets.
System > Packet C apture 117 SonicOS Enhanced 4.0 Administrator Guide Step 4 In the Interface Name(s) box, type the Son icWALL appliance interfaces for which to display packets, or use the negative format (!X0) to display packets captured from all interfaces except those specified.
System > Packet Capture 118 SonicOS Enhanced 4.0 Administrator Guide If you configure automatic loggi ng, this supersedes the setting for wrapping the buffer when full. With automatic FTP logging, the capture buffer is effectively wrapped when full, but you also retain all the data rather than o verwriting it each time the buffer wrap s.
System > Packet C apture 119 SonicOS Enhanced 4.0 Administrator Guide month, day, and year. For example, packet-log--3- 22-08292006.cap. For HTML format, file names are in the form: “packet-log_h-<>.html”. An example of an HTML file name is: packet- log_h-3-22-08292006.
System > Packet Capture 120 SonicOS Enhanced 4.0 Administrator Guide Even when interfaces specified in the capture fi lters do not match, this option ensures that packets generated by the SonicWALL appliance are captured. This includes packets generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, and routing protocols.
System > Packet C apture 121 SonicOS Enhanced 4.0 Administrator Guide • Red: Capture is stopped • Green: Capture is running and the buffer is not full • Orange: Capture is running, but the bu.
System > Packet Capture 122 SonicOS Enhanced 4.0 Administrator Guide Resetting the Status Information You can reset the displayed statistics for the capture buffer and FTP logging. If a capture is in progress, it is not interrupted w hen you reset the statistics displa y.
System > Packet C apture 123 SonicOS Enhanced 4.0 Administrator Guide HTML Format You can view the HTML format in a browser. The following is an example showing the header and part of the data for the first packet in the buffer.
System > Packet Capture 124 SonicOS Enhanced 4.0 Administrator Guide Text File Format You can view the text format output in a text editor. The following is an example showing the header and part of the data for the first packet in the buffer.
125 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 13 Chapter 13: Using Diagnostic Tools & Restarting the Appliance System > Diagnostics The System > Diagnostics page provides several diagnostic tools which help troubleshoot network problems as well as Active Connections, CPU and Process Monitors.
System > Diagnostics 126 SonicOS Enhanced 4.0 Administrator Guide Tech Support Report The Tech Support Report generates a detailed report of the SonicWALL security appliance configuration and status, and saves it to the local hard disk using the Download Report button.
System > Diagnostics 127 SonicOS Enhanced 4.0 Administrator Guide • “Active Connections Monitor” on page 127 • “CPU Monitor” on page 128 • “DNS Name Lookup” on page 129 • “Fin.
System > Diagnostics 128 SonicOS Enhanced 4.0 Administrator Guide The fields you enter values into are comb ined into a search string with a logical AND .
System > Diagnostics 129 SonicOS Enhanced 4.0 Administrator Guide DNS Name Lookup The SonicWALL security appliance has a DNS l ookup tool that return s the IP address of a domain name. Or, if you enter an IP address, it returns the domain name for that a ddress.
System > Diagnostics 130 SonicOS Enhanced 4.0 Administrator Guide Packet Capture The Packet Capture tool tracks the status of a communications stream as it moves from source to destination. This is a useful tool to det ermine if a communications stream is being stopped at the SonicWALL security applianc e, or is lost on the Internet.
System > Diagnostics 131 SonicOS Enhanced 4.0 Administrator Guide Client sends a final ACK, and wa its for start of data transfer. Step 6 TCP sent on WAN [ACK] From 207.
System > Diagnostics 132 SonicOS Enhanced 4.0 Administrator Guide Process Monitor Process Monitor shows individual system pr ocesses, their CPU utilization, and their system time. Real-Time Black List Lookup The Real-Time Black List Lookup tool allows you to test SMTP IP addre sses, RBL services, or DNS servers.
System > Diagnostics 133 SonicOS Enhanced 4.0 Administrator Guide Trace Route Trace Route is a diagnostic utility to assist in diagnosing and trouble shooting router connections on the Internet.
System > Restart 134 SonicOS Enhanced 4.0 Administrator Guide System > Restart The SonicWALL security applianc e can be restarted from the Web Management interface. Click System > Restart to display the Restar t page. Click Restart... and then click Yes to confirm the restart.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 135 PART 3 Network.
136 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
137 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 14 Chapter 14: Configuring Interfaces Network > Interfaces The Network > Interfaces page includes interface objects that are directly linked to physical interfaces. The SonicOS Enhanc ed scheme of interface addressi ng works in conjunction with network zones and address objects.
Network > Interfaces 138 SonicOS Enhanced 4.0 Administrator Guide Setup Wizard The Setup Wizard button accesses the Setup Wizard . The Setup Wizard walks you through the configuration of the Soni cWALL se curity appliance for In ternet connectivity.
Network > Interfaces 139 SonicOS Enhanced 4.0 Administrator Guide Caution You cannot change the Zones in the Edit Interface window for the LAN , WAN , Modem , and WLAN interfaces. Interface Traffic Statistics The Interface Traffic Statistics table lists received and transmitted information for all configured interfaces.
Network > Interfaces 140 SonicOS Enhanced 4.0 Administrator Guide Physical Interfaces Physical interfaces must be assigned to a Zone to allow for configuration of Access Rules to govern inbound and outbound traffic. Security z ones are bound to each physical interface where it acts as a conduit for inbound and outbound traffic.
Configuring Interfaces 141 SonicOS Enhanced 4.0 Administrator Guide Transparent Mode Transparent Mode in SonicOS Enhanced uses inte rfaces as the top level of th e management hierarchy. Transparent Mode supports unique addressing an d interface routing.
Configuring Interface s 142 SonicOS Enhanced 4.0 Administrator Guide Note The administrator password is required to regenerate encryption ke ys after changing the SonicWALL security appliance’s address. Configuring Advanced Settings for the Interface If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab.
Configuring Interfaces 143 SonicOS Enhanced 4.0 Administrator Guide Configuring Interfaces in Transparent Mode Transparent Mode enables the Soni cWALL security appliance to bridge the WAN subnet onto an internal interface.
Configuring Interface s 144 SonicOS Enhanced 4.0 Administrator Guide • Range to specify a range of IP addres ses by entering beginning and ending value of the range. • Network to specify a subnet by enteri ng the beginning value and the subnet mask.
Configuring Interfaces 145 SonicOS Enhanced 4.0 Administrator Guide Configuring Wireless Interfaces A Wireless interface is an interface that has been assigned to a Wireless zone and is used to support SonicWALL SonicPoint secure access points. Step 1 Click on the Configure icon in the Configure column for the Interface you want to configure.
Configuring Interface s 146 SonicOS Enhanced 4.0 Administrator Guide Note The above table depicts t he maximum subnet mask sizes allowed. You can still use class- full subnetting (class A, cl ass B, or class C) or any variabl e length subnet mask that you wish on WLAN interfaces.
Configuring Interfaces 147 SonicOS Enhanced 4.0 Administrator Guide Caution If you select a specific Ethernet speed and duplex, you must force the connection speed and duplex from the Ethernet card to the SonicWALL security appliance as well.
Configuring Interface s 148 SonicOS Enhanced 4.0 Administrator Guide • DHCP - configures the SonicWALL to reque st IP settings from a DHCP server on the Internet. NAT with DHCP Client is a typi cal network addressing mode for cable and DSL customers.
Configuring Interfaces 149 SonicOS Enhanced 4.0 Administrator Guide Ethernet Settings If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab. The Ethernet Set tings section allows you to manage the Et hernet settings of links connected to the SonicWALL.
Configuring Interface s 150 SonicOS Enhanced 4.0 Administrator Guide Use the Bandwidth Management section of the Edit Interface screen to enable or disable the ingress and egress bandwidth management. Egress and Ingre ss available link bandwidth can be used to configure the upstream and downstr eam connection speeds.
Configuring Interfaces 151 SonicOS Enhanced 4.0 Administrator Guide • Subnet Mask : 255.255.255.0 is the default Step 3 In the Switch Ports tab, chose which ports to add to the PortShield interface.
Configuring Interface s 152 SonicOS Enhanced 4.0 Administrator Guide Configuring the Wireless WAN Interface The SonicWALL TZ 190 security appliance in troduces support for 3G (third generation) Wireless WAN connections that utilize data connections over 3G cellular networks.
Configuring Interfaces 153 SonicOS Enhanced 4.0 Administrator Guide Managing WWAN Connections To initiate a WWAN connection, on the Network > Interfaces page, click on the Manage button in the WWAN interface line. The WWAN Connection window displays.
Configuring Interface s 154 SonicOS Enhanced 4.0 Administrator Guide For a detailed explanation of the behavior of the Ethernet with WWAN Failover setting refer to “Understanding Wireless WA N Connection Models” on page 274.
Configuring Interfaces 155 SonicOS Enhanced 4.0 Administrator Guide Note To configure the SonicWALL TZ 190 for C onnect on Data operation, you must select Dial on Data as the Dial Type for the Connectio n Profile. See “Configuring WWAN Connection Profiles” on page 283 in Chapter 32, Configuring Wireless WAN for more details.
Configuring Interface s 156 SonicOS Enhanced 4.0 Administrator Guide Configuring Remotely Trigge red Dial-Out on the WWAN Before configuring the Remotely Triggered Dial-O ut feature, ensure that your configuration meets the following prerequisites: • The WWAN profile is configured for dial-on-data .
Configuring Interfaces 157 SonicOS Enhanced 4.0 Administrator Guide Configuring the Maximum Allowed WWAN Connections To configure the maximum number of nodes allowed to connect to the WWAN interface, enter the maximum number of nodes in the Max Host field.
Configuring Interface s 158 SonicOS Enhanced 4.0 Administrator Guide • SonicPoint Limit : The maximum number of allow ed SonicPoints is configured automatically.
159 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 15 Chapter 15: Configuring PortShield Interfaces SonicWALL PortShield Interfaces SonicWALL PortShield is a feature of the SonicWALL TZ 180 and TZ 190 secur ity appliances running SonicOS Enhanced 3.
SonicWALL PortShield Interfaces 160 SonicOS Enhanced 4.0 Administrator Guide Network > SwitchPorts The Network > SwitchPorts page allows you to manage the assignments of ports to PortShield interfaces. Overview A PortShield interface is a virtual interface with a set of ports assigned to it.
SonicWALL PortShield Interfaces 161 SonicOS Enhanced 4.0 Administrator Guide When you create a PortShield interface in Transparent Mode, you create a r ange of addresses to be applied to the PortShield interface. You include these addresses in one entity called an Address Object.
SonicWALL PortShield Interfaces 162 SonicOS Enhanced 4.0 Administrator Guide Creating a PortShield Interface from the Interfaces Area Before creating and adding a PortShield interfac e, think about why you are creating it and what role it will play in your netwo rk.
SonicWALL PortShield Interfaces 163 SonicOS Enhanced 4.0 Administrator Guide 6. Click the Add PortShield Interface button. The Add Port Shield dialog box displays. 7. Click the Zone list box and click on a zone type option to which you want to map the interface.
SonicWALL PortShield Interfaces 164 SonicOS Enhanced 4.0 Administrator Guide 8. After you select a zone option, the m anagement software displays a more expanded version of the PortShield Interface Settings dialog b ox. 9. Type a string in the PortShield Interface Name field.
SonicWALL PortShield Interfaces 165 SonicOS Enhanced 4.0 Administrator Guide Note This option only appears when creating a PortShie ld interface, not wh en editing an existing PortShield interface. You can make changes to the interface’s DHCP settings after creating an interface from the DHCP Server environment ( Network > DHCP Server ).
SonicWALL PortShield Interfaces 166 SonicOS Enhanced 4.0 Administrator Guide Creating a New Zone for the PortShield Interface You may want to create a zone for a PortShield inte rface that has differ ent attributes to it than any of the default zones provide.
SonicWALL PortShield Interfaces 167 SonicOS Enhanced 4.0 Administrator Guide 4. After selecting the security level for the Port Shield interface, click on one of the following checkboxes that enables a se curity service for the zone: 5.
SonicWALL PortShield Interfaces 168 SonicOS Enhanced 4.0 Administrator Guide 4. Click the Configure button. The management software displays the Edit Multiple Switch Ports dialog box. You can refine your settings in this dialog box. The name of the PortShield interface group will be assigned by default.
SonicWALL PortShield Interfaces 169 SonicOS Enhanced 4.0 Administrator Guide Creating Transparent Mode PortShield Interfaces You may find it useful to create address objects to bundle addresses into address objects and reference these objects when creating a PortShield interface.
SonicWALL PortShield Interfaces 170 SonicOS Enhanced 4.0 Administrator Guide 7. Click on the Transparent Range list box and click on the Create new address object option.
SonicWALL PortShield Interfaces 171 SonicOS Enhanced 4.0 Administrator Guide Creating a PortShield Using an Address Object Containing an Address Range To assign a Range Address Object with addresses extending from 67.115.118.100 to 67.115.118.102 to portshield2, perform the following steps: 1.
SonicWALL PortShield Interfaces 172 SonicOS Enhanced 4.0 Administrator Guide 2. Click on the Add button in the Address Objects list in the window. SonicOS displays the Add Address Object dialog box as shown in the following figure: . 3. Enter the name portshield3 in the Name field.
SonicWALL PortShield Interfaces 173 SonicOS Enhanced 4.0 Administrator Guide To select ports and apply them to a previously configured interface, per form the following steps: 1. Create a PortShield interface following the steps in “Overview” on page 160 , but do not map ports to it by going into the Switch Ports tab.
PortShield Deployment Scenario 174 SonicOS Enhanced 4.0 Administrator Guide 6. Click on the PortShield Interface list box as shown in the following figure. Note the list contains called the entry called Accounting . This is the host address object you created.
PortShield Deployment Scenario 175 SonicOS Enhanced 4.0 Administrator Guide Note The easiest way to configure this example is to use the PortShield Wizard.
PortShield Deployment Scenario 176 SonicOS Enhanced 4.0 Administrator Guide PortShield Interfaces The small business example uses two PortShield interfaces. • LAN: for office use – LAN zone – Ports 1 - 3. These ports are assigned to LAN by not assigning them to another PortShield interface.
PortShield Deployment Scenario 177 SonicOS Enhanced 4.0 Administrator Guide – Name : Residents – Security Type : Wireless. Select Wireless so you can use the same context for the both the individual wired connec tions and the SonicPoints.
PortShield Deployment Scenario 178 SonicOS Enhanced 4.0 Administrator Guide – SonicPoint Provisioning Profile : Select the SonicPoint profile you configured. The settings in this profile will automatically be applied to the SonicPoints you set up for wireless access.
PortShield Deployment Scenario 179 SonicOS Enhanced 4.0 Administrator Guide Configure the PortShield Interf aces with the PortShield Wizard In this example, two ports are assigned to a Wire less PortShield interface for the SonicPoints and three ports are assigned to the LAN interface for the Office.
PortShield Deployment Scenario 180 SonicOS Enhanced 4.0 Administrator Guide 4. Uncheck the Enable Interface Trust for new PortShield Interface segments checkbox to prevent communication between the wireless segment and the office segment. If this level of security is not necessary, leave t he checkbox checked.
181 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 16 Chapter 16: Setting Up WAN Failover and Load Balancing Network > WAN Failover & Load Balancing WAN Failover and Load Balancing allows you to designate the one of the user-assigned interfaces as a Secondary or backup WAN por t.
Network > WAN Failover & L oad Balancing 182 SonicOS Enhanced 4.0 Administrator Guide About Source and Destination IP Address Binding When you establish a connection wi th a WAN, you can create mult iple interfaces, dividing up the task load over these interfaces.
Network > WAN Failover & Load Balancing 183 SonicOS Enhanced 4.0 Administrator Guide Creating a NAT Policy for the Secondary WAN Port You need to create a NAT policy on your SonicWA LL for WAN Failover. Follow these steps to create a NAT policy on your SonicWALL using the OPT interface: Step 1 Select Network > NAT Policies .
Network > WAN Failover & L oad Balancing 184 SonicOS Enhanced 4.0 Administrator Guide Activating WAN Failover and Selecting the Load Balancing Method To configure the SonicWALL fo r WAN failover and load balanci ng, follow the steps below: Step 1 On Network > WAN Failover & LB page, select Enable Load Balancing .
Network > WAN Failover & Load Balancing 185 SonicOS Enhanced 4.0 Administrator Guide – Basic Active/Passive Failover : When this setting is selected, the SonicWALL security appliance only sends traffic through the Secondary WAN interface if the Primary WAN interface has been marked inactive.
Network > WAN Failover & L oad Balancing 186 SonicOS Enhanced 4.0 Administrator Guide entry box is required (percentage for Primary WAN) The management interface automatically populates the non-user-editable entry box with the remaining percentage assigned to the Secondary WAN interface.
Network > WAN Failover & Load Balancing 187 SonicOS Enhanced 4.0 Administrator Guide upstream. If your ISP is experiencing problems in its routing infrastructure, a successful ICMP ping of thei.
Network > WAN Failover & L oad Balancing 188 SonicOS Enhanced 4.0 Administrator Guide Note If there is a NAT device between the two dev ices sending and receiving TCP probes, the Any TCP-SYN to Port box must be checked, an d the sa me port number must be configured here and in the Configure WAN Probe Monitoring window.
Network > WAN Failover & Load Balancing 189 SonicOS Enhanced 4.0 Administrator Guide Caution Before you begin, be sure you have configured a user-defined interface to mirror the WAN port settings. Note If the Probe Target is unable to contact the target device, the inte rface is deactivated and traffic is no longer sent to the primary WAN.
Network > WAN Failover & L oad Balancing 190 SonicOS Enhanced 4.0 Administrator Guide.
191 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 17 Chapter 17: Configuring Zones Network > Zones A Zone is a logical grouping of one or more in terfaces designed to make management, such as the definition and application of Access Rules, a simpler and more intuitive process than following strict physical interface scheme.
Network > Zones 192 SonicOS Enhanced 4.0 Administrator Guide tunnels, which is a feature that users have l ong requested. SonicWALL se curity appliances can also drive VPN traffic through the NAT policy and zone policy, since VP Ns are now logically grouped into their own VPN zone.
Network > Zones 193 SonicOS Enhanced 4.0 Administrator Guide Predefined Zones The predefined zones on your the SonicWALL security appliance dep end on the device.
Network > Zones 194 SonicOS Enhanced 4.0 Administrator Guide • Trusted : Trusted is a security type that provi des the highest level of trust—meaning that the least amount of scru tiny is applied to traf fic coming from trusted zones. Trusted security can be thought of as being on the LAN (pr otected) side of the security appliance.
Network > Zones 195 SonicOS Enhanced 4.0 Administrator Guide • Enable Anti-Spyware Service - Enforces anti-spyware detection and prevention on multiple interfaces in the same Trusted, Public or WLAN zones.
Network > Zones 196 SonicOS Enhanced 4.0 Administrator Guide • Configure : Clicking the Notepad icon displays the Edit Z one window. Clicking the Trashcan icon deletes the zone. The Trashcan icon is dimmed for the predefined zones. You cannot delete these zones.
Network > Zones 197 SonicOS Enhanced 4.0 Administrator Guide – Enable Gateway Anti-Virus Service - Enforces gateway anti- virus protection on your SonicWALL security appliance for all clients connecting to this zone. SonicWALL Gateway Anti-Virus manages the anti-virus ser vice on the SonicWALL appliance.
Network > Zones 198 SonicOS Enhanced 4.0 Administrator Guide – Enforce Global Security Clients - Enforces security pol icies for Global Security Clients on multiple interfaces in the same Trusted, Public or WLAN zones.
Network > Zones 199 SonicOS Enhanced 4.0 Administrator Guide – X5 IP Step 8 In the SSL-VPN Servi ce list, select the service or group of services you want to allow for clients authenticated through the SSL-VPN.
Network > Zones 200 SonicOS Enhanced 4.0 Administrator Guide – Enable Dynamic Address Translation (DAT) - Wireless Guest Services (WGS) provides spur of the moment “hotspot” a ccess to wireless-capable guests and visitors.
201 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 18 Chapter 18: Configuring DNS Settings Network > DNS The Domain Name System (DNS) is a distributed, hier archical system that provides a method.
Network > DNS 202 SonicOS Enhanced 4.0 Administrator Guide To use the DNS Settings configured for the WAN zone, select Inherit DNS Sett ings Dynamically from the WAN Zone .
203 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 19 Chapter 19: Configuring Address Objects Network > Address Objects Address Objects are one of four object classes (Address, User, Service, and Schedule) in SonicOS Enhanced.
Network > Address Objects 204 SonicOS Enhanced 4.0 Administrator Guide • MAC Address – MAC Address Objects allow for the i dentification of a host by its hardware address or MAC (Media Access Control) addr ess.
Network > Address Objects 205 SonicOS Enhanced 4.0 Administrator Guide • All Address Objects - displays all configured Address Objects. • Custom Address Objects - displays Address Objects with custom properties. • Default Address Objects - displays Address Objects configured by default on the SonicWALL security appliance.
Network > Address Objects 206 SonicOS Enhanced 4.0 Administrator Guide Default Address Objects and Groups The Default Address Objects view displays the default Address Objects and Address Groups for your SonicWALL security appliance. The Default Address Objects entries cannot be modified or deleted.
Network > Address Objects 207 SonicOS Enhanced 4.0 Administrator Guide Default Address Groups • LAN Subnets • Firewalled Subnets • LAN Interface IP • WAN Subnets • WAN Interface IP • DM.
Network > Address Objects 208 SonicOS Enhanced 4.0 Administrator Guide • X4 Subnet • X5 IP • X5 Subnet • Default Gateway • Secondary Default Gateway • WAN Remote Access Networks • VPN.
Network > Address Objects 209 SonicOS Enhanced 4.0 Administrator Guide Adding an Address Object To add an Address Object , click Add button under the Address Objects table in the All Address Objects or Custom Address Objects views to display the Add Address Object window.
Network > Address Objects 210 SonicOS Enhanced 4.0 Administrator Guide – If you selected MAC , enter the MAC address and netmask in the Network and MAC Address field. – If you selected FQDN , enter the domain name for the individual site or range of sites (with a wildcard) in the FQDN field.
Network > Address Objects 211 SonicOS Enhanced 4.0 Administrator Guide Creating Group Address Objects As more and more Address Objects are added to the SonicWALL securi ty appliance, you can simplify managing the addresses and access policies by creating gr oups of addresses.
Network > Address Objects 212 SonicOS Enhanced 4.0 Administrator Guide Public Server Wizard SonicOS Enhanced includes the Public Server Wizard to automate the process of configuring the SonicWALL security appliance for handling public servers.
Network > Address Objects 213 SonicOS Enhanced 4.0 Administrator Guide SonicOS Enhanced 3.5 redefined the operation of MAC AOs, and introdu ces Fully Qualified Domain Name (FQDN) AOs: • MAC – SonicOS Enhanced 3.5. and higher will resolve MAC AOs to an IP address by referring to the ARP ca che on the SonicWALL.
Network > Address Objects 214 SonicOS Enhanced 4.0 Administrator Guide Feature Benefit FQDN wildcard support FQDN Address Objects support wildcard entries , such as “*.
Network > Address Objects 215 SonicOS Enhanced 4.0 Administrator Guide Enforcing the use of sancti oned servers on the network Although not a requirement, it is recommended to enforce the use of authorized or sanctioned servers on the network.
Network > Address Objects 216 SonicOS Enhanced 4.0 Administrator Guide • Create Address Object Groups of sancti oned servers (e.g. SMTP, DNS, etc.
Network > Address Objects 217 SonicOS Enhanced 4.0 Administrator Guide Blocking All Protocol Access to a Domain using FQDN DAOs There might be instances where you wish to block all protocol access .
Network > Address Objects 218 SonicOS Enhanced 4.0 Administrator Guide Step 2 – Create the Firewall Access Rule • From the Firewall > Access Rules page, LAN->WAN Zone intersection, Add an.
Network > Address Objects 219 SonicOS Enhanced 4.0 Administrator Guide The following illustrates a packet dissection of a typical DNS dynamic update process, showing the dynamically configured host 10.50.165.249 registering its full hostname bohuymuth.
Network > Address Objects 220 SonicOS Enhanced 4.0 Administrator Guide Step 1 – Create the MAC Address Objects • From Network > Address Objects , select Add and create the following Address .
Network > Address Objects 221 SonicOS Enhanced 4.0 Administrator Guide Bandwidth Managing Access to an Entire Domain Streaming media is one of the most profligate consumers of net wor k bandwidth.
Network > Address Objects 222 SonicOS Enhanced 4.0 Administrator Guide Step 2 – Create the Firewall Access Rule • From the Firewall > Access Rules page, LAN->WAN Zone intersection, add an.
Network > Address Objects 223 SonicOS Enhanced 4.0 Administrator Guide • The BWM icon will appear within the Access Rule table indicating that BWM is active, and providing statistics: • Access to all *.youtube.com hosts, using any protocol, will now be cumulatively limited to 2% of your total available bandw idth for all user sessions.
Network > Address Objects 224 SonicOS Enhanced 4.0 Administrator Guide.
225 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 20 Chapter 20: Configuring Routes Network > Routing If you have routers on your interfaces, you can configure static routes on the SonicWALL security appliance on the Network > Routing page.
Network > Routing 226 SonicOS Enhanced 4.0 Administrator Guide Route Advertisement The SonicWALL security applianc e uses RIPv1 or RIPv2 to adv ertise its static and dynamic routes to other routers on the network.
Network > Routing 227 SonicOS Enhanced 4.0 Administrator Guide • RIPv2 Enabled (broadcast) - To send route advertisement s using broadcasting (a single data packet to all nodes on the network). Step 3 In the Advertise Default Route menu, select Never , or When WAN is up , or Always .
Network > Routing 228 SonicOS Enhanced 4.0 Administrator Guide A metric is a weighted cost assigned to st atic and dynamic routes . Metrics have a value between 0 and 255. Lower metrics are consi dered bette r and take precedence over higher costs.
Network > Routing 229 SonicOS Enhanced 4.0 Administrator Guide You can enter the policy number (the num ber listed before the policy name in the # Name column) in the Items field to move to a specific routi ng policy. The default table co nfiguration displays 50 entries per page.
Network > Routing 230 SonicOS Enhanced 4.0 Administrator Guide To test the Telnet policy-based route, telnet to route-serv er.exodus.net and when logged in, issue the who command. It displays the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.
Network > Routing 231 SonicOS Enhanced 4.0 Administrator Guide • Protocol Type – Distance Vector protocols such as RIP base routing metrics exclusively on hop counts, while Link state protocols such as OSPF consider the st ate of the link when determining metrics.
Network > Routing 232 SonicOS Enhanced 4.0 Administrator Guide OSPF does not have to impose a hop count li mit because it does not advertise entire routing tables, rather it generally only sends link state update s when changes occur.
Network > Routing 233 SonicOS Enhanced 4.0 Administrator Guide For example, if you had 8 class C networks: 192.168.0.0/24 through 192.168.7.0/ 24, rather than having to have a separate r oute statement to each of them, it would be possible to provide a single route to 192.
Network > Routing 234 SonicOS Enhanced 4.0 Administrator Guide used, which is generally discouraged). Area assi gnment is interface s pecific on an OSPF router; in other words, a router with multiple interfaces can have thos e interfaces configured for the same or different areas.
Network > Routing 235 SonicOS Enhanced 4.0 Administrator Guide LSA’s are then exchanged within LSU’s across these adjac encies rather than between each possible pairing combination of routers on the segment. Link state updates are sent by non-DR routers to the multicast address 224.
Network > Routing 236 SonicOS Enhanced 4.0 Administrator Guide – Type 4 (AS Summary Link Advertisements) – Sent across areas by ABR’s to describe networks within a different AS.
Network > Routing 237 SonicOS Enhanced 4.0 Administrator Guide • Router Types – OSPF recognizes 4 ty pes of routers, based on their roles: • IR (Internal Router) - A router whose interfac es are all contained within the same area. An internal router’s LSDB only cont ains information about its own area.
Network > Routing 238 SonicOS Enhanced 4.0 Administrator Guide By default, Advanced Routing Services are disabled, and must be enabled to be made available. At the top of the Network > Routing page, is a checkbox Use Advanced Routing . Toggling the state of this chec kbox will require a reboot for t he changes to take effect.
Network > Routing 239 SonicOS Enhanced 4.0 Administrator Guide RIP Modes • Disabled – RIP is disabled on this interface • Send and Receive – The RIP router on this interface will s end updates and process received updates. • Send Only – The RIP router on this interface will only send updates, and will not process received updates.
Network > Routing 240 SonicOS Enhanced 4.0 Administrator Guide Redistribute Connected Networks - Enables or disables the advertising of locally connected networks into the RIP system. The metric can be explicitly set for this redistribution, or it can use the value (default) specifi ed in the ‘Default Metric’ setting.
Network > Routing 241 SonicOS Enhanced 4.0 Administrator Guide The diagram illustrates an OSPF network where the backbone (area 0.0.0.0) comprises the X0 interface on the SonicWALL and the int1 interfac e o n Router A. Two additional areas, 0.0.0.1 and 100.
Network > Routing 242 SonicOS Enhanced 4.0 Administrator Guide • Message Digest – An MD5 hash is use d to se curely identify the OSPF router on this interface. OSPF Area – The OSPF Area can be represe nted in eit her IP or decimal notation. For example, you may represent the area connected to X4:10 0 as either 100.
Network > Routing 243 SonicOS Enhanced 4.0 Administrator Guide Redistribute Static Routes – Enables or disables the adver tising of static (Policy Based Routing) routes into the OSPF system. Redistribute Connected Networks - Enables or disables the advertising of locally connected networks into the OSPF sy stem.
Network > Routing 244 SonicOS Enhanced 4.0 Administrator Guide.
245 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 21 Chapter 21: Configuring NAT Policies Network > NAT Policies • “NAT Policies Table” on page 246 • “NAT Policy Settings Explained” .
Network > NAT Policies 246 SonicOS Enhanced 4.0 Administrator Guide NAT Policies Table The NAT Policies table allows you to view your NAT Policies by Custom Policies , Default Policies , or All Policies .
Network > NAT Policies 247 SonicOS Enhanced 4.0 Administrator Guide Tip Before configuring NAT Policies, be sure to create all Address Objects associated with the policy. For instance, if you are creating a One-to-One NAT policy, be sure you have Address Objects for your public and private IP addresses.
Network > NAT Policies 248 SonicOS Enhanced 4.0 Administrator Guide NAT Policy Settings Explained The following explains the settings us ed to create a NAT policy entry in the Add NAT Policy or Edit NAT Policy windows.
Network > NAT Policies 249 SonicOS Enhanced 4.0 Administrator Guide • Translated Service : This drop-down menu setting is what the SonicWALL security appliance translates the Original Service to as it exits the SonicWALL security appliance, whether it be to another interface, or into /out-of VPN tunnels.
Network > NAT Policies 250 SonicOS Enhanced 4.0 Administrator Guide to translate all LAN systems to the WAN IP Address, then create a policy saying that a specific system on that LAN use a diff erent IP address, and additionally , create a policy saying that specific use another IP address when using HTTP.
Network > NAT Policies 251 SonicOS Enhanced 4.0 Administrator Guide This document details how to configure the nec essary NAT, load balancing, health check, logging, and firewall rules to allow sys.
Network > NAT Policies 252 SonicOS Enhanced 4.0 Administrator Guide • Round Robin – Source IP cycles through each live load-balanced resource for ea ch connection. This method is best for equal load di stribution when persistence is not required.
Network > NAT Policies 253 SonicOS Enhanced 4.0 Administrator Guide Details of Load Balancing Algorithms This appendix describes how the SonicWALL se curity appliance applies the load balancing alg.
Network > NAT Policies 254 SonicOS Enhanced 4.0 Administrator Guide Creating NAT Policies NAT policies allow you the flexibi lity to cont rol Network Address Translation based on matching combinations of Source IP addr ess, Destination IP address, and Destination Services.
Network > NAT Policies 255 SonicOS Enhanced 4.0 Administrator Guide • Original Service : Any • Translated Service : Original • Inbound Interface : Opt • Outbound Interface : WAN • Comment.
Network > NAT Policies 256 SonicOS Enhanced 4.0 Administrator Guide You can test the dynamic mappi ng by installing several system s on the LAN interface at a spread-out range of addresses (for example, 19 2.168.10.10, 192.168.10.100, and 192.168.10.
Network > NAT Policies 257 SonicOS Enhanced 4.0 Administrator Guide Creating a One-to-One NAT Policy for Inbound Traffic (Reflective) This is the mirror policy for the one creat ed in the previous section when you check Create a reflective policy .
Network > NAT Policies 258 SonicOS Enhanced 4.0 Administrator Guide Figure 21:1 One-to-Many NAT Load Balancing Topolog y a nd Conf ig ura tion To configure One-to-Many NAT load balancing, first go to the Firewall > Access Rules page and choose the policy for WAN to LAN .
Network > NAT Policies 259 SonicOS Enhanced 4.0 Administrator Guide – IP Address : The network IP address for the devices to be load balanced (in the topology shown in Figure 18.
Network > NAT Policies 260 SonicOS Enhanced 4.0 Administrator Guide Note Make sure you chose Any as the destination interface, and not the interface that the server is on. This may seem counter-int uitive, but it’s actual ly the correct thing to do (if you try to specify the interface, you get an error).
Network > NAT Policies 261 SonicOS Enhanced 4.0 Administrator Guide 3. Create two NAT entries to allow the two servers to initiate traffic to the public Internet. 4. Create two NAT entries to map the custom ports to the actual listening ports, and to map the private IP addresses to the Son icWALL’s WAN IP address.
Network > NAT Policies 262 SonicOS Enhanced 4.0 Administrator Guide When finished, click on the OK button to add and activate the NA T policies. With these policies in place, the SonicWALL security appliance trans lates the servers’ private IP addresses to the public IP address when it initiate s traffic out the WAN interface.
Network > NAT Policies 263 SonicOS Enhanced 4.0 Administrator Guide Note With previous versions of fi rmware, it was necessary to wr ite rules to the private IP address. This has been changed as of SonicOS 2.0 Enhan ced. If you write a rule to the private IP address, the rule does not wo rk.
Network > NAT Policies 264 SonicOS Enhanced 4.0 Administrator Guide Figure 1 NAT Load Balancing To po logy Prerequisit es The examples shown in the Tasklist section on the next few pages utilize IP.
Network > NAT Policies 265 SonicOS Enhanced 4.0 Administrator Guide and activate the changes. For an example, see the screenshot below. Debug logs should only be used for initial configuration and troubles hooting, and it is advis ed that once setup is complete, you set the logging level to a more appropriate level for your networ k environment.
Network > NAT Policies 266 SonicOS Enhanced 4.0 Administrator Guide Step 2 Create Address Group -- Now create a n addr ess group named www_group and add the two internal server address objects you just created.
Network > NAT Policies 267 SonicOS Enhanced 4.0 Administrator Guide Step 3 Create Inbound NAT Rule for Group -- Now create a NAT rule to allow anyone attempting to access the VIP to get translated to t he address group you just created, using Sticky IP as the NAT method.
Network > NAT Policies 268 SonicOS Enhanced 4.0 Administrator Guide Note Before you go any further, check the logs and t he status page to see if the resources have been detected and have been logged as on line. If you do not see the two messages below (with your IP addresses), check the steps above.
Network > NAT Policies 269 SonicOS Enhanced 4.0 Administrator Guide Step 6 Create Firewall Rule for VIP -- Write a firewall rule to allow tr affic from the out side to access the internal Web servers via the VIP. Step 7 Test Your Work – From a laptop outside the WAN, connec t via HTTP to the VIP using a Web browser.
Network > NAT Policies 270 SonicOS Enhanced 4.0 Administrator Guide You can also check the Firewall > NAT Policies page and mouse-over the Statistics icon.
271 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 22 Chapter 22: Managing ARP Traffic Network > ARP.
Network > ARP 272 SonicOS Enhanced 4.0 Administrator Guide ARP (Address Resolution Protocol) maps layer 3 (IP addresses) to layer 2 (physical or MAC addresses) to enable communications between hos ts residing on the same subnet. ARP is a broadcast protocol that can create excessive amounts of network traffi c on your network.
Network > ARP 273 SonicOS Enhanced 4.0 Administrator Guide address on any other interface. It will also remove any dynam ically cached references to that MAC address that might have been presen t, and it will prohibit additional (non-unique) static mappings of that MAC address.
Network > ARP 274 SonicOS Enhanced 4.0 Administrator Guide To support the above configuration, first create a published stat ic ARP entry for 192.168.50.1, the address which will serve as the gateway for the secondary subnet, and associate it with the DMZ/OPT interface.
Network > ARP 275 SonicOS Enhanced 4.0 Administrator Guide To allow the traffic to reach the 192.168 .50.0/24 subnet, and to allow the 192.168.50.0/24 subnet to reach the hosts on the LAN, navigate.
Network > ARP 276 SonicOS Enhanced 4.0 Administrator Guide Navigating and Sorting the ARP Cache Table Entries The ARP Cache table provides easy pagination for view ing a large number of ARP entries.
277 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 23 Chapter 23: Setting Up the DHCP Server Network > DHCP Server This chapter contains the following sections: • “DHCP Server Options Overvie.
Network > DHCP Server 278 SonicOS Enhanced 4.0 Administrator Guide The SonicWALL security appliance includes a DH CP (Dynamic Host Co nfiguration Protocol) server to distribute IP addresses, subnet masks, gateway addresses, and DNS server addresses to your network clie nts.
Network > DHCP Server 279 SonicOS Enhanced 4.0 Administrator Guide clients on the network, it provides vendor-specific configurat ion and service information. The “DHCP Option Numbers” on page 294 provides a list of DHCP options by RFC-assigned option number.
Network > DHCP Server 280 SonicOS Enhanced 4.0 Administrator Guide How Does DHCP Server Persistence Work? DHCP server persistence works by storing DHC P lease information per iodically to flash memory. This ensures that users have predicabl e IP addresses and minimizes the risk of IP addressing conflicts after a reboot.
Network > DHCP Server 281 SonicOS Enhanced 4.0 Administrator Guide Configuring DHCP Server for Dynamic Ranges To configure DHCP server fo r dynamic IP address ranges, follow these instructions: Step 1 In the Network > DHCP Server page, at the bottom of the DHCP Server Lease Scopes table, click Add Dynamic .
Network > DHCP Server 282 SonicOS Enhanced 4.0 Administrator Guide DNS/WINS Settings Step 9 Click the DNS/WINS tab to continue configuring the DHCP Server feature. Step 10 If you have a domain name for the DNS server, type it in the Domain Name field.
Network > DHCP Server 283 SonicOS Enhanced 4.0 Administrator Guide VoIP Settings Step 14 Click on the VoIP Settings tab. The VoIP Settings tab allows you to c onfigure the SonicWALL DHCP server to send Cisco Call Manager in formation to VoIP clients on the network.
Network > DHCP Server 284 SonicOS Enhanced 4.0 Administrator Guide General Settings Step 2 In the General tab, make sure the Enable this DHCP Entry is checked, if you want to enable this range. Step 3 Select the interface from the Interface menu. The IP addresses are in the same private subnet as the selected interface.
Network > DHCP Server 285 SonicOS Enhanced 4.0 Administrator Guide VoIP Settings Step 15 Click on the VoIP Settings tab. The VoIP Settings tab allows you to c onfigure the SonicWALL DHCP server to send Cisco Call Manager in formation to VoIP clients on the network.
Network > DHCP Server 286 SonicOS Enhanced 4.0 Administrator Guide Configuring DHCP Option Objects To configure DHCP option objec ts, perform the following steps: Step 1 In the left-hand navigation panel, navigate to Network > DHCP Server . Step 2 Under DHCP Server Lease Scopes, click the Option Objects button.
Network > DHCP Server 287 SonicOS Enhanced 4.0 Administrator Guide Step 4 Type a name for the option in the Option Name field. Step 5 From the Option Number drop-down list, select the option number that corresponds to your DHCP option. For a list of option numbers and names, refer to “DHCP Option Numbers” on page 294 .
Network > DHCP Server 288 SonicOS Enhanced 4.0 Administrator Guide Step 6 Optionally check the Option Array box to allow entry of multiple option values in the Option Value field.
Network > DHCP Server 289 SonicOS Enhanced 4.0 Administrator Guide Step 7 The option type displays in the Option Type drop-down menu. If only one option type is available, for example, for Option Number 2 (Time Offset) , the drop-down menu will be greyed out.
Network > DHCP Server 290 SonicOS Enhanced 4.0 Administrator Guide Configuring DHCP Option Groups To configure DHCP option groups, perform the following steps: Step 1 In the left-hand navigation panel, navigate to Network > DHCP Server . Step 2 Under DHCP Server Lease Scopes, click Option Groups .
Network > DHCP Server 291 SonicOS Enhanced 4.0 Administrator Guide Step 4 Enter a name for the group in the Name field. Step 5 Select an option object from the left column and c lick the -> button to add it to the grou p. To select multiple option objects at the same time, hold the Ctrl key while selecting the option objects.
Network > DHCP Server 292 SonicOS Enhanced 4.0 Administrator Guide Configuring DHCP Generic Options for DHCP Lease Scopes Note Before generic options for a DHCP lease scope can be configured, a static or dynamic DHCP server lease scope must be created.
Network > DHCP Server 293 SonicOS Enhanced 4.0 Administrator Guide Step 2 Select a DHCP option or option group in the DHCP Generic Option Group drop-down menu. Step 3 To always use DHCP options for this DHCP server lease scope, check the box next to Send Generic options always .
Network > DHCP Server 294 SonicOS Enhanced 4.0 Administrator Guide Current DHCP Leases The current DHCP lease info rmation is displayed in the Current DHCP Leases table. Each binding entry displays the IP Address , the Ethernet Address , and the Type of binding (Dynamic, Dynamic BOOTP, or Static BOOTP).
Network > DHCP Server 295 SonicOS Enhanced 4.0 Administrator Guide 23 Default IP TTL Default IP time-to-live 24 Path MTU Aging Timeout Path MTU aging timeout 25 MTU Plateau Path M TU plateau table .
Network > DHCP Server 296 SonicOS Enhanced 4.0 Administrator Guide 55 Parameter Request List Parameter request list 56 Message DHCP error message 57 DHCP Maximum Message Size DHCP maximum m essage .
Network > DHCP Server 297 SonicOS Enhanced 4.0 Administrator Guide 84 Undefined N/A 85 Novell Directory Servers Novell Directory Services servers 86 Novell Directory Server Tree Name Novell Directo.
Network > DHCP Server 298 SonicOS Enhanced 4.0 Administrator Guide 115 Undefined N/A 116 Auto Configure DHCP auto-configuration 117 Name Service Search Name service search 118 Subnet Collection Sub.
Network > DHCP Server 299 SonicOS Enhanced 4.0 Administrator Guide 147 Undefined N/A 148 Undefined N/A 149 Undefined N/A 150 TFTP Ser ver Address, Etherboot, GRUB Config TFTP server address, Etherb.
Network > DHCP Server 300 SonicOS Enhanced 4.0 Administrator Guide 183 Undefined N/A 184 Undefined N/A 185 Undefined N/A 186 Undefined N/A 187 Undefined N/A 188 Undefined N/A 189 Undefined N/A 190 .
Network > DHCP Server 301 SonicOS Enhanced 4.0 Administrator Guide 220 Subnet Allocation Subnet allocation 221 Virtual Subnet Allocation Virtual subnet selection 222 Undefined N/A 223 Undefined N/A.
Network > DHCP Server 302 SonicOS Enhanced 4.0 Administrator Guide.
303 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 24 Chapter 24: Using IP Helper Network > IP Helper The IP Helper allows the SonicWALL security appliance to forward DHCP requests originating from the interfaces on a Soni cWALL security appliance to a centralized DHCP server on the behalf of the requesting client.
Network > IP Helper 304 SonicOS Enhanced 4.0 Administrator Guide • Enable NetBIOS Support - enables NetBIOS broadcast forwarding with the DHCP requests. NetBIOS is requir ed to allow Window s operating systems to browse for resources on a network.
305 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 25 Chapter 25: Setting Up Web Proxy Forwarding Network > Web Proxy A Web proxy server intercepts HTTP requests and determines if it has stored copies of the requested Web pages.
Network > Web Proxy 306 SonicOS Enhanced 4.0 Administrator Guide To configure a Proxy Web sever, select the Network > Web Proxy page. Step 1 Connect your Web proxy server to a hub, and connect the hub to the SonicWALL security appliance WAN port.
307 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 26 Chapter 26: Configuring Dynamic DNS Network > Dynamic DNS Dynamic DNS (DDNS) is a service provided by various companies and organizations that allows for dynamic changing IP addresses to aut omatically update DNS records without manual intervention.
Network > Dynamic DNS 308 SonicOS Enhanced 4.0 Administrator Guide • Dyndns.org http://www.dyndns.org - Soni cOS requires a username, password, Mail Exchanger, and Backup MX to configure DDNS from Dyndns.org. • Changeip.com http://www.changeip.
Network > Dynamic DNS 309 SonicOS Enhanced 4.0 Administrator Guide To configure Dynamic DNS on the Son icWA LL security appliance, perform these steps: Step 1 From the Network > Dynamic DNS page, click the Add button. The Add DDNS Profile window is displayed.
Network > Dynamic DNS 310 SonicOS Enhanced 4.0 Administrator Guide – Static - A free DNS service for static IP addresses. Step 9 When using DynDNS.org , you may optionally select Enable Wildcard and/or configure an MX entry in the Mail Exchanger field.
Network > Dynamic DNS 311 SonicOS Enhanced 4.0 Administrator Guide Dynamic DNS Settings Table The Dynamic DNS Settings table provides a table view of configur ed DDNS profiles. Dynamic DN S Settings table includes the following columns: • Profile Name - The name assigned to the DDNS entry during its creation.
Network > Dynamic DNS 312 SonicOS Enhanced 4.0 Administrator Guide • Online - When selected, this profile is adminis tratively online. The setting can also be controlled using the Use Onli ne Settings checkbox on the entry's Profil e tab.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 313 PART 4 Wireless •.
314 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
315 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 27 Chapter 27: Viewing WLAN Settings, Statistics, and Station Status Wireless Overview The SonicWALL Wireless securi ty appliances support two wire less protocols called IEEE 802.11b and 802.11g, commonly known as Wi-Fi, and send data via radio transmissions.
Wireless Overview 316 SonicOS Enhanced 4.0 Administrator Guide • VPN tunnel Considerations for Using Wireless Connections • Mobility - if the majority of your network is lapt op computers, wireless is more portable than wired connections.
Wireless Overview 317 SonicOS Enhanced 4.0 Administrator Guide • Try to place the wireless security appliance in a direct line with other wireless components. Best performance is achieved when wireless co mponents are in direct line of sight with each other.
Wireless > Status 318 SonicOS Enhanced 4.0 Administrator Guide WiFiSec uses the easy provisioni ng capabilities of the SonicWA LL Global VPN client making it easy for experienced and inexperienced administrat ors to implement on the network.
Wireless > Status 319 SonicOS Enhanced 4.0 Administrator Guide WLAN Settings The WLAN Settings table lists the configuration info rmation for the built-in radio. All configurable settings in the WLAN Settings table are hyper links to their respective pages for configuration.
Wireless > Status 320 SonicOS Enhanced 4.0 Administrator Guide WLAN Statistics The WLAN Statistics table lists all of the tr affic s ent and received through the WLAN. The Wireless Statistics column lists the kinds of traffic recor ded, the Rx column lists r eceived traffic, and the Tx column lists t ransmitted traffic.
Wireless > Status 321 SonicOS Enhanced 4.0 Administrator Guide Station Status The Station Status table displays information about wireless conne ctions associated with the wireless security appliance.
Wireless > Status 322 SonicOS Enhanced 4.0 Administrator Guide.
323 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 28 Chapter 28: Configuring Wireless Settings Wireless > Settings The Wireless > Settings page allows you to configur e your wireless settings. On the Wireless>Settings page, you can enable or disable t he WLAN port by selecting or clearing the Enable WLAN che ckbox.
Wireless > Settings 324 SonicOS Enhanced 4.0 Administrator Guide Wireless Settings Enable WLAN Radio : Check this checkbox to turn the radio on, and enable wireless networking. Click Apply in the top right corner of the management interface to have this setting take effect.
Wireless > Settings 325 SonicOS Enhanced 4.0 Administrator Guide mode. Operating in Wireless Bridge mode, the wireless security appliance connects to another wireless security appliance acting as an acce ss point, and allows communications between the connected networks via the wireless bridge.
Wireless > Settings 326 SonicOS Enhanced 4.0 Administrator Guide Configuring a Secure Wireless Bridge When switching from Access Point mode to Wireless Bridge mode, all clients are disconnected, and the navigation panel on t he left changes to reflect the new mode of operation.
Wireless > Settings 327 SonicOS Enhanced 4.0 Administrator Guide For example, in the previous network diagram, the wireless security appliance are con figured as follows: • SSID on all three wireless security appliance are set to “myWLAN”.
Wireless > Settings 328 SonicOS Enhanced 4.0 Administrator Guide • Static routes must be entered on the Access Point TZ 170 Wireless to route b ack to the LAN subnets of the Bridge Mode TZ 170 Wireless. Referring to the example ne twor k, TZ 170 Wirele ss1 must have st atic routes t o 10.
Wireless > Settings 329 SonicOS Enhanced 4.0 Administrator Guide • One policy to the Site_B address object at 10.30.30.0:.
Wireless > Settings 330 SonicOS Enhanced 4.0 Administrator Guide Configuration for VPN Policies Step 1 Click Network . Step 2 Under Local Networks , select Choose local network from list and select LAN Interface IP .
Wireless > Settings 331 SonicOS Enhanced 4.0 Administrator Guide Wireless Bridg e VPN Policy Configuration The Wireless Bridge VPN Policy is configured as follows: Step 1 Click VPN , then Co nfigure . Step 2 Select IKE using Preshared Secret from the IPsec Keying Mode menu.
Wireless > Settings 332 SonicOS Enhanced 4.0 Administrator Guide.
333 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 29 Chapter 29: Configuring WEP and WPA Security Wireless > WEP/WPA Security Note When the SonicWALL wireless secu rity appliance is configured in Access Point mode, this page is called Security .
Wireless > WEP/WPA Security 334 SonicOS Enhanced 4.0 Administrator Guide Authentication Overview Below is a list of available authentication types with descripti ve features and uses for each: WEP .
Wireless > WEP/WPA S ecurity 335 SonicOS Enhanced 4.0 Administrator Guide WEP Encryption Keys Step 1 Select the key number, 1,2,3, or 4, from the Default Key menu. Step 2 Select the key type to be either Alphanumeric or Hexadecimal . Step 3 Type your keys into each field.
Wireless > WEP/WPA Security 336 SonicOS Enhanced 4.0 Administrator Guide WPA Settings • Cyphe r Type : s elect TKIP. Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis. • Group Key Update : Specifies when the SonicWALL Secure Anti-Virus Router 80 Wireless updates the key.
Wireless > WEP/WPA S ecurity 337 SonicOS Enhanced 4.0 Administrator Guide • Radius Server 2 IP and Port : Enter the IP address and port number for your seco ndary RADIUS server, if you have one. • Radius Server 2 Secret : Enter the password for access to Radius Server Click Apply in the top right corner to apply your WPA settings.
Wireless > WEP/WPA Security 338 SonicOS Enhanced 4.0 Administrator Guide Preshared Key Settings (PSK) • Passphrase : Enter the passphrase from which the key is generated. Click Apply in the top right corner to apply your WPA2 settings. WPA2-EAP Settings Encryption Mode : In the Authentication Type field, select WPA-EAP .
339 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 30 Chapter 30: Configuring Advanced Wireless Settings Wireless > Advanced To access Advanced configuration settings for the SonicWALL wireless security appliance, log into the SonicWALL, click Wireless , and then Advanced .
Wireless > Advanced 340 SonicOS Enhanced 4.0 Administrator Guide Beaconing & SSID Controls 1. Select Hide SSID in Beacon . Suppresses broadcasting of the SSID name and disables responses to probe requests. Checking this option helps prevent your wireless SSID from being seen by unauthoriz ed wireless clients.
Wireless > Advanced 341 SonicOS Enhanced 4.0 Administrator Guide • 2 : Select 2 to restrict the wireless security app liance to use antenna 2 only. Facing the rear of the SonicPoint, ant enna 2 is on the right, closest to t he power supply. You can disconnect antenna 1 when using only antenna 2.
Wireless > Advanced 342 SonicOS Enhanced 4.0 Administrator Guide Advanced Radio Settings The following other advanced settings can be configured. Step 1 Enable Short Slot Time : Select Enable Short Slot Time to increase performance if you only expect 802.
Wireless > Advanced 343 SonicOS Enhanced 4.0 Administrator Guide overlapping SonicPoints. However, it can slow down performance. Auto is probably the best setting, as it will engage only in th e case of over lapping SonicPoints. Step 11 Protection Rate : The protection rate determines the data rate when protection is on.
Wireless > Advanced 344 SonicOS Enhanced 4.0 Administrator Guide.
345 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 31 Chapter 31: Configuring MAC Filter List Wireless > MAC Filter List Wireless networking provides native MAC filter ing capabilities which pr events wireless clients from authenticating and associating with the wir eless security appliance.
Wireless > MAC Filter List 346 SonicOS Enhanced 4.0 Administrator Guide The items in the list are address object groups, defined groups of objec ts that represent specific IP addresses or ranges of addresses that can be used throughout the management interface to specify network resources.
347 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 32 Chapter 32: Configuring Wireless IDS Wireless > IDS Wireless Intrusion Detection Services (IDS) gr eatly increase the securi ty capabilities .
Wireless > IDS 348 SonicOS Enhanced 4.0 Administrator Guide Access Point IDS When the Radio Role of the wireless security appliance is set to Access Point mode, all three types of WIDS services are.
Wireless > IDS 349 SonicOS Enhanced 4.0 Administrator Guide Enable Association Flood Detection is selected by default. The Association Flood Threshold is set to 5 Association attempts within 5 seconds by default. Intrusion Detection Settings Rogue Access Points have emerged as one of the most serious and insidious threats to wireless security.
Wireless > IDS 350 SonicOS Enhanced 4.0 Administrator Guide Scanning for Access Points Active scanning occurs when the wireless secu ri ty appliance starts up, and at any time Scan Now is clicked at the bottom of the Discovered Access Points table.
351 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 33 Chapter 33: Configuring Virtual Access Points Wireless > Virtual Access Point This chapter describes the Virtual Access Poin t feature and in.
Wireless > Virtual Access Point 352 SonicOS Enhanced 4.0 Administrator Guide SonicPoint VAP Overview This section provides an introducti on to the Virtual Access Point feature.
Wireless > Virtual Ac cess Point 353 SonicOS Enhanced 4.0 Administrator Guide Wireless Roaming with ESSID An ESSID (Extended Service Set IDentifier) is a co llection of Access Poin ts (or Virtual Access Points) sharing the same SSID.
Wireless > Virtual Access Point 354 SonicOS Enhanced 4.0 Administrator Guide • “Virtual Access Points” section on page 363 • “Virtual Access Point Groups” section on page 364 VAP Configurat ion Overview The following are required areas of configurat ion for VAP deployment.
Wireless > Virtual Ac cess Point 355 SonicOS Enhanced 4.0 Administrator Guide A network security zone is a logical method of grouping one or more inter faces with friendly, user-configurable names, and applyi ng security rules as traffic passes from one zone to another zone.
Wireless > Virtual Access Point 356 SonicOS Enhanced 4.0 Administrator Guide General Feature Description Name Create a name for your custom Zone Security Type Select Wireless in order to enable and access wireless security options.
Wireless > Virtual Ac cess Point 357 SonicOS Enhanced 4.0 Administrator Guide Wireless Feature Description Only allow traffic generated by a SonicPoint Restricts traffic on this zone to SonicPoint-generated traffic only. SSL-VPN Enforcement Redirects all traffic entering the Wireless Zone to a defined SonicWALL SSL-VPN appliance.
Wireless > Virtual Access Point 358 SonicOS Enhanced 4.0 Administrator Guide Guest Services The Enable Wireless Guest Services option allows the following guest services to be applied to a zone: Fe.
Wireless > Virtual Ac cess Point 359 SonicOS Enhanced 4.0 Administrator Guide WLAN Subnets WLAN subnets are used to segment IP address spac e for use by Vir tual Access Points (VAP). Each VAP must have a separate WLAN subnet, and you must create t he WLAN subnet before creating the VAP.
Wireless > Virtual Access Point 360 SonicOS Enhanced 4.0 Administrator Guide • Subnet Name : The name of the interface. • IP Address : The first IP address in the subnet. Ma ke sure that the IP address subnet does not conflict with another address range.
Wireless > Virtual Ac cess Point 361 SonicOS Enhanced 4.0 Administrator Guide Virtual Access Points Profiles A Virtual Access Point Profile allows the administrator to pre-configure and save access point settings in a profile. VAP Profiles allows sett ings to be easily applied to new Virtual Access Points.
Wireless > Virtual Access Point 362 SonicOS Enhanced 4.0 Administrator Guide WPA-PSK / WPA2-PSK Encryption Settings Pre-Shared Key (PSK) is available when using WPA or WPA2. This solution utilizes a shared key. WPA-EAP / WPA2-EAP Encryption Settings Extensible Authentication Protoc ol (EAP) is available when usi ng WPA or WPA2.
Wireless > Virtual Ac cess Point 363 SonicOS Enhanced 4.0 Administrator Guide Virtual Access Points Virtual Access Points are configured fro m the Wireless > Virtual Access Point page by clicking the Add... button in the Virtual Access Points section.
Wireless > Virtual Access Point 364 SonicOS Enhanced 4.0 Administrator Guide Virtual Access Point Groups The VAP Group feature allows for grouping of multiple VAP objects to be simultaneously applied to the integrated wireless radio of the SonicWALL securi ty appliance.
Thinking Critically About VAPs 365 SonicOS Enhanced 4.0 Administrator Guide Thinking Critically About VAPs This section provides content to help dete rmine what your VAP requirements are and how to apply these requirements to a usef ul VAP configuration.
Thinking Critically About VAPs 366 SonicOS Enhanced 4.0 Administrator Guide Determining Security Configurations Understanding these requirements, you can then define the Zones (and interfaces) and VAPs that will provide wireless services to these users: • Corp Wireless – Highly trusted wireless Zone.
Thinking Critically About VAPs 367 SonicOS Enhanced 4.0 Administrator Guide Questions Examples Solutions How many different types of users will I need to support? Corporate wireless, guest access, visiting partners, wireless devices are all common user types, each requiring their own VAP Plan out the number of different VAPs needed.
Thinking Critically About VAPs 368 SonicOS Enhanced 4.0 Administrator Guide What security services to I wish to apply to my users? Corporate users who you want protected by the full SonicWALL security suite. Enable all SonicWALL security services. Guest users who have no LAN access.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 369 PART 5 WWAN.
370 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
371 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 34 Chapter 34: Configuring Wireless WAN (TZ 190 only) WWAN This chapter describes how to configure the Wireless WAN interface on the SonicWALL TZ 190 appliance.
WWAN 372 SonicOS Enhanced 4.0 Administrator Guide • Primary WAN connection where wire-based connecti ons are not available and 3G Cellular is. Wireless Wide Area Networks provide untethered remote network access through the use of mobile or cellular data networks.
WWAN 373 SonicOS Enhanced 4.0 Administrator Guide Understanding WWAN Failover When the WAN Connection Model is s et to Ethernet with WWAN Failover , the WAN (Ethernet) interface is the primary connection. If the WAN interface fa ils, the SonicWALL TZ 190 fails over to the WWAN interface.
WWAN 374 SonicOS Enhanced 4.0 Administrator Guide If a secondary Ethernet WAN (the OPT port) is configured, the TZ190 will fir st failover to the secondary Ethernet WAN before failing over to the WWAN. In this situation, WWAN failover will only occur when both the WAN and OPT paths are unavailable.
WWAN 375 SonicOS Enhanced 4.0 Administrator Guide Caution It is not recommended to configure a polic y-based route that uses the WWAN connection when the WAN Connection Model is s et for Ethernet with WWAN Failover .
WWAN 376 SonicOS Enhanced 4.0 Administrator Guide Wireless WAN PC Card Support To use the wireless WAN interface you must hav e a wireless WAN PC card and a contract with a wireless service provider.
WWAN 377 SonicOS Enhanced 4.0 Administrator Guide Viewing the WWAN Status The WWAN > Stat us page displays the current status of WWAN on the SonicWALL TZ190. It indicates the status of the WWAN connection, the current active WAN interface, or the current backup WAN interface.
WWAN 378 SonicOS Enhanced 4.0 Administrator Guide • “Management/User Login” on page 379 • “WWAN Probe Settings” on page 379 Connect on Data The Connect on Data Categories settings allow yo.
WWAN 379 SonicOS Enhanced 4.0 Administrator Guide Management/User Login The Management/User Login section must be configure to enable remote management of the SonicWALL TZ 190 appliance over the WWAN interface. You can select any of the supported management protocol(s): HTTPS , Ping , and/or SNMP .
WWAN 380 SonicOS Enhanced 4.0 Administrator Guide Configuring WWAN Advanced Settings The WWAN > Advan ced page is used to configure the Remotely Triggered Dial-Out feature on the SonicWALL TZ 190. The Remotely Trig gered Dial-Out feature enables network administrators to remotely initiate a WWAN connection from a SonicWALL TZ 190.
WWAN 381 SonicOS Enhanced 4.0 Administrator Guide Configuring WWAN Connection Profiles Use the WWAN > Connection Profiles to configure WWAN connec tion profiles and set the primary and alternate profiles. Select the Primary WWAN connection profile in the Primary Profile pulldown menu.
WWAN 382 SonicOS Enhanced 4.0 Administrator Guide 3. Select the Service Provider that you have created an account with. Note that only service providers supported in the coun try you selected are displayed. 4. In the Plan Type window, select the WWAN plan you hav e subscribed to with the service provider.
WWAN 383 SonicOS Enhanced 4.0 Administrator Guide 13. Select the Enable Inactivity Disconnect (minutes) checkbox and enter a number in the field to have the WWAN connec tion disconnected after the specified number of minutes of inactivity. N ote that this opt ion is not available if the Dial Type is Persistent Connection .
WWAN 384 SonicOS Enhanced 4.0 Administrator Guide 19. Click on the Data Limiting tab. Tip If your WWAN account has a monthly data or time limit, it is str ongly recommended that you enable Data Usage Limiting.
WWAN 385 SonicOS Enhanced 4.0 Administrator Guide To disconnect a WWAN connec tion, click on the Manage button. The WWAN Connection window displays. Click Disconnect . See “Configuring the Wireless WAN Inte rface” on page 152 for more information.
WWAN 386 SonicOS Enhanced 4.0 Administrator Guide Note The Data Usage table is only estimate of the curren t usage and should not be used to calculate actual charges. Contact your Service Provider for accurate billing information. The Session History table displays a summary of informat ion about WWAN sessions.
WWAN 387 SonicOS Enhanced 4.0 Administrator Guide GPRS has an additional advantage over GSM in that it is a packet-switched technology, meaning that stations only send data when there is data to send (rather than reserving the entire channel as occurs in GSM's circuit-sw itch ed networks) thus making more efficient use of available bandwidth.
WWAN 388 SonicOS Enhanced 4.0 Administrator Guide • W-CDMA - Wideband Code Division Multiple Access - The technology underlying UMTS, W-CDMA is an evolution of the GS M protocol. Referred to a Wideband because its carrier channels are four times wider than then original CDMA standard (5 MHz versus 1.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 389 PART 6 SonicPoint.
390 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
391 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 35 Chapter 35: Managing SonicPoints SonicPoint > SonicPoints SonicWALL SonicPoints are wireless access points specially engineered to work with SonicWALL security appliances to provide wireless access throughout your enterprise.
SonicPoint > SonicPoints 392 SonicOS Enhanced 4.0 Administrator Guide • Attach the SonicPoints to the interfaces in the Wireless zone. • Test SonicPoints SonicPoint Provisioning Profiles SonicP.
SonicPoint > SonicPoints 393 SonicOS Enhanced 4.0 Administrator Guide Configuring a SonicPoint Profile You can add any number of SonicPoint profiles. To configure a SonicPoint provisioning profile: Step 1 To add a new profile click Add below the list of SonicPoint provisioning profiles.
SonicPoint > SonicPoints 394 SonicOS Enhanced 4.0 Administrator Guide – Country Code : Select the country where you ar e operating the SonicPoints. The country code determines which regulator y domain the ra dio operation falls under. Step 3 In the 802.
SonicPoint > SonicPoints 395 SonicOS Enhanced 4.0 Administrator Guide – Default Key : Select which key in the list below is the default key, which will be tried first when trying to authenticate a user. – Key Entry : Select whether the key is alphanumeric or hexadecimal.
SonicPoint > SonicPoints 396 SonicOS Enhanced 4.0 Administrator Guide – DTIM Interval : Enter the interval in milliseconds. – Fragmentation Threshold (bytes) : Enter the number of by tes of fragmented data you want the network to allow. – RTS Threshold (bytes) : Enter the number of bytes.
SonicPoint > SonicPoints 397 SonicOS Enhanced 4.0 Administrator Guide that the SonicPoint can comm unicate with an authentication server for WPA-EAP support. SonicOS will then use the profil e associated with the relevant Zone to configure the 2.4GHz and 5GHz radio settings.
SonicPoint > SonicPoints 398 SonicOS Enhanced 4.0 Administrator Guide The options on these tabs are the same as the Add SonicPoint Profile screen. See Configuring a SonicPoint Pro file for instructions on conf iguring these settings. Step 3 Click OK to apply these settings.
SonicPoint > SonicPoints 399 SonicOS Enhanced 4.0 Administrator Guide Step 6 Click Apply . Caution It is imperative that you download the co rresponding SonicPoint image for the SonicOS firmware version that is running on your S onicWALL. The mysoni cwall.
SonicPoint > SonicPoints 400 SonicOS Enhanced 4.0 Administrator Guide • Operational – Once the SonicPoi nt has peered with a SonicOS device and has its configuration validated, it will enter into a operational state, and will be ready for clients.
401 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 36 Chapter 36: Viewing Station Status SonicPoint > Station Status The SonicPoint > Station Status page reports on the statis tics of each SonicPoint. The table lists entries for each wireless client connected to each SonicPoint.
SonicPoint > St ation Status 402 SonicOS Enhanced 4.0 Administrator Guide Click on the Statistics icon to see a detailed report for an indivi dual station. Ea ch SonicPoint device reports for both radios, and for each stati on, the following information to its SonicOS peer: • MAC Address – The client’s (Station’s) hardware address.
SonicPoint > Station Status 403 SonicOS Enhanced 4.0 Administrator Guide – Re-association request – Re-association response – Probe request – Probe response – Beacon frame – ATIM message – Disassociation – Authentication – De-authentication • Management Frames Transmitted – Total number of Management frames transmitted.
SonicPoint > St ation Status 404 SonicOS Enhanced 4.0 Administrator Guide.
405 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 37 Chapter 37: Using and Configuring IDS SonicPoint > IDS You can have many wireless access points within reach of the si gnal of the Soni cPoints on your network. The SonicPoint > IDS page reports on all access p oints the SonicWALL security appliance can find by scanning the 802.
SonicPoint > I DS 406 SonicOS Enhanced 4.0 Administrator Guide Intrusion Detection Settings Rogue Access Points have emerged as one of the most serious and insidious threats to wireless security. In general terms, an access point is considered rogue when it has not been authorized for use on a network.
SonicPoint > IDS 407 SonicOS Enhanced 4.0 Administrator Guide Discovered Access Points The Discovered Access points displays informati on on every access point that can b e detected by the SonicPoint radio: • SonicPoint : The SonicPoint that det ected the access point.
SonicPoint > I DS 408 SonicOS Enhanced 4.0 Administrator Guide.
409 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 38 Chapter 38: Configuring RF Monitoring SonicPoint > RF Monitoring This chapter describes how to plan, design, implement, and maintain the RF Monitoring feature in SonicWALL SonicOS 4.0 En hanced.
SonicPoint > R F Monitoring 410 SonicOS Enhanced 4.0 Administrator Guide Why RF Monitoring? Radio Frequency (RF) technology used in today’s 802.11-based wireless networking devices poses an attractive target for intruders.
SonicPoint > RF Monitoring 411 SonicOS Enhanced 4.0 Administrator Guide Enabling RF Monitoring on SonicPoint(s) In order for RF Monitoring to be enforced, you must enable the RF Monitoring option on all available SonicPoint devices.
SonicPoint > R F Monitoring 412 SonicOS Enhanced 4.0 Administrator Guide RF Monitoring Interface Overview The top portion of the RF Monitoring interface allows you t o : • View the number of thre.
SonicPoint > RF Monitoring 413 SonicOS Enhanced 4.0 Administrator Guide Tip For a complete list of RF Threat types and their descriptions, see the “Types of RF Threat Detection” section on page 414 of this document.
SonicPoint > RF Monitoring 414 SonicOS Enhanced 4.0 Administrator Guide To add a station to the watch list: Step 1 In the SonicPoint > RF Monitoring page, navigate to the Discovered RF threat stations section. Step 2 Click the icon that corresponds to the threat stat ion you wish to add to the watch list.
SonicPoint > RF Monitoring 415 SonicOS Enhanced 4.0 Administrator Guide • Ad-Hoc Station Detection - Ad-Hoc stations are nodes which provide access to wireless clients by acting as a bridge between th e act ual acce ss point and the user.
SonicPoint > R F Monitoring 416 SonicOS Enhanced 4.0 Administrator Guide Timesaver For this section in particular (and as a good habi t in general), you may find it helpful to keep a record of the locations and MAC addr esses of your SonicPoint devices.
SonicPoint > RF Monitoring 417 SonicOS Enhanced 4.0 Administrator Guide Using RSSI to Determine RF Threat Proximity This section builds on what was learned in the “Using Sensor ID to Determine RF Threat Location” section on page 415 .
SonicPoint > R F Monitoring 418 SonicOS Enhanced 4.0 Administrator Guide A high Rssi usually indicates an RF threat that is closer to the So ni cPoint. A low Rssi can indicate obstructions or a more distant RF threat. 20 PRO 3060 rssi - Identifies signal strength of the RF threat, allowing for approximate distance gauging .
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 419 PART 7 Firewall.
420 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
421 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 39 Chapter 39: Configuring Access Rules Firewall > Access Rules This chapter provides an overview on your SonicWALL security appl iance stateful packet inspection default access rules and configuration ex amples to customize your access rules to meet your business requirements.
Firewall > Access Rules 422 SonicOS Enhanced 4.0 Administrator Guide Stateful Packet Inspection Default Access Rules Overview By default, the SonicWALL security applianc e’s stateful packet inspection allows all communication from the LAN to the Internet, and bloc ks all traffic to the LAN from the Internet.
Firewall > Access R ules 423 SonicOS Enhanced 4.0 Administrator Guide The outbound SMTP traffic is guaranteed 20 percent of available bandwidth available to it and can get as much as 40 percent of available bandwidth.
Firewall > Access Rules 424 SonicOS Enhanced 4.0 Administrator Guide Tip You can also view access rules by Z ones. Use the Option checkboxes in the From Zone and To Zone column. Select LAN , WA N , VPN , ALL from the From Zone column. And then select LAN, WAN, VPN, ALL from the To Zone column.
Firewall > Access R ules 425 SonicOS Enhanced 4.0 Administrator Guide You can change the priority ranking of an access rule by clicking the Arrows icon in the Priority column. The Change Priority window is displayed. Enter the new priority number (1-10) in the Priority field, and click OK .
Firewall > Access Rules 426 SonicOS Enhanced 4.0 Administrator Guide Adding Access Rules To add access rules to the SonicWALL se curity appliance, perform the following steps: Step 1 Click Add at the bottom of the Access Rules table. The Add Rule window is displayed.
Firewall > Access R ules 427 SonicOS Enhanced 4.0 Administrator Guide Step 13 If you would like for the access rule to timeout after a period of TCP inactivity, set the amount of time, in minutes, in the TCP Connection Inactivity Timeout (minutes) field.
Firewall > Access Rules 428 SonicOS Enhanced 4.0 Administrator Guide – None : DSCP values in packets are reset to 0. – Preserve : DSCP values in packets will remain unaltered. – Explicit : Set the DSCP value to the value you se lect in the Expli cit DSCP Value field.
Firewall > Access R ules 429 SonicOS Enhanced 4.0 Administrator Guide • 6 - Voice (<10ms latency) • 7 - Network control – Map : The QoS mapping settings on the Firewall > QoS Mapping page will be used. See “Firewall > QoS Mapping” section on pag e 467 for instructions on configuring the QoS Mapping.
Firewall > Access Rules 430 SonicOS Enhanced 4.0 Administrator Guide Coupled with IPS, this can be used to mitigate the spread of a certain class of malware as exemplified by Sasser, Blaste r, and Nimda. These worms propagat e by initiating conn ections to random addresses at atypically high rates.
Firewall > Access R ules 431 SonicOS Enhanced 4.0 Administrator Guide Enabling Ping This sections provides a configuration example for an access rule to allow devices on the DMZ to send ping requests and receive ping responses from devices on the LAN.
Firewall > Access Rules 432 SonicOS Enhanced 4.0 Administrator Guide.
433 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 40 Chapter 40: Configuring Advanced Access Rule Settings Firewall > Advanced To configure advanced access rule options, select Firewall > Advanced under Firewall. The Advanced Rule Options page is displayed.
Firewall > Advanced 434 SonicOS Enhanced 4.0 Administrator Guide • UDP Detection Prevention • Enable Stealth Mode - By default, the security appl iance responds to incoming connection requests as either “blocked” or “open.
Firewall > Advanced 435 SonicOS Enhanced 4.0 Administrator Guide Access Rule Service Options Force inbound and outbound FTP data connections to use default port 20 - The default configuration allows FTP connections from por t 20 but remaps outbound traffic to a port such as 1024.
Firewall > Advanced 436 SonicOS Enhanced 4.0 Administrator Guide.
437 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 41 Chapter 41: Configuring TCP Settings Firewall > TCP Settings The TCP Settings lets you view statistics on TCP Traffic through the security appliance and manage TCP traffic settings.
Firewall > TCP Settings 438 SonicOS Enhanced 4.0 Administrator Guide – When the TCP SACK Permitted (Selective Acknowledgement, see RFC1072) option is encountered, but the calculated option length is incorrect. – When the TCP MSS (Maximum Segment Size) option is encountered, but the calculated option length is incorrect.
Firewall > TCP Settings 439 SonicOS Enhanced 4.0 Administrator Guide The TCP Settings section allows you to: • Enable TCP Stateful Inspection – Enabling TCP stateful inspection requires that al.
Firewall > TCP Settings 440 SonicOS Enhanced 4.0 Administrator Guide A SYN Flood attack is considered to be in progress if the number of unanswered SYN/ACK packets sent by the SonicWA LL (half-opened TCP connections) e xceeds the threshold set in the “Flood rate until attack logged (unanswer ed SYN/ACK packets per second)” field.
Firewall > TCP Settings 441 SonicOS Enhanced 4.0 Administrator Guide • SYN Blacklisting (Layer 2) – This mechanism blocks specific devices from generating or forwarding SYN flood attacks.
Firewall > TCP Settings 442 SonicOS Enhanced 4.0 Administrator Guide Each contains various types of SYN Flood Prot ection. The following se ctions describe these features.
Firewall > TCP Settings 443 SonicOS Enhanced 4.0 Administrator Guide To provide more control over the options sent to WAN clients when in SYN Proxy mode, you can configure the fo llowing two objects: SACK ( Selective Acknowledgment) – This parameter c ontrols whether or not Selective ACK is enabled.
Firewall > TCP Settings 444 SonicOS Enhanced 4.0 Administrator Guide Never blacklist WAN machines – This checkbox ensures that syste ms on the WAN are never added to the SYN Blacklist. This option is recommended as leaving it unchecked may interrupt traffic to and from the firewall’s WAN ports.
Firewall > TCP Settings 445 SonicOS Enhanced 4.0 Administrator Guide The following are SY N Flood statistics. Column Description Max Incomplete WAN Connections / sec The maximum number of pending embryonic half-open connections recorded since the firewall has been up (or since the last time the TCP statistics were cleared).
Firewall > TCP Settings 446 SonicOS Enhanced 4.0 Administrator Guide Total FIN Blacklist Pack ets Rejected The total number of packets dropped because of the FIN blacklist. Invalid SYN Flood Cookies Received The total number of invali d SYN flood cookies received.
447 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 42 Chapter 42: Configuring Firewall Services Firewall > Services SonicOS Enhanced supports an expanded IP protocol support to allow users to create services and access rules based on these protocols.
Firewall > Services 448 SonicOS Enhanced 4.0 Administrator Guide Selecting All Services from View Style displays both Custom Services and Default Services . Default Services Overview The Defaul t Services view displays the SonicWALL securi ty appliance default services in the Services table and Service Groups table.
Firewall > Se rvices 449 SonicOS Enhanced 4.0 Administrator Guide Supported Protocols The following IP protocols are available for custom services: • ICMP ( 1 )—(Internet Control Message Protocol) A TCP/IP protocol used to send error and control messages.
Firewall > Services 450 SonicOS Enhanced 4.0 Administrator Guide All custom services you create are listed in the Custom Services table. You can group custom services by creating a Custom Services Group for easy policy enforcement.
Firewall > Se rvices 451 SonicOS Enhanced 4.0 Administrator Guide Click the Enable Logging checkbox to disable or enable the logging of the serv ice activities. Adding Custom IP Type Services Using only the predefined IP types, if the security appliance encount ers traffic of a ny other IP Protocol type it drops it as unrecognized .
Firewall > Services 452 SonicOS Enhanced 4.0 Administrator Guide Note Attempts to define a Custom IP Type Service Object for a pre-define d IP type will not be permitted, and will result in an error message. Step 5 Click OK Step 6 From the Firewall > Service Objects page, Service Group section, select Add Group .
Firewall > Se rvices 453 SonicOS Enhanced 4.0 Administrator Guide Note Select your Zones, Services and Address Obje cts accordingly. It may be necessary to create an Access Rule for bidirectional traffic; for example, an additional Access Rule from the LAN > WLAN allowing myServices from 10.
Firewall > Services 454 SonicOS Enhanced 4.0 Administrator Guide Adding a Custom Services Group You can add custom services and then create groups of services, including default services, to apply the same policies to them.
Firewall > Se rvices 455 SonicOS Enhanced 4.0 Administrator Guide Deleting Custom Services Groups Click the Trashcan icon to delete the individual cust om service group entry.
Firewall > Services 456 SonicOS Enhanced 4.0 Administrator Guide.
457 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 43 Chapter 43: Configuring Multicast Settings Firewall > Multicast Multicasting, also called IP mu lticasting, is a method for sending one Internet Protocol (IP) packet simultaneously to multiple hosts.
Firewall > Multicast 458 SonicOS Enhanced 4.0 Administrator Guide Multicast Snooping This section provides configur ation tasks for Multicast Snooping. • Enable Multicast - This checkbox is disabled by defaul t. Select this checkbox to support multicast traffic.
Firewall > Multicast 459 SonicOS Enhanced 4.0 Administrator Guide To create a multicast address object: Step 1 In the Enable reception for the following multicast addresses list, select Create new multicast object . Step 2 In the Add Address Object window, configure: – Name : The name of the address object.
Firewall > Multicast 460 SonicOS Enhanced 4.0 Administrator Guide Enabling Multicast on LA N-Dedicated Interfaces Perform the following steps to enable mu lticast support on LAN- dedicated interfaces. Step 1 Enable multicast support on your Soni cWALL security appliance.
Firewall > Multicast 461 SonicOS Enhanced 4.0 Administrator Guide Enabling Multicast Through a VPN To enable multicast across the WAN through a VPN, follow: Step 1 Enable multicast globally. On the Firewall > Multicast page, check the Enable Multicast checkbox, and click the Apply button for each security appliance.
Firewall > Multicast 462 SonicOS Enhanced 4.0 Administrator Guide Note Notice that the default WLAN'MULTICAST access rule for IGMP traffic is set to 'DENY'. This will need to be changed to 'ALLOW' on all partici pating appliances to enable multicast, if they have multicast cli ents on their WLAN zones.
463 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 44 Chapter 44: Monitoring Active Connections Firewall > Connections Monitor The Firewall > Connections Monitor page displays details on all active connections to the security appliance.
Firewall > Connections Monit or 464 SonicOS Enhanced 4.0 Administrator Guide Viewing Connections The connections are listed in the Active Connections Monitor table.
Firewall > Connections Monitor 465 SonicOS Enhanced 4.0 Administrator Guide Check the Group box next to any two or more criter ia to combine them with a logical OR .
Firewall > Connections Monit or 466 SonicOS Enhanced 4.0 Administrator Guide.
467 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 45 Chapter 45: Managing Quality of Service Firewall > QoS Mapping Quality of Service (QoS) refers to a divers ity of methods intended to provide predictable network behavior and performance.
Firewall > QoS Mapping 468 SonicOS Enhanced 4.0 Administrator Guide But all is not lost. Once SonicOS Enhanc ed classifies the traffic, it can tag the traffic to communicate this classification to certain exte rnal systems that are capable of abiding by CoS tags; thus they too can par ticipate in provid ing QoS.
Firewall > QoS Mapping 469 SonicOS Enhanced 4.0 Administrator Guide section on page 479 . SonicOS’s BWM is a perfectly ef fective solution for fully autonomous private networks with sufficient bandwidth, but c an become somewhat less effective as more unknown external network elements and bandwidth contention are introduced.
Firewall > QoS Mapping 470 SonicOS Enhanced 4.0 Administrator Guide Enabling 802.1p SonicOS Enhanced supports layer 2 and layer 3 Co S methods for broad interoperability with external systems parti cipating in QoS enabled environments. The layer 2 method is the IEEE 802.
Firewall > QoS Mapping 471 SonicOS Enhanced 4.0 Administrator Guide Although Enable 802.1p tagging does not appear as an option on VLAN sub-interfaces on the PRO 4060 and PRO 5060, the 802.1p field is already present within the 802. 1q tags of VLAN sub-interfaces.
Firewall > QoS Mapping 472 SonicOS Enhanced 4.0 Administrator Guide Example Scenario In the scenario above, we have Remote Site 1 connected to ‘Main Site’ by an IPsec VPN. The company uses an internal 802. 1p/DSCP capable VoIP phone system, with a private VoIP signaling server hosted at the Main Site.
Firewall > QoS Mapping 473 SonicOS Enhanced 4.0 Administrator Guide QoS Mapping is a feature which converts layer 2 802.1p tags to layer 3 DSCP tags so that they can safely traverse ( in mapped form) 802.1p-incapable links; when the packet arrives for delivery to the next 802.
Firewall > QoS Mapping 474 SonicOS Enhanced 4.0 Administrator Guide DSCP marking can be performed on tr affic to/from any interface and to/fr om any zone type, without exception. DSCP marki ng is controlled by Access Rule s, from the QoS tab, and can be used in conjunction with 802.
Firewall > QoS Mapping 475 SonicOS Enhanced 4.0 Administrator Guide Configure for 802. 1p CoS 4 – Controlled load If you want to change the inbound mapping of DSCP tag 15 from its defaul t 802.1p mapping of 1 to an 802.1p mapping of 2 , it would have to be done in two steps because mapping ranges cannot overlap.
Firewall > QoS Mapping 476 SonicOS Enhanced 4.0 Administrator Guide Each of these mappings can be reco nfigured. If you wanted to change the outbound mapping of 802.
Firewall > QoS Mapping 477 SonicOS Enhanced 4.0 Administrator Guide For example, refer to the following figure wh ich provides a bi-direc tional DSCP tag action.
Firewall > QoS Mapping 478 SonicOS Enhanced 4.0 Administrator Guide One practical application for this behavior woul d be configuring an 80 2.1p marking rule for traffic destined for the VPN Zone. Although 802.1p tags cannot be sent ac ross the VPN, reply packets coming back across the VPN can be 802.
Firewall > QoS Mapping 479 SonicOS Enhanced 4.0 Administrator Guide To examine the effects of the se cond Access Rule (VPN>LAN), we ’ll look at the Access Rules configured at the Main Site: Vo.
Firewall > QoS Mapping 480 SonicOS Enhanced 4.0 Administrator Guide configure BWM and QoS (i.e. layer 2 and/or layer 3 marking) settings on a single Access Rule. This allows those external systems to benefit from the classification performed on the SonicWALL even after it has already shaped the traffic.
Firewall > QoS Mapping 481 SonicOS Enhanced 4.0 Administrator Guide Once one or both BWM settings are enabled on t he WAN interface and the available bandwidth has been declared, a Ethernet BWM tab will appear on Access Rules.
Firewall > QoS Mapping 482 SonicOS Enhanced 4.0 Administrator Guide Outbound Bandwidth Management Bandwidth Management as employed by Soni cOS Enhanced is based on an amalgamation of queue manageme.
Firewall > QoS Mapping 483 SonicOS Enhanced 4.0 Administrator Guide to be processed. When Guaranteed queue credits are depleted, the next queue in that priority ring is processed. The same process is r epeated for the remaining priority rin gs, and upon completing priority ring 7 begins again with priority ring 0.
Firewall > QoS Mapping 484 SonicOS Enhanced 4.0 Administrator Guide Outbound BWM Packet Processing Path a. Determine that the packet is bound for the WAN Zone. b. Determine that the packet is clas sifiable as a Firewa ll packet. c. Match the packet to an Access Rule to determine BWM setting.
Firewall > QoS Mapping 485 SonicOS Enhanced 4.0 Administrator Guide Example of Outbound BWM The above diagram shows 4 policies are configured for OBWM with a link capacity of 100 Kbps. This means that the link capacity is 12800 Bytes/ sec. Below table gives the BWM values for each rule in Bytes per second.
Firewall > QoS Mapping 486 SonicOS Enhanced 4.0 Administrator Guide f. Start off with the highest priority ring 0 and process all queues in this priority in a round robin fashion. H323 has Pkt3 of 500B which is sent since it can use up to max = 2560 (MBW-GBW).
Firewall > QoS Mapping 487 SonicOS Enhanced 4.0 Administrator Guide Algorithm for Inbound Bandwidth Management IBWM maintains eight priority rings, where eac h priority ring has one queue for a rule that has IBWM enabled. The IBWM pool is processed from the highest to lowest priority ring further shaping the traffic.
Firewall > QoS Mapping 488 SonicOS Enhanced 4.0 Administrator Guide e. Record class credit as remaining credi t. f. If remaining credit is gr eater than or e qual to average rate, process the ACK packet and deduct average rate from remaining credit.
Firewall > QoS Mapping 489 SonicOS Enhanced 4.0 Administrator Guide Glossary • 802.1p – IEEE 802.1p is a Layer 2 (MAC layer) Cl ass of Service mec hanism that tags packets by using 3 priority bits (for a total of 8 priority levels ) within the additional 16 bits of an 802.
Firewall > QoS Mapping 490 SonicOS Enhanced 4.0 Administrator Guide – Weighted Random Early Detection (WRED) – An implementation of RED that factors DSCP markings into its discard decision process. • DSCP – (Differentiate Services Code Points) – The repurposing of the ToS field of an IP header as described by RFC27 47.
Firewall > QoS Mapping 491 SonicOS Enhanced 4.0 Administrator Guide • Marking – Also known as tagging or coloring – The act of applying layer 2 (802.
Firewall > QoS Mapping 492 SonicOS Enhanced 4.0 Administrator Guide • Shaping – An attempt by a QoS system to modify the rate of traffic flow, usua lly by employing some feedback mechanism to the sender .
493 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 46 Chapter 46: Configuring SSL Control Firewall > SSL Control This chapter describes how to plan, design, im plement, and maintain the SSL Control feature.
Firewall > SSL Control 494 SonicOS Enhanced 4.0 Administrator Guide of TCP based network communica tions, with its most common and well-known application being HTTPS (HTTP over SSL). SSL provides di gital certificate-based endpoint identification, and cryptographic and digest-based confidentia lity to network communications.
Firewall > SSL Control 495 SonicOS Enhanced 4.0 Administrator Guide Key Features of SSL Control Feature Benefit Common-Name based White and Black Lists The administrator can define lists of explicitly allowed or denied certificate subject common names (described in Key Concepts).
Firewall > SSL Control 496 SonicOS Enhanced 4.0 Administrator Guide Key Concepts to SSL Control • SSL - Secure Sockets Layer (SSL) is a network security mechanism introduced by Netscape in 1995.
Firewall > SSL Control 497 SonicOS Enhanced 4.0 Administrator Guide SSL is not limited to securing HTTP, but can also be used to secure other TCP protocols such as SMTP, POP3, IMAP, and LDAP. F or more information, see http://w p.netscape.com/ eng/security/SSL_2.
Firewall > SSL Control 498 SonicOS Enhanced 4.0 Administrator Guide – TLS – Transport Layer Security (version 1.0), also known as SSLv3.1, is very similar to SSLv3, but improves upon SSLv3 in the following wa ys: • MAC – A MAC (Message Authentication Code) is calculated by applying an algorithm (such as MD5 or SHA1) to data.
Firewall > SSL Control 499 SonicOS Enhanced 4.0 Administrator Guide mismatch elicits a browser alert, it is not always a sure sign of deception. For example, if a client browses to https://my sonicwall.com, which resolves to the same IP address as www.
Firewall > SSL Control 500 SonicOS Enhanced 4.0 Administrator Guide Caveats and Advisories 1. Self-signed and Untrusted CA enforcement – If enf orcing either of thes e two options, it is strongly.
Firewall > SSL Control 501 SonicOS Enhanced 4.0 Administrator Guide SSL Control Configuration SSL Control is located on Firewall panel, under the SSL Control Folder. SSL Control has a global setting, as well as a per-zone setting. By default, SSL Control is not enabled at the global or zone level.
Firewall > SSL Control 502 SonicOS Enhanced 4.0 Administrator Guide • Detect Self-signed certificates – Contr ols the detection of certificates where both the issuer and the subject have the same common name.
Firewall > SSL Control 503 SonicOS Enhanced 4.0 Administrator Guide To configure the Whitelis t and Blacklist, click the Configure button to bring up the following window. Entries can be added, edited and deleted with the buttons beneath each list window.
Firewall > SSL Control 504 SonicOS Enhanced 4.0 Administrator Guide sent in response for evaluation against the conf igured policy. Enabling SSL Control on the LAN Zone, for example, will inspect al l SSL traffic initiated by cli ents on the LAN to any destination zone.
Firewall > SSL Control 505 SonicOS Enhanced 4.0 Administrator Guide Log events will include the client’s username in the notes sect ion (not shown) if the user logged in manually, or was identified through CIA/Single Sign On. If the user’s ident ity is not available, the note will indicate that the user is Unidentified.
Firewall > SSL Control 506 SonicOS Enhanced 4.0 Administrator Guide.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 507 PART 8 VoIP.
508 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
509 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 47 Chapter 47: Configuring VoIP Support VoIP This chapter contains the following sections: • “VoIP Overview” on page 509 • “SonicWALL’s.
VoIP 510 SonicOS Enhanced 4.0 Administrator Guide VoIP Security Companies implementing VoIP te chnologies in an effort to cut communication costs and extend corporate voice services to a distributed workfo rce face security risk s associated with the convergence of voice and data net works.
VoIP 511 SonicOS Enhanced 4.0 Administrator Guide VoIP Protocols VoIP technologies are built on tw o primary protocols, H.323 and SIP. H.323 H.323 is a standard developed by the International Telecommunications Union (ITU).
VoIP 512 SonicOS Enhanced 4.0 Administrator Guide • Redirect Server - Responds to request but does not forward requests. • Registration Server - Handles UA authentication and registration.
VoIP 513 SonicOS Enhanced 4.0 Administrator Guide also provides proactive defense against newly discovered application and protocol vulnerabilities. Signature granularity allows SonicWALL IPS to detect and pre vent attacks based on a global, attack group, or per-signature basis to provide maximum flexibility and control false positives.
VoIP 514 SonicOS Enhanced 4.0 Administrator Guide • Validation of headers for all media packets - SonicOS examines and monitors the headers within media packets to allow detection and discar ding of out-of-sequence and retransmitted packets (beyond window).
VoIP 515 SonicOS Enhanced 4.0 Administrator Guide SIP SonicOS provides the following support for SIP: – Base SIP standard (both RFC 2543 and RFC 3261) – SIP INFO method (RFC 2976) – Reliability .
VoIP 516 SonicOS Enhanced 4.0 Administrator Guide SonicWALL VoIP Vendor Interoperability The following is a partial list of devices from leading manufacturers with which SonicWALL VoIP interoperates.
VoIP 517 SonicOS Enhanced 4.0 Administrator Guide • H.264, H.263, and H.261 for video • MPEG4, G.711, G.722, G. 723, G.728, G.729 for audio VoIP Protocols that SonicOS Does No t Perform Deep Packe.
VoIP 518 SonicOS Enhanced 4.0 Administrator Guide 1. Phone B registers with VoIP server - The SonicWALL security appliance builds a database of the accessible IP phones behind it by monitoring the outgoing VoIP registration requests.
VoIP 519 SonicOS Enhanced 4.0 Administrator Guide Figure 47:2 Local VoIP Call Flow The following describes the sequenc e of events shown in Figure 42.2: 1. Phones A and B register with VoIP server - The SonicWALL security appliance b uilds a database of the accessible IP phones behind it by monitoring the outgoing VoIP registration requests.
VoIP 520 SonicOS Enhanced 4.0 Administrator Guide Configuring SonicWALL VoIP Features Configuring the SonicWALL security appliance for VoIP depl oyments builds on your basic network configuration in the SonicWALL management interface. This chapter assumes the SonicWALL security appli ance is configured for y our network environment.
VoIP 521 SonicOS Enhanced 4.0 Administrator Guide General VoIP Configuration SonicOS includes the VoIP c onfiguration settings on the VoIP > Settings page. This page is divided into three configur ation settings sections: General Settings , SIP Setting s , and H.
VoIP 522 SonicOS Enhanced 4.0 Administrator Guide Configuring SIP Settings By default, SIP clients use their private IP address in the SIP Se ssion Definition Protocol (SDP) messages that are sent to the SIP proxy.
VoIP 523 SonicOS Enhanced 4.0 Administrator Guide The Additional SIP signaling port (UDP) for transformations setting allows you to specify a non-standard UDP port used to carry SIP signaling tr affic. Normally, SIP signaling traffic is carried on UDP port 5060.
VoIP 524 SonicOS Enhanced 4.0 Administrator Guide Bandwidth Management SonicOS offers an integrated traffic shapi ng mechanism through its Egress (outbound) and Ingress (inbound) management interfaces.
VoIP 525 SonicOS Enhanced 4.0 Administrator Guide Configuring Bandwidth on the WAN Interface BWM configurations begin by enabling BWM on the relevant WAN interface, and specifying the interface’s available bandwidth in Kbps.
VoIP 526 SonicOS Enhanced 4.0 Administrator Guide If you are defining VoIP access for client to use a VoIP service provi der from the WAN, you configure network acce ss rules between source and destinat ion interface or zones to enable clients behind the firewall to send and receive VoIP calls.
VoIP 527 SonicOS Enhanced 4.0 Administrator Guide • For SIP, select SIP Step 6 Select the source of the traffic affected by the access rule from the Source list.
VoIP 528 SonicOS Enhanced 4.0 Administrator Guide Tip Rules using Bandwidth Management take priority over rules with out bandwidth management. Using the Public Server Wizard The SonicWALL Public Server Wizard provides an easy method for configuring firewall access rules for a SIP Proxy or H.
VoIP 529 SonicOS Enhanced 4.0 Administrator Guide Note SonicWALL recommends NOT selecting VoIP from the Services menu. Selecting this option opens up more TCP/UDP ports than is required, potentially opening up unnecessary security vulnerabilities. Step 5 Enter the name of the server in the Server Name field.
VoIP 530 SonicOS Enhanced 4.0 Administrator Guide Step 10 The Summary page displays a summary of all the configuration you have performed in the wizard. It should show: • Server Address Objects - The wizard creates the address object for the new server.
VoIP 531 SonicOS Enhanced 4.0 Administrator Guide Configuring VoIP Logging You can enable the logging of VoIP events in t he SonicWALL security appliance log in the Log > Categories page. Log entries are displayed on the Log > View page. To enable logging: Step 1 Select Log > Categories .
VoIP 532 SonicOS Enhanced 4.0 Administrator Guide Figure 47:3 Point-to-Point VoIP Service Topology This deployment does not require a VoIP server . The Public IP a ddress of the SonicWALL security appliance is used as the main VoIP number for hosts on the network.
VoIP 533 SonicOS Enhanced 4.0 Administrator Guide Figure 47:4 Public VoIP Service Topolog y For VoIP clients that register with a server from the WAN, the SonicWALL security appliance automatically manages NAT polic ies and access rules.
VoIP 534 SonicOS Enhanced 4.0 Administrator Guide Figure 47:5 Trusted VoIP Servi ce T opology For VoIP clients that register with a server on the DMZ or LAN, the SonicWALL security appliance automatically manages NAT policies and access rules.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 535 PART 9 VPN.
536 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
537 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 48 Chapter 48: Configuring VPN Policies VPN > Settings The VPN > Settings page provides the SonicWA LL features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN p olicies from this page.
VPN > Settings 538 SonicOS Enhanced 4.0 Administrator Guide Prior to the invention of Internet Protocol Se curity (IPsec) and Secure Socket Layer (SSL), secure connections between remote computers or networks required a dedicated line or satellite link.
VPN > Settings 539 SonicOS Enhanced 4.0 Administrator Guide One advantage of SSL VPN is that SSL is built into most Web Browsers. No special VPN client software or hardware is r equired. Note SonicWALL makes SSL-VPN devic es that you can use in c oncert with or independently of a SonicWALL UTM appliance running SonicOS.
VPN > Settings 540 SonicOS Enhanced 4.0 Administrator Guide Aggressive Mode : To reduce the number of messages exchanged during authentication by half, the negotiation of which cryptographic algor ithm to use is eliminated. The initiato r proposes one algorithm and the responder r eplies if it supports that algorithm: 1.
VPN > Settings 541 SonicOS Enhanced 4.0 Administrator Guide Note There is no restriction on nesti ng IKE v1 tunnels within an IKE v2 tunnel and visa-versa.
VPN > Settings 542 SonicOS Enhanced 4.0 Administrator Guide • “VPN Auto-Added Access Rule Control” section on page 578 Configuring VPNs in SonicOS Enhanced SonicWALL VPN, based on the i ndust.
VPN > Settings 543 SonicOS Enhanced 4.0 Administrator Guide E-Mail ID Domain name. • Peer ID Filter if using 3rd party certificates. • IKE (Phase 1) Proposal : – DH Group : – Group 1 – Group 2 – Group 5 Note The Windows 2000 L2TP client and Windows XP L2T P client can only work with DH Group 2.
VPN > Settings 544 SonicOS Enhanced 4.0 Administrator Guide Note The Windows 2000 L2TP client and Windows XP L2TP client can only work with DH Group 2.
VPN > Settings 545 SonicOS Enhanced 4.0 Administrator Guide GSC only (Require Global Security Cl ient checked on security appliance) • Shared secret, if select ed on security appliance: • Certificate, if selected on security appliance : • User’s user name and password if XAUTH is required on the security appliance.
VPN > Settings 546 SonicOS Enhanced 4.0 Administrator Guide Choose local network from list (select an address object): Local network obtains IP addresses using DHCP through this VPN Tunnel (not use.
VPN > Settings 547 SonicOS Enhanced 4.0 Administrator Guide – AES-192 – AES-256 – Authentication: – MD5 – SHA1 – Enable Perfect Forward Secrecy – DH Group (if perfect forward secrecy is enabled): – Group 1 – Group 2 – Group 5 Note The Windows 2000 L2TP client and Windows XP L2T P client can only work with DH Group 2.
VPN > Settings 548 SonicOS Enhanced 4.0 Administrator Guide On the Responder The settings on the responder must be t he same as on the initiator except: • Name of this VPN: • IPsec Primary Gate.
VPN > Settings 549 SonicOS Enhanced 4.0 Administrator Guide VPN Policy Wizard The VPN Policy Wizard walks you step-by-step through the c onfiguration of GroupVPN or site- to-site VPN policies on the SonicW ALL security appliance. After completing the configuration, the wizard creates the necessa ry VPN settings for the sele cted policy.
VPN > Settings 550 SonicOS Enhanced 4.0 Administrator Guide VPN Policies All existing VPN policies are displayed in the VPN Policies table. Each entry displays the following information: • Name : Displays the default name or user-defined VPN policy name.
VPN > Settings 551 SonicOS Enhanced 4.0 Administrator Guide You can enter the policy number (the num ber listed before the policy name in the # Name column) in the Items field to move to a specific VPN policy. The default table configuration displays 50 entries per page.
VPN > Settings 552 SonicOS Enhanced 4.0 Administrator Guide • “Creating Site-to-Site VPN Policies” section on page 562 • “VPN Auto-Added Access Rule Control” section on page 578 Configu.
VPN > Settings 553 SonicOS Enhanced 4.0 Administrator Guide Configuring GroupVPN with IKE usin g Preshared Secret on the WAN Zone To configure the WAN GroupVPN, follow these step s: Step 1 Click the edit icon for the WAN GroupVPN entry. The VPN Policy window is displayed.
VPN > Settings 554 SonicOS Enhanced 4.0 Administrator Guide – Select the DH Group from the DH Group menu. Note The Windows 2000 L2TP client and Windows XP L2TP client can only work with DH Group 2. They are incompatible with DH Groups 1 and 5. – Select 3DES , AES-128 , or AES-256 f rom the Encryption menu.
VPN > Settings 555 SonicOS Enhanced 4.0 Administrator Guide – Management via this SA : - If using the VPN policy to manage the SonicWALL security appliance, select the m anagement method, either HTTP or HTTPS .
VPN > Settings 556 SonicOS Enhanced 4.0 Administrator Guide • Always - Global VPN Client us er prompted for username and password only once when connection is enabled. Wh en prompted, the user will be gi ven the option of caching th e username and p assword.
VPN > Settings 557 SonicOS Enhanced 4.0 Administrator Guide Configuring GroupVPN with IKE using 3rd Party Certificates To configure GroupVPN with IKE using 3rd Party Certific ates, follow these steps: Caution Before configuring GroupVPN with IKE using 3rd Party Certificat es, your certificates must be installed on the SonicWALL.
VPN > Settings 558 SonicOS Enhanced 4.0 Administrator Guide – Distinguished Name - based on the certificates Subj ect Distinguished Name field, which is contained in all cert ificates by default. Valid entries for this field are based on country (c=), organization (o=), organization unit (ou=), and /or commonName (cn=).
VPN > Settings 559 SonicOS Enhanced 4.0 Administrator Guide traffic. For packets received via an IPse c tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packe t is routed through the gateway.
VPN > Settings 560 SonicOS Enhanced 4.0 Administrator Guide • This Gateway Only - Allows a single connection to be enabled at a time. Traffic that matches the destination networks as specified in the poli cy of the gateway is sent throu gh the VPN tunnel.
VPN > Settings 561 SonicOS Enhanced 4.0 Administrator Guide Caution The GroupVPN SA must be enabled on the Soni cWALL to export a configuration file. Step 1 Click the Disk icon in the Configure column for the GroupVPN entry in the VPN Policies table.
VPN > Settings 562 SonicOS Enhanced 4.0 Administrator Guide • Hub and Spoke Design - All SonicWALL VPN gateways are configured to connect to a central SonicWALL (hub), such as a corporat e SonicWALL. The hub must have a static IP address, but the spokes can have dyna mic IP addresses.
VPN > Settings 563 SonicOS Enhanced 4.0 Administrator Guide Configuring a VPN Policy with IKE using Preshared Secret To configure a VPN Policy using Internet Key Exchange (IKE) , follow the steps below: Step 1 Click Add on the VPN > Settings page.
VPN > Settings 564 SonicOS Enhanced 4.0 Administrator Guide Optionally, specify a Local IKE ID (optional) and Peer IKE ID (optional) for this Policy. By default, the IP Address (ID_IPv4_ADDR) is used for Main Mode negotiations, and the SonicWALL Identifier (ID_USER_FQDN) is used for Aggressive Mode.
VPN > Settings 565 SonicOS Enhanced 4.0 Administrator Guide Destination network obtains IP addresses using DHCP server through this tunnel . Alternatively, select Choose Destination network from list , and select the address object or group. Step 10 Click Proposals .
VPN > Settings 566 SonicOS Enhanced 4.0 Administrator Guide – If you selected Main Mode or Aggressive Mode in the Proposals tab: • Select Enable Ke ep Alive to use heartbea t messages between peers on this VPN tunnel .
VPN > Settings 567 SonicOS Enhanced 4.0 Administrator Guide – If you selected IKEv2 in the Proposals tab: • Select Enable Ke ep Alive to use heartbea t messages between peers on th is VPN tunnel .
VPN > Settings 568 SonicOS Enhanced 4.0 Administrator Guide The term Trigger Packet refers to the use of initial Traffic Selector payloads populated with the IP addresses from the packet t hat caused SA negotiation to begin.
VPN > Settings 569 SonicOS Enhanced 4.0 Administrator Guide Configuring the Local Soni cWALL Security Appliance Step 1 Click Add on the VPN > Settings page. The VPN Policy window is displayed. Step 2 In the General tab of the VPN Policy window, select Manual Key from the IPsec Keying Mode menu.
VPN > Settings 570 SonicOS Enhanced 4.0 Administrator Guide Destination network from list , and select the address object or group. Step 7 Click on the Proposals tab. Step 8 Define an Incoming SPI and an Outgoing SPI . The SPIs are hexadecimal (0123456789abcedf) and can range from 3 to 8 characters in length.
VPN > Settings 571 SonicOS Enhanced 4.0 Administrator Guide Tip Valid hexadecimal characters include 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, and f. 1234567890abcdef is an example of a valid DES or ARCFour encryption key. If you enter an incorrect encryption key, an error message is displayed at the bottom of the browser window.
VPN > Settings 572 SonicOS Enhanced 4.0 Administrator Guide Configuring the Remote SonicWALL Security Appliance Step 1 Click Add on the VPN > Settings page. The VPN Policy window is displayed. Step 2 In the General tab, select Manual Key from the IPsec Keying Mode menu.
VPN > Settings 573 SonicOS Enhanced 4.0 Administrator Guide – Select Apply NAT Policies if you want the SonicWALL to translate the Local, Remote or both networks communicating via this VPN tunnel. To perform Network Address Translation on the Local Network, sele ct or create an Address Object in the Translated Local Network drop-down box.
VPN > Settings 574 SonicOS Enhanced 4.0 Administrator Guide To create a VPN SA using IKE and third par ty certificates, fo llow these steps: Step 1 In the VPN > Settings page, click Add . The VPN Policy window is displayed. Step 2 In the Authentication Method list in th e General tab, select IKE using 3rd Party Certificates .
VPN > Settings 575 SonicOS Enhanced 4.0 Administrator Guide Up to three organizational units can be specified. The usage is c=*;o=*;ou=*;ou=*;ou=*;cn=*. The final ent ry does not need to c ontain a semi-colon. You must enter at least one entry, i.e.
VPN > Settings 576 SonicOS Enhanced 4.0 Administrator Guide Destination network obtains IP addresses using DHCP server through this tunnel . Alternatively, select Choose Destination network from list , and select the address object or group. Step 11 Click the Proposals tab.
VPN > Settings 577 SonicOS Enhanced 4.0 Administrator Guide – Enter a value in the Life Time (seconds) field. The default setting of 28800 forces the tunnel to renegotiate and exchange keys every 8 hours.
VPN > Settings 578 SonicOS Enhanced 4.0 Administrator Guide – If you wish to use a router on the LAN fo r traffic entering this tunnel destined for an unknown subnet, for example, if y ou configu.
VPN > Settings 579 SonicOS Enhanced 4.0 Administrator Guide.
VPN > Settings 580 SonicOS Enhanced 4.0 Administrator Guide.
581 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 49 Chapter 49: Configuring Advanced VPN Settings VPN > Advanced The VPN > Advanced page includes optional settings that affect all VPN policies. Advanced VPN Settings • Enable IKE Dead Peer Detection - Select if you want i nactive VPN tunnels to be dropped by the SonicWALL.
VPN > Advanced 582 SonicOS Enhanced 4.0 Administrator Guide – Dead Peer Detection Interval - Enter the number of seconds between “heartbeats.” The default value is 60 seconds. – Failure Trigger Level (missed heartbeats) - Enter the number of missed heartbeats.
VPN > Advanced 583 SonicOS Enhanced 4.0 Administrator Guide • IKEv2 Dynamic Client Proposal - SonicOS Enhanced 4.0 introduces IKEv2 Dynamic Client Support, which provides a way to configure the Inter net Key Exchange (IKE) attributes rather than using t he default settings.
VPN > Advanced 584 SonicOS Enhanced 4.0 Administrator Guide Online Certificate Status Protocol determines the current status of a digital certificate without using a CRL. OCSP enables the c lient or application to direct ly determine the status of an identified digital certificate.
VPN > Advanced 585 SonicOS Enhanced 4.0 Administrator Guide Using OCSP with VPN Policies The SonicWALL OCSP settings can be configured on a policy leve l or globally. To configure OCSP checking for individual VPN policies, use the Advanced tab of the VPN Policy configuration page.
VPN > Advanced 586 SonicOS Enhanced 4.0 Administrator Guide.
587 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 50 Chapter 50: Configuring DHCP Over VPN VPN > DHCP over VPN The VPN > DHCP over VPN page allows you to configure a SonicWALL security appliance to obtain an IP address lease from a DHCP ser ver at the other end of a VPN tunnel.
VPN > DHCP over VPN 588 SonicOS Enhanced 4.0 Administrator Guide Configuring the Central Gateway for DHCP Over VPN To configure DHCP over VPN for the Central Gateway , use the following steps: 1. Select VPN > DHCP over VPN . 2. Select Central Gateway from the DHCP Relay Mode menu.
VPN > DHCP over VPN 589 SonicOS Enhanced 4.0 Administrator Guide 2. Click Configure . The DHCP over VPN Configuration window is displayed. 3. In the General tab, the VPN policy name is automatic al.
VPN > DHCP over VPN 590 SonicOS Enhanced 4.0 Administrator Guide Devices 9. To configure devices on your LAN, click the Devices tab. 10. To configure Static Devices on the LAN , cl ick Add to displ.
VPN > DHCP over VPN 591 SonicOS Enhanced 4.0 Administrator Guide Note You must configure the local DHCP server on th e remote SonicWALL security appliance to assign IP leases to these computers.
VPN > DHCP over VPN 592 SonicOS Enhanced 4.0 Administrator Guide.
593 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 51 Chapter 51: Configuring L2TP Server VPN > L2TP Server The SonicWALL security appliance can terminat e L2TP-over-IPsec connections from incoming Microsoft Windows 2000 and Windows XP clients.
VPN > L2TP Server 594 SonicOS Enhanced 4.0 Administrator Guide Configuring the L2TP Server The VPN > L2TP Server page provides the settings for conf iguring the SonicWALL security appliance as a LT2P Server. To configure the L2TP Server, follow these steps: 1.
VPN > L2TP Server 595 SonicOS Enhanced 4.0 Administrator Guide 6. If the L2TP Server provides IP addresses, select Use the Local L2TP IP pool. Enter the range of private IP addresses in the St art IP and End IP fields. The private IP addresses should be a range of IP addresses on the LAN.
VPN > L2TP Server 596 SonicOS Enhanced 4.0 Administrator Guide.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 597 PART 10 User Management.
598 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
599 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 52 Chapter 52: Managing Users and Authentication Settings User Management This chapter describes the user management capabilities of your SonicWALL security appliance for locally and remotely authenticated us ers.
User Management 600 SonicOS Enhanced 4.0 Administrator Guide encrypted connection. The SonicWALL authenticates all users as soon a s they attempt to access network resources in a different zone (s uch as WAN, VPN, WLAN , etc), which causes the network traffic to pass thr ough the SonicWALL.
User Management 601 SonicOS Enhanced 4.0 Administrator Guide Figure 52:2 Local Gr oups Authentication Flow Diagram To apply Content Filtering Service (CFS) policies to users, the users must be members of local groups and the CFS policies are then applied to t he groups.
User Management 602 SonicOS Enhanced 4.0 Administrator Guide Using RADIUS for Authentication Remote Authentication Dial In User Service (RADIUS) is a protocol used by SonicWALL security appliances to authentic ate users who are attempting to access the network.
User Management 603 SonicOS Enhanced 4.0 Administrator Guide Figure 52:4 LDAP User Gr ou p Auth entication Flow Diagram In addition to RADIUS and the local user database, SonicOS Enhanced supports LDAP, Microsoft Active Directory (AD), and Novell eDirectory di rectory services for user authentication.
User Management 604 SonicOS Enhanced 4.0 Administrator Guide LDAP Terms The following terms are useful when working with LDAP and its variants: • Schema – The schema is the set of rules or the st ructure that defines th e types of data that can be stored in a directory, and how that data can be stored.
User Management 605 SonicOS Enhanced 4.0 Administrator Guide • Samba SMB : Development information is avail able at http://us5.samba.org/samba/ • Novell eDirectory : LDAP integration info rmation is available at http:/ /www.novell.com/ documentation/edir873/index.
User Management 606 SonicOS Enhanced 4.0 Administrator Guide Users that are identified but lack the group mem berships required by the configured policy rules are redirected to the Access Barred page.
User Management 607 SonicOS Enhanced 4.0 Administrator Guide • Net API or WMI How Does Single Sign-On Work? SonicWALL SSO requires minimal administrator configuration and is a transparent to the user. There are six steps involved in SonicWA LL SSO authentication, as illustrated in Figure 52:5 .
User Management 608 SonicOS Enhanced 4.0 Administrator Guide User names are returned from the authorization agent ru nning the SSO Agent in the format <domain>/<user-name>.
User Management 609 SonicOS Enhanced 4.0 Administrator Guide Figure 52:6 SonicWALL SSO Agent Process The SonicWALL security appliance queries the SonicWALL SSO Agent over the default port 2258. The SSO Agent then communicates between the client and the SonicWALL security appliance to determine the cl ient’s user ID.
User Management 610 SonicOS Enhanced 4.0 Administrator Guide • User login denied - SSO Agent agent name reso lution failed: The SonicWALL SSO Agent is unable to resolve the user name. • SSO Agent returned user name too long : The user name is too long.
User Management 611 SonicOS Enhanced 4.0 Administrator Guide • “User Groups” section on page 612 • “Priority for Preempting Administrators” section on page 612 • “GMS and Multiple Admi.
User Management 612 SonicOS Enhanced 4.0 Administrator Guide User Groups The Multiple Administrators Support feat ure introduces two new default user groups: • Sonic WALL Admini strators - Members of this gr oup have full administrator access to edit the configuration.
User Management 613 SonicOS Enhanced 4.0 Administrator Guide GMS and Multiple Administrator Support When using SonicWALL GMS to manage a Soni cWALL security appliance, GMS frequently logs in to the appliance (for such activiti es as ensuring that GMS management IPSec tunnels have been created correctly).
User Management 614 SonicOS Enhanced 4.0 Administrator Guide Configuring Settings on Users > Settings On this page, you can configure the authentic ation method required, global user settings, and an acceptable user policy that is display ed to users when logging onto your network.
User Management 615 SonicOS Enhanced 4.0 Administrator Guide User Login Settings In the Authentication method for login drop-down list, select the type of user account management your network uses: .
User Management 616 SonicOS Enhanced 4.0 Administrator Guide Select Enf orce login uniqueness to prevent the same user name from being used to log into the network from more than one location at a ti me. This setting applies to both local users and RADIUS/LDAP users.
User Management 617 SonicOS Enhanced 4.0 Administrator Guide • Enable disconnected user detection : Causes the SonicWALL to detect when a user’s connection is no longer valid and end the session.
User Management 618 SonicOS Enhanced 4.0 Administrator Guide Acceptable use policy page content - Enter your Accep table Use Policy text in the text box. You can include HTML formatting. The page that is displayed to the use r includes an I Ac cept button or Cancel button for user confirmation.
User Management 619 SonicOS Enhanced 4.0 Administrator Guide See the following sections for configuration instructi ons: • “Viewing, Editing and Deleting Local Users” on p age 619 • “Adding .
User Management 620 SonicOS Enhanced 4.0 Administrator Guide Adding Local Users You can add local users to the internal databas e on the SonicWALL securi ty appliance from the Users > Local Users page. To add local users to th e database: Step 1 Click Add User .
User Management 621 SonicOS Enhanced 4.0 Administrator Guide Step 9 Click OK to complete the user configuration. Editing Local Users You can edit local users from the Users > Local Users screen. To edit a local user: Step 1 In the list of users, click the edit icon in same line as the user you want to edit.
User Management 622 SonicOS Enhanced 4.0 Administrator Guide A default group, Everyone , is listed in the first row of the table. Click the Note pad icon in the Configure column to review or change the settings for Everyone .
User Management 623 SonicOS Enhanced 4.0 Administrator Guide Creating a Local Group Step 1 Click the Add Group button to display the Add Group window. Step 2 On the Settings tab, type a user name into the Name field.
User Management 624 SonicOS Enhanced 4.0 Administrator Guide Note You can create custom Content F iltering Service policies in the Security Services > Content Filter page. See “Security Services > Cont ent Filter” section on page 69 5 . Step 6 Click OK .
User Management 625 SonicOS Enhanced 4.0 Administrator Guide Configuring RADIUS Authentication If you selected RADIUS or RADIUS + Local Users fro m the Authentication method for login drop-down list, the Configure button becomes available. Step 1 Click Configure to set up your RADIUS server settings on the SonicWAL L.
User Management 626 SonicOS Enhanced 4.0 Administrator Guide RADIUS Servers In the RADIUS Servers section, you can designate the pr imary and optionally, the second ary RADIUS server. An optional se condary RADIUS server can be defined if a backup RADIUS server exists on the network.
User Management 627 SonicOS Enhanced 4.0 Administrator Guide RADIUS Users Settings To configure the RADI US user settings: Step 10 On the RADIUS Users tab, select Allow only users listed locally if only the users listed in the SonicWALL database are aut henticated using RADIUS.
User Management 628 SonicOS Enhanced 4.0 Administrator Guide Creating a New User Group for RADIUS Users In the RADIUS User Settings screen, you can create a new grou p by choosing Create a new user group... from the Default user group to which all RADIUS users belong drop-down list: Step 1 Select Create a new user group.
User Management 629 SonicOS Enhanced 4.0 Administrator Guide Note You can add any group as a member of another group except Everybody and All RADI US Users . Be aware of the membership of the grou ps you add as members of another group. Step 4 In the VPN Access tab, select the network resources to which this group will have VPN Access by default.
User Management 630 SonicOS Enhanced 4.0 Administrator Guide When Use LDAP to retrieve user group information is selected, after authenticating a user via RADIUS, his/her user group membership information will be looked up via LDAP in the directory on the LDAP/AD server.
User Management 631 SonicOS Enhanced 4.0 Administrator Guide • MSCHAPv2 : Select this to use the Microsof t version 2 implementation of CHAP. MSCHAPv2 works for Windows 2000 and later versions of Windows. Step 9 Click the Test button. If the validat ion is successful, the Status messages ch anges to Success .
User Management 632 SonicOS Enhanced 4.0 Administrator Guide http://support.microsoft.com/kb/931125 . Step 6 Launch the Domain Security Policy application: Navigate to Start > Run and run the command: dompol.msc . Step 7 Open Security Settings > Public Key Policies .
User Management 633 SonicOS Enhanced 4.0 Administrator Guide Configuring the SonicWALL Appliance for LDAP The Users > Settings page in the administrative interface provides the settings for managing your LDAP integration: Step 1 In the SonicOS administra tive interface, open the Users > Settings page.
User Management 634 SonicOS Enhanced 4.0 Administrator Guide • Port Number – The default LDAP over TLS port number is TCP 636. The default LDAP (unencrypted) port number is TCP 389. If you are using a custom listening port on your LDAP server, specify it here.
User Management 635 SonicOS Enhanced 4.0 Administrator Guide and location in the directory) as the login to the primary server. This may entail creating a special user in the dir ectory for the SonicWA LL login. Note that onl y r ead access to the directory is required.
User Management 636 SonicOS Enhanced 4.0 Administrator Guide • User group membership attribute – Select the attribute that contains information about the groups to which the us er object belongs.
User Management 637 SonicOS Enhanced 4.0 Administrator Guide Note AD has some built-in contai ners that do not conform (e.g. the DN for the top level Users container is formatted as “cn=Users,dc=…”, using ‘cn’ rather than ‘ou’) but the SonicWALL knows about and deals with these, so they can be entered in the simpler URL format.
User Management 638 SonicOS Enhanced 4.0 Administrator Guide If using multiple LDAP/AD servers with referrals, this process can be repeated for each, replacing the Domain to search value accordingly and selecting Append to existing trees on each subsequent run.
User Management 639 SonicOS Enhanced 4.0 Administrator Guide • Import user groups – You can click this button to configure user groups on the SonicWALL by retrieving the user group names from your LDAP server. The Import user groups button launches a dialog box containing the list of user group names available for import to the SonicWALL.
User Management 640 SonicOS Enhanced 4.0 Administrator Guide The SonicWALL appliance can retrieve group member ships efficiently in the case of Active Directory by taking advantage of its unique trai t of returning a ‘memberOf’ attribute for a user.
User Management 641 SonicOS Enhanced 4.0 Administrator Guide Note The ‘Bypass filters’ and ‘Limited management ca pabilities’ privileges are returned based o n membership to user groups named ‘Content Filt ering Bypass’ and ‘Lim ited Administrators’ – these are not configurable.
User Management 642 SonicOS Enhanced 4.0 Administrator Guide – “Configuring User Settings” section on page 669.
User Management 643 SonicOS Enhanced 4.0 Administrator Guide Installing the SonicWALL SSO Agent The SonicWALL SSO Agent is part of the S onicWALL Directory Connec tor. The SonicWALL SSO Agent must be installed on a workstation or server in the Windows domain that is accessible using VPN or IP.
User Management 644 SonicOS Enhanced 4.0 Administrator Guide Step 4 On the Customer Information page, enter your name in the User Name field and your organization name in the Organization field. Select to inst all the application for Anyone who uses this computer (all users) or Onl y for me .
User Management 645 SonicOS Enhanced 4.0 Administrator Guide SonicWALL SSO Agent feature. Click Next . Step 7 Click Install to install SSO Agent. Step 8 To configure a common service ac count that the.
User Management 646 SonicOS Enhanced 4.0 Administrator Guide Note This section can be configured at a later time . To skip this step and configure it later, click Skip . Step 9 Enter the IP address of your SonicWALL secu rity appliance running SonicOS Enhanced 4.
User Management 647 SonicOS Enhanced 4.0 Administrator Guide The SonicWALL SSO Agent installs. The status bar displays. Step 10 When installation is comple te, optionally check the Launch SonicWALL Directory Connector box to launch the SonicWALL Directory Connector, and click Finish .
User Management 648 SonicOS Enhanced 4.0 Administrator Guide If you checked the Launch SonicWALL Directory Connector box, the SonicW ALL Directory Connector will display.
User Management 649 SonicOS Enhanced 4.0 Administrator Guide To configure the communication properties of the SonicWALL SSO Agent, perform the following tasks: Step 1 Launch the SonicWALL Configuratio.
User Management 650 SonicOS Enhanced 4.0 Administrator Guide If the message SonicWALL SSO Agent service is not running. Please check t he configuration and start the service displays, the SSO Agent se rvice will be disabled by default.
User Management 651 SonicOS Enhanced 4.0 Administrator Guide Note When Logging Level 2 is selected, the SSO Ag ent service will terminate if the Windows event log reaches its maximum capacity. Step 4 In the Refresh Time field, enter the frequency, in seconds, that the SSO Agent will refresh user log in status.
User Management 652 SonicOS Enhanced 4.0 Administrator Guide Note NetAPI will provide faster, though possibly sl ightly less accurate, performance. WMI will provide slower, though possibly more accurate, performance. WMI is pre-installed on Windows Server 2003, Windows XP, Windows Me, and Windows 2000.
User Management 653 SonicOS Enhanced 4.0 Administrator Guide Adding a SonicWALL Security Appliance Use these instructions to manually add a Soni cWALL security applianc e if you did not add one during installation, or to add additi onal SonicWALL security appliances.
User Management 654 SonicOS Enhanced 4.0 Administrator Guide Your appliance will display in the left-hand navigation panel under the SonicWALL Appliances tree.
User Management 655 SonicOS Enhanced 4.0 Administrator Guide Modifying Services in SonicWALL SSO Agent You can start, stop, and pause SonicWALL SSO Agent services to SonicWAL L security appliances. To pause services for an appliance, select the appliance from the left-hand navigation panel and click the pause button .
User Management 656 SonicOS Enhanced 4.0 Administrator Guide Step 4 Click Configure .The Authentication Agent Settings page displays. Step 5 In the Name or IP Address field, enter the name or IP Addr ess of the workstation on which SonicWALL SSO Agent is installed.
User Management 657 SonicOS Enhanced 4.0 Administrator Guide Step 11 Check the box next to Allow only users listed locally to allow only users listed locally to be authenticated. Step 12 Check the box next to Simple user names in local database to use simple user names.
User Management 658 SonicOS Enhanced 4.0 Administrator Guide Note The Content Filter tab is only displayed if Premium CFS is enabled on the SonicWALL security appliance.
User Management 659 SonicOS Enhanced 4.0 Administrator Guide This setting should be used where traffic that w ould be subject to content filtering can emanate from a device other than a user's workstation (suc h as an internal proxy w eb server).
User Management 660 SonicOS Enhanced 4.0 Administrator Guide Step 22 Select the Check user radio button, enter the IP addre ss of a workstation in the Workstation IP address field, then click Test . This will test if the agent is pr operty configured to identify the user logged into a workstation.
User Management 661 SonicOS Enhanced 4.0 Administrator Guide Advanced LDAP Configuration If you selected Use LDAP to retrieve user group information in step 14 of “Configuring Your SonicWALL Security Appliance” section on page 655 , you must configure your LDAP settings.
User Management 662 SonicOS Enhanced 4.0 Administrator Guide Note Use the user’s name in the Login user name field, not a username or login ID. For example, John Doe would login as John Doe, not jdoe. Step 6 Select the LDAP version from the Protocol version drop-down menu, either LDAP version 2 I (LDAPv2) or LDAP version 3 (LDAPv3).
User Management 663 SonicOS Enhanced 4.0 Administrator Guide Note Only check the Send LDAP ‘Start TLS’ request box if your LDAP server uses the same port number for TLS and non-TLS. Step 9 Check the Require valid certificate from server to require a valid certificate from the server.
User Management 664 SonicOS Enhanced 4.0 Administrator Guide Step 14 The Object class field defines which attribute represents the individual user account to which the next two fields apply. This will not be modifiable unless you select User defined. Step 15 The Login n ame attribute field defines which attribute is us ed for login authentication.
User Management 665 SonicOS Enhanced 4.0 Administrator Guide Step 23 In the User tree for login to serve r field, specify the tree in wh ich the user specified in the ‘Settings’ tab resides. For example, in AD the ‘administrator’ acc ount’s default tree is the same as the user tree.
User Management 666 SonicOS Enhanced 4.0 Administrator Guide If using multiple LDAP/AD servers with referrals, this process can be repeated for each, replacing the ‘Domain to search’ accordingl y and selecting ‘Append to existing trees’ on each subsequent run.
User Management 667 SonicOS Enhanced 4.0 Administrator Guide The SonicWALL security appliance can retrieve group memberships more efficiently in the case of Active Directory by taking advantage of its unique trait of returning a ‘memberOf’ attribute for a user.
User Management 668 SonicOS Enhanced 4.0 Administrator Guide – VPN Zone Step 35 In the RADIUS shared secret field, enter a shared secret common to all remote SonicWALL security appliances.
User Management 669 SonicOS Enhanced 4.0 Administrator Guide Configuring Firewall Access Rules Firewall access rules provide the administrator with the ability to control user access. Rules set under Firewall > Access Rules are checked against the user gr oup memberships returned from a SSO LDAP query, and are applied automatically.
User Management 670 SonicOS Enhanced 4.0 Administrator Guide The Enable login session limit and corr esponding Login session limit (minutes) s ettings under User Session Settings appl y to users logged in using SS O.
User Management 671 SonicOS Enhanced 4.0 Administrator Guide Configuring Additional Admi nistrator User Profiles To configure additional admin istrator user pr ofiles, perform the following steps: Step 1 While logged in as admin , navigate to the Users > Local Users page.
User Management 672 SonicOS Enhanced 4.0 Administrator Guide When using RADIUS or LDAP aut hentication, if you want to keep the configuration of administrative users local to the appliance whilst having those users authenticated by RADIUS/ LDAP, perform these steps: Step 1 Navigate to the Users > Settings page.
User Management 673 SonicOS Enhanced 4.0 Administrator Guide Activating Configuration Mode When logging in as a user with full administrator rights (that is not the admin user), the User Login Status window is displayed. To go to the SonicWALL us er interface, click the Manage button.
User Management 674 SonicOS Enhanced 4.0 Administrator Guide To switch from non-config mode to full conf iguration mode, perform the following steps: Step 1 Navigate to the System > Administration page. Step 2 In the Web Management Settings section, click on the Configuration mode button.
User Management 675 SonicOS Enhanced 4.0 Administrator Guide Verifying Multiple Administra tors Support Configuration User accounts with administrator and re ad-only administrators can be viewed on the Users > Local Groups page.
User Management 676 SonicOS Enhanced 4.0 Administrator Guide When the administrator is in read-only mode, the top right corner of the interface displays Read-Only Mode . The status bar displays Read-only mode - no changes can be made . When the administrator is in non-config mode, the top r ight of the interface displays Non- Config Mode .
677 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 53 Chapter 53: Managing Guest Services and Guest Accounts Users > Guest Services Guest accounts are temporary accounts set up fo r users to log into your network. You can create these accounts manually, as needed or g enerate them in batches.
Users > Guest Services 678 SonicOS Enhanced 4.0 Administrator Guide Global Guest Settings Check Show guest login status window wit h logout button to display a user login window on the users’s workstation whenever the user is logged in. Users must keep this window open during their login session.
Users > Guest Accounts 679 SonicOS Enhanced 4.0 Administrator Guide – Auto-Prune Account : Check this to have the account removed from the database after its lifetime expires. – Enforce login uniqueness : Check this to allow only a si ngle instance of an account to be used at any one time.
Users > Guest Accounts 680 SonicOS Enhanced 4.0 Administrator Guide Viewing Guest Account Statistics To view statistics on a guest account, hover your mouse over the Statistics icon in the line of the guest account. The stat istics window will display the cu mulative total bytes and packets sent and received for all completed sessions.
Users > Guest Accounts 681 SonicOS Enhanced 4.0 Administrator Guide – Enable Guest Services Privilege : Check this for the account to be enabled upon creation. – Enforce login uniqueness : Check this to allow only one in stance of this account to log into the security appliance at one time.
Users > Guest Accounts 682 SonicOS Enhanced 4.0 Administrator Guide – Comment : Enter a descriptive comment. Step 3 In the Guest Services tab, configure: – Enable Guest Services Privilege : Check this for the accounts to be enabled upon creation.
Users > Guest Status 683 SonicOS Enhanced 4.0 Administrator Guide Printing Account Details. You can print a summary of a guest account. Click the print icon to launch a summary account report page and send that page to an active printer.
Users > Guest Status 684 SonicOS Enhanced 4.0 Administrator Guide • Session Expiration : The time when the current session expires. • Statistics: hover your mouse over the Statistics icon to view statistics for total received and sent bytes and packets for this guest user’s current session.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 685 PART 11 Security Services.
686 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
687 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 54 Chapter 54: Managing SonicWALL Security Services SonicWALL Security Services SonicWALL, Inc. offers a vari ety of subscription-based security services to provide layered security for your network.
SonicWALL Security Services 688 SonicOS Enhanced 4.0 Administrator Guide Note For more information on SonicWALL security services, please visit http:/ / www.sonicwall.com . Note Complete product documentation for SonicWALL security services are available o n the SonicWALL documentation Web site http://www.
SonicWALL Security Services 689 SonicOS Enhanced 4.0 Administrator Guide If your SonicWALL security appliance is not registered, the Security Services > Summary page does not include the Services Summary table. Your SonicWALL security appliance must be registered to display the Services Summary table.
SonicWALL Security Services 690 SonicOS Enhanced 4.0 Administrator Guide Managing Security Services Online Clicking the Manage Licenses button displays the mySonicWALL.com Login page for accessing your MySonicWALL.com account licensing information. Enter your mySonicWALL.
SonicWALL Security Services 691 SonicOS Enhanced 4.0 Administrator Guide Security Services Information This section includes a brief overview of serv ices available for your SonicWALL security appliance.
SonicWALL Security Services 692 SonicOS Enhanced 4.0 Administrator Guide To manually update signature files, complete the following steps: Step 1 On the Security Services > Summary page, scroll to the Up date Signatures Manually heading at the bottom of the page.
SonicWALL Security Services 693 SonicOS Enhanced 4.0 Administrator Guide Note The signature file can only be used on SonicWA LL security appliances that are registered to the mysonicwall.com account that downloaded th e signature file. Step 3 Click on Download Signatures under the Downloads heading.
SonicWALL Security Services 694 SonicOS Enhanced 4.0 Administrator Guide.
695 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 55 Chapter 55: Configuring SonicWALL Content Filtering Service Security Services > Content Filter The Security Services > Content Filter page allows you to configur e the SonicWALL Restrict Web Features and Trusted Domains settings, which are included with SonicOS Enhanced.
Security Services > Content Filter 696 SonicOS Enhanced 4.0 Administrator Guide SonicWALL Content Filtering Service SonicWALL Content Filt ering Service (CFS) enforces protec tion and productivity policies for businesses, schools and libraries to reduce legal and privacy ri sks while minimizing administration overhead.
Security Services > Content Filter 697 SonicOS Enhanced 4.0 Administrator Guide You can also access the SonicWALL CFS URL Rating Review Request form by clicking on the here link in If you believe that a Web site is rated incorrectly or you wish to sub mit a new URL, click here .
Security Services > Content Filter 698 SonicOS Enhanced 4.0 Administrator Guide • Sonic WALL CFS - Selecting SonicWALL CFS as the Content Filter Type allow s you to use the SonicWALL Content Filtering Servic e that is available as an upgrade. You can obtain more information about SonicW ALL Content Filtering Service at http://www.
Security Services > Content Filter 699 SonicOS Enhanced 4.0 Administrator Guide Trusted Domains Trusted Domains can be added to enable content from specific domains to be exempt from Restrict Web Features .
Security Services > Content Filter 700 SonicOS Enhanced 4.0 Administrator Guide Message to Display when Blocking You can enter your customized text to display to the user when access to a blocked site is attempted. The default message is This site is bloc ked by the SonicWALL Content Filter Service .
Security Services > Content Filter 701 SonicOS Enhanced 4.0 Administrator Guide Warning Do not include the prefix “http://” in either the Allowed Domains or Forbidden Domains the fields. All subdomain s are a ffected. For example, entering “yahoo.
Security Services > Content Filter 702 SonicOS Enhanced 4.0 Administrator Guide the page defined in the Consent page URL field. Enter the time limit, in minutes, in the Maximum Web usage field. When the default value of zero (0) is entered , this feature is disabled.
Security Services > Content Filter 703 SonicOS Enhanced 4.0 Administrator Guide Configuring N2H2 Internet Filtering N2H2 is a third party Internet filtering package t hat allows you to use In ternet content filtering through the SonicWALL. Step 1 Select N2H2 from the Content Filter Type list.
Security Services > Content Filter 704 SonicOS Enhanced 4.0 Administrator Guide URL Cache • Cache Size (KB) - Configure the size of the URL Cache in KB for the SonicWALL. Tip Tip! A larger URL Cache size can provide not iceable improvements in Internet browsing response times.
Security Services > Content Filter 705 SonicOS Enhanced 4.0 Administrator Guide Message to Display when Blocking You can enter your customized text in the Message to Display when Blocking text box that displays to the user when access to a block ed site is attempted.
Security Services > Content Filter 706 SonicOS Enhanced 4.0 Administrator Guide – Block traffic to all Web sites - Selecting this option blocks traffic to all Web sites except Allowed Domains until t he N2H2 server is available.
Security Services > Content Filter 707 SonicOS Enhanced 4.0 Administrator Guide Trusted Domains Trusted Domains can be added in the Restrict Web Features section. If you trust co ntent on specific domains, you can select Don’t block Java/ActiveX/Cookies to Trusted Domains and then add the Trusted Domains to the SonicWALL by clicking on Add .
Security Services > Content Filter 708 SonicOS Enhanced 4.0 Administrator Guide.
709 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 56 Chapter 56: Activating SonicWALL Client Anti-Virus Security Services > Anti-Virus By their nature, anti-virus products typically require regular, active maintenance on every PC.
Security Services > Anti-Virus 710 SonicOS Enhanced 4.0 Administrator Guide Activating SonicWALL Client Anti-Virus If Sonic WALL Client Anti-Virus is not activa ted, you must activate it. If you do not have an Activation Ke y, you must purchase SonicWAL L Client Anti-Virus from a SonicWALL reseller or from your mySonicWALL.
Security Services > Anti-Virus 711 SonicOS Enhanced 4.0 Administrator Guide Note You must have a mySonicWALL.com account and your SonicWALL must be registered to activate SonicWALL Client Anti-Virus. Step 1 Click the SonicWALL Client Anti-Virus Subscription link on the Security Services > Anti- Virus page.
Security Services > Anti-Virus 712 SonicOS Enhanced 4.0 Administrator Guide Activating a SonicWALL Client Anti-Virus FREE TRIAL You can try a FREE TRIAL of SonicWALL Cli ent Anti-Virus by fo llowing these steps: Step 1 Click the FREE TRIAL link. The mySonicWALL.
Security Services > Anti-Virus 713 SonicOS Enhanced 4.0 Administrator Guide – Low Risk - A virus that is not reported in the field and is considered unlikely to be found in the field in the future has a low risk. Ev en if such a virus includes a very serious or unforeseeable damage payload, it s risk is still low.
Security Services > E-mail Filter 714 SonicOS Enhanced 4.0 Administrator Guide Security Services > E-mail Filter The E-Mail Filter allows the admin istrator to sele ctively delete or disable inbound e-mail attachments as they pass thr ough the SonicWALL security appli ance.
715 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 57 Chapter 57: Managing SonicWALL Gateway Anti- Virus Service Security Services > Gateway Anti-Virus SonicWALL GAV delivers real-time virus prot ection directly on the SonicWALL security appliance by using SonicWALL’s IP S-Deep Packet Inspection v2.
Security Services > Gateway Anti-Virus 716 SonicOS Enhanced 4.0 Administrator Guide SonicWALL GAV delivers threat protection directly on the SonicWALL security appliance by matching downloaded or e-mailed files against an extensive and dynamically u pdated database of threat virus signatures.
Security Services > Gateway Anti-Virus 717 SonicOS Enhanced 4.0 Administrator Guide Remote Site Protection Step 1 Users send typical e-mail and files between remote sites and the corporate office. Step 2 SonicWALL GAV scans and analyses files and e- mail messages on the SonicWALL security appliance.
Security Services > Gateway Anti-Virus 718 SonicOS Enhanced 4.0 Administrator Guide HTTP File Downloads Step 1 Client makes a request to download a file from the Web. Step 2 File is downloaded through the Internet. Step 3 File is analyzed the S onicWALL GAV engine for malicious code and viruses.
Security Services > Gateway Anti-Virus 719 SonicOS Enhanced 4.0 Administrator Guide single-pass, per-packet basis. Reassembly free virus scanning functionality of the SonicWALL GAV engine is inherited from the Deep Packet Inspection engine, which is capable of scanning streams without ever buffering any of the bytes within the stream.
Security Services > Gateway Anti-Virus 720 SonicOS Enhanced 4.0 Administrator Guide Note If you already have a mysonicWALL.com account, go to “Registering You r SonicWALL Security Appliance” on page 721 . Step 1 Log into the SonicWALL security appliance management inter face.
Security Services > Gateway Anti-Virus 721 SonicOS Enhanced 4.0 Administrator Guide Registering Your SonicWALL Security Appliance Step 1 Log into the SonicWALL security appliance management interface.
Security Services > Gateway Anti-Virus 722 SonicOS Enhanced 4.0 Administrator Guide If you have an Activation Key for SonicWALL Ga teway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service, .
Security Services > Gateway Anti-Virus 723 SonicOS Enhanced 4.0 Administrator Guide Activating FREE TRIALs You can try FREE TRIAL versions of SonicWALL Gateway Anti-Virus, SonicWALL Anti- Spyware, and SonicWALL Intrusion Prevention Service.
Security Services > Gateway Anti-Virus 724 SonicOS Enhanced 4.0 Administrator Guide The Security Services > Gateway Anti-Virus page provides the sett ings for configuring SonicWALL GAV on your SonicWALL security appliance.
Security Services > Gateway Anti-Virus 725 SonicOS Enhanced 4.0 Administrator Guide Applying SonicWALL GAV Protection on Zones You can enforce SonicWALL GAV not only bet ween each network zone and the WAN, but also between internal zones.
Security Services > Gateway Anti-Virus 726 SonicOS Enhanced 4.0 Administrator Guide Note You also enable SonicWALL GAV protecti on for new zones you create on the Network > Zones page. Clicking the Add button displays the Add Zone window, which includes the same settings as the Edit Zone window.
Security Services > Gateway Anti-Virus 727 SonicOS Enhanced 4.0 Administrator Guide Updating SonicWALL GAV Signatures By default, the SonicWALL security appliance running SonicWALL GAV aut omatically checks the SonicWALL signature serv ers once an hour.
Security Services > Gateway Anti-Virus 728 SonicOS Enhanced 4.0 Administrator Guide The Enable Inbound Inspection protocol traffic handling represented as a table: Enabling Outbound SMTP Inspection The Enable Outbound Inspection feature is available for SMTP traffic, such as for a mail server that might be hosted on the DMZ.
Security Services > Gateway Anti-Virus 729 SonicOS Enhanced 4.0 Administrator Guide • Restrict Transfer of password-protected Zip files - Disables the tra nsfer of password protected ZIP files over any enabled protocol. This option only functions on protoco ls (e.
Security Services > Gateway Anti-Virus 730 SonicOS Enhanced 4.0 Administrator Guide If you want to suppress the sending of e-ma il messages (SMTP) to cl ients from SonicWALL GAV when a virus is detected in an e-mail or attachment, check the Disable SMTP Responses box.
Security Services > Gateway Anti-Virus 731 SonicOS Enhanced 4.0 Administrator Guide Optionally, you can configure the timeout for the HTTP Clientless Notification on the Security Services > Summary page under the Security Services Summary heading.
Security Services > Gateway Anti-Virus 732 SonicOS Enhanced 4.0 Administrator Guide Viewing SonicWALL GAV Signatures The Gateway Anti-Virus Signatures section allows you to view the contents of the SonicWALL GAV signature database.
Security Services > Gateway Anti-Virus 733 SonicOS Enhanced 4.0 Administrator Guide Searching the Gateway Anti -Virus Signature Database You can search the signature database by entering a search string in the Lookup Signatures Containing String field, then clicking t he edit (Notepad) icon.
Security Services > Gateway Anti-Virus 734 SonicOS Enhanced 4.0 Administrator Guide.
735 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 58 Chapter 58: Activating Intrusion Prevention Service Security Services > Intrusion Prevention Service SonicWALL Intrusion Preventi on Service .
Security Services > Intrusion Prevention Service 736 SonicOS Enhanced 4.0 Administrator Guide How SonicWALL’s Deep Packet Inspection Works Deep Packet Inspection technology enables the firewall t.
Security Services > Intr usion Prevention Service 737 SonicOS Enhanced 4.0 Administrator Guide • Deep Packet Inspection - looking at the data portion of t he packet. Enables the firewall to investigate farther into the protocol to examine information at the application layer and defend against attacks targeting application vulnerabilities.
Security Services > Intrusion Prevention Service 738 SonicOS Enhanced 4.0 Administrator Guide Tip If your SonicWALL security appliance is connected to the Internet and registered at mySonicWALL.
Security Services > Intr usion Prevention Service 739 SonicOS Enhanced 4.0 Administrator Guide Note Remember your username and password to access your mySoni cWALL.com account. Step 6 Click Submit after completing the MySonicWALL Account form. Step 7 When the mySonicWALL.
Security Services > Intrusion Prevention Service 740 SonicOS Enhanced 4.0 Administrator Guide Note Clicking on the Continue button does not activate the FR EE TRIAL versions of these SonicWALL Security Services.
Security Services > Intr usion Prevention Service 741 SonicOS Enhanced 4.0 Administrator Guide If you have an Activation Key for SonicWALL Ga teway Anti-Virus, Anti-Spyware, and Intrusion Preventio.
Security Services > Intrusion Prevention Service 742 SonicOS Enhanced 4.0 Administrator Guide Setting Up SonicWALL Intrusion Prevention Service Protection Activating the SonicWALL Intrusion Prevention Service license on yo ur SonicWALL security appliance does not automatically enable the pr ot ection.
Security Services > Intr usion Prevention Service 743 SonicOS Enhanced 4.0 Administrator Guide information on configuring global signature groups, refer to “Configuring Global Signature Groups” in the SonicWALL Intrusion Prevention Service Administrator’s Guide available on the SonicWALL Resource CD or at <www.
Security Services > Intrusion Prevention Service 744 SonicOS Enhanced 4.0 Administrator Guide.
745 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 59 Chapter 59: Activating Anti-Spyware Service Security Services > Anti-Spyware Service SonicWALL Anti-Spyware is part of the SonicWALL Gateway .
Security Services > Anti-Spyware Service 746 SonicOS Enhanced 4.0 Administrator Guide Note Refer to the SonicWALL Anti-Spyware Ad ministrator’s Guide on the So nicWALL Web site: http://www.sonicwall.com/us/ Support.html for co mplete product d ocumentation.
Security Servi ces > Anti-Spyware Service 747 SonicOS Enhanced 4.0 Administrator Guide Creating a mySonicWALL.com Account Creating a mySonicWALL.com account is fast, simple, and FREE. Simply complete an online registration form in the SonicWALL security appliance management interface.
Security Services > Anti-Spyware Service 748 SonicOS Enhanced 4.0 Administrator Guide Registering Your SonicWALL Security Appliance Step 1 Log into the SonicWALL security appliance management interface.
Security Servi ces > Anti-Spyware Service 749 SonicOS Enhanced 4.0 Administrator Guide To try a FREE TRIAL of SonicWALL Gateway Anti-Virus, SonicWALL Anti-Spyware, or SonicWALL Intrusion Prevention.
Security Services > Anti-Spyware Service 750 SonicOS Enhanced 4.0 Administrator Guide If you have an Activation Key for SonicWALL Ga teway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service.
Security Servi ces > Anti-Spyware Serv ice 751 SonicOS Enhanced 4.0 Administrator Guide Refer to the SonicWALL Anti-Spyware Administrator’s Guide on the SonicWALL Web site: http://www.sonicwall. com/us/Support.html for complete configuration instructions.
Security Services > Anti-Spyware Service 752 SonicOS Enhanced 4.0 Administrator Guide.
753 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 60 Chapter 60: Configuring SonicWALL Real-Time Blacklist SMTP Real-Time Black List Filtering SMTP Real-time Black List (RBL) is a mec hanism for publishing the IP addresses of SMTP servers from which or through which spammers operate.
Security Services > RBL Filter 754 SonicOS Enhanced 4.0 Administrator Guide Note Most spam today is known to be sent from hijacked or zombie machines running a thin SMTP server implementation, unbeknownst to the hosts operator.
Security Services > RBL Filter 755 SonicOS Enhanced 4.0 Administrator Guide To add an RBL services, click the Add button. In the Add RBL Domain window, you specify the RBL domain to be queried, enable it for use, and specify its expected response codes.
Security Services > RBL Filter 756 SonicOS Enhanced 4.0 Administrator Guide.
757 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 61 Chapter 61: Configuring SonicWALL Global Security Client Security Services > Global Security Client The SonicWALL Global Security Client comb.
Security Services > Global Security Client 758 SonicOS Enhanced 4.0 Administrator Guide gateway administrator automatically updates the Glo bal Security Client with the latest security policies and software updates. No prompting or in tervention is necessary by the administrator or the remote user - it’s co mpletely seamless and transparent.
Security Services > Global Security Client 759 SonicOS Enhanced 4.0 Administrator Guide • Policy Management - enables network administrator’s to create, distribute and manage global security policies for remote and mobile users from a central locatio n.
Security Services > Global Security Client 760 SonicOS Enhanced 4.0 Administrator Guide SonicWALL’s Distributed Enforc ement Architecture (DEA) technology enables the policy enforcement capabilities that pr ovide the framework for the Global Security Client’s complete security solution for all remote and network desktops.
Security Services > Global Security Client 761 SonicOS Enhanced 4.0 Administrator Guide Configuring Security Policies for Global Security Clients The Security Services > Global Security Client page provides the settings for configuring the security policies for Gl obal Security Clients.
Security Services > Global Security Client 762 SonicOS Enhanced 4.0 Administrator Guide.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 763 PART 12 Log.
764 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
765 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 62 Chapter 62: Managing Log Events Log > View The SonicWALL security appliance maintains an Event log for tracking potential security threats. This log can be viewed in the Log > View page, or it can be automatically sent to an e-mail address for convenience and archiving.
Log > View 766 SonicOS Enhanced 4.0 Administrator Guide Log View Table The log is displayed in a table and is sort able by column. The log table columns include: • Time - the date and time of the eve nt. • Priority - the level of priority as sociated with your log event.
Log > View 767 SonicOS Enhanced 4.0 Administrator Guide Clear Log To delete the contents of the log, click the Clear Log button near the top right corner of the page. Export Log To export the contents of the log to a defined destination, click the Export Log button below the filter table.
Log > View 768 SonicOS Enhanced 4.0 Administrator Guide Source interface AND Destination in terface Step 3 Check the Group box next to any two or more criteria to combine them with a logical OR .
769 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 63 Chapter 63: Configuring Log Categories Log > Categories This chapter provides confi guration tasks to enable you to ca tegorize and customize the logging functions on your SonicWALL security appliance for troubleshooting and diagnostics.
Log > Categories 770 SonicOS Enhanced 4.0 Administrator Guide Log Priority This section provides information on configuring the level of pr iority log messages are captured and corresponding alert messages are sent through e-mail for notification. Logging Level The Logging Level control filters events by priority.
Log > Categories 771 SonicOS Enhanced 4.0 Administrator Guide Log Categories SonicWALL security appliances provide automatic attack pr otection against well known exploits. The majority of these legacy attacks were identified by te lltale IP or TCP/UDP characteristics, and recognition was limited to a se t of fixed layer 3 and layer 4 values.
Log > Categories 772 SonicOS Enhanced 4.0 Administrator Guide Firewall Logging Extended Logs general events and errors Firewall Rule Extended Logs firewall rule modifications GMS Extended Logs GM S.
Log > Categories 773 SonicOS Enhanced 4.0 Administrator Guide Managing Log Categories The Log Categories table displays log category inform ation organized into the following columns: • Category - Displays log category name. • Description - Provides description of the log category activity type.
Log > Categories 774 SonicOS Enhanced 4.0 Administrator Guide.
775 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 64 Chapter 64: Configuring Syslog Settings Log > Syslog In addition to the standard event log, the So nicW ALL security appliance can send a detailed log to an external Syslog server.
Log > Syslog 776 SonicOS Enhanced 4.0 Administrator Guide Syslog Settings Syslog Facility • Syslog Facility - Allows you to select the faciliti es and severities of the messages based on the syslog protocol. Note See RCF 3164 - The BSD Syslog Protocol for more information.
Log > Syslog 777 SonicOS Enhanced 4.0 Administrator Guide Syslog Servers Adding a Syslog Server To add syslog servers to the SonicWALL security appliance Step 1 Click Add . The Add Syslog Server window is displayed. Step 2 Type the Syslog server name or IP address in the Name or IP Address field.
Log > Syslog 778 SonicOS Enhanced 4.0 Administrator Guide.
779 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 65 Chapter 65: Configuring Log Automation Log > Automation The Log > Automation page includes settings for configuring the SonicWALL to send log files using e-mail and configuring mail server settings.
Log > Automation 780 SonicOS Enhanced 4.0 Administrator Guide E-mail Log Automation • Send Log to E-mail address - Enter your e-mail address (username@mydomain.com) in this field to receive the event log via e-ma il. Once sent, the log is cleared from the SonicWALL memory.
781 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 66 Chapter 66: Configuring Name Resolution Log > Name Resolution The Log > Name Resolution page includes settings for confi guring the name servers used to resolve IP addresses and server names in the log r eports.
Log > Name Resolution 782 SonicOS Enhanced 4.0 Administrator Guide • None : The security appliance will not attempt to resolve IP addresses and Names in the log reports. • DNS : The security appliance will use the DNS server you specify to resolve addresses and names.
783 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 67 Chapter 67: Generating Log Reports Log > Reports The SonicWALL security appliance can perform a rolling analysis of the ev ent log to show the top 25 most frequently accessed Web sites, t he top 25 users of bandwidth by IP address, and the top 25 services consuming the most bandwid th.
Log > Reports 784 SonicOS Enhanced 4.0 Administrator Guide Data Collection The Reports window includes the following functions and commands: • Start Data Collection Click Start Data Collection to begin log analysis. When log analysis is enabled, the button label changes to Stop Data Collection .
Log > Reports 785 SonicOS Enhanced 4.0 Administrator Guide Bandwidth Usage by IP Address Selecting Bandwidth Usage by IP Address from the Report to view menu displays a table showing the IP Address of the 25 top users of Internet bandwidth and the number of megabytes transmitted during the current sample period.
Log > Reports 786 SonicOS Enhanced 4.0 Administrator Guide.
787 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 68 Chapter 68: Activating SonicWALL ViewPoint Log > ViewPoint SonicWALL ViewPoint is a Web-based graphica l reporting to ol that provides unprec.
Log > ViewPoint 788 SonicOS Enhanced 4.0 Administrator Guide Activating ViewPoint The Log > ViewPoint page allows you to activate the Vi ewPoint license directly from the SonicWALL Management Interf ace using two methods. If you received a license activation key, enter the activation key in the Enter upgrade key fie ld, and click Apply .
Log > ViewPoint 789 SonicOS Enhanced 4.0 Administrator Guide 3. Click Activate or Renew in the Manage Service column in the Manage Services Online table. Type in the Activation Key in the New License Key field and click Submit . 4. If you activated SonicWALL ViewPoint at mySonicWALL.
Log > ViewPoint 790 SonicOS Enhanced 4.0 Administrator Guide.
S ONIC WALL S ONIC OS E NHANCED 4.0 A DMINISTRATOR ’ S G UIDE 791 PART 13 Wizards.
792 S ONIC WALL S ONIC OS E NHANCED 4.0 A DMIN ISTRATOR ’ S G UIDE.
793 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 69 Chapter 69: Configuring Internet Connectivity Using the Setup Wizard Wizards > Setup Wizard The first time you log in to the SonicWALL, the Set up Wizard is launched automatically. To launch the Setup Wizard at any from the Management Interfac e, log into the SonicWALL.
Wizards > Setup Wizard 794 SonicOS Enhanced 4.0 Administrator Guide The Setup Wizard screens change depending on the choices you make. For example, if you choose Guest Internet Gateway, The Setup Wizard will display the screens for Modem, WAN, WLAN, and Wireless Guest Services setup.
Wizards > Setup W izard 795 SonicOS Enhanced 4.0 Administrator Guide Configuring a Static IP Address with NAT Enabled Using NAT to set up your SonicWALL eliminat es the need for public IP addresses for all computers on your LAN. It is a way to conserve IP addresses available from the pool of IPv4 addresses for the Internet.
Wizards > Setup Wizard 796 SonicOS Enhanced 4.0 Administrator Guide Note Your Web browser must be Java-enabled a nd support HTTP uploads in order to fully manage SonicWALL. Internet Explorer 5.0 and above as well as Netscape Navigator 4.0 and above meet these criteria.
Wizards > Setup W izard 797 SonicOS Enhanced 4.0 Administrator Guide Change Time Zone 3. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL internal clock is set automatically by a Networ k Time Server on the Internet. Click Next .
Wizards > Setup Wizard 798 SonicOS Enhanced 4.0 Administrator Guide WAN Network Mode: NAT Enabled 6. Enter the public IP address pr ovided by your ISP in the SonicWALL WAN IP Address , then fill in the rest of the fields: WAN/OPT/DMZ Subnet Mask , WAN Gateway (Router) Address , and DNS Server Addresses .
Wizards > Setup W izard 799 SonicOS Enhanced 4.0 Administrator Guide LAN DHCP Settings 8. The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL auto matically configures the IP settings of computers on the LAN.
Wizards > Setup Wizard 800 SonicOS Enhanced 4.0 Administrator Guide Setup Wizard Complete 10. The SonicWALL stores the network settings. 11. Click Close to return to the SonicWALL Management Interface.
Wizards > Setup W izard 801 SonicOS Enhanced 4.0 Administrator Guide Change Password 3. To set the password, enter a new password in the New Password and Confirm New Password fields. Click Next . Tip It is very important to choose a password which cannot be easily guessed by others.
Wizards > Setup Wizard 802 SonicOS Enhanced 4.0 Administrator Guide WAN Network Mode 5. Select DHCP , the Obtain an IP address automatically window is displayed. Click Next . WAN Network Mode: NAT with DHCP Client 6. The Obtain an IP address automatically window states that the ISP dynamically assigns an IP address to the SonicWA LL.
Wizards > Setup W izard 803 SonicOS Enhanced 4.0 Administrator Guide LAN Settings 7. The Fill in information about your LAN page allows the configuration of SonicWALL LAN IP Addresses and Subnet Masks. SonicWALL LAN IP Addresses are the private IP addresses assigned to the LAN of the SonicWALL.
Wizards > Setup Wizard 804 SonicOS Enhanced 4.0 Administrator Guide SonicWALL Configuration Summary 9. The Configuration Summary window displays the conf iguration defined using the Installation Wizard. To modify any of the settings, click Back to retur n to the Connecting to the Internet window.
Wizards > Setup W izard 805 SonicOS Enhanced 4.0 Administrator Guide Configuring NAT Enabled with PPPoE NAT with PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a remote site using various Remote Access Service products.
Wizards > Setup Wizard 806 SonicOS Enhanced 4.0 Administrator Guide Change Password 3. To set the password, enter a new password in the New Password and Confirm New Password fields. Click Next . Tip It is very important to choose a password which cannot be easily guessed by others.
Wizards > Setup W izard 807 SonicOS Enhanced 4.0 Administrator Guide WAN Network Mode 5. The SonicWALL automatically detects the pres ence of a PPPoE server on the WAN. If not, then select PPPoE: Your ISP provided you with desktop software, a user name and password .
Wizards > Setup Wizard 808 SonicOS Enhanced 4.0 Administrator Guide LAN Settings 7. The LAN Settings page allows the con figuration of SonicWALL LAN IP Addresses and LAN Subnet Mask.The SonicWALL LAN IP Address is the pr ivate IP address assigned to the LAN port of the SonicWALL.
Wizards > Setup W izard 809 SonicOS Enhanced 4.0 Administrator Guide SonicWALL Configuration Summary 9. The Configuration Summary window displays the conf iguration defined using the Installation Wizard. To modify any of the settings, click Back to return to the Connecting to the Internet window.
Wizards > Setup Wizard 810 SonicOS Enhanced 4.0 Administrator Guide Configuring PPTP Network Mode NAT with PPTP Client mode uses Point to Point Tunneling Protocol (PPTP) to connect to a remote server. It supports older Microsoft implementations requiri ng tunneling connectivity.
Wizards > Setup W izard 811 SonicOS Enhanced 4.0 Administrator Guide Change Password 3. To set the password, enter a new password in the New Password and Confirm New Password fields. Click Next . Tip It is very important to choose a password which cannot be easily guessed by others.
Wizards > Setup Wizard 812 SonicOS Enhanced 4.0 Administrator Guide WAN Network Mode 4. Select PPTP: Provided you with a server IP address, a user name and password. Click Next . WAN Network Mode: NAT with PPTP Client 5. Enter the user name and password pr ovided by your ISP into the User Name and Password fields.
Wizards > Setup W izard 813 SonicOS Enhanced 4.0 Administrator Guide LAN Settings 6. The LAN Settings page allows the con figuration of SonicWALL LAN IP Addresses and LAN Subnet Mask.The SonicWALL LAN IP Address is the pr ivate IP address assigned to the LAN port of the SonicWALL.
Wizards > Setup Wizard 814 SonicOS Enhanced 4.0 Administrator Guide SonicWALL Configuration Summary 8. The Configuration Summary window displays the conf iguration defined using the Installation Wizard. To modify any of the settings, click Back to retur n to the Connecting to the Internet window.
815 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 70 Chapter 70: Using the Registration & License Wizard Wizards > Registration & License Wizard The SonicWALL Registration and Li cense Wizar d simplifies the process of registering your SonicWALL security appliance and obtaining licenses for additional security services.
Wizards > Registration & Licen se Wiza rd 816 SonicOS Enhanced 4.0 Administrator Guide Step 2 Select Registration and License Wizard and click Next . Step 3 A screen displays confirming that you are us ing the Registration and License Wizard. Click Next .
Wizards > Registration & License Wizard 817 SonicOS Enhanced 4.0 Administrator Guide Step 5 On the Choose security services page, select the security se rvices you would like to purchase and click Next . Step 6 The Registration and License Wizard launches your mysonicwall.
Wizards > Registration & Licen se Wiza rd 818 SonicOS Enhanced 4.0 Administrator Guide Step 7 Verify that the services you want to purc hase are listed in the sh opping cart. When you are finished selecting security services, click Checkout . Step 8 The mysonicwall.
Wizards > Registration & License Wizard 819 SonicOS Enhanced 4.0 Administrator Guide Step 9 The Confirm page displays. Verify that your order is correct and click Confirm . You can now print a copy of your completed order. Step 10 Close the mysonicwall.
Wizards > Registration & Licen se Wiza rd 820 SonicOS Enhanced 4.0 Administrator Guide Step 12 Your new security services ar e now available on the SonicW ALL security appliance.
821 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 71 Chapter 71: Configuring a Public Server with the Wizard Wizards > Public Server Wizard 1. Start the wizard: In the navigator, click Wizards .
Wizards > Public Server Wizard 822 SonicOS Enhanced 4.0 Administrator Guide 2. Select Public Server Wizard and click Next . 3. Select the type of server from the Server Type list. Depending on the type you select, the available services change. Check the box for the services you are enabling on this server.
Wizards > Public Server Wizard 823 SonicOS Enhanced 4.0 Administrator Guide 6. Click Next . 7. Enter the public IP address of the server. The default is the WAN public IP address. If you enter a different IP, the Public Server Wizard will cr eate an address object for that IP address and bind the address object to the WAN zone.
Wizards > Public Server Wizard 824 SonicOS Enhanced 4.0 Administrator Guide 9. The Summary page displays a summary of all the configuration you have performed in the wizard. It should show: • Server Address Objects The wizard creates the address object for the new server.
Wizards > Public Server Wizard 825 SonicOS Enhanced 4.0 Administrator Guide 10. Click Apply in the Public Server Configuration Summary page to complete the wizard and apply the configuration to your SonicWALL.
Wizards > Public Server Wizard 826 SonicOS Enhanced 4.0 Administrator Guide.
827 SonicOS Enhanced 4.0 Administrator Guide CHAPTER 72 Chapter 72: Configuring VPN Policies with the VPN Policy Wizard Wizards > VPN Wizard The VPN Policy Wizard walks you step-by-step through the configuration of GroupVPN on the SonicWALL.
Wizards > VPN Wizard 828 SonicOS Enhanced 4.0 Administrator Guide Using the VPN Policy Wizard Step 1 In the top right corner of the VPN > Settings page, click on VPN Policy Wizard . Step 2 Click Next . Step 3 In the VPN Policy Type page, sele ct WAN GroupVPN and click Next .
Wizards > VPN Wizard 829 SonicOS Enhanced 4.0 Administrator Guide – Default Key : If you choose the default key, a ll your Global VPN Clients and Global Security Clients will automatically use t he default key generated by the SonicWALL to authenticate with the SonicWALL.
Wizards > VPN Wizard 830 SonicOS Enhanced 4.0 Administrator Guide – Encryption : This is the method for encrypting data through the VPN Tunnel. The methods are listed in order of security. DE S is the least secure and the and takes the least amount of time to encry pt and decrypt.
Wizards > VPN Wizard 831 SonicOS Enhanced 4.0 Administrator Guide Note If you enable user authentication, the use rs must be entered in the SonicWALL database for authentication. Users are entered into the SonicWALL database on the Users > Local Users page, and then added to groups in the Users > Local Groups page.
Wizards > VPN Wizard 832 SonicOS Enhanced 4.0 Administrator Guide • The shared secret if you selected a cust om preshared secret in the VPN Wizard. • The authentication username and password. Configuring a Site-to-Site VPN using the VPN Wizard You use the VPN Policy Wiza rd to create the site-to-site VPN policy.
Wizards > VPN Wizard 833 SonicOS Enhanced 4.0 Administrator Guide Using the VPN Wizard to Configure Preshared Secret Step 1 On the System > Status page, click on Wizards . Step 2 In the Welcome to the SonicWALL Configuration Wizard page select VPN Wizard and click Next .
Wizards > VPN Wizard 834 SonicOS Enhanced 4.0 Administrator Guide – Policy Name : Enter a name you can use to refer to the policy. For example, Boston Office. – Preshared Key : Enter a character string to use to authenticate traffic during IKE Phase 1 negotiation.
Wizards > VPN Wizard 835 SonicOS Enhanced 4.0 Administrator Guide If the object or group you want has not been created yet, select Create Object or Create Group . Create the new object or group in the dial og box that pops up. Then select the new object or group.
Wizards > VPN Wizard 836 SonicOS Enhanced 4.0 Administrator Guide – Encryption : This is the method for encrypting data through the VPN Tunnel. The methods are listed in order of security. DE S is the least secure and the and takes the least amount of time to encry pt and decrypt.
837 SonicOS Enhanced 4.0 Administrator Guide Index Symbols 401 , 793 , 796 – 797 , 800 – 803 , 805 – 808 , 811 – 813 , 815 , 821 , 827 – 828 Numerics 802.
838 SonicOS Enhanced 4.0 Administrator Guide D deep packet inspection 718 DF bit 582 DH group 829 VPN policy wizard 835 DHCP relay mode 587 setup wizard 797 VPN central gateway 588 VPN remote gatew ay.
839 SonicOS Enhanced 4.0 Administrator Guide I IDS 405 authorizing access points 407 rogue access points 406 IEEE 802.11b 315 IEEE 802.11g 315 IKE DH gr ou p 829 phase 2 835 VPN policy wizard 835 IKE .
840 SonicOS Enhanced 4.0 Administrator Guide settings 248 translated destination 248 translated service 249 translated source 248 NAT policy loopback policy 824 outbound interface 249 public server wi.
841 SonicOS Enhanced 4.0 Administrator Guide LAN settings 798 – 799 , 803 – 804 , 808 , 813 – 814 NAT with DHCP client 802 NAT with PPPoE 805 NAT with PPPoE client 807 NAT with PPTP 810 NAT with.
842 SonicOS Enhanced 4.0 Administrator Guide authenti cation 830 , 836 configuration summary 836 connecting Global VPN Clients 831 destination ne tw or ks 835 DH group 829 , 835 encryption 830 , 836 I.
© 2 0 0 8S o n i c W A L L ,I n c .i sar e g i s t e r e dt r a d e m a r ko fS o n i c W A L L ,I n c .O t h e rp r o d u c tn a m e sm e n t i o n e dh e r e i nm a yb et r a d e m a r k sa n d / o rr e g i s t e r e dt r a d e m a r k so ft h e i rr e s p e c t i v ec o m p a n i e s .
Ein wichtiger Punkt beim Kauf des Geräts SonicWALL TZ 190 (oder sogar vor seinem Kauf) ist das durchlesen seiner Bedienungsanleitung. Dies sollten wir wegen ein paar einfacher Gründe machen:
Wenn Sie SonicWALL TZ 190 noch nicht gekauft haben, ist jetzt ein guter Moment, um sich mit den grundliegenden Daten des Produkts bekannt zu machen. Schauen Sie zuerst die ersten Seiten der Anleitung durch, die Sie oben finden. Dort finden Sie die wichtigsten technischen Daten für SonicWALL TZ 190 - auf diese Weise prüfen Sie, ob das Gerät Ihren Wünschen entspricht. Wenn Sie tiefer in die Benutzeranleitung von SonicWALL TZ 190 reinschauen, lernen Sie alle zugänglichen Produktfunktionen kennen, sowie erhalten Informationen über die Nutzung. Die Informationen, die Sie über SonicWALL TZ 190 erhalten, werden Ihnen bestimmt bei der Kaufentscheidung helfen.
Wenn Sie aber schon SonicWALL TZ 190 besitzen, und noch keine Gelegenheit dazu hatten, die Bedienungsanleitung zu lesen, sollten Sie es aufgrund der oben beschriebenen Gründe machen. Sie erfahren dann, ob Sie die zugänglichen Funktionen richtig genutzt haben, aber auch, ob Sie keine Fehler begangen haben, die den Nutzungszeitraum von SonicWALL TZ 190 verkürzen könnten.
Jedoch ist die eine der wichtigsten Rollen, die eine Bedienungsanleitung für den Nutzer spielt, die Hilfe bei der Lösung von Problemen mit SonicWALL TZ 190. Sie finden dort fast immer Troubleshooting, also die am häufigsten auftauchenden Störungen und Mängel bei SonicWALL TZ 190 gemeinsam mit Hinweisen bezüglich der Arten ihrer Lösung. Sogar wenn es Ihnen nicht gelingen sollte das Problem alleine zu bewältigen, die Anleitung zeigt Ihnen die weitere Vorgehensweise – den Kontakt zur Kundenberatung oder dem naheliegenden Service.