SonicWALL 2.5 Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 364 Seiten
- 32.58 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung SonicWALL 2.5 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von SonicWALL 2.5, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung SonicWALL 2.5 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung SonicWALL 2.5. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung SonicWALL 2.5 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts SonicWALL 2.5
- Den Namen des Produzenten und das Produktionsjahr des Geräts SonicWALL 2.5
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts SonicWALL 2.5
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von SonicWALL 2.5 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von SonicWALL 2.5 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service SonicWALL finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von SonicWALL 2.5 zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts SonicWALL 2.5, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von SonicWALL 2.5 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
C OM P REHENSIVE INTERN ET S ECURI TY ™ SSSS S o n i c W A L L S e c u r i t y A p p l i a n c e s S onicOS Enhanced 2. 5 Administrator's Guid e[...]
-
Seite 2
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE i P ART 1: Introduction to S onicOS Enhanced 2.5 Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 SonicOS Enhanced 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Seite 3
ii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 7: Managing SonicW ALL Se curity Appliance Firmware . . . . . . . . . . . . . 37 System > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 7 Settings . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Seite 4
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE iii Chapter 13: Configuri ng Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Network > Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Types of Address Ob jects . . . . . . [...]
-
Seite 5
iv S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : P ART 4: Wireless Chapter 20: Managing SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 9 Wireless > SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Before M[...]
-
Seite 6
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE v Chapter 26: Configuring Firewall Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Firewall > Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Default Services Overview . . . .[...]
-
Seite 7
vi S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 33: Configuri ng VPN Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 VPN>CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Implementing Certificates for V[...]
-
Seite 8
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE vii P ART 9: Security Servic es Chapter 38: Managing Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Security Services>Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 mySonicWALL.co[...]
-
Seite 9
viii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 44: Configur ing Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Syslog Settings . . . .[...]
-
Seite 10
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE ix Chapter : Chapter : Preface Copyright Notice © 2004 SonicWAL L, Inc. All righ ts reserved . Under the copyrigh t laws, this manual or the software descr ibed within, can not be cop ied, in whole or part, without the written consen t of the manufacturer, except in the normal use of [...]
-
Seite 11
x S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE Preface EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED , SUCH WARRANTY IS LIMITED IN DU RATION TO THE WARRANTY PERIOD. BECAUSE SOME ST ATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIE D WARR ANTY LAS[...]
-
Seite 12
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE xi Current Document ation Check the So nicWALL docu mentation Web site fo r that lates t versions of this manual and all other SonicWALL product d ocumentation. http://www.sonicwall.com/services/documenta tion.html[...]
-
Seite 13
xii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE Preface[...]
-
Seite 14
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 1 P ART 1 Part 1 Introduction to SonicOS Enhanced 2.5[...]
-
Seite 15
2 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 16
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 1 SonicOS Enhanced 2.5 C HAPTER 1 Chapter 1: Introduction SonicOS Enhanced 2.5 SonicOS Enhanced is the most power ful Soni cOS op erating system designed for the latest generation of So nicWALL security applian ces. SonicOS Enhanced 2.5 is stan dard on the Soni cWALL PRO 4060 and PRO [...]
-
Seite 17
2 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction • Multiple GroupVPN Policies : SonicOS Enhanced 2.5 allows yo u to create separate, customized GroupVPN policies for each Zone, an d SonicWALL Global VPN Client connections can termin ate on any interface. • Wirel ess Extensio ns : SonicOS Enhanced 2.5 in[...]
-
Seite 18
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 3 About this Guide Organization of this Guide The SonicOS En hanced 2 .5 Administra tor’s Guide organizat ion is structu red into th e following pa rts that follow th e SonicWALL W eb Mana gement In terface s tructure. With in these parts, individ ual chapters correspond to Manageme[...]
-
Seite 19
4 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction Part 6 VPN This part covers how to create VPN policies on the SonicWALL security app liance to support SonicWALL Global VPN Clients as well as creating site-to-site VPN policies for connecting offices running SonicWALL secu rity appliances. Part 7 Users This [...]
-
Seite 20
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 5 About this Guide Guide Conventions The following Conventions used in this guide are as follows: Icons Used in this Manual These special messages refe r to not eworthy information, and includ e a symbol for quick identification: S Alert: Important information that caut ions about fea[...]
-
Seite 21
6 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction SonicW ALL T echnical Support For timely resolution of tech nical support q uestions, visit SonicWAL L on the Intern et at <http://www.sonicwall.com/services/ support.html> . Web-base d resources ar e available to help yo u resolve most technical issues[...]
-
Seite 22
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 7 More Information on SonicWALL Products Knowledge Base All SonicWALL customers have imm ediate, 24X7 a ccess to our state-of-the-art e lectronic support tools. Power searching technologies on our Web si te allow customers to lo cate information quickly and easily from ou r robust co [...]
-
Seite 23
8 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction[...]
-
Seite 24
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 9 C HAPTER 2 Chapter 2: Getting S t arted Configuring Y our Management St ation Your SonicWALL secu rity appliance is configured with the default IP ad dr ess of 192.168.1 68.168. This IP address is used to initially access the Management Interface of the SonicWALL security appliance. [...]
-
Seite 25
10 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started 9 Enter 255.255.255.0 in the Subnet field. 10 If you have a DNS Server IP addres s from your ISP, enter it in the Preferred DNS Server field. 11 Click OK . Windows NT 1 From the Start list, highlight Settings and then select Control Panel . 2 Double-clic[...]
-
Seite 26
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 11 S Alert: Because you are tempor arily disconnected from the Internet, yo u may receive an error message when your Web br owser first opens. This does no t affect your installation process. Continue with the steps below. To begin the configuratio n of your SonicWALL secu rity applian[...]
-
Seite 27
12 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started Using the Management Interface The SonicWALL’s Web Manageme nt Interface prov ides a easy-to-use graphical interface for configuring your SonicWAL L. SonicWALL manag ement functions are per formed through a Web browser. 9 Tip : Microsoft Internet Explo[...]
-
Seite 28
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 13 If the settings are containe d in a secondary win dow within the M anagemen t Interfac e, when you click OK , the settings are automatically applied to the SonicWALL. Getting Help Each SonicWALL includes Web-based online help av ailable from the Managem ent Interface. Clicking the q[...]
-
Seite 29
14 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started[...]
-
Seite 30
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 15 P ART 2 Part 2 System[...]
-
Seite 31
16 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 32
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 17 System > Status C HAPTER 3 Chapter 3: V iewing S t atus Information System > S t atus The System>Statu s page provides a comprehen sive collection of information and links to help you manage your SonicWALL security ap pliance and Soni cWALL Security Ser vices licenses. It i[...]
-
Seite 33
18 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Wizards The Wizards button on the Syst em>Status page provides acce ss to the SonicWALL Config uration Wizard , which allows you to easily configure the So nicWALL security appliance using the following sub-wizards : • Setup Wizard - This[...]
-
Seite 34
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 19 System > Status Registration and Security Services Once you’ve established your Intern et connectio n, you can register you r security appliance at mySonicWALL.com as well as activate SonicWALL Se curity Services. Any bundled services included with your SonicWALL security app l[...]
-
Seite 35
20 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Creating Y our mySonicW ALL.com Account If you already have a mySonicWALL.co m account, sk ip this section. To create a mySonicWALL.com account from the SonicWALL Managem ent Interface, follow these steps: In the Security Ser vices folder on t[...]
-
Seite 36
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 21 System > Status Registering the SonicW ALL Security Ap pliance from the Management Interface If you have a mySonicWALL. com account, follo w these steps to register your SonicWALL security appliance: 1 Click the here link to automatically register your SonicWALL security applianc[...]
-
Seite 37
22 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Network Interfaces Network Int erfaces displays information about the interfaces for your SonicWALL se curity appliance. Clicking the blue arrow displays the Network>Settings page for configuring your Network settings. The available interfa[...]
-
Seite 38
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 23 System > Licenses C HAPTER 4 Chapter 4: Managing SonicW ALL Security Services Licenses System > Licenses The System>Licenses pa ge provides links to activate, upgra de, or renew SonicWALL Security Services licens es. From th is page in t he SonicWAL L Manage ment Interf ace[...]
-
Seite 39
24 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 4: Managing SonicWALL Security Services Licenses longer active ( Expired ). The number of no des/users allowed for the license is displaye d in the Count column. Th e Expiration column displays the expir ation dat e for any Licensed Security Service. The information listed[...]
-
Seite 40
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 25 System > Licenses Enter your mySonicWALL.com accoun t username and password in the User Name and Passwor d fields and click Submit. The Manage Services Online page is displayed with licensing information from your mySonicWALL.com account. Manual Upgrade Manual Upgrade allows you [...]
-
Seite 41
26 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 4: Managing SonicWALL Security Services Licenses 3. Click the View License Keyset link. The scrambled text displaye d in the text box is the License Keyset for the selected Sonic WALL security applia nce and activated Security Services. Copy the Keyset text f or pasting in[...]
-
Seite 42
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 27 System > Administration C HAPTERW 5 Chapter 5: Configuring SonicW ALL Security Appliance Administration Settings System > Administration The System Administration page pr ovides settings for the configuration of SonicWALL security appliance for secure and remote ma nagement. Y[...]
-
Seite 43
28 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings Administrator Name & Password The Administrator Name can be changed from the default se tting of admin to any word using alphanumeric characters up to 32 character s in le ngth. To create an n ew admin[...]
-
Seite 44
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 29 System > Administration when you u se the IP ad dress to log into the Soni cWALL security applaince. For example, if you configure the port to be 76, then you must type <LAN IP Address>:76 into the Web browser, i.e. <http://192.168 .168.1:76>. The default port for HTT[...]
-
Seite 45
30 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings  Cross Reference: For more information on Soni cWALL Global Management System , go to http://www.sonicwall.com. Enabling SNMP Management SNMP (Simple Network Ma nagement Proto col) is a network protocol [...]
-
Seite 46
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 31 System > Administration Enable GMS Management You can configure the SonicWAL L security appliance to be manage d by SonicWALL Global Management System (SonicWALL GMS). Configuring the SonicW ALL Securi ty Appliance fo r GMS M anagement To configure the SonicWALL se curi ty applia[...]
-
Seite 47
32 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings enter the IP a ddress in the NAT Device IP Address field. The default VPN policy settings are displayed at the bottom of the Config ure GMS Settings window. Existing Tunnel - If this option is selected, th[...]
-
Seite 48
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 33 System > Administration VPN Client Download URL The VPN Client Download URL provid es a field for entering the URL address of a site for downloading the SonicWALL Global VPN Client app lication, when a user is prompted to use the Global VPN Client for access to the network. The d[...]
-
Seite 49
34 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings[...]
-
Seite 50
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 35 System > Time C HAPTER 6 Chapter 6: Configuring T ime Settings System > T ime The Syst em>Time page defines the time and date settings to time stamp log events, to automatically update SonicWALL Security Ser vices, and for other internal purposes. i By default, the SonicWAL[...]
-
Seite 51
36 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 6: Configuring Time Settings System T ime To select your time zone and automatically up date the time, choose th e time zone from the Time Zone menu. The Use NTP to set time automatically is activated by default to use the NTP ( Network Time Protocol) to set time automatic[...]
-
Seite 52
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 37 System > Settings C HAPTER 7 Chapter 7: Managing SonicW ALL Security Appliance Firmware System > Settings This System>Setting s page allows you to manage your SonicWAL L security appliance’s SonicOS versions and preferences. Settings Import Settings To import a previously[...]
-
Seite 53
38 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware 3 Select the preferences file. 4 Click Import , and restart the firewall. Export Settings To export configuration settings from the SonicWAL L security app liance, us e the instructio ns below: 1 Click Export Settings . 2 C[...]
-
Seite 54
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 39 System > Settings Firmware Management T able The Firmware Managemen t table di splays the followin g information: • Firmware Image - In this column, four types of firmware imag es are listed: Current Firmware - firmware curren tly loaded on the SonicWALL secu rity appliance[...]
-
Seite 55
40 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware Up dating Firmware Manually Click Upload New Firmware to upload new firmware to the SonicWALL secur ity appliance. The Upload Firmware window is displayed. Browse to the firmware file locate d on your local driv e. Click Up[...]
-
Seite 56
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 41 System > Settings Firmware Management The Firmware Manage ment table has the following columns: • Firmware Image - In this column, five types of firmware image s are listed: - Current Fi rmware , firmware currently loaded on the SonicWALL security ap pliance - Current Firmware [...]
-
Seite 57
42 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware[...]
-
Seite 58
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 43 System > Diagnostics C HAPTER 8 Chapter 8: Using Diagnostic T ools & Rest arting the SonicW ALL Security Appliance System > Diagnostics The System>Diagnos tics page provides a a collection of diagnostic tools to help troubleshoot network pro blems: • DNS Name Lookup ?[...]
-
Seite 59
44 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance Diagnostic T ools You can choose any of the following diagnostic tools from the Dia gnostic Tool menu. DNS Name Lookup The SonicWALL security appliance has a DNS lookup tool that returns the IP add[...]
-
Seite 60
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 45 System > Diagnostics Packet T race The Packet Trace tool tracks the status of a communications stream as it move s from source to destination. This is a useful tool to determine if a communications stream is being stopped at the SonicWALL security appliance, or is lost on the Int[...]
-
Seite 61
46 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance To 204.71.200.74 / 80 (02:00:cf:58:d3:6a) The SonicWALL security appliance forwards the client ACK to the remote host and wa its for the data transfer to begin. When using packet traces to isolate [...]
-
Seite 62
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 47 System > Diagnostics Generating a T ech Support Report 1 Select Tech Support Report from the Choose a diagnostic t ool menu. 2 Select the Report Options to be included with your e-ma il. 3 Click Save Report to save the file to yo ur system. When you click Save Report , a warning [...]
-
Seite 63
48 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance System > Rest art Click Restart to display the Syst em>Restart page. The SonicWALL se curity appliance can be restarted from the Web Ma nagement interface. Click Restart SonicWALL and then cl[...]
-
Seite 64
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 49 P ART 3 Part 3 Network[...]
-
Seite 65
50 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 66
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 51 Network > Interfaces C HAPTERW 9 Chapter 9: Configuring Interfaces Network > Interfaces The Network>Interfac es page includes interface objects that are directly linked to physical interfaces. The SonicOS Enhanced scheme of inte rface addressing wo rks in conjunction with n[...]
-
Seite 67
52 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces SonicOS Enhanced Secure Object s The SonicOS Enhanced sch eme of interface addre ssing works in conjunction with network zones and address objects. This structure is based on secure objects, which are utiliz ed by rules and policies within SonicOS[...]
-
Seite 68
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 53 Network > Interfaces •N a m e - listed as X0, X1 , X2 , X3 , X4 , and X5 or LAN , WAN , WLAN , Custom , or OPT/DMZ depending on your SonicWALL security appliance mo del. •Z o n e - LAN, DMZ/OPT and WAN are listed by def ault. As zones are configure d, the names are listed in [...]
-
Seite 69
54 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 1 Click on the Notepad icon in the Configure column for Unassigned Interface you want to configure. The Edit Interface window is displayed. 2 Select the LAN interface. If you want to create a new zone for the interface, select Create a new zone . [...]
-
Seite 70
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 55 Network > Interfaces Configuring Advanced Sett ings for the Interface If you need to force an Ethernet speed, duplex and/or MAC address, click th e Advan ced tab. The Ethernet Settings section allows you to mana ge the Ethern et settings of links connected to the SonicWALL. Auto [...]
-
Seite 71
56 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 3 Select Transparent Mode from the IP Assignment menu. 4 Select the address object from th e Transparent Ra nge menu. See Chapter 13 for more information. 5 Enter any optional comment text in the Comment field. This text is displayed in the Commen[...]
-
Seite 72
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 57 Network > Interfaces Configuring the WLAN Interface Static means you assign a fixe d IP address to the interface. 1 Click on the Notepad icon in the Configure column for Unass igned Interfac e you want to configure. The Edit Interface window is displayed. 2 Select the WLAN interf[...]
-
Seite 73
58 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 2 If you’re configuring an Un assigned Inte rface, select WAN from the Zone menu. If you selected the Default WAN Interface, WAN is already selected in the Zone menu. 3 Select one of the following WAN Network Addressing Mode from the IP Assignme[...]
-
Seite 74
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 59 Network > Interfaces Comment Management User Login Renew Release Refresh PPPoE User Name User Password Comment Management User Login Inactivity Disconnect (minutes) Obtain IP Address Automatically Specify IP Address Obtain DNS Server Address Automatically Specify DNS Server PPTP [...]
-
Seite 75
60 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces Management User Login Inactivity Disconnect (minutes) L2TP IP Assignment DHCP Renew Relea se Refresh Static IP Address Subnet Mask Gateway (R outer) Ad dress Configuring the Advanced Settings for the W AN Interface The Advanced tab includes settin[...]
-
Seite 76
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 61 Network > Interfaces Check Enable Multicast Supp ort to allow multicast rece ption on this interface. S Alert: If you select a specific Ethernet speed and duplex, you must force th e connection speed and duplex from the Ethernet card to the SonicWALL as well. You can also specify[...]
-
Seite 77
62 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces[...]
-
Seite 78
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 63 Network > WAN Failover & LB C HAPTER 10 Chapter 10: Setting Up W AN Failover and Load Balancing Network > W AN Failover & LB WAN Failover and Load Balancing allows y ou to des ignate one of the user-ass igned interfaces as a Secondary or backup WAN port. The Secondary [...]
-
Seite 79
64 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing Setting Up W AN Failover and Load Balancing The following are the steps to configuring WAN Failover an d Load Balancing on the SonicWALL security ap pliance: 1 Configuring an interface as a Secon dary WAN port 2 Creating a NAT[...]
-
Seite 80
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 65 Network > WAN Failover & LB Activating W AN Failover and Load Balancing To configure the SonicWALL fo r WAN failover and load balancing, follow th e steps below: 1 On Network > WAN Failover & LB page, select Enable Load Balancing . 2 From the Second ary WAN Interface m[...]
-
Seite 81
66 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing • Per Destination Round- Robin : When this setting is selected, th e SonicWALL security appliance load-balances outgoing traffic on a pe r-destination ba sis. This is a simple load balancing method and, though not very granu[...]
-
Seite 82
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 67 Network > WAN Failover & LB Configuring W AN Probe Monitoring To configure WAN probe monitorin g, follow these steps: 1 On the Network > WAN Failover & LB page, check the Enable Probe Monitoring box, and click on the Configure button. Th e Configure WAN Probe Monitorin[...]
-
Seite 83
68 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing W AN Load Balancing S t atistics The WAN Load Balancing Statistics table displa ys the following WA N Interface stat istics for the SonicWALL: •L i n k S t a t u s • Load Balancing State • Probe Monitoring • New Connec[...]
-
Seite 84
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 69 Network > Zones C HAPTER 11 Chapter 11: Configuring Zones Network > Zones A Zone is a logical grouping of one or more inter faces designed to make management, such as the definition and application of Access Rules, a simp ler and more intuitive proc ess than following strict p[...]
-
Seite 85
70 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones doorperson is the inter-zone/intra-zon e security po licy, and the doorperson’s job to consult a list and make sure that the person is allowed to go to the other room, or to leave the building. If the person is allowed (i.e. the security policy lets[...]
-
Seite 86
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 71 Network > Zones •D M Z : This zone is normally used for publicly acce ssible serve rs. This zon e can cons ist of on e to four interfaces, dependin g on you network design. • VPN : This virtual zone is used for simplifying se cure, remote connectivity. It is the only zone tha[...]
-
Seite 87
72 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones • SonicWALL Content Filtering Servic e - Enforces content filtering on multiple interfaces in the same Trusted, Public and WLAN zon es. • SonicWALL Enforce Anti-Virus Serv ice - Enforces anti-viru s protec tion on multiple interfaces in the same T[...]
-
Seite 88
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 73 Network > Zones Adding a New Zone To add a new Zone, click Add under the Zone Sett ings table. The Add Zone window is displayed. 1 Type a name for the new zone in the Name field. 2 Select a security type Trusted , Public or Wireless from the Security Type menu. Use Trusted for Zo[...]
-
Seite 89
74 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones 4 Click th e Wireless tab. 5 In the Wirele ss Setting s section, select WiFiSec Enforcement to require that all traffic that enters into the WLAN Zone interface b e either IPSec traffic, WPA traffic, or both. With WiFiSec Enforcement enabled, all non-[...]
-
Seite 90
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 75 Network > Zones Post Auth enticatio n Page - directs users to the page you sp ecify immediately after successful authentication. Enter a URL for the post - authentication page in the filed. Max Guests - specifies th e maximum number of gues t users allowed to conn ect to [...]
-
Seite 91
76 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones[...]
-
Seite 92
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 77 Network > DNS C HAPTERW 12 Chapter 12: Configuring DNS Settings Network > DNS The Domain Name System (DNS) is a distributed , hierarchical system that provides a method for identifying hosts on the Internet using alphanu meric name s called fully qualified dom ain names (FQDNs[...]
-
Seite 93
78 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 12: Configuring DNS Settings[...]
-
Seite 94
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 79 Network > Address Objects C HAPTER 13 Chapter 13: Configuring Address Object s Network > Address Object s Address Objects are one of four object classes (Address, User , Service, and Schedule) in SonicOS Enhanced. These Addr ess Object s allow for entities to be defined one ti[...]
-
Seite 95
80 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects example “My Access Point” with a MAC address of “00:06:01:AB:02 :CD”. MAC Address objects are used by various components o f Wire less configurations throughout SonicOS. Address Object Group s SonicOS Enhanced also as well as the abi[...]
-
Seite 96
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 81 Network > Address Objects You can enter the po licy number (the number listed before the po licy name in the # Name column) in the Items field to move to a specific entry. The def ault table configuration disp lays 50 entries per page. You can change this default numb er of entri[...]
-
Seite 97
82 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • LAN Interface IP • WAN Subnets • WAN Interface IP • DMZ Subnets • DMZ Interf ace IP • ALL WAN IP • All Interface IP • All X0 Management IP • All X1 Management[...]
-
Seite 98
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 83 Network > Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL WAN IP • All Interface IP • All X0 Managem ent IP • All X1 Managem ent IP • All SonicPoints • All Authorized Access Points • LAN Interfac e[...]
-
Seite 99
84 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL WAN IP • All Interface IP • All X0 Management IP • All X1 Management IP • All SonicPoints • All Authorized Access Points • LAN[...]
-
Seite 100
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 85 Network > Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL WAN IP • All Interface IP • All X0 Managem ent IP • All X1 Managem ent IP • All SonicPoints • All Authorized Access Points • LAN Interfac e[...]
-
Seite 101
86 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects To add a Group of Address Objects, click Ad d Group to display the Add Address Object Gr oup window. 1 Create a name fo r the group in the Name field. 2 Select the Address Object from th e list and click the right arrow. It is added to the g[...]
-
Seite 102
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 87 Network > Routing C HAPTER 14 Chapter 14: Configuring Routes Network > Routing If you have routers on your interfaces, you ca n c onfigure static routes on the SonicWALL security appliance on the Network>Routing page. You can create static routing policies that create stati[...]
-
Seite 103
88 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes Route Advertisement Configuration To enable Route Advertise m ent for an Interface, follow these steps: 1 Click th e Notepad icon in the Configure column for the inter face. The Route Advertisement Configurat ion windo w is displayed. 2 Select one of[...]
-
Seite 104
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 89 Route Policies MD5 Digest - Enter a numerical value from 0-255 in the Authentication Key-Id (0-2 55) field. Enter a 32 hex digit value for the Authen tication Key (32 hex digits) field, or use the generated key. 11 Click OK . Route Policies SonicOS Enhanced provid es Policy Base[...]
-
Seite 105
90 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes Route Policies T able You can change the view your route po licies in the Route Policies table by selecting one of the view settings in the View Style menu . All Policies display s all the routing policies including Custom Policies and Default Pol ic[...]
-
Seite 106
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 91 Route Policies 1 Click the Add button under the Route Policies table. The Add Route Policy window is displayed. 2 Create a routing po licy that directs all X0 Subnet sources to An y destinations for HTTP service out of the Defau lt Gateway via the X1 interface by selecting these set[...]
-
Seite 107
92 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes[...]
-
Seite 108
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 93 Network > NAT Policies C HAPTER 15 Chapter 15: Configuring NA T Policies Network > NA T Policies The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT polices for their incoming and outgoing tra ffic. By default, the SonicWALL sec[...]
-
Seite 109
94 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies NA T Policies T able The NA T Policies table allows you to view your NAT Policies by Custom Policies , Default Policies , or All Policies . S Alert: Before configuring NAT Policies, be sure to create all Address Objects associated with the poli[...]
-
Seite 110
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 95 Network > NAT Policies NA T Policy Settings Explained The following explains the settings used to create a NAT policy entry in the Add NAT Policy or Edit NAT Policy windows. Click the Add button in the Network>NAT Policies page to display the Add NAT Policy window to create a [...]
-
Seite 111
96 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies security appliance, or you ca n create your own entri es. For many NAT Policies, this field is set to Original , as the policy is only altering source or destination IP addresses. • Inbound Interface : This drop-down menu setting is used to s[...]
-
Seite 112
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 97 Network > NAT Policies appliance to operate pro perly, and cannot be delete d. For this reas on, they are listed in th eir own section, in order to make the user-created NAT policies easier to browse. If you wish to see user- created NAT policies along with the defa ult NAT polic[...]
-
Seite 113
98 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies • Translated Source : WAN Primary IP • Original Destination : Any • Translated Destination : Original • Original Service : Any • Translated Service : Original • Inbound Interface : X3 • Outbound Interfa ce : X1 • Comment : Enter[...]
-
Seite 114
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 99 Network > NAT Policies You can test the dynamic mapping by installing several systems on the LAN (X 0) interface at a spread-out range of addr esses (for example, 19 2.168.10.10, 192.1 68.10.1 00, and 192.168.10.200) and accessing the public website http://www.whatismyip.com from[...]
-
Seite 115
100 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies translation betwe en the private and public address. With this policy in place, the SonicWALL security appliance translates the server’s public IP address to the priva t e IP address when co nnection requests arrive via the WAN (X1) inter fa[...]
-
Seite 116
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 101 Network > NAT Policies • Outbound Interface : Any • Comment : Enter a short descr iption • Enable NAT Policy : Checked • Create a re flective p olicy : Unchecked Note: Make su re you chose An y as the destination interface, and not the interface that the server is on[...]
-
Seite 117
102 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies 2 Create two address objects for the servers’ private IP addresses. 3 Create two NAT entries to allow the two servers to initia te traffic to the public Internet. 4 Create two NAT entries to map th e custom ports to the actual listening port[...]
-
Seite 118
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 103 Network > NAT Policies When done, click on the OK button to add and activate the NAT policies. With these policie s in place, the SonicWALL security applian c e translates the servers’ private IP addresses to the public IP address when it initiates traffic out the WAN (X1) int[...]
-
Seite 119
104 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies •A c t i o n : Allow • Service : servone_public_port ( o r whatever you n a med it above) • Source : Any • Destina tion : X1 IP Address • Users Allowed : All • Schedule : Always on • Logging : checked • Comment : (enter a short[...]
-
Seite 120
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 105 Network > ARP C HAPTER 16 Chapter 16: Managing ARP T raf fic Network > ARP ARP (Address Resolution Protocol) maps layer 3 (IP addresses) to layer 2 (physica l or MAC addresses) to enable communications between hosts residing on the same subn et. ARP is a broadcast protocol th[...]
-
Seite 121
106 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 16: Managing ARP Traffic You can sort the entrie s in the table by clicking on the column heade r. The entries are sorted by ascending or descending or der. The arrow to the right of the column en try indicates the sorting status. A down arrow means ascending order. An up[...]
-
Seite 122
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 107 Network > DHCP Server C HAPTER 17 Chapter 17: Setting Up the DHCP Server Network > DHCP Server The SonicWALL security appliance includes a DHCP (D ynamic Host Configuration Protocol) server to distribute IP addresses, subnet masks, gateway addresses, and DNS server addr esses[...]
-
Seite 123
108 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server The DHCP Server Configuration window is displayed. In the Dynamic Ranges table, the Range Start , Range End , an d Interface information is displayed. Configuring DHCP Server for Dynamic Ranges To configure DHCP server for dynamic IP address[...]
-
Seite 124
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 109 Network > DHCP Server 6 If you select the interfa ce IP address fro m the Gateway Preferenc es menu, the Default Gateway and Subnet Mask fields are unavaila ble. If you select Other , the fields ar e available for you to type the Default Gatew ay and Subnet Mask information into[...]
-
Seite 125
110 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server 2 Enter the IP address or FQDN of your Vo IP Call Manager in the Call Manager 1 field. You ca n add two additional VoIP Call Manager add resses. 3 Click OK to add the settings to the SonicWALL security appliance. 4 Click Apply for the settin[...]
-
Seite 126
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 111 Network > DHCP Server 3 Click OK to add the settings to the SonicWALL. 4 Click Apply for the settings to t ake effect on the SonicWALL. 9 Ti p: The SonicWALL DHCP server can assign a total of 64 address ranges with 64 IP addresses each or a total of 4096 IP ad dresses. Â For mo[...]
-
Seite 127
112 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server[...]
-
Seite 128
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 113 Network > IP Helper C HAPTER 18 Chapter 18: Using IP Helper Network > IP Helper The IP Helper allows the SonicW ALL security appliance to forw ard DHCP requests originating from the interfaces on a SonicWALL security appliance to a centralized DHCP server on the behalf of the[...]
-
Seite 129
114 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 18: Using IP Helper IP Helper Policies IP Helper Poli cies allow you to forward DHCP and NetBIOS br oadcasts from one in terface to another interface. Adding an IP Helper Policy 1 Click th e Add button under the IP Helper Policies table. The Add IP Helper Policy window is[...]
-
Seite 130
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 115 Network > Web Proxy C HAPTER 19 Chapter 19: Setting Up W eb Proxy Forwarding Network > W eb Proxy A Web proxy server inter c epts HTTP requests and dete rmines if it has stored copies of the r e quested Web pages. If it does not, the prox y completes the r equest to the serve[...]
-
Seite 131
116 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 19: Setting Up Web Proxy Forwarding 2 Type the name or IP address of the proxy server in the Proxy We b Server (name or IP address) field. 3 Type the proxy IP port in the Proxy Web Server Port field. 4 To bypass the Proxy Servers if a failure occurs, select the Bypass Pro[...]
-
Seite 132
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 117 P ART 4 Part 4 W i reless[...]
-
Seite 133
118 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 134
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 117 Wireless > SonicPoints C HAPTER 20 Chapter 20: Managing SonicPoint s Wireless > SonicPoint s SonicWALL SonicPoints are wireless access points specially en gineered to wor k with SonicW ALL security appliances running Soni cOS Enhanced 2.5 or greater to provide wireless acce s[...]
-
Seite 135
118 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints • Assign one or more interfaces to the Wireless zone. • Attach the SonicPoints to the in terfaces in the Wireless zone. • Test SonicPoints SonicPoint Provisioning Profiles SonicPoint Provisioning Profiles provide a scalable and highly automa[...]
-
Seite 136
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 119 SonicPoint Provisioning Profiles Country Code : Select the country where you are operating the SonicPoints. The country code determines which regulatory domain the radio operation falls under . 3 In the 802.11a tab, Configu r e the radio settings for the 802 .11a (5GHz band) ra[...]
-
Seite 137
120 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints Key 1 - Ke y 4 : Enter the encryptions keys for WEP encr ypt ion. Enter the most likely to be used in the field you selected as the default key. 4 In the 802.11a Advanced tab, configure the performan c e setti ngs for the 802.11a radio. For mo[...]
-
Seite 138
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 121 SonicPoint Provisioning Profiles If the SonicPoint does loca te, or is located by a peer SonicOS device, via the SonicWALL Discovery Protocol, an encrypted exchange between the two units will ensue wherei n the profile assigned to the relevant Wireless Zone will be us ed to automat[...]
-
Seite 139
122 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints 802.11a Radio 802.11a Advanced 802.11g Radio 802.11g Advanced The options on these ta bs are the same as the Add SonicPoint Profile screen. See Configuring a SonicPoint Profile for instruction s on co nfiguring these settings. 3 Cl[...]
-
Seite 140
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 123 SonicPoint Provisioning Profiles If via the SDP exchange the SonicOS device ascer t ains that the SonicPoint requir es provisioning or a configuration update (e.g. on calculating a ch ecksum mismat ch, or when a firmware update is available), the Configure directive will engage a 3[...]
-
Seite 141
124 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints • Updating Firmware – If the SonicOS device detects that it has a firmware update available for a SonicPoint, it will use SSPP to up date the SonicPoint’s firmware. •O v e r - L i m i t – By default, up to 16 SonicPoint device s can be a[...]
-
Seite 142
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 127 Wireless > Station Status C HAPTER 21 Chapter 21: V iewing S t ation S t atus Wireless > S t ation St atus Event and S t atistics Reporting The Wireless > Station Status page reports on the statis tics of each SonicPoint. The table lists entries for ea ch wireless client c[...]
-
Seite 143
128 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 21: Viewing Station Status None – No state information yet exists for the station Authenticated – The station ha s s uccessfully authenticate d. Associated – The station is associated. Joined – The station has joined the ESSID. Connected – Th[...]
-
Seite 144
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 129 Wireless > IDS C HAPTER 22 Chapter 22: Using and Configuring IDS Wireless > IDS Detecting Wireless Access Point s You can have many wireless access points within re ach of the signal of the SonicPoints on your network. The Wireless > IDS page reports on all access points t[...]
-
Seite 145
130 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 22: Using and Configuring IDS Access Point IDS When the Radio Role of the SonicWALL PRO 5060 is set to Access Point mode, all three types of WIDS services are availa ble, but Rogue Access Poin t detection, by default, acts in a passive mode (passively liste ning to other [...]
-
Seite 146
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 131 P ART 5 Part 5 Firewall[...]
-
Seite 147
132 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 148
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 133 Firewall > Access Rules C HAPTER 23 Chapter 23: Configuring Access Rules Firewall > Access Rules This chapter provides an overview on your SonicWA LL security applian ce stateful packet inspection default access rules and configuration examples to customize your access rules[...]
-
Seite 149
134 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules S t ateful Packet Inspection Default Access Rules Overview By default, the SonicWALL security appliance’s stateful packet inspe c tion allows all communication from the LAN to the Internet, and blocks all traffic to the LAN from the Internet.[...]
-
Seite 150
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 135 Configuration Task List 9 Ti p: You m ust select Bandwidth M anagement on the WAN > Ethernet page. Click Network , then Configure in the WAN line of the In terfaces table, and type your available bandwidth in the Available WAN Bandwidth ( Kbps ) field. Configuration T ask List [...]
-
Seite 151
136 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules Each view displa ys a table of de fined network access rules. F or example, s electing All Rules displays all the network access rules for all zone s. Configuring Access Rules for a Zone To display the Access Rules for a specific zone, select a[...]
-
Seite 152
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 137 Configuration Task List Adding Access Rules To add ac cess rules to the SonicW ALL sec urity applian ce, perform the followin g steps: 1. Click Add at the bottom of the Access Rules table. The Add Rule window is displayed. 2. Select Allow | Deny | Discard from the Action list to p[...]
-
Seite 153
138 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules 10. Click on the Advanced tab. 11. Do not select the Allow Fragmente d Packets ch eck box. Large IP pa ckets are often divid ed into fragments before they are routed over the Inte rnet and then reassembled at a destination host. Because hackers[...]
-
Seite 154
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 139 Access Rule Configuration Examples Enabling and Disabling an Access Rule To enable or disable an access rule, click the Enable checkbox. Restoring Access Rules to Default Zone Settings To remove all end-user configured a c cess rules for a zone, click the Defa ult button. This wil[...]
-
Seite 155
140 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules Blocking LAN Access for S pecific Services This section provides a configuration example fo r an access rule blocking LAN access to NNTP servers on the Internet during busine ss hours. Perform the follo wing steps to c onfigure an acce ss rule [...]
-
Seite 156
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 141 Firewall > Advanced C HAPTER 24 Chapter 24: Configuring Advanced Access Rule Settings Firewall > Advanced To configure ad vanced acce ss rule options, select Firewall > Advanced under Firewall. The Advanced Rule Options page is di splayed.. The Advanced Rule Options i nclu[...]
-
Seite 157
142 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 24: Configuring Advanced Access Rule Settings Detection Prevention • Enable Stealth Mode - By defa ult, the security appliance responds to incoming connection requests as either “blocke d” or “open.” If you enable Stealth Mode, your security appliance does not r[...]
-
Seite 158
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 143 Firewall > Schedules C HAPTER 25 Chapter 25: Setting Access Rule Schedules Firewall > Schedules The Firewall>Schedules page allows you to create and manage a c cess rule enforcement schedules. The Schedules ta ble displays all your predefined and cu stom schedules. Schedul[...]
-
Seite 159
144 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 25: Setting Access Rule Schedules Adding a Schedule To create schedules, click Add . The Add Schedule window is displayed. 1 Enter a name for the schedule in the Name field. 2 Select the days of the week to apply to the schedule or select Al l . 3 Enter the time of day fo[...]
-
Seite 160
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 145 Firewall > Services C HAPTER 26 Chapter 26: Configuring Firewall Services Firewall > Services SonicOS Enhanced suppor ts an expanded IP protocol support to allow users to create services and access rules based on these protocol s. See “Supported Protocols” on page 146 fo [...]
-
Seite 161
146 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services Default Services Overview The Default Services view displays the SonicWALL security appliance default services in the Services table and Service Groups table. The Service Groups table displays clusters of multiple default services as a si[...]
-
Seite 162
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 147 Custom Services Configuration Task List EIGRP ( 88 )—(Enhance d Interior Gateway Routing Protocol) Advanced version of IGRP. Provides superior convergenc e prop erties and operating efficiency, and combines the advantages of link state pr otocols with those of distance vector[...]
-
Seite 163
148 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services For ICMP, IGMP, OSPF and PIMS M protocols, select from the Sub Type pull-down menu for sub types. For the remaining protocols, you will not need to specify a Port Range or Sub Type. 3 Click OK . The service appears in the Custom S[...]
-
Seite 164
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 149 Custom Services Configuration Task List Editing Custom Services Gro up s Click the Notepad icon un der Configure to edit the custom service group in the Edit Service Group window, which includes the same configuration settings as the Add Service Gro up w indow. Deleting Custom Serv[...]
-
Seite 165
150 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services[...]
-
Seite 166
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 151 Firewall > Multicast C HAPTER 27 Chapter 27: Configuring Multicast Settings Firewall > Multicast Multicastin g, also ca lled IP multicas ting, is a me thod for se nding on e Internet Protocol (IP) packet simultaneously to multiple hosts. Multicas t is suited to t he rapidly g[...]
-
Seite 167
152 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 27: Configuring Multicast Settings Multicast Snooping This section provides configurat ion tasks for Multicast Snooping. • Enable Multicast - This checkbox is disabled by de fault. Select this checkbox to support multicast traffic. • Require IGMP Membership report s f[...]
-
Seite 168
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 153 Firewall > Multicast Configuration Example Perform the following steps to enable multic ast supp ort on LAN-dedicated interfaces. 1 Enable multicast support on your So nicWALL security applia nce. In the Firewall > Multicast setting, click on the Enable Multicast checkbox. An[...]
-
Seite 169
154 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 27: Configuring Multicast Settings[...]
-
Seite 170
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 153 Firewall > VoIP C HAPTER 28 Chapter 28: Configuring V oIP Support This chapte r provides o verview information and co nfiguration tasks on enabling Voice over IP (VoIP) protocols. VoIP is a term used in IP telephony fo r a set of facilities for managing the delivery of v oice i[...]
-
Seite 171
154 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 28: Configuring VoIP Support • Gatekeepers - Services for call setup an d tear dow n, and registering H.323 terminals for communications • Multipoint control units (MCUs) - Three-way and higher multipoint communicatio ns between terminals SIP Session Initiation Protoco[...]
-
Seite 172
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 155 Firewall > VoIP SIP Settings This section provides confi guration tasks for SIP Settings. • Enable SIP Transformations - This setting transforms SIP me ssages between LAN (trusted) and WAN/DMZ (untru sted). Yo u need to check this setting when you want th e SonicWAL L to do t[...]
-
Seite 173
156 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 28: Configuring VoIP Support • H.323 Signaling/Media inactivity t ime out (seconds) - This field has a default value of 300 seconds (5 minut es). This is a similar setti ng to the “TCP connection inactivity timeout.” • Default WA N/DMZ Ga tekeeper IP Address - This[...]
-
Seite 174
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 157 P ART 6 Part 6 VPN[...]
-
Seite 175
158 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 176
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 159 VPN > Settings C HAPTER 29 Chapter 29: Configuring VPN Policies VPN > Settings SonicWALL VPN, based on the industry-standar d IPSec VPN implementation, pro v ides a easy-to- setup, secure solution for connecting mobile us ers, telecommuters, remote offices and partner s via t[...]
-
Seite 177
160 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies The VPN>Settings page prov ides the Son icWALL feat ures for configuring your VPN policie s. You configure site-to-site VPN policies and GroupVPN policies from this page. VPN Policy Wizard The VPN Policy Wizard walks you step-by-step throug[...]
-
Seite 178
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 161 VPN > Settings VPN Global Settings The Global VPN Sett ings section displays t h e following information: • Enable VPN must be selected to allow VPN policies through the SonicWALL security policies. • Unique Fire wall Identifier - the default value is the serial number of th[...]
-
Seite 179
162 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Currently Active VPN T unnels A list of currently ac tive VPN tunnels is displayed in this section. The table lists the name of the VPN Policy, the local LAN IP addresses, and the remote destination n e twork IP addresses as well as the peer g[...]
-
Seite 180
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 163 Configuring GroupVPN Policies Configuring GroupVPN with IKE using Preshared Secret on the W AN Zone To configure the WAN GroupVPN, follow these steps: 1 Click the Edit icon for the WAN GroupVPN entry. The VPN Pol icy window is disp layed. 2 In the General tab, IKE using Preshared S[...]
-
Seite 181
164 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies In the IPSec (Pha se 2) Proposal section, sele ct the following default settings: ESP from the Protocol menu 3DES from the Encryption menu SHA1 from the Authen tication menu Select Enable Perfect Forwar d Secrecy if you want an addition al Dif[...]
-
Seite 182
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 165 Configuring GroupVPN Policies 5 Click the Client tab, select any of the following setting s you want to apply to your GroupVPN policy. Cache XAUTH User Name and Password on Client - allows the Global VPN Client to cache the user name and password. à Never - Global VPN Client i[...]
-
Seite 183
166 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Require Distributed Securit y Client for this Connection - only allows a VPN connection from a remote computer runni ng the SonicWALL Distributed Se curity Client, which provides policy enforced firewall protection be fore allowing a Globa[...]
-
Seite 184
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 167 Configuring GroupVPN Policies SHA1 from the Authentication menu. Leave the default setting, 28800 , in the Life Time (se conds) field. This setting forces the tunne l to renegotiat e and exchan ge keys every 8 hou rs. 9 In the IPSec (Phase 2) Proposal section, select th e following[...]
-
Seite 185
168 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Use DHCP to obtain Virtual IP for this Connection - allows the VPN Client to obtain an IP address using DHCP over VPN. Require Distributed Securit y Client for this Connection - only allows a VPN connection from a remote computer runni[...]
-
Seite 186
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 169 Site-to-Site VPN Configurations Site-to-Site VPN Configurations When design ing VPN conne ctions, be sure to d ocument all pertinent IP Addressing informatio n and create a network dia gram to use as a reference. A samp le planning shee t is provided on the ne xt page. The SonicWAL[...]
-
Seite 187
170 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Additional Information SA Name:_____________ _______ Manual Key , SPI In___ __ SPI Out_ ____ Enc.Key:_________ ___________ Auth.Key:______________ _____ If Preshared Secret, Shared Secret:___ ________________ Local IKE ID and Remote IKE ID Pha[...]
-
Seite 188
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 171 Creating Site-to-Site VPN Policies 9 Ti p: Use the VPN Planning Sheet for Site -to-Site VPN Policies to record your settings. These settings are necessary to configure the r e mote SonicW ALL and cr eate a successful VPN connection. Â Cross Refe rence: For configuring VPN policie [...]
-
Seite 189
172 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Configuring a VPN Policy with IKE using Preshared Secret To configure a VPN Policy using Internet Key Exchange (IKE), follow the steps below: 1 Click Add on the VPN>Settings page. The VPN Policy window is displa yed. 2 In the Genera l tab, [...]
-
Seite 190
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 173 Creating Site-to-Site VPN Policies 8 Under Local Networks , select a local network f rom Choose local network from list if a specific local network can access the VPN tunnel. If host s on this side of the VPN connection will be obtaining their addressing from a DHCP server on the r[...]
-
Seite 191
174 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 14 Click Advanced . 15 Select Enable Keep Alive to use heartbeat messages between peers on this VPN tunnel. If one end of the tunnel fails, using Keep Alives will a llow for the automatic rene gotiation of the tunnel once both sides beco m e a[...]
-
Seite 192
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 175 Creating Site-to-Site VPN Policies Configuring a VPN Policy using Manual Key To manually configu r e a VPN policy between two SonicWALL appliances using Manual Key, follow the steps below: Local SonicW ALL 1 Click Add on the VPN>Settings page. The VPN Policy window is displayed.[...]
-
Seite 193
176 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 7 Click on the Proposals ta b. 8 Define an Incoming SPI and an Outgoing SPI . The SPIs are hexade cimal (0123456789abcedf) and can range from 3 to 8 char acters in length. S Alert: Each Secu rity Association must have unique SPIs ; no two Secu[...]
-
Seite 194
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 177 Creating Site-to-Site VPN Policies 12 Click the Advanced tab and sele ct any of the followin g option al settings you want to apply to your VPN policy. Select Enable Windows Networking (NetBIOS) broa dcast to allow access to remote network resources by browsing the Windows® Networ[...]
-
Seite 195
178 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 8 Define an Incoming SPI and an Outgoing SPI . The SPIs are hexade cimal (0123456789abcedf) and can range from 3 to 8 char acters in length. S Alert: Each Secu rity Association must have unique SPIs ; no two Security Associations can share the[...]
-
Seite 196
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 179 Creating Site-to-Site VPN Policies Configuring a VPN Policy with IKE using a Third Party Certificate S Alert: You must have a valid certificate from a third party Certificate Author ity installed on your SonicWALL before you can configur e your VPN po licy with IKE using a third pa[...]
-
Seite 197
180 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 8 Click on the Network tab. 9 Under Local Ne tworks , select a local network from Choose local network fr om list if a specific local network can access the VPN tunnel. If host s on this side of the VPN c onnection will be obtaining their addr[...]
-
Seite 198
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 181 Creating Site-to-Site VPN Policies Enter a maxim um time in seconds allo wed befor e forcing th e policy to re negotiate and exch ange keys in the Life Time field. The default settings is 28800 seconds (8 hours) . 13 In the Ipsec (Phase 2) Proposal section, select the following set[...]
-
Seite 199
182 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Select an interface or Zone from the VPN Policy b ound to menu. A Zone is the prefer red selection if you are using WAN Load Balancing and you wish to allow the VPN to use either WAN interface. 15 Click OK . 16 Click Apply on the VPN>Settin[...]
-
Seite 200
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 183 VPN>Advanced C HAPTER 30 Chapter 30: Configuring Advanced VPN Settings VPN>Advanced The Advanced VPN Settings page includes optional settings that affect all VPN policies. Advanced VPN Settings • Enable IKE Dead Peer Dete ction - Select if you want inactive VPN tunnels to b[...]
-
Seite 201
184 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 30: Configuring Advanced VPN Settings • Enable Fragmented Packet Handling - If the VPN log report shows the log me ssage “Fragmented IPSec packe t dropped”, select this f eature. Do not select it until the VPN tunnel is established and in operation. Ignore DF (Don&a[...]
-
Seite 202
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 185 VPN > DHCP ov er VPN C HAPTER 31 Chapter 31: Configuring DHCP Over VPN VPN > DHCP over VPN The V PN > DHCP over VPN page allows you to configure a Ho st (DHCP Client) behind a SonicWALL security appliance to obtain an IP address lease from a DHCP se rver at the othe r end [...]
-
Seite 203
186 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN 2 Select Central Gateway from the DHCP Relay Mode menu. 3 Click Configure . The DHCP over VPN Configurat ion window is displayed. 4 Select Use Internal DHCP Server to enable the SonicWALL Gl obal VPN Client or a remote firewall or bo th to us[...]
-
Seite 204
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 187 VPN > DHCP ov er VPN Configuring DHCP over VPN Remote Gateway 1 Select Remote Gateway from the DHCP Relay Mode menu. 2 Click Configure . The DHCP over VPN Configuration window is displayed. 3 In the General tab, select the VPN policy to be used to relay DHCP requests from the Ce[...]
-
Seite 205
188 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN Devices 1 To configure devices on your LAN, click the Devices tab. 2 To configure Static De vices on the LAN , click Add to display the Add LAN Device Entry window, and type the IP ad dress of the device in the IP Address field and then type [...]
-
Seite 206
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 189 VPN > DHCP ov er VPN Current DHCP over VPN Leases The scrolling window shows the det ails on the c urrent bindings: IP and Ethernet address of the bindings, along with the Lease Time, and Tunne l Na me. To edit an entry, click the Notepad icon under Config ure for that entry. To[...]
-
Seite 207
190 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN[...]
-
Seite 208
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 191 VPN > L2TP Server C HAPTER 32 Chapter 32: Configuring L2TP Server VPN > L2TP Server The SonicWALL security applia nce can terminat e L2TP-over-IPSec connections from incom ing Microsoft Windows 2000 and Windows XP clients. In situations where r unning the SonicWALL Global VPN[...]
-
Seite 209
192 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 32: Configuring L2TP Server Configuring the L2TP Server The VPN > L2TP Server page provides the settings for co nfi guring th e SonicWALL secu rity appliance as a LT2P Server. To configure the L2TP Server , follow these steps: 1 To enable L2TP Se rver functionality on [...]
-
Seite 210
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 193 VPN > L2TP Server 7 If you have configured a specific user grou p defined for using L2TP, select it from the Us er Group for L2TP users menu or use Everyone . 8 Click OK . Currently Active L2TP Sessions • User Name - the user name assigned in the local user data base or the RA[...]
-
Seite 211
194 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 32: Configuring L2TP Server[...]
-
Seite 212
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 195 VPN>CA Certificates C HAPTER 33 Chapter 33: Configuring VPN Certificates VPN>CA Certificates A digital certificate is an electron ic means to ve rify identity by a trusted third party known as a Certificate Authority (CA). X.50 9 v3 certificate standard is a specification to [...]
-
Seite 213
196 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates Implementing Certificates for VPN Policies To implement the use of certificates for VPN polic ies, you must locate a source for a valid CA certificate from a thir d party CA se rvice. Once you have a valid CA ce rtificate, you can import i[...]
-
Seite 214
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 197 VPN>CA Certificates 3 Click Import Certificate to import the certificate i nto the Soni cWALL security appliance. Once it is imported, you can view the Ce rtificate Details . Certificate Det ails The Certificat e Details section lists the following information: • Certificate I[...]
-
Seite 215
198 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates You can import the CRL by manually downloading t he CRL an d then importing it into the SonicWALL security ap pliance. You can also e nter the UR L lo cation of the CRL by e ntering the address in the Enter CRL’s locati on (URL) for auto[...]
-
Seite 216
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 199 VPN > Local Certificates 5 To view details abou t the certificate, sele ct it from the Certificates menu in the Current Certificates section. Certificate Det ails To view de tails about th e certificate, select the certificate from the Certificates menu in the Current Certificat[...]
-
Seite 217
200 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates You can also attac h an optional Subject Alternative Name to the certificate such as the Doma in Name or E-mail Address . 4 The Sub ject Key type is preset as an RSA algorithm. RSA is a public ke y cryptographic algorithm used for encrypti[...]
-
Seite 218
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 201 P ART 7 Part 7 Users[...]
-
Seite 219
202 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 220
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 203 Users>Status C HAPTER 34 Chapter 34: Managing User S t atus and Authentication Settings SonicWALL secu rity appliances provide a mechanis m for user level auth entication that gives users access to the LAN from re mote locations on the Internet as well as a means to bypass conte[...]
-
Seite 221
204 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings User>Settings On this page, you can configure th e authentication method required, global user settings, an d an acceptable user policy that is displayed to users when logg ing onto your network. Authentication Metho[...]
-
Seite 222
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 205 User>Settings 1 Click Configure to set up your RADIUS server settings on the SonicWALL. The RADIUS Configuration window is displayed. 2 Define the RADIUS Server Timeout in Second s . The allowable range is 1-60 seconds with a default valu e of 5. 3 Define the number of times the[...]
-
Seite 223
206 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings RADIUS Users Click the RADIUS Users tab. RADIUS Users Settings Select Allow only users listed locally if only the users listed in the SonicWALL database are authenticated using RADIUS. Select the mechanism used for sett[...]
-
Seite 224
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 207 User>Settings 2 In the Settings tab, enter a name for the group. You may ente r a descriptive comment as well. 3 In the Members tab, select the members of the group. Se lect the users or group s you want to add in the left column and click the -> button. Click Ad d All to add[...]
-
Seite 225
208 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings RADIUS Client T est You can test your RADIUS Client user name and pa ssword by typing in a valid user na me in the User field, and the password in the Passwor d field. If the validation is successful, the Status message[...]
-
Seite 226
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 209 User>Settings Accept able Use Policy An acceptable use policy (AUP) is a policy users must agree to follow in orde r to access a network or the Internet. It is common practice for many businesses and educational facilit ies to require that employees or students agree to an accep[...]
-
Seite 227
210 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings[...]
-
Seite 228
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 211 User > Local Users C HAPTER 35 Chapter 35: Managing Local Users and Local Group s User > Local Users Local Users are users stored and managed on the security appliance’s local database. In the he Users > Local Users page, you can view and man age all local users, add new[...]
-
Seite 229
212 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 35: Managing Local Users and Local Groups V iewing Local Users You can view all the groups a us er belongs to on the Users > Lo cal Users page. Click on the expand icon ne xt to a user to view th e group membersh ips for that user. The three columns to the right of the[...]
-
Seite 230
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 213 Users>Local Groups Group s To add the user to a User Group, select on e or more groups, and click ->. The user then becomes a member of the selected groups. To remove a gr oup, select the group from the Member of column, and click <-. VPN Access To allow users to access ne[...]
-
Seite 231
214 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 35: Managing Local Users and Local Groups the table. Click the No tepad icon in the Configur e column to review or chang e the settings for Everyone . Creating a Local Group 1 Click th e Add Group button to display the Add Group window. 2 Create a user name and type it in[...]
-
Seite 232
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 217 Users > Guest Services C HAPTER 36 Chapter 36: Managing Guest Services and Guest Account s Guest accounts are temporar y accounts set up for users to log into your network. You can create these accounts manually, as n eeded or generate them in batches. SonicOS includes profiles [...]
-
Seite 233
218 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts Global Guest Settings Check Show guest login status window with logout bu tton to display a user login window on the users’s workstation whenever the user is logged in. Users must keep this window open dur ing their login s[...]
-
Seite 234
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 219 Users > Guest Accounts Enforce login uniqu eness : Check this to allow only a single instance of an account to be used at any one time. By default, this feature is enab led when creating a new guest account. If you want to allow multiple user s to login wit h a single accoun[...]
-
Seite 235
220 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts T o Add an Individual Account: 1 Under the list of accounts, click Add Guest . 2 In the Settings tab of the Add G uest Accoun t window configure: Profile : Select the Guest Pro f ile to generate this account from. Nam[...]
-
Seite 236
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 221 Users > Guest Accounts T o Generate Multiple Account s 1 Under the list of acco unts, click Generate . 2 In the Settings tab of the Genera te Guest Accounts w indow co nfigure: Profile : Select the Guest Profile to generate the accounts from.N umber of Accounts: Number o[...]
-
Seite 237
222 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts 1 Check the box in the Enable column next to the name of th e account you want to enable. Check the Enable box in the ta ble heading to enable all accounts on the page. 2 Click on Apply in the top right corner of the page. f [...]
-
Seite 238
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 223 Users > Guest Status Users > Guest S t atus The Guest Status page reports on all th e guest account s currently logged in to the security a ppliance. The page lists: •N a m e : The name of the guest account •I P : The IP address the guest user is connecting to. • Interf[...]
-
Seite 239
224 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts[...]
-
Seite 240
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 225 8 Part 8 Hardware Failover[...]
-
Seite 241
226 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 242
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 227 Hardware Failover > Settings C HAPTER 37 Chapter 37: Setting Up Hardware Failover Hardware Failover > Settings Hardware Failover a llows two identical SonicWALL PRO Ser ies security appliances running SonicOS Enhanced to be configured to pr ovide a reliable, cont inuous conne[...]
-
Seite 243
228 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover services are affected, physical (or logical) link de tection is detected on monitored interfaces , or when the SonicWALL loses po wer. The self-checking mechanism is m anaged by softwar e diagnostics, which check the complete system integr[...]
-
Seite 244
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 229 Hardware Failover > Settings • Once Hardware Failover ha s been configured and activated, upon first prefe r ences synchronization, the Backup SonicWALL se curity ap pliance automatically reboots in orde r to load the mirrored prefer ences – this is normal behavior. • At p[...]
-
Seite 245
230 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover Intial Hardware Failover Setup Before you begin the configuration of Hardware Failover on the Primary SonicWALL secur ity appliance, perform th e following intial setup procedu res. • On the back of the Backup SonicWALL security app lian[...]
-
Seite 246
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 231 Hardware Failover > Settings Configuring Hardware Failover The first task in setting up hardware failover after intial setup is config uring the Hardware Failover>Settings pag e on the Primary SonicWALL security app liance. Once you configure hardware failover on th e Primary[...]
-
Seite 247
232 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover Log into the Backup SonicWALL’s uniqu e LAN IP ad dress. If this SonicWALL secu rity appliance has not been registered at mySon icWALL.com, register it. The Management Interfa c e should now display Logged Into: Backup SonicWALL Status :[...]
-
Seite 248
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 233 Hardware Failover > Settings Sychronizing Firmware Checking the Sychronize Firmware Up load and Reboot checkbox allows the Prim ary And Backup SonicWALL security appliances in Har dware Failover mode to have firmware uploaded on both devices at on ce, in stagge red seque nce to [...]
-
Seite 249
234 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover during config uration. If preempt mode is en abled, the primary Son icWALL becom es the ac tive firewall and the backup fire wall returns to Idle status. • E-mail Alerts Indicating Status Ch ange - If you have configured the primary Son [...]
-
Seite 250
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 235 P ART 9 Part 9 Security Services[...]
-
Seite 251
236 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 252
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 237 Security Services>Summary C HAPTER 38 Chapter 38: Managing Security Services Security Services>Summary SonicWALL, Inc. offers a variety of subscription -b ased Security Services a nd Upgrades to enhance the functiona lity of your SonicWALL se curity a ppliance to provide comp[...]
-
Seite 253
238 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 38: Managing Security Services Creating a mySonicWALL . com account is easy and FREE. Simply complete an online registratio n form. Once your account is created, you can r egister So nicWALL security app liance and activate SonicWALL Secur ity Services associat ed with th[...]
-
Seite 254
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 239 Security Services>Summary Manage Licenses Clicking the Manage Licenses button displays the mySonicWALL. com Login page. Enter your mySonicWALL.com userna me and password in the User Name and Pa ssword fields, and then click Submit . The System>Licenses page is displayed with [...]
-
Seite 255
240 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 38: Managing Security Services[...]
-
Seite 256
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 241 Security Services>Content Filter C HAPTER 39 Chapter 39: Configuring SonicW ALL Content Filter Security Services>Content Filter The Security Ser vices >Content Filter page allows you to configu re the SonicWALL Restrict Web Features and Trusted Dom ains settings, which are[...]
-
Seite 257
242 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter • SonicWALL CFS Premium blocks 56 categor ies of objectionable, inappro priate or unproductive Web content. SonicWALL CFS Premium provides network adm inistrators w ith greater control b y automatically an d transparen tly enforc[...]
-
Seite 258
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 243 Security Services>Content Filter 3 Click Activate or Renew in the Manage Service column in the Manage Services Online table. Type in the Activation Key in the New License Key field and click Submit . Your SonicWALL CFS subscription is activated on your SonicWALL. 4 If you activa[...]
-
Seite 259
244 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter Restrict W eb Features Restrict Web Feat ures enhances your network security by blocking poten tially harmful Web applications from entering your network. Restrict Web Feat ures are included with SonicOS. Select any of the foll owi[...]
-
Seite 260
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 245 Security Services>Content Filter To delete all trus ted domains, click Delete Al l . To edit a trusted domain entry, click the No tepad icon. Message to Display when Blocking You can enter your customized text to display to t he user wh en a ccess to a blocked si te is attempt e[...]
-
Seite 261
246 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter S Alert: Do not include the prefix “http://” in eithe r the Allowed Domains or Forbid den Domains the fields. All subdomains are affected. For example, ente ring “yahoo.com” applies to “mail.yahoo.com” and “my.y ahoo.[...]
-
Seite 262
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 247 Security Services>Content Filter the Internet again. To configur e the value, follow the link to the Users window and enter the desired value in the User Idle Timeout section. • Consent Page URL (optional filter ing) - When a user opens a Web browser on a co mputer requiring c[...]
-
Seite 263
248 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter[...]
-
Seite 264
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 249 Security Services>Anti-Virus C HAPTER 40 Chapter 40: Activating SonicW ALL Network Anti-V irus Security Services>Anti-V irus By their nature, anti-virus products typically require regular, active maintenan c e on every PC. When a new virus is discovered, all anti-v irus softw[...]
-
Seite 265
250 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 40: Activating SonicWALL Network Anti-Virus Activating SonicW ALL Network Anti-V irus If SonicWALL Network Anti-Virus is no t activa ted, you mu st activate it. If you do no t have an Activa tion Key, you m ust purcha se SonicWALL Network Anti-Vir us from a SonicWALL rese[...]
-
Seite 266
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 251 Security Services>E-Mail Filter security appliance is alrea dy connected to your mySonicWALL.com account, th e System>Licen ses page appears after you click the FREE TRIAL link. 3 Click FREE TRIAL in the Manage Service column in the Manage Services Online table. Your SonicWAL[...]
-
Seite 267
252 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 40: Activating SonicWALL Network Anti-Virus[...]
-
Seite 268
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 253 Security Services > Intrusion Prevention C HAPTER 41 Chapter 41: Activating Intrusion Prevention Service Security Services > Intrusion Prevention SonicWALL Intru sion Preven tion Service (Son icWALL IPS) deliv ers a configura ble, high perf ormance Deep Packet Inspection engi[...]
-
Seite 269
254 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service Inspection engine can also read signatures wr itten in the popular Snort format, allowing SonicWALL to easily in corporate new signa tur es as they are published by third parties. SonicWALL mainta ins a current an d robust sign [...]
-
Seite 270
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 255 Security Services > Intrusion Prevention How SonicW ALL ’ s Deep Packet Inspection Works Deep Packet Inspection t echnology enables th e firewall to investigate farther into the prot ocol to examine information at the application layer a nd defend against attacks targeting app[...]
-
Seite 271
256 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service • Intrusion Detection - a process of identifying and flagging malicious activity aimed at information technology. • False Positive - a false ly identified attack traffic pattern. • Intrusion Prevention - finding an omalies[...]
-
Seite 272
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 257 Security Services > Intrusion Prevention Activating SonicW ALL IPS If you have an Activation Key for your SonicW ALL IPS, follow these steps to activate IPS : 1 Click the SonicWALL IDP Subscription link on the Security Services>Intrusion Prevention page. The mySonicWALL.com L[...]
-
Seite 273
258 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service[...]
-
Seite 274
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 259 P ART 10 Part 10 Log[...]
-
Seite 275
260 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 276
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 261 Log > View C HAPTER 42 Chapter 42: Managing Log Event s Log > V iew The SonicWALL security appliance main tains an Event log for tracking potential s ecurity threats. This log can be viewed in the Log > View pag e, or it can be automatically sent to an e-mail ad dress for [...]
-
Seite 277
262 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Log V iew T able The log is disp layed in a table and is sor table by column. The log table co lumns include: •T i m e - the date and time of the event. •P r i o r i t y - the level of priority associated with your log event. Syslog uses eight [...]
-
Seite 278
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 263 Log Event Messages Export Log To export the contents of the log to a defined destination, click the Ex port Log button.You can export log content to two formats: • Plain text format --Used in log and alert email. • Comma-sepa rated valu e ( CSV ) format --Used for importing int[...]
-
Seite 279
264 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Alert Log Messages Critical Log Messages Error Log Messages Message ID Priority Description of Log Event 29 Alert Administrat or login allowed 30 Alert Administrator login d enied 31 Alert Local user login allowed 32 Alert Local user login denie d [...]
-
Seite 280
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 265 Log Event Messages 119 logstrDHCPCVe rifyFailInit Error DHCP Client failed to verify and lease has expired. Go to INIT state. 120 logstrDHCPCVerif yFailBound Error DHC P Client failed to verify and lease is still valid. Go to BOUND state. 121 logstrDHCPCGotNewIP Error DHCP Client g[...]
-
Seite 281
266 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 472 logstrDhcpr NoRelayIpAv ailable Err or WARNING: Central Gateway does not have a Relay IP Address. DHCP message dropped. 473 logstrDhc prRequestM essage Error DHCP REQU EST received from remote device 474 logstrDhcprDiscoverMessage Error D HCP D[...]
-
Seite 282
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 267 Log Event Messages W arning Log Messages 572 logStrOlderPrefs Error A prior version of preferences was loaded because th e most recent preferences file was inaccessible 573 logStrPrefsTooBig Error The preferences file is too large to be saved in available flash memory 574 logStrPre[...]
-
Seite 283
268 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 239 log strVpnNatTravPeerBehindNat Warning NAT Discovery: Peer IPSec Security Gateway behind a NAT/ NAPT Device 240 log strVpnNatTravWeBehindNat Warning NAT Discovery: Local IPSec Security Gateway behind a NAT/ NAPT Device 241 logstrVpnNatTravNo Na[...]
-
Seite 284
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 269 Log Event Messages 307 lo g strWanModeIs Warning The network connection in use i s %s 326 lo g strWfoProbeFailed Warning Probing failure on %s 342 logstrLogIkeP roposalBadModeForX auth Warning IKE Responder: Mode %d - not transport mode. Xauth is re quired but not supported by peer[...]
-
Seite 285
270 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 450 logPkeEntityCertLimit Warning PKI Failure: Reached the limit for local certs, cannot load any more 451 log PkeImportFailed Warn ing PKI Failure: Import fa iled 452 log PkeBadPassword Warning PKI Failure: Incorre c t admin password 453 logPkeCaC[...]
-
Seite 286
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 271 Log Event Messages 470 logPkeCouldNotV alidateCha in Warning PKI Failure: Loade d the certificate but could not verify it's chain 483 logstrInvalidId Warning R eceived notify : INVALID_ID_INFO 487 lo g strWlanFirmwareUpdated Warning wlan firmware image has bee n updated 488 lo[...]
-
Seite 287
272 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Notice Log Messages 556 log strWlanPassiveRogueAP Warning Found Rogue Access Point 581 logstrWlbOnSpill Warning WLB Sp ill-over started, configured threshold excee ded 582 logstrWlbOffSpill W arnin g WLB Spill-over stopped 584 log strWlbFailover Wa[...]
-
Seite 288
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 273 Log Event Messages 253 logstrLogIkeProposalAddrWithDefG w Notice IKE Responder: Default LAN gateway is set but peer is not proposing t o use this SA a s a default rou te 254 logstrLogIkeProposalOutsideNotNat Pub Notice IKE Respon der: Tunnel terminates outside firewall but propose [...]
-
Seite 289
274 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Info Log Messages Message ID Log Event Priority Description of Log Event 0 logstrL ogHeader1 In fo Log (part 1 logstrLogHeader2 I nfo ) dumped to email at 2 logstrL ogEmailSubjec t Info Log file fro m SonicWALL 3 logstrAlertEmailSub ject Info *** A[...]
-
Seite 290
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 275 Log Event Messages 43 logstrIpsecInterruptErr Info IPSec connection interrupt 44 logstrNATCouldntRemap Info NAT could not remap incoming packet 45 logstrArpFailure Info ARP timeout 46 logstrBroadcastDropped Info Broa dcast packet dropped 47 logstrNoICMPRedirectSent In fo No ICMP re[...]
-
Seite 291
276 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 85 logstrLocalRange Info local range: 86 logstrRemoteRa nge I nfo remote range: 96 logstrLogStatusEvent Info Status 97 logstrSyslogWebSiteAccessed Info #Web site hit 98 logstrSyslogConnectionLog ged Info Connection Opened 123 logstrAVAccessWithout [...]
-
Seite 292
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 277 Log Event Messages 147 logstrHaIdleBackup Info Backup firewall has transitioned to Idle 148 logstrHaMissedHeartbeatPrimary In fo Primary missed heartbeats from Backup 149 logstrHaMissedHeartbeatBackup Info Backup missed heartbeats from Primary 150 logstrHaErrorReceivedPrimary Info [...]
-
Seite 293
278 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 169 logstrPpp oeLcpUnacked Info No response from ISP Disconnecting PPPoE. 170 logstrBackupActivePreemp t Info Backup going Active in preem pt mode afte r reboot 171 logstrVpn Info VPN Log 172 logstrVpn Debug Info VPN Log Debug 173 logstrLanTCPDenie[...]
-
Seite 294
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 279 Log Event Messages 195 logstrTCPStatFIN Info VPN TCP FIN 196 logstrTCPStatPSH Info VPN TCP PSH 197 logstrCflSubscrip tionExpiredE mailS ubject Info Content fi lter subscription expired. 201 logstrL2tpTunnelStarting Info L2TP Tunnel Negotiation Started 202 logstrL2tpSessionStarting [...]
-
Seite 295
280 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 245 logstrUserL oginRadiusError Info User login denied - RADIUS configuration error 246 logstrUse rLoginFromWrongLocation Info User login denied - User has no privileges for login from that location 248 logstrFor biddenAtt Deleted Info Forbidd en E[...]
-
Seite 296
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 281 Log Event Messages 298 logstrPppduIpcpFailed Info PPP Dial-Up: Failed to get IP address 299 logstrPppduIpcpUp Info PPP Dia l-Up: Received new IP address 300 logstrPppduPppEst Info PPP Dial-Up: PPP link established 301 logstrPppduLinkDown In fo PPP Dial-Up: PPP link down 302 logstrP[...]
-
Seite 297
282 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 321 logstrPppduNeedManualAction Info PPP Dial-Up: Manual intervention needed. Check Primar y Profile or Profile details 322 logstrWfoManualProfile Info PPP Dia l-Up: Trying to failover but Primary Profile is manual 323 logstrPppduAutoDetect Inf o P[...]
-
Seite 298
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 283 Log Event Messages 377 logstrPptpMaxReTransExceed Info PPTP Max Retransmission Exceeded 378 logstrPptpCtrlConnEstablished Info PPTP Control Connection Established 379 logstrPptpTunnelDisconRem Info PPTP Tunnel Disconnect from Remote 380 logstrPptpSessionSuccess In fo PPTP Session E[...]
-
Seite 299
284 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 402 logstrLogIkePro posalReject Info IKE Responder: IKE proposal does not match (Phas e 1) 403 logstrLogIkeAbo rt Info IKE negotiation abor ted due to timeout 404 logstrDecryptFailedWithPsk Info Failed payload verification after decryption. Possibl[...]
-
Seite 300
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 285 Log Event Messages 441 logstrRuleModified Info Access Rule modified 442 logstrRuleDeleted Inf o Access Rule deleted 443 logstrRuleTableDefaulted Info Access Rules restored to defaults 444 logstrPptpServerDown Info PPTP Server is not responding , check if the server is UP and runnin[...]
-
Seite 301
286 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 526 logstrWebAccessReque stRcvd Info Web management reque st allowed 527 logstrFtpPortBounceAtta ck Info FTP: PORT bounce attack dropped. 528 logstrFtpPasvBou n ceAttack Info FTP: PASV response bounce attack dropped. 537 logstrSyslogCloseLogg ed In[...]
-
Seite 302
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 287 Log Event Messages 609 logstrIDPPreventionAlert Info IPS Prevention Alert: %s 614 logstrIDPExpiredMsg Info Received IPS Alert: Your SonicWALL Intrusion Prevention (IDP) subscription has expired. 622 logstrVoipCallConnect I nfo VoIP Call Connected 623 logstrVoipCallDisconnect In fo [...]
-
Seite 303
288 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Debug Log Messages 652 logstrVoipSpar e31 Info unused/spare 653 logstrVoipSpar e32 Info unused/spare 655 logstrLog SyslogDataRa teExceede d In fo Maximum syslog data per second threshold exceeded 656 logstrLogSpare 3 Info unused/spare 657 logstrLog[...]
-
Seite 304
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 289 Log Event Messages 364 logstrCryptRsaTestFail e d Debug Crypto RSA test failed 365 logstrCryptSha1TestFa iled Debug Crypto Sha1 test failed 366 logstrCryptHwDesT e stFailed Debug Cr ypto hardware DES test failed 367 logstrCryptHw3DesTestFailed Deb ug Cr ypto Hardware 3D es test fai[...]
-
Seite 305
290 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 618 logstrBootpCentralAck Debug BOOTP server r esponse relayed to remote device 619 logstrBootpReplyConflict Debug B OOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table 620 logstrBootpRemoteAck Debug[...]
-
Seite 306
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 291 Log > Categories C HAPTER 43 Chapter 43: Configuring Log Categories Log > Categories This chapter provides configur ation tasks to enable you to categorize and custo mize the logging functions on your SonicWALL security app lian c e for troublesho oting and diagnostics. [...]
-
Seite 307
292 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 43: Configuring Log Categories Log Priority This section provides information on config uring the level of priority log messages are captured and corresponding alert message s are sent through e-mail for notification. Logging Level The Logging Level contr o l filters event[...]
-
Seite 308
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 293 Log > Categories of attacks evolved, it’s become essential to dig de eper into the traffic, and to develop the sort of adaptability that could keep pace with the new threats. All SonicWALL secu rity appliance s, even thos e running SonicWALL IP S, continue to recognize th ese[...]
-
Seite 309
294 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 43: Configuring Log Categories Managing Log Categories The Log Categories table d isplays log category informat ion organized into the following columns : • Categor y - Displays log c ategory name. • Description - Provides description of the log category activity type.[...]
-
Seite 310
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 295 Log > Syslog C HAPTER 44 Chapter 44: Configuring Syslog Settings Log > Syslog In addition to the standard event log, the SonicWA LL security appliance can send a detailed log to an external Syslo g server. T he SonicWA LL Syslog captures all log activity and includes every co[...]
-
Seite 311
296 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 44: Configuring Syslog Settings Syslog Settings Syslog Facility • Syslog Facility - Allows you to select the facilities and severities of the messages based on the syslog protoc ol. Â Cross Reference: See RCF 3 164 - The BSD Syslog Protocol for more information. • Ov[...]
-
Seite 312
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 297 Log > Automation C HAPTER 45 Chapter 45: Configuring Log Automation Log > Automation The Log>Automation pag e includes settings for configuring the SonicWALL to send log files using e-mail and configu ring mail server settings. E-mail Log Automation • Send Log to E-mail [...]
-
Seite 313
298 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 45: Configuring Log Automation standard e-mail address or an e- mail paging service. If this field is left blank, e-mail alert messages are not sent. •S e n d Log - determines the freq uency of sending log files. The options are When Full , Weekly , or Daily . If the We[...]
-
Seite 314
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 299 Log > Reports C HAPTER 46 Chapter 46: Generating Log Report s Log > Report s The SonicWALL security appliance can perform a rolling analysis of th e event log to show the top 25 most frequently accessed Web sites, the top 25 us ers of bandwidth by IP addres s, and the top 25 [...]
-
Seite 315
300 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 46: Generating Log Reports Dat a Collection The Reports window includes the followin g functions and commands: •S t a r t D a t a Collection Click Start Data Collection to begin log an alysis. When log analysis is enabled, the butto n label changes to Stop Dat a Collect[...]
-
Seite 316
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 301 Log > ViewPoint C HAPTER 47 Chapter 47: Activating and Enabling SonicW ALL V iewPoint Log > V iewPoint SonicWALL ViewPoint is a Web-based grap hical repo rting tool that provides unprecedented security awareness and control over your network environment thr ough detailed and [...]
-
Seite 317
302 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 47: Activating and Enabling SonicWALL ViewPoint Activating V iewPoint The Log>ViewPoint page allows you to activate the ViewPo int license directly from the SonicWALL Management Interface using two methods. If you received a license activation key, ente r the activatio[...]
-
Seite 318
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 303 Log > ViewPoint Enabling V iewPoint Settings Once you have installed the SonicWAL L ViewPoint software, you can point the SonicWALL security appliance to the server running ViewPoint. 1 Check the Enable ViewPoint Settings checkbox in the Syslog Server s section of the Log>Vie[...]
-
Seite 319
304 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 47: Activating and Enabling SonicWALL ViewPoint[...]
-
Seite 320
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 305 P ART 11 Part 11 Wi z a r d s[...]
-
Seite 321
306 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]
-
Seite 322
307 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE C HAPTER 48 Chapter 48: Configuring Internet Connectivity Using the Setup Wizard Internet Connectivity Using the Setup Wiz a r d The first time you log into the SonicWALL, the Setup Wizard is launched automati cally. To launch the Setup Wizard at any from the Mana gement Interf ace[...]
-
Seite 323
308 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Setup Wizard Note: Your Web browser must b e Java-enabled and su pport HTTP uploads in or der to fully manage SonicWALL. In ternet Explo rer 5.0 an d above as well as N etscape Nav igator 4.0 and abov e meet[...]
-
Seite 324
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 309 Internet Connectivity Using the Setup Wizard S t ep 2: Change Time Zone 3 Select the appropriate Time Zone from the Time Zone menu. The SonicWALL inter nal clock is set automatically by a Network Time Server on the Internet. Click Next . S t ep 3: W AN Network Mode 4 Confirm that y[...]
-
Seite 325
310 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 4: W AN Network Mode: NA T Enabled 6 Enter the public IP address provided by yo ur ISP in the SonicWALL WAN IP Address , then fill in the rest of the fields: WAN/OPT/DMZ Subnet Mask , WAN Gateway (Router) A[...]
-
Seite 326
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 311 Internet Connectivity Using the Setup Wizard S t ep 6: LAN DHCP Settings 8 The Optional-SonicWALL DHCP Serve r window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatica lly configures the IP settings of computers on the LAN. To enable the DHCP server, select[...]
-
Seite 327
312 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Storing SonicW ALL Configuration Setup Wizard Complete 10 The SonicWA LL stores the networ k settings. 11 Click Restart to restart the SonicWALL. The SonicWALL takes approximately 90 seconds or longer to restart[...]
-
Seite 328
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 313 Internet Connectivity Using the Setup Wizard 1 Click the Setup Wizard button on the Net work>Settings page. 2 Read the instructions on the Welcome window and click Next to continue. S t ep 1: Change Password 3 To set the password, enter a new pa ssword in the New Password and Co[...]
-
Seite 329
314 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 3: W AN N etwork Mode 5 Select DHCP , the Obtain an IP address automat ically w indow is displayed. Click Next . Step 4: W AN Network M ode: NA T with DHCP Client 6 The Obtain an IP address automatically wi[...]
-
Seite 330
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 315 Internet Connectivity Using the Setup Wizard S t ep 5: LAN Settings 7 The Fill in information about your LAN page allows the configuration of SonicWALL LAN IP Addresses and Subnet Masks. SonicWALL LAN IP Addresses are the private IP addr esses assigned to the LAN of the SonicWAL L.[...]
-
Seite 331
316 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Configuration Su mmary 9 The Configuration Summary windo w displays the configuration defined using the Installation Wizard . To modify any of the setting s, click Back to return to the Conn ecting to th e Inter[...]
-
Seite 332
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 317 Internet Connectivity Using the Setup Wizard S t oring SonicW ALL Configuration Setup Wizard Complete 10 Click Restart to restart the SonicWALL. The SonicWALL takes 90 se conds to restart . During this time, the yellow Test LED is lit. 9 Ti p: The new SonicWALL LAN IP address, disp[...]
-
Seite 333
318 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard 1 Click th e Setup Wizard button on the Network>Setting s page. 2 Read the instructions on the Welcome window and click Next to continue. Step 1: Change Password 3 To set the p assword, en ter a ne w password[...]
-
Seite 334
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 319 Internet Connectivity Using the Setup Wizard S t ep 2: Change Time Zone 4 Select the appropriate Time Zone from the Time Zone menu. The SonicWALL inter nal clock is set automatically by a Network Time Server on the Internet. Click Next . S t ep 3: W AN Network Mode 5 The SonicWALL [...]
-
Seite 335
320 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 4: W AN N etwork M ode: NA T with PPPoE Client 6 Select whether to use a dynamic o r static IP address, and enter the user name and password provided by your ISP into the User Name and Password fields. Clic[...]
-
Seite 336
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 321 Internet Connectivity Using the Setup Wizard S t ep 6: DHCP Server 8 The Optional-SonicWALL DHCP Serve r window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatica lly assigns IP settings to computers on the LAN. To enable the DHCP server, select Enable DHCP [...]
-
Seite 337
322 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Storing SonicW ALL Configuration 9 Tip : The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manag e the SonicWALL. Setup Wizard Complete 10 Click Re[...]
-
Seite 338
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 323 Internet Connectivity Using the Setup Wizard 1 Click the Setup Wizard button on the Net work>Settings page. 2 Read the instructions on the Welcome window and click Next to continue. S t ep 1: Change Password 3 To set the password, enter a new pa ssword in the New Password and Co[...]
-
Seite 339
324 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 2: Change Time Zone 4 Select the appro priate Time Zone from the Time Zone menu. The So nicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next . Step 3: W AN N etwo[...]
-
Seite 340
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 325 Internet Connectivity Using the Setup Wizard S t ep 4: W AN Network Mode: NA T with PPTP Client 6 Enter the user name and passwo rd provided by your ISP into the User Name and Password fields. Click Next . S t ep 5: LAN Settings 7 The LAN Settings page allows the configuration of S[...]
-
Seite 341
326 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 6: DHCP Server 8 The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatically assigns IP settings to compute r s on the LAN. To enable the DHCP ser[...]
-
Seite 342
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 327 Internet Connectivity Using the Setup Wizard S t oring SonicW ALL Configuration 9 Ti p: The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL. Setup Wizard Complete 10 Click Restart to restart the Soni[...]
-
Seite 343
328 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard[...]
-
Seite 344
329 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE C HAPTER 49 Chapter 49: Configuring a Public Server with the Wizard Create a Server with the Public Server Wizard 1 Start wizard: In the navigator, click Wizards .[...]
-
Seite 345
330 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard 2 Select Public Serve r Wizard and click Next . 3 Select the type of server from the Serv er Type list. Depending on the type you select, the available services change. Check the box for the services you ar e enabling on thi[...]
-
Seite 346
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 331 6 Click Next . 7 Enter the public IP add ress of the server. The defau lt is the WAN public IP address. If you enter a different IP, the Public Server Wi zard will create an addr ess object for that IP address and bind the address object to the WAN zone. 8 Click Next . 9 The Summar[...]
-
Seite 347
332 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard The wizard creates the address object for the new se rver. Because the IP address of the server added in the example is in the IP address ra nge assigned to the DMZ, the wizard binds the address object to the DMZ zone. It gi[...]
-
Seite 348
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 333 9 Ti p: The new IP address used to access the new server, internally and externally is displayed in the URL field of the Congratulations window. 11 Click Close to close the wizard.[...]
-
Seite 349
334 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard[...]
-
Seite 350
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 335 Configuring GroupVPN using the VPN Policy Wizard C HAPTER 50 Chapter 50: Configuring VPN Policies with the VPN Policy Wizard Configuring GroupVPN using the VPN Policy Wizard The VPN Policy Wizard walks you step-by-step thr ough the configuration of GroupVPN on the SonicWALL. After [...]
-
Seite 351
336 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 3. In the VPN Policy Type page, select WAN GroupVPN and click Next . 4. In the IKE Phase 1 Key Met hod page, you select the authenticati on key to use for this VPN policy: Default Key : If you choose the de fau[...]
-
Seite 352
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 337 Configuring GroupVPN using the VPN Policy Wizard 6. In the IKE Security Settings page, you select the security sett ings for IKE Phase 2 negotiations and for the VPN tunnel. You ca n use the defaults settings. DH Group : The Diffie-Hellman (D H) group are the group of numbers u[...]
-
Seite 353
338 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard Note: If you enable user authenticatio n, the users must be entered in the SonicWALL database for authentication. Users are en tered into the SonicWALL database on the Users>Local Users page, and then added [...]
-
Seite 354
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 339 Configuring a Site-to-Site VPN using the VPN Wizard Configuring a Site-to-Site VPN using the VPN Wizard You use the VPN Policy Wizard to create the site-to-site VPN policy. Using the VPN Wizard to Configure Preshared Secret 1. On the System>St atus page, click on W i zards . 2. [...]
-
Seite 355
340 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 4. In the Creat e Site-to-Site Policy page, enter th e following informat ion: • Policy Name : Enter a name you can use to refer to the poli c y . For example, Boston Of fice. • Preshared Key : Enter a characte[...]
-
Seite 356
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 341 Configuring a Site-to-Site VPN using the VPN Wizard For this example, select LAN Subnet s . • Destination Networks : Select the network resources on the destination end of the VPN T un- nel. If the object or group does no t exist, select Create new Address Object or Create new Ad[...]
-
Seite 357
342 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 9. The Configuration Summary page details the settings that will be pushed to the security appli- ance when you apply the configu ration. 10. Click Apply to create the VPN.[...]
-
Seite 358
343 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE Chapter 51: Index Numerics 802.11a 121 802.11g 121 A acceptable us e policy 211 access aules bandwidth man agement 134 access point IDS 130 access points SonicPoints 119 access rules adding 135 advanced options 139 deleting 135 display ing traffic statistics 135 editing 135 enablin[...]
-
Seite 359
Index 344 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE diagnostics DNS name lookup 44 find network path 44 packet trac e 45 ping 44 tech report 46 trace route 47 Diffie-Hellman, see DH group Distributed En forcement Architecture (DEA) 253 DNS configuring 77 inherit settings dynamically 77 specify DNS servers manually 77 with L2TP[...]
-
Seite 360
Index S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE 345 info log messages 274 legacy attacks 292 log categories 29 4 mail server settings 297 notice log messag es 272 redundancy filter 292 view table 262 viewing events 261 warning log messages 26 7 login status window 218 logs priority, configuring 292 loopback policy 332 M manag[...]
-
Seite 361
Index 346 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE S SDP 124 , 157 security services licenses 23 manage licenses 239 manual upgrade 25 manual upgrade for close d environments 25 settings 239 summary 238 service group public server wizard 332 services 145 adding cust om services 147 adding cust om services group 148 default se[...]
-
Seite 362
Index S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE 347 VPN 161 , 185 active L2TP sessions 19 5 active tunnels 164 advanced settings 185 CA certificates 197 CRL 200 DF bit 186 DHCP leases 191 DHCP over VPN 187 central gateway 187 remote gat eway 189 DHCP relay mode 187 export client policy 170 global security client 161 global VP[...]
-
Seite 363
Index 348 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE[...]
-
Seite 364
© 200 4 Soni cWALL, I n c . Soni cWALL is a reg istered tradem ark of S onicWAL L, I n c . Other produ ct and c ompany n ame s men tioned h erein ma y be t r ademar ks and/ or re gi stered tr ade m arks of the ir respe cti ve com pan ie s. Speci f icat ions and desc ription s subject to chang e with out n otice. T: 408.745.9600 F: 408.745.9300 www[...]