SonicWALL 2.5 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of SonicWALL 2.5, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of SonicWALL 2.5 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of SonicWALL 2.5. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of SonicWALL 2.5 should contain:
- informations concerning technical data of SonicWALL 2.5
- name of the manufacturer and a year of construction of the SonicWALL 2.5 item
- rules of operation, control and maintenance of the SonicWALL 2.5 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of SonicWALL 2.5 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of SonicWALL 2.5, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the SonicWALL service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of SonicWALL 2.5.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the SonicWALL 2.5 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    C OM P REHENSIVE INTERN ET S ECURI TY ™ SSSS S o n i c W A L L S e c u r i t y A p p l i a n c e s S onicOS Enhanced 2. 5 Administrator's Guid e[...]

  • Page 2

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE i P ART 1: Introduction to S onicOS Enhanced 2.5 Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 SonicOS Enhanced 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 3

    ii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 7: Managing SonicW ALL Se curity Appliance Firmware . . . . . . . . . . . . . 37 System > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 7 Settings . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 4

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE iii Chapter 13: Configuri ng Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Network > Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Types of Address Ob jects . . . . . . [...]

  • Page 5

    iv S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : P ART 4: Wireless Chapter 20: Managing SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 9 Wireless > SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Before M[...]

  • Page 6

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE v Chapter 26: Configuring Firewall Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Firewall > Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Default Services Overview . . . .[...]

  • Page 7

    vi S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 33: Configuri ng VPN Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 VPN>CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Implementing Certificates for V[...]

  • Page 8

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE vii P ART 9: Security Servic es Chapter 38: Managing Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Security Services>Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 mySonicWALL.co[...]

  • Page 9

    viii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 44: Configur ing Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Syslog Settings . . . .[...]

  • Page 10

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE ix Chapter : Chapter : Preface Copyright Notice © 2004 SonicWAL L, Inc. All righ ts reserved . Under the copyrigh t laws, this manual or the software descr ibed within, can not be cop ied, in whole or part, without the written consen t of the manufacturer, except in the normal use of [...]

  • Page 11

    x S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE Preface EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED , SUCH WARRANTY IS LIMITED IN DU RATION TO THE WARRANTY PERIOD. BECAUSE SOME ST ATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIE D WARR ANTY LAS[...]

  • Page 12

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE xi Current Document ation Check the So nicWALL docu mentation Web site fo r that lates t versions of this manual and all other SonicWALL product d ocumentation. http://www.sonicwall.com/services/documenta tion.html[...]

  • Page 13

    xii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE Preface[...]

  • Page 14

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 1 P ART 1 Part 1 Introduction to SonicOS Enhanced 2.5[...]

  • Page 15

    2 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 16

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 1 SonicOS Enhanced 2.5 C HAPTER 1 Chapter 1: Introduction SonicOS Enhanced 2.5 SonicOS Enhanced is the most power ful Soni cOS op erating system designed for the latest generation of So nicWALL security applian ces. SonicOS Enhanced 2.5 is stan dard on the Soni cWALL PRO 4060 and PRO [...]

  • Page 17

    2 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction • Multiple GroupVPN Policies : SonicOS Enhanced 2.5 allows yo u to create separate, customized GroupVPN policies for each Zone, an d SonicWALL Global VPN Client connections can termin ate on any interface. • Wirel ess Extensio ns : SonicOS Enhanced 2.5 in[...]

  • Page 18

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 3 About this Guide Organization of this Guide The SonicOS En hanced 2 .5 Administra tor’s Guide organizat ion is structu red into th e following pa rts that follow th e SonicWALL W eb Mana gement In terface s tructure. With in these parts, individ ual chapters correspond to Manageme[...]

  • Page 19

    4 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction Part 6 VPN This part covers how to create VPN policies on the SonicWALL security app liance to support SonicWALL Global VPN Clients as well as creating site-to-site VPN policies for connecting offices running SonicWALL secu rity appliances. Part 7 Users This [...]

  • Page 20

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 5 About this Guide Guide Conventions The following Conventions used in this guide are as follows: Icons Used in this Manual These special messages refe r to not eworthy information, and includ e a symbol for quick identification: S Alert: Important information that caut ions about fea[...]

  • Page 21

    6 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction SonicW ALL T echnical Support For timely resolution of tech nical support q uestions, visit SonicWAL L on the Intern et at <http://www.sonicwall.com/services/ support.html> . Web-base d resources ar e available to help yo u resolve most technical issues[...]

  • Page 22

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 7 More Information on SonicWALL Products Knowledge Base All SonicWALL customers have imm ediate, 24X7 a ccess to our state-of-the-art e lectronic support tools. Power searching technologies on our Web si te allow customers to lo cate information quickly and easily from ou r robust co [...]

  • Page 23

    8 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction[...]

  • Page 24

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 9 C HAPTER 2 Chapter 2: Getting S t arted Configuring Y our Management St ation Your SonicWALL secu rity appliance is configured with the default IP ad dr ess of 192.168.1 68.168. This IP address is used to initially access the Management Interface of the SonicWALL security appliance. [...]

  • Page 25

    10 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started 9 Enter 255.255.255.0 in the Subnet field. 10 If you have a DNS Server IP addres s from your ISP, enter it in the Preferred DNS Server field. 11 Click OK . Windows NT 1 From the Start list, highlight Settings and then select Control Panel . 2 Double-clic[...]

  • Page 26

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 11 S Alert: Because you are tempor arily disconnected from the Internet, yo u may receive an error message when your Web br owser first opens. This does no t affect your installation process. Continue with the steps below. To begin the configuratio n of your SonicWALL secu rity applian[...]

  • Page 27

    12 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started Using the Management Interface The SonicWALL’s Web Manageme nt Interface prov ides a easy-to-use graphical interface for configuring your SonicWAL L. SonicWALL manag ement functions are per formed through a Web browser. 9 Tip : Microsoft Internet Explo[...]

  • Page 28

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 13 If the settings are containe d in a secondary win dow within the M anagemen t Interfac e, when you click OK , the settings are automatically applied to the SonicWALL. Getting Help Each SonicWALL includes Web-based online help av ailable from the Managem ent Interface. Clicking the q[...]

  • Page 29

    14 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started[...]

  • Page 30

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 15 P ART 2 Part 2 System[...]

  • Page 31

    16 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 32

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 17 System > Status C HAPTER 3 Chapter 3: V iewing S t atus Information System > S t atus The System>Statu s page provides a comprehen sive collection of information and links to help you manage your SonicWALL security ap pliance and Soni cWALL Security Ser vices licenses. It i[...]

  • Page 33

    18 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Wizards The Wizards button on the Syst em>Status page provides acce ss to the SonicWALL Config uration Wizard , which allows you to easily configure the So nicWALL security appliance using the following sub-wizards : • Setup Wizard - This[...]

  • Page 34

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 19 System > Status Registration and Security Services Once you’ve established your Intern et connectio n, you can register you r security appliance at mySonicWALL.com as well as activate SonicWALL Se curity Services. Any bundled services included with your SonicWALL security app l[...]

  • Page 35

    20 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Creating Y our mySonicW ALL.com Account If you already have a mySonicWALL.co m account, sk ip this section. To create a mySonicWALL.com account from the SonicWALL Managem ent Interface, follow these steps: In the Security Ser vices folder on t[...]

  • Page 36

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 21 System > Status Registering the SonicW ALL Security Ap pliance from the Management Interface If you have a mySonicWALL. com account, follo w these steps to register your SonicWALL security appliance: 1 Click the here link to automatically register your SonicWALL security applianc[...]

  • Page 37

    22 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Network Interfaces Network Int erfaces displays information about the interfaces for your SonicWALL se curity appliance. Clicking the blue arrow displays the Network>Settings page for configuring your Network settings. The available interfa[...]

  • Page 38

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 23 System > Licenses C HAPTER 4 Chapter 4: Managing SonicW ALL Security Services Licenses System > Licenses The System>Licenses pa ge provides links to activate, upgra de, or renew SonicWALL Security Services licens es. From th is page in t he SonicWAL L Manage ment Interf ace[...]

  • Page 39

    24 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 4: Managing SonicWALL Security Services Licenses longer active ( Expired ). The number of no des/users allowed for the license is displaye d in the Count column. Th e Expiration column displays the expir ation dat e for any Licensed Security Service. The information listed[...]

  • Page 40

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 25 System > Licenses Enter your mySonicWALL.com accoun t username and password in the User Name and Passwor d fields and click Submit. The Manage Services Online page is displayed with licensing information from your mySonicWALL.com account. Manual Upgrade Manual Upgrade allows you [...]

  • Page 41

    26 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 4: Managing SonicWALL Security Services Licenses 3. Click the View License Keyset link. The scrambled text displaye d in the text box is the License Keyset for the selected Sonic WALL security applia nce and activated Security Services. Copy the Keyset text f or pasting in[...]

  • Page 42

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 27 System > Administration C HAPTERW 5 Chapter 5: Configuring SonicW ALL Security Appliance Administration Settings System > Administration The System Administration page pr ovides settings for the configuration of SonicWALL security appliance for secure and remote ma nagement. Y[...]

  • Page 43

    28 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings Administrator Name & Password The Administrator Name can be changed from the default se tting of admin to any word using alphanumeric characters up to 32 character s in le ngth. To create an n ew admin[...]

  • Page 44

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 29 System > Administration when you u se the IP ad dress to log into the Soni cWALL security applaince. For example, if you configure the port to be 76, then you must type <LAN IP Address>:76 into the Web browser, i.e. <http://192.168 .168.1:76>. The default port for HTT[...]

  • Page 45

    30 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings  Cross Reference: For more information on Soni cWALL Global Management System , go to http://www.sonicwall.com. Enabling SNMP Management SNMP (Simple Network Ma nagement Proto col) is a network protocol [...]

  • Page 46

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 31 System > Administration Enable GMS Management You can configure the SonicWAL L security appliance to be manage d by SonicWALL Global Management System (SonicWALL GMS). Configuring the SonicW ALL Securi ty Appliance fo r GMS M anagement To configure the SonicWALL se curi ty applia[...]

  • Page 47

    32 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings enter the IP a ddress in the NAT Device IP Address field. The default VPN policy settings are displayed at the bottom of the Config ure GMS Settings window. Existing Tunnel - If this option is selected, th[...]

  • Page 48

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 33 System > Administration VPN Client Download URL The VPN Client Download URL provid es a field for entering the URL address of a site for downloading the SonicWALL Global VPN Client app lication, when a user is prompted to use the Global VPN Client for access to the network. The d[...]

  • Page 49

    34 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings[...]

  • Page 50

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 35 System > Time C HAPTER 6 Chapter 6: Configuring T ime Settings System > T ime The Syst em>Time page defines the time and date settings to time stamp log events, to automatically update SonicWALL Security Ser vices, and for other internal purposes. i By default, the SonicWAL[...]

  • Page 51

    36 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 6: Configuring Time Settings System T ime To select your time zone and automatically up date the time, choose th e time zone from the Time Zone menu. The Use NTP to set time automatically is activated by default to use the NTP ( Network Time Protocol) to set time automatic[...]

  • Page 52

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 37 System > Settings C HAPTER 7 Chapter 7: Managing SonicW ALL Security Appliance Firmware System > Settings This System>Setting s page allows you to manage your SonicWAL L security appliance’s SonicOS versions and preferences. Settings Import Settings To import a previously[...]

  • Page 53

    38 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware 3 Select the preferences file. 4 Click Import , and restart the firewall. Export Settings To export configuration settings from the SonicWAL L security app liance, us e the instructio ns below: 1 Click Export Settings . 2 C[...]

  • Page 54

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 39 System > Settings Firmware Management T able The Firmware Managemen t table di splays the followin g information: • Firmware Image - In this column, four types of firmware imag es are listed:  Current Firmware - firmware curren tly loaded on the SonicWALL secu rity appliance[...]

  • Page 55

    40 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware Up dating Firmware Manually Click Upload New Firmware to upload new firmware to the SonicWALL secur ity appliance. The Upload Firmware window is displayed. Browse to the firmware file locate d on your local driv e. Click Up[...]

  • Page 56

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 41 System > Settings Firmware Management The Firmware Manage ment table has the following columns: • Firmware Image - In this column, five types of firmware image s are listed: - Current Fi rmware , firmware currently loaded on the SonicWALL security ap pliance - Current Firmware [...]

  • Page 57

    42 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware[...]

  • Page 58

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 43 System > Diagnostics C HAPTER 8 Chapter 8: Using Diagnostic T ools & Rest arting the SonicW ALL Security Appliance System > Diagnostics The System>Diagnos tics page provides a a collection of diagnostic tools to help troubleshoot network pro blems: • DNS Name Lookup ?[...]

  • Page 59

    44 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance Diagnostic T ools You can choose any of the following diagnostic tools from the Dia gnostic Tool menu. DNS Name Lookup The SonicWALL security appliance has a DNS lookup tool that returns the IP add[...]

  • Page 60

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 45 System > Diagnostics Packet T race The Packet Trace tool tracks the status of a communications stream as it move s from source to destination. This is a useful tool to determine if a communications stream is being stopped at the SonicWALL security appliance, or is lost on the Int[...]

  • Page 61

    46 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance To 204.71.200.74 / 80 (02:00:cf:58:d3:6a) The SonicWALL security appliance forwards the client ACK to the remote host and wa its for the data transfer to begin. When using packet traces to isolate [...]

  • Page 62

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 47 System > Diagnostics Generating a T ech Support Report 1 Select Tech Support Report from the Choose a diagnostic t ool menu. 2 Select the Report Options to be included with your e-ma il. 3 Click Save Report to save the file to yo ur system. When you click Save Report , a warning [...]

  • Page 63

    48 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance System > Rest art Click Restart to display the Syst em>Restart page. The SonicWALL se curity appliance can be restarted from the Web Ma nagement interface. Click Restart SonicWALL and then cl[...]

  • Page 64

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 49 P ART 3 Part 3 Network[...]

  • Page 65

    50 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 66

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 51 Network > Interfaces C HAPTERW 9 Chapter 9: Configuring Interfaces Network > Interfaces The Network>Interfac es page includes interface objects that are directly linked to physical interfaces. The SonicOS Enhanced scheme of inte rface addressing wo rks in conjunction with n[...]

  • Page 67

    52 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces SonicOS Enhanced Secure Object s The SonicOS Enhanced sch eme of interface addre ssing works in conjunction with network zones and address objects. This structure is based on secure objects, which are utiliz ed by rules and policies within SonicOS[...]

  • Page 68

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 53 Network > Interfaces •N a m e - listed as X0, X1 , X2 , X3 , X4 , and X5 or LAN , WAN , WLAN , Custom , or OPT/DMZ depending on your SonicWALL security appliance mo del. •Z o n e - LAN, DMZ/OPT and WAN are listed by def ault. As zones are configure d, the names are listed in [...]

  • Page 69

    54 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 1 Click on the Notepad icon in the Configure column for Unassigned Interface you want to configure. The Edit Interface window is displayed. 2 Select the LAN interface. If you want to create a new zone for the interface, select Create a new zone . [...]

  • Page 70

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 55 Network > Interfaces Configuring Advanced Sett ings for the Interface If you need to force an Ethernet speed, duplex and/or MAC address, click th e Advan ced tab. The Ethernet Settings section allows you to mana ge the Ethern et settings of links connected to the SonicWALL. Auto [...]

  • Page 71

    56 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 3 Select Transparent Mode from the IP Assignment menu. 4 Select the address object from th e Transparent Ra nge menu. See Chapter 13 for more information. 5 Enter any optional comment text in the Comment field. This text is displayed in the Commen[...]

  • Page 72

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 57 Network > Interfaces Configuring the WLAN Interface Static means you assign a fixe d IP address to the interface. 1 Click on the Notepad icon in the Configure column for Unass igned Interfac e you want to configure. The Edit Interface window is displayed. 2 Select the WLAN interf[...]

  • Page 73

    58 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 2 If you’re configuring an Un assigned Inte rface, select WAN from the Zone menu. If you selected the Default WAN Interface, WAN is already selected in the Zone menu. 3 Select one of the following WAN Network Addressing Mode from the IP Assignme[...]

  • Page 74

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 59 Network > Interfaces Comment Management User Login Renew Release Refresh PPPoE User Name User Password Comment Management User Login Inactivity Disconnect (minutes) Obtain IP Address Automatically Specify IP Address Obtain DNS Server Address Automatically Specify DNS Server PPTP [...]

  • Page 75

    60 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces Management User Login Inactivity Disconnect (minutes) L2TP IP Assignment DHCP Renew Relea se Refresh Static IP Address Subnet Mask Gateway (R outer) Ad dress Configuring the Advanced Settings for the W AN Interface The Advanced tab includes settin[...]

  • Page 76

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 61 Network > Interfaces Check Enable Multicast Supp ort to allow multicast rece ption on this interface. S Alert: If you select a specific Ethernet speed and duplex, you must force th e connection speed and duplex from the Ethernet card to the SonicWALL as well. You can also specify[...]

  • Page 77

    62 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces[...]

  • Page 78

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 63 Network > WAN Failover & LB C HAPTER 10 Chapter 10: Setting Up W AN Failover and Load Balancing Network > W AN Failover & LB WAN Failover and Load Balancing allows y ou to des ignate one of the user-ass igned interfaces as a Secondary or backup WAN port. The Secondary [...]

  • Page 79

    64 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing Setting Up W AN Failover and Load Balancing The following are the steps to configuring WAN Failover an d Load Balancing on the SonicWALL security ap pliance: 1 Configuring an interface as a Secon dary WAN port 2 Creating a NAT[...]

  • Page 80

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 65 Network > WAN Failover & LB Activating W AN Failover and Load Balancing To configure the SonicWALL fo r WAN failover and load balancing, follow th e steps below: 1 On Network > WAN Failover & LB page, select Enable Load Balancing . 2 From the Second ary WAN Interface m[...]

  • Page 81

    66 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing • Per Destination Round- Robin : When this setting is selected, th e SonicWALL security appliance load-balances outgoing traffic on a pe r-destination ba sis. This is a simple load balancing method and, though not very granu[...]

  • Page 82

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 67 Network > WAN Failover & LB Configuring W AN Probe Monitoring To configure WAN probe monitorin g, follow these steps: 1 On the Network > WAN Failover & LB page, check the Enable Probe Monitoring box, and click on the Configure button. Th e Configure WAN Probe Monitorin[...]

  • Page 83

    68 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing W AN Load Balancing S t atistics The WAN Load Balancing Statistics table displa ys the following WA N Interface stat istics for the SonicWALL: •L i n k S t a t u s • Load Balancing State • Probe Monitoring • New Connec[...]

  • Page 84

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 69 Network > Zones C HAPTER 11 Chapter 11: Configuring Zones Network > Zones A Zone is a logical grouping of one or more inter faces designed to make management, such as the definition and application of Access Rules, a simp ler and more intuitive proc ess than following strict p[...]

  • Page 85

    70 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones doorperson is the inter-zone/intra-zon e security po licy, and the doorperson’s job to consult a list and make sure that the person is allowed to go to the other room, or to leave the building. If the person is allowed (i.e. the security policy lets[...]

  • Page 86

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 71 Network > Zones •D M Z : This zone is normally used for publicly acce ssible serve rs. This zon e can cons ist of on e to four interfaces, dependin g on you network design. • VPN : This virtual zone is used for simplifying se cure, remote connectivity. It is the only zone tha[...]

  • Page 87

    72 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones • SonicWALL Content Filtering Servic e - Enforces content filtering on multiple interfaces in the same Trusted, Public and WLAN zon es. • SonicWALL Enforce Anti-Virus Serv ice - Enforces anti-viru s protec tion on multiple interfaces in the same T[...]

  • Page 88

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 73 Network > Zones Adding a New Zone To add a new Zone, click Add under the Zone Sett ings table. The Add Zone window is displayed. 1 Type a name for the new zone in the Name field. 2 Select a security type Trusted , Public or Wireless from the Security Type menu. Use Trusted for Zo[...]

  • Page 89

    74 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones 4 Click th e Wireless tab. 5 In the Wirele ss Setting s section, select WiFiSec Enforcement to require that all traffic that enters into the WLAN Zone interface b e either IPSec traffic, WPA traffic, or both. With WiFiSec Enforcement enabled, all non-[...]

  • Page 90

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 75 Network > Zones  Post Auth enticatio n Page - directs users to the page you sp ecify immediately after successful authentication. Enter a URL for the post - authentication page in the filed.  Max Guests - specifies th e maximum number of gues t users allowed to conn ect to [...]

  • Page 91

    76 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones[...]

  • Page 92

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 77 Network > DNS C HAPTERW 12 Chapter 12: Configuring DNS Settings Network > DNS The Domain Name System (DNS) is a distributed , hierarchical system that provides a method for identifying hosts on the Internet using alphanu meric name s called fully qualified dom ain names (FQDNs[...]

  • Page 93

    78 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 12: Configuring DNS Settings[...]

  • Page 94

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 79 Network > Address Objects C HAPTER 13 Chapter 13: Configuring Address Object s Network > Address Object s Address Objects are one of four object classes (Address, User , Service, and Schedule) in SonicOS Enhanced. These Addr ess Object s allow for entities to be defined one ti[...]

  • Page 95

    80 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects example “My Access Point” with a MAC address of “00:06:01:AB:02 :CD”. MAC Address objects are used by various components o f Wire less configurations throughout SonicOS. Address Object Group s SonicOS Enhanced also as well as the abi[...]

  • Page 96

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 81 Network > Address Objects You can enter the po licy number (the number listed before the po licy name in the # Name column) in the Items field to move to a specific entry. The def ault table configuration disp lays 50 entries per page. You can change this default numb er of entri[...]

  • Page 97

    82 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • LAN Interface IP • WAN Subnets • WAN Interface IP • DMZ Subnets • DMZ Interf ace IP • ALL WAN IP • All Interface IP • All X0 Management IP • All X1 Management[...]

  • Page 98

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 83 Network > Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL WAN IP • All Interface IP • All X0 Managem ent IP • All X1 Managem ent IP • All SonicPoints • All Authorized Access Points • LAN Interfac e[...]

  • Page 99

    84 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL WAN IP • All Interface IP • All X0 Management IP • All X1 Management IP • All SonicPoints • All Authorized Access Points • LAN[...]

  • Page 100

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 85 Network > Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL WAN IP • All Interface IP • All X0 Managem ent IP • All X1 Managem ent IP • All SonicPoints • All Authorized Access Points • LAN Interfac e[...]

  • Page 101

    86 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects To add a Group of Address Objects, click Ad d Group to display the Add Address Object Gr oup window. 1 Create a name fo r the group in the Name field. 2 Select the Address Object from th e list and click the right arrow. It is added to the g[...]

  • Page 102

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 87 Network > Routing C HAPTER 14 Chapter 14: Configuring Routes Network > Routing If you have routers on your interfaces, you ca n c onfigure static routes on the SonicWALL security appliance on the Network>Routing page. You can create static routing policies that create stati[...]

  • Page 103

    88 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes Route Advertisement Configuration To enable Route Advertise m ent for an Interface, follow these steps: 1 Click th e Notepad icon in the Configure column for the inter face. The Route Advertisement Configurat ion windo w is displayed. 2 Select one of[...]

  • Page 104

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 89 Route Policies  MD5 Digest - Enter a numerical value from 0-255 in the Authentication Key-Id (0-2 55) field. Enter a 32 hex digit value for the Authen tication Key (32 hex digits) field, or use the generated key. 11 Click OK . Route Policies SonicOS Enhanced provid es Policy Base[...]

  • Page 105

    90 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes Route Policies T able You can change the view your route po licies in the Route Policies table by selecting one of the view settings in the View Style menu . All Policies display s all the routing policies including Custom Policies and Default Pol ic[...]

  • Page 106

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 91 Route Policies 1 Click the Add button under the Route Policies table. The Add Route Policy window is displayed. 2 Create a routing po licy that directs all X0 Subnet sources to An y destinations for HTTP service out of the Defau lt Gateway via the X1 interface by selecting these set[...]

  • Page 107

    92 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes[...]

  • Page 108

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 93 Network > NAT Policies C HAPTER 15 Chapter 15: Configuring NA T Policies Network > NA T Policies The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT polices for their incoming and outgoing tra ffic. By default, the SonicWALL sec[...]

  • Page 109

    94 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies NA T Policies T able The NA T Policies table allows you to view your NAT Policies by Custom Policies , Default Policies , or All Policies . S Alert: Before configuring NAT Policies, be sure to create all Address Objects associated with the poli[...]

  • Page 110

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 95 Network > NAT Policies NA T Policy Settings Explained The following explains the settings used to create a NAT policy entry in the Add NAT Policy or Edit NAT Policy windows. Click the Add button in the Network>NAT Policies page to display the Add NAT Policy window to create a [...]

  • Page 111

    96 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies security appliance, or you ca n create your own entri es. For many NAT Policies, this field is set to Original , as the policy is only altering source or destination IP addresses. • Inbound Interface : This drop-down menu setting is used to s[...]

  • Page 112

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 97 Network > NAT Policies appliance to operate pro perly, and cannot be delete d. For this reas on, they are listed in th eir own section, in order to make the user-created NAT policies easier to browse. If you wish to see user- created NAT policies along with the defa ult NAT polic[...]

  • Page 113

    98 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies • Translated Source : WAN Primary IP • Original Destination : Any • Translated Destination : Original • Original Service : Any • Translated Service : Original • Inbound Interface : X3 • Outbound Interfa ce : X1 • Comment : Enter[...]

  • Page 114

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 99 Network > NAT Policies You can test the dynamic mapping by installing several systems on the LAN (X 0) interface at a spread-out range of addr esses (for example, 19 2.168.10.10, 192.1 68.10.1 00, and 192.168.10.200) and accessing the public website http://www.whatismyip.com from[...]

  • Page 115

    100 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies translation betwe en the private and public address. With this policy in place, the SonicWALL security appliance translates the server’s public IP address to the priva t e IP address when co nnection requests arrive via the WAN (X1) inter fa[...]

  • Page 116

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 101 Network > NAT Policies • Outbound Interface : Any • Comment : Enter a short descr iption • Enable NAT Policy : Checked • Create a re flective p olicy : Unchecked  Note: Make su re you chose An y as the destination interface, and not the interface that the server is on[...]

  • Page 117

    102 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies 2 Create two address objects for the servers’ private IP addresses. 3 Create two NAT entries to allow the two servers to initia te traffic to the public Internet. 4 Create two NAT entries to map th e custom ports to the actual listening port[...]

  • Page 118

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 103 Network > NAT Policies When done, click on the OK button to add and activate the NAT policies. With these policie s in place, the SonicWALL security applian c e translates the servers’ private IP addresses to the public IP address when it initiates traffic out the WAN (X1) int[...]

  • Page 119

    104 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies •A c t i o n : Allow • Service : servone_public_port ( o r whatever you n a med it above) • Source : Any • Destina tion : X1 IP Address • Users Allowed : All • Schedule : Always on • Logging : checked • Comment : (enter a short[...]

  • Page 120

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 105 Network > ARP C HAPTER 16 Chapter 16: Managing ARP T raf fic Network > ARP ARP (Address Resolution Protocol) maps layer 3 (IP addresses) to layer 2 (physica l or MAC addresses) to enable communications between hosts residing on the same subn et. ARP is a broadcast protocol th[...]

  • Page 121

    106 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 16: Managing ARP Traffic You can sort the entrie s in the table by clicking on the column heade r. The entries are sorted by ascending or descending or der. The arrow to the right of the column en try indicates the sorting status. A down arrow means ascending order. An up[...]

  • Page 122

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 107 Network > DHCP Server C HAPTER 17 Chapter 17: Setting Up the DHCP Server Network > DHCP Server The SonicWALL security appliance includes a DHCP (D ynamic Host Configuration Protocol) server to distribute IP addresses, subnet masks, gateway addresses, and DNS server addr esses[...]

  • Page 123

    108 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server The DHCP Server Configuration window is displayed. In the Dynamic Ranges table, the Range Start , Range End , an d Interface information is displayed. Configuring DHCP Server for Dynamic Ranges To configure DHCP server for dynamic IP address[...]

  • Page 124

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 109 Network > DHCP Server 6 If you select the interfa ce IP address fro m the Gateway Preferenc es menu, the Default Gateway and Subnet Mask fields are unavaila ble. If you select Other , the fields ar e available for you to type the Default Gatew ay and Subnet Mask information into[...]

  • Page 125

    110 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server 2 Enter the IP address or FQDN of your Vo IP Call Manager in the Call Manager 1 field. You ca n add two additional VoIP Call Manager add resses. 3 Click OK to add the settings to the SonicWALL security appliance. 4 Click Apply for the settin[...]

  • Page 126

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 111 Network > DHCP Server 3 Click OK to add the settings to the SonicWALL. 4 Click Apply for the settings to t ake effect on the SonicWALL. 9 Ti p: The SonicWALL DHCP server can assign a total of 64 address ranges with 64 IP addresses each or a total of 4096 IP ad dresses. Â For mo[...]

  • Page 127

    112 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server[...]

  • Page 128

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 113 Network > IP Helper C HAPTER 18 Chapter 18: Using IP Helper Network > IP Helper The IP Helper allows the SonicW ALL security appliance to forw ard DHCP requests originating from the interfaces on a SonicWALL security appliance to a centralized DHCP server on the behalf of the[...]

  • Page 129

    114 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 18: Using IP Helper IP Helper Policies IP Helper Poli cies allow you to forward DHCP and NetBIOS br oadcasts from one in terface to another interface. Adding an IP Helper Policy 1 Click th e Add button under the IP Helper Policies table. The Add IP Helper Policy window is[...]

  • Page 130

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 115 Network > Web Proxy C HAPTER 19 Chapter 19: Setting Up W eb Proxy Forwarding Network > W eb Proxy A Web proxy server inter c epts HTTP requests and dete rmines if it has stored copies of the r e quested Web pages. If it does not, the prox y completes the r equest to the serve[...]

  • Page 131

    116 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 19: Setting Up Web Proxy Forwarding 2 Type the name or IP address of the proxy server in the Proxy We b Server (name or IP address) field. 3 Type the proxy IP port in the Proxy Web Server Port field. 4 To bypass the Proxy Servers if a failure occurs, select the Bypass Pro[...]

  • Page 132

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 117 P ART 4 Part 4 W i reless[...]

  • Page 133

    118 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 134

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 117 Wireless > SonicPoints C HAPTER 20 Chapter 20: Managing SonicPoint s Wireless > SonicPoint s SonicWALL SonicPoints are wireless access points specially en gineered to wor k with SonicW ALL security appliances running Soni cOS Enhanced 2.5 or greater to provide wireless acce s[...]

  • Page 135

    118 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints • Assign one or more interfaces to the Wireless zone. • Attach the SonicPoints to the in terfaces in the Wireless zone. • Test SonicPoints SonicPoint Provisioning Profiles SonicPoint Provisioning Profiles provide a scalable and highly automa[...]

  • Page 136

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 119 SonicPoint Provisioning Profiles  Country Code : Select the country where you are operating the SonicPoints. The country code determines which regulatory domain the radio operation falls under . 3 In the 802.11a tab, Configu r e the radio settings for the 802 .11a (5GHz band) ra[...]

  • Page 137

    120 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints  Key 1 - Ke y 4 : Enter the encryptions keys for WEP encr ypt ion. Enter the most likely to be used in the field you selected as the default key. 4 In the 802.11a Advanced tab, configure the performan c e setti ngs for the 802.11a radio. For mo[...]

  • Page 138

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 121 SonicPoint Provisioning Profiles If the SonicPoint does loca te, or is located by a peer SonicOS device, via the SonicWALL Discovery Protocol, an encrypted exchange between the two units will ensue wherei n the profile assigned to the relevant Wireless Zone will be us ed to automat[...]

  • Page 139

    122 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints  802.11a Radio  802.11a Advanced  802.11g Radio  802.11g Advanced The options on these ta bs are the same as the Add SonicPoint Profile screen. See Configuring a SonicPoint Profile for instruction s on co nfiguring these settings. 3 Cl[...]

  • Page 140

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 123 SonicPoint Provisioning Profiles If via the SDP exchange the SonicOS device ascer t ains that the SonicPoint requir es provisioning or a configuration update (e.g. on calculating a ch ecksum mismat ch, or when a firmware update is available), the Configure directive will engage a 3[...]

  • Page 141

    124 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints • Updating Firmware – If the SonicOS device detects that it has a firmware update available for a SonicPoint, it will use SSPP to up date the SonicPoint’s firmware. •O v e r - L i m i t – By default, up to 16 SonicPoint device s can be a[...]

  • Page 142

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 127 Wireless > Station Status C HAPTER 21 Chapter 21: V iewing S t ation S t atus Wireless > S t ation St atus Event and S t atistics Reporting The Wireless > Station Status page reports on the statis tics of each SonicPoint. The table lists entries for ea ch wireless client c[...]

  • Page 143

    128 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 21: Viewing Station Status  None – No state information yet exists for the station  Authenticated – The station ha s s uccessfully authenticate d.  Associated – The station is associated.  Joined – The station has joined the ESSID.  Connected – Th[...]

  • Page 144

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 129 Wireless > IDS C HAPTER 22 Chapter 22: Using and Configuring IDS Wireless > IDS Detecting Wireless Access Point s You can have many wireless access points within re ach of the signal of the SonicPoints on your network. The Wireless > IDS page reports on all access points t[...]

  • Page 145

    130 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 22: Using and Configuring IDS Access Point IDS When the Radio Role of the SonicWALL PRO 5060 is set to Access Point mode, all three types of WIDS services are availa ble, but Rogue Access Poin t detection, by default, acts in a passive mode (passively liste ning to other [...]

  • Page 146

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 131 P ART 5 Part 5 Firewall[...]

  • Page 147

    132 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 148

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 133 Firewall > Access Rules C HAPTER 23 Chapter 23: Configuring Access Rules Firewall > Access Rules This chapter provides an overview on your SonicWA LL security applian ce stateful packet inspection default access rules and configuration examples to customize your access rules[...]

  • Page 149

    134 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules S t ateful Packet Inspection Default Access Rules Overview By default, the SonicWALL security appliance’s stateful packet inspe c tion allows all communication from the LAN to the Internet, and blocks all traffic to the LAN from the Internet.[...]

  • Page 150

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 135 Configuration Task List 9 Ti p: You m ust select Bandwidth M anagement on the WAN > Ethernet page. Click Network , then Configure in the WAN line of the In terfaces table, and type your available bandwidth in the Available WAN Bandwidth ( Kbps ) field. Configuration T ask List [...]

  • Page 151

    136 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules Each view displa ys a table of de fined network access rules. F or example, s electing All Rules displays all the network access rules for all zone s. Configuring Access Rules for a Zone To display the Access Rules for a specific zone, select a[...]

  • Page 152

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 137 Configuration Task List Adding Access Rules To add ac cess rules to the SonicW ALL sec urity applian ce, perform the followin g steps: 1. Click Add at the bottom of the Access Rules table. The Add Rule window is displayed. 2. Select Allow | Deny | Discard from the Action list to p[...]

  • Page 153

    138 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules 10. Click on the Advanced tab. 11. Do not select the Allow Fragmente d Packets ch eck box. Large IP pa ckets are often divid ed into fragments before they are routed over the Inte rnet and then reassembled at a destination host. Because hackers[...]

  • Page 154

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 139 Access Rule Configuration Examples Enabling and Disabling an Access Rule To enable or disable an access rule, click the Enable checkbox. Restoring Access Rules to Default Zone Settings To remove all end-user configured a c cess rules for a zone, click the Defa ult button. This wil[...]

  • Page 155

    140 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules Blocking LAN Access for S pecific Services This section provides a configuration example fo r an access rule blocking LAN access to NNTP servers on the Internet during busine ss hours. Perform the follo wing steps to c onfigure an acce ss rule [...]

  • Page 156

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 141 Firewall > Advanced C HAPTER 24 Chapter 24: Configuring Advanced Access Rule Settings Firewall > Advanced To configure ad vanced acce ss rule options, select Firewall > Advanced under Firewall. The Advanced Rule Options page is di splayed.. The Advanced Rule Options i nclu[...]

  • Page 157

    142 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 24: Configuring Advanced Access Rule Settings Detection Prevention • Enable Stealth Mode - By defa ult, the security appliance responds to incoming connection requests as either “blocke d” or “open.” If you enable Stealth Mode, your security appliance does not r[...]

  • Page 158

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 143 Firewall > Schedules C HAPTER 25 Chapter 25: Setting Access Rule Schedules Firewall > Schedules The Firewall>Schedules page allows you to create and manage a c cess rule enforcement schedules. The Schedules ta ble displays all your predefined and cu stom schedules. Schedul[...]

  • Page 159

    144 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 25: Setting Access Rule Schedules Adding a Schedule To create schedules, click Add . The Add Schedule window is displayed. 1 Enter a name for the schedule in the Name field. 2 Select the days of the week to apply to the schedule or select Al l . 3 Enter the time of day fo[...]

  • Page 160

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 145 Firewall > Services C HAPTER 26 Chapter 26: Configuring Firewall Services Firewall > Services SonicOS Enhanced suppor ts an expanded IP protocol support to allow users to create services and access rules based on these protocol s. See “Supported Protocols” on page 146 fo [...]

  • Page 161

    146 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services Default Services Overview The Default Services view displays the SonicWALL security appliance default services in the Services table and Service Groups table. The Service Groups table displays clusters of multiple default services as a si[...]

  • Page 162

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 147 Custom Services Configuration Task List  EIGRP ( 88 )—(Enhance d Interior Gateway Routing Protocol) Advanced version of IGRP. Provides superior convergenc e prop erties and operating efficiency, and combines the advantages of link state pr otocols with those of distance vector[...]

  • Page 163

    148 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services  For ICMP, IGMP, OSPF and PIMS M protocols, select from the Sub Type pull-down menu for sub types.  For the remaining protocols, you will not need to specify a Port Range or Sub Type. 3 Click OK . The service appears in the Custom S[...]

  • Page 164

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 149 Custom Services Configuration Task List Editing Custom Services Gro up s Click the Notepad icon un der Configure to edit the custom service group in the Edit Service Group window, which includes the same configuration settings as the Add Service Gro up w indow. Deleting Custom Serv[...]

  • Page 165

    150 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services[...]

  • Page 166

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 151 Firewall > Multicast C HAPTER 27 Chapter 27: Configuring Multicast Settings Firewall > Multicast Multicastin g, also ca lled IP multicas ting, is a me thod for se nding on e Internet Protocol (IP) packet simultaneously to multiple hosts. Multicas t is suited to t he rapidly g[...]

  • Page 167

    152 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 27: Configuring Multicast Settings Multicast Snooping This section provides configurat ion tasks for Multicast Snooping. • Enable Multicast - This checkbox is disabled by de fault. Select this checkbox to support multicast traffic. • Require IGMP Membership report s f[...]

  • Page 168

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 153 Firewall > Multicast Configuration Example Perform the following steps to enable multic ast supp ort on LAN-dedicated interfaces. 1 Enable multicast support on your So nicWALL security applia nce. In the Firewall > Multicast setting, click on the Enable Multicast checkbox. An[...]

  • Page 169

    154 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 27: Configuring Multicast Settings[...]

  • Page 170

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 153 Firewall > VoIP C HAPTER 28 Chapter 28: Configuring V oIP Support This chapte r provides o verview information and co nfiguration tasks on enabling Voice over IP (VoIP) protocols. VoIP is a term used in IP telephony fo r a set of facilities for managing the delivery of v oice i[...]

  • Page 171

    154 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 28: Configuring VoIP Support • Gatekeepers - Services for call setup an d tear dow n, and registering H.323 terminals for communications • Multipoint control units (MCUs) - Three-way and higher multipoint communicatio ns between terminals SIP Session Initiation Protoco[...]

  • Page 172

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 155 Firewall > VoIP SIP Settings This section provides confi guration tasks for SIP Settings. • Enable SIP Transformations - This setting transforms SIP me ssages between LAN (trusted) and WAN/DMZ (untru sted). Yo u need to check this setting when you want th e SonicWAL L to do t[...]

  • Page 173

    156 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 28: Configuring VoIP Support • H.323 Signaling/Media inactivity t ime out (seconds) - This field has a default value of 300 seconds (5 minut es). This is a similar setti ng to the “TCP connection inactivity timeout.” • Default WA N/DMZ Ga tekeeper IP Address - This[...]

  • Page 174

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 157 P ART 6 Part 6 VPN[...]

  • Page 175

    158 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 176

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 159 VPN > Settings C HAPTER 29 Chapter 29: Configuring VPN Policies VPN > Settings SonicWALL VPN, based on the industry-standar d IPSec VPN implementation, pro v ides a easy-to- setup, secure solution for connecting mobile us ers, telecommuters, remote offices and partner s via t[...]

  • Page 177

    160 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies The VPN>Settings page prov ides the Son icWALL feat ures for configuring your VPN policie s. You configure site-to-site VPN policies and GroupVPN policies from this page. VPN Policy Wizard The VPN Policy Wizard walks you step-by-step throug[...]

  • Page 178

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 161 VPN > Settings VPN Global Settings The Global VPN Sett ings section displays t h e following information: • Enable VPN must be selected to allow VPN policies through the SonicWALL security policies. • Unique Fire wall Identifier - the default value is the serial number of th[...]

  • Page 179

    162 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Currently Active VPN T unnels A list of currently ac tive VPN tunnels is displayed in this section. The table lists the name of the VPN Policy, the local LAN IP addresses, and the remote destination n e twork IP addresses as well as the peer g[...]

  • Page 180

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 163 Configuring GroupVPN Policies Configuring GroupVPN with IKE using Preshared Secret on the W AN Zone To configure the WAN GroupVPN, follow these steps: 1 Click the Edit icon for the WAN GroupVPN entry. The VPN Pol icy window is disp layed. 2 In the General tab, IKE using Preshared S[...]

  • Page 181

    164 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies In the IPSec (Pha se 2) Proposal section, sele ct the following default settings: ESP from the Protocol menu 3DES from the Encryption menu SHA1 from the Authen tication menu Select Enable Perfect Forwar d Secrecy if you want an addition al Dif[...]

  • Page 182

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 165 Configuring GroupVPN Policies 5 Click the Client tab, select any of the following setting s you want to apply to your GroupVPN policy.  Cache XAUTH User Name and Password on Client - allows the Global VPN Client to cache the user name and password. à Never - Global VPN Client i[...]

  • Page 183

    166 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies  Require Distributed Securit y Client for this Connection - only allows a VPN connection from a remote computer runni ng the SonicWALL Distributed Se curity Client, which provides policy enforced firewall protection be fore allowing a Globa[...]

  • Page 184

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 167 Configuring GroupVPN Policies SHA1 from the Authentication menu. Leave the default setting, 28800 , in the Life Time (se conds) field. This setting forces the tunne l to renegotiat e and exchan ge keys every 8 hou rs. 9 In the IPSec (Phase 2) Proposal section, select th e following[...]

  • Page 185

    168 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies  Use DHCP to obtain Virtual IP for this Connection - allows the VPN Client to obtain an IP address using DHCP over VPN.  Require Distributed Securit y Client for this Connection - only allows a VPN connection from a remote computer runni[...]

  • Page 186

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 169 Site-to-Site VPN Configurations Site-to-Site VPN Configurations When design ing VPN conne ctions, be sure to d ocument all pertinent IP Addressing informatio n and create a network dia gram to use as a reference. A samp le planning shee t is provided on the ne xt page. The SonicWAL[...]

  • Page 187

    170 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Additional Information SA Name:_____________ _______ Manual Key , SPI In___ __ SPI Out_ ____ Enc.Key:_________ ___________ Auth.Key:______________ _____ If Preshared Secret, Shared Secret:___ ________________ Local IKE ID and Remote IKE ID Pha[...]

  • Page 188

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 171 Creating Site-to-Site VPN Policies 9 Ti p: Use the VPN Planning Sheet for Site -to-Site VPN Policies to record your settings. These settings are necessary to configure the r e mote SonicW ALL and cr eate a successful VPN connection. Â Cross Refe rence: For configuring VPN policie [...]

  • Page 189

    172 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Configuring a VPN Policy with IKE using Preshared Secret To configure a VPN Policy using Internet Key Exchange (IKE), follow the steps below: 1 Click Add on the VPN>Settings page. The VPN Policy window is displa yed. 2 In the Genera l tab, [...]

  • Page 190

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 173 Creating Site-to-Site VPN Policies 8 Under Local Networks , select a local network f rom Choose local network from list if a specific local network can access the VPN tunnel. If host s on this side of the VPN connection will be obtaining their addressing from a DHCP server on the r[...]

  • Page 191

    174 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 14 Click Advanced . 15 Select Enable Keep Alive to use heartbeat messages between peers on this VPN tunnel. If one end of the tunnel fails, using Keep Alives will a llow for the automatic rene gotiation of the tunnel once both sides beco m e a[...]

  • Page 192

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 175 Creating Site-to-Site VPN Policies Configuring a VPN Policy using Manual Key To manually configu r e a VPN policy between two SonicWALL appliances using Manual Key, follow the steps below: Local SonicW ALL 1 Click Add on the VPN>Settings page. The VPN Policy window is displayed.[...]

  • Page 193

    176 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 7 Click on the Proposals ta b. 8 Define an Incoming SPI and an Outgoing SPI . The SPIs are hexade cimal (0123456789abcedf) and can range from 3 to 8 char acters in length. S Alert: Each Secu rity Association must have unique SPIs ; no two Secu[...]

  • Page 194

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 177 Creating Site-to-Site VPN Policies 12 Click the Advanced tab and sele ct any of the followin g option al settings you want to apply to your VPN policy. Select Enable Windows Networking (NetBIOS) broa dcast to allow access to remote network resources by browsing the Windows® Networ[...]

  • Page 195

    178 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 8 Define an Incoming SPI and an Outgoing SPI . The SPIs are hexade cimal (0123456789abcedf) and can range from 3 to 8 char acters in length. S Alert: Each Secu rity Association must have unique SPIs ; no two Security Associations can share the[...]

  • Page 196

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 179 Creating Site-to-Site VPN Policies Configuring a VPN Policy with IKE using a Third Party Certificate S Alert: You must have a valid certificate from a third party Certificate Author ity installed on your SonicWALL before you can configur e your VPN po licy with IKE using a third pa[...]

  • Page 197

    180 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 8 Click on the Network tab. 9 Under Local Ne tworks , select a local network from Choose local network fr om list if a specific local network can access the VPN tunnel. If host s on this side of the VPN c onnection will be obtaining their addr[...]

  • Page 198

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 181 Creating Site-to-Site VPN Policies Enter a maxim um time in seconds allo wed befor e forcing th e policy to re negotiate and exch ange keys in the Life Time field. The default settings is 28800 seconds (8 hours) . 13 In the Ipsec (Phase 2) Proposal section, select the following set[...]

  • Page 199

    182 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Select an interface or Zone from the VPN Policy b ound to menu. A Zone is the prefer red selection if you are using WAN Load Balancing and you wish to allow the VPN to use either WAN interface. 15 Click OK . 16 Click Apply on the VPN>Settin[...]

  • Page 200

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 183 VPN>Advanced C HAPTER 30 Chapter 30: Configuring Advanced VPN Settings VPN>Advanced The Advanced VPN Settings page includes optional settings that affect all VPN policies. Advanced VPN Settings • Enable IKE Dead Peer Dete ction - Select if you want inactive VPN tunnels to b[...]

  • Page 201

    184 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 30: Configuring Advanced VPN Settings • Enable Fragmented Packet Handling - If the VPN log report shows the log me ssage “Fragmented IPSec packe t dropped”, select this f eature. Do not select it until the VPN tunnel is established and in operation. Ignore DF (Don&a[...]

  • Page 202

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 185 VPN > DHCP ov er VPN C HAPTER 31 Chapter 31: Configuring DHCP Over VPN VPN > DHCP over VPN The V PN > DHCP over VPN page allows you to configure a Ho st (DHCP Client) behind a SonicWALL security appliance to obtain an IP address lease from a DHCP se rver at the othe r end [...]

  • Page 203

    186 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN 2 Select Central Gateway from the DHCP Relay Mode menu. 3 Click Configure . The DHCP over VPN Configurat ion window is displayed. 4 Select Use Internal DHCP Server to enable the SonicWALL Gl obal VPN Client or a remote firewall or bo th to us[...]

  • Page 204

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 187 VPN > DHCP ov er VPN Configuring DHCP over VPN Remote Gateway 1 Select Remote Gateway from the DHCP Relay Mode menu. 2 Click Configure . The DHCP over VPN Configuration window is displayed. 3 In the General tab, select the VPN policy to be used to relay DHCP requests from the Ce[...]

  • Page 205

    188 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN Devices 1 To configure devices on your LAN, click the Devices tab. 2 To configure Static De vices on the LAN , click Add to display the Add LAN Device Entry window, and type the IP ad dress of the device in the IP Address field and then type [...]

  • Page 206

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 189 VPN > DHCP ov er VPN Current DHCP over VPN Leases The scrolling window shows the det ails on the c urrent bindings: IP and Ethernet address of the bindings, along with the Lease Time, and Tunne l Na me. To edit an entry, click the Notepad icon under Config ure for that entry. To[...]

  • Page 207

    190 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN[...]

  • Page 208

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 191 VPN > L2TP Server C HAPTER 32 Chapter 32: Configuring L2TP Server VPN > L2TP Server The SonicWALL security applia nce can terminat e L2TP-over-IPSec connections from incom ing Microsoft Windows 2000 and Windows XP clients. In situations where r unning the SonicWALL Global VPN[...]

  • Page 209

    192 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 32: Configuring L2TP Server Configuring the L2TP Server The VPN > L2TP Server page provides the settings for co nfi guring th e SonicWALL secu rity appliance as a LT2P Server. To configure the L2TP Server , follow these steps: 1 To enable L2TP Se rver functionality on [...]

  • Page 210

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 193 VPN > L2TP Server 7 If you have configured a specific user grou p defined for using L2TP, select it from the Us er Group for L2TP users menu or use Everyone . 8 Click OK . Currently Active L2TP Sessions • User Name - the user name assigned in the local user data base or the RA[...]

  • Page 211

    194 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 32: Configuring L2TP Server[...]

  • Page 212

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 195 VPN>CA Certificates C HAPTER 33 Chapter 33: Configuring VPN Certificates VPN>CA Certificates A digital certificate is an electron ic means to ve rify identity by a trusted third party known as a Certificate Authority (CA). X.50 9 v3 certificate standard is a specification to [...]

  • Page 213

    196 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates Implementing Certificates for VPN Policies To implement the use of certificates for VPN polic ies, you must locate a source for a valid CA certificate from a thir d party CA se rvice. Once you have a valid CA ce rtificate, you can import i[...]

  • Page 214

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 197 VPN>CA Certificates 3 Click Import Certificate to import the certificate i nto the Soni cWALL security appliance. Once it is imported, you can view the Ce rtificate Details . Certificate Det ails The Certificat e Details section lists the following information: • Certificate I[...]

  • Page 215

    198 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates You can import the CRL by manually downloading t he CRL an d then importing it into the SonicWALL security ap pliance. You can also e nter the UR L lo cation of the CRL by e ntering the address in the Enter CRL’s locati on (URL) for auto[...]

  • Page 216

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 199 VPN > Local Certificates 5 To view details abou t the certificate, sele ct it from the Certificates menu in the Current Certificates section. Certificate Det ails To view de tails about th e certificate, select the certificate from the Certificates menu in the Current Certificat[...]

  • Page 217

    200 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates You can also attac h an optional Subject Alternative Name to the certificate such as the Doma in Name or E-mail Address . 4 The Sub ject Key type is preset as an RSA algorithm. RSA is a public ke y cryptographic algorithm used for encrypti[...]

  • Page 218

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 201 P ART 7 Part 7 Users[...]

  • Page 219

    202 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 220

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 203 Users>Status C HAPTER 34 Chapter 34: Managing User S t atus and Authentication Settings SonicWALL secu rity appliances provide a mechanis m for user level auth entication that gives users access to the LAN from re mote locations on the Internet as well as a means to bypass conte[...]

  • Page 221

    204 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings User>Settings On this page, you can configure th e authentication method required, global user settings, an d an acceptable user policy that is displayed to users when logg ing onto your network. Authentication Metho[...]

  • Page 222

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 205 User>Settings 1 Click Configure to set up your RADIUS server settings on the SonicWALL. The RADIUS Configuration window is displayed. 2 Define the RADIUS Server Timeout in Second s . The allowable range is 1-60 seconds with a default valu e of 5. 3 Define the number of times the[...]

  • Page 223

    206 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings RADIUS Users Click the RADIUS Users tab. RADIUS Users Settings Select Allow only users listed locally if only the users listed in the SonicWALL database are authenticated using RADIUS. Select the mechanism used for sett[...]

  • Page 224

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 207 User>Settings 2 In the Settings tab, enter a name for the group. You may ente r a descriptive comment as well. 3 In the Members tab, select the members of the group. Se lect the users or group s you want to add in the left column and click the -> button. Click Ad d All to add[...]

  • Page 225

    208 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings RADIUS Client T est You can test your RADIUS Client user name and pa ssword by typing in a valid user na me in the User field, and the password in the Passwor d field. If the validation is successful, the Status message[...]

  • Page 226

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 209 User>Settings Accept able Use Policy An acceptable use policy (AUP) is a policy users must agree to follow in orde r to access a network or the Internet. It is common practice for many businesses and educational facilit ies to require that employees or students agree to an accep[...]

  • Page 227

    210 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings[...]

  • Page 228

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 211 User > Local Users C HAPTER 35 Chapter 35: Managing Local Users and Local Group s User > Local Users Local Users are users stored and managed on the security appliance’s local database. In the he Users > Local Users page, you can view and man age all local users, add new[...]

  • Page 229

    212 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 35: Managing Local Users and Local Groups V iewing Local Users You can view all the groups a us er belongs to on the Users > Lo cal Users page. Click on the expand icon ne xt to a user to view th e group membersh ips for that user. The three columns to the right of the[...]

  • Page 230

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 213 Users>Local Groups Group s To add the user to a User Group, select on e or more groups, and click ->. The user then becomes a member of the selected groups. To remove a gr oup, select the group from the Member of column, and click <-. VPN Access To allow users to access ne[...]

  • Page 231

    214 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 35: Managing Local Users and Local Groups the table. Click the No tepad icon in the Configur e column to review or chang e the settings for Everyone . Creating a Local Group 1 Click th e Add Group button to display the Add Group window. 2 Create a user name and type it in[...]

  • Page 232

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 217 Users > Guest Services C HAPTER 36 Chapter 36: Managing Guest Services and Guest Account s Guest accounts are temporar y accounts set up for users to log into your network. You can create these accounts manually, as n eeded or generate them in batches. SonicOS includes profiles [...]

  • Page 233

    218 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts Global Guest Settings Check Show guest login status window with logout bu tton to display a user login window on the users’s workstation whenever the user is logged in. Users must keep this window open dur ing their login s[...]

  • Page 234

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 219 Users > Guest Accounts  Enforce login uniqu eness : Check this to allow only a single instance of an account to be used at any one time. By default, this feature is enab led when creating a new guest account. If you want to allow multiple user s to login wit h a single accoun[...]

  • Page 235

    220 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts T o Add an Individual Account: 1 Under the list of accounts, click Add Guest . 2 In the Settings tab of the Add G uest Accoun t window configure:  Profile : Select the Guest Pro f ile to generate this account from.  Nam[...]

  • Page 236

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 221 Users > Guest Accounts T o Generate Multiple Account s 1 Under the list of acco unts, click Generate . 2 In the Settings tab of the Genera te Guest Accounts w indow co nfigure:  Profile : Select the Guest Profile to generate the accounts from.N umber of Accounts:  Number o[...]

  • Page 237

    222 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts 1 Check the box in the Enable column next to the name of th e account you want to enable. Check the Enable box in the ta ble heading to enable all accounts on the page. 2 Click on Apply in the top right corner of the page. f [...]

  • Page 238

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 223 Users > Guest Status Users > Guest S t atus The Guest Status page reports on all th e guest account s currently logged in to the security a ppliance. The page lists: •N a m e : The name of the guest account •I P : The IP address the guest user is connecting to. • Interf[...]

  • Page 239

    224 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts[...]

  • Page 240

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 225 8 Part 8 Hardware Failover[...]

  • Page 241

    226 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 242

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 227 Hardware Failover > Settings C HAPTER 37 Chapter 37: Setting Up Hardware Failover Hardware Failover > Settings Hardware Failover a llows two identical SonicWALL PRO Ser ies security appliances running SonicOS Enhanced to be configured to pr ovide a reliable, cont inuous conne[...]

  • Page 243

    228 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover services are affected, physical (or logical) link de tection is detected on monitored interfaces , or when the SonicWALL loses po wer. The self-checking mechanism is m anaged by softwar e diagnostics, which check the complete system integr[...]

  • Page 244

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 229 Hardware Failover > Settings • Once Hardware Failover ha s been configured and activated, upon first prefe r ences synchronization, the Backup SonicWALL se curity ap pliance automatically reboots in orde r to load the mirrored prefer ences – this is normal behavior. • At p[...]

  • Page 245

    230 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover Intial Hardware Failover Setup Before you begin the configuration of Hardware Failover on the Primary SonicWALL secur ity appliance, perform th e following intial setup procedu res. • On the back of the Backup SonicWALL security app lian[...]

  • Page 246

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 231 Hardware Failover > Settings Configuring Hardware Failover The first task in setting up hardware failover after intial setup is config uring the Hardware Failover>Settings pag e on the Primary SonicWALL security app liance. Once you configure hardware failover on th e Primary[...]

  • Page 247

    232 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover Log into the Backup SonicWALL’s uniqu e LAN IP ad dress. If this SonicWALL secu rity appliance has not been registered at mySon icWALL.com, register it. The Management Interfa c e should now display Logged Into: Backup SonicWALL Status :[...]

  • Page 248

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 233 Hardware Failover > Settings Sychronizing Firmware Checking the Sychronize Firmware Up load and Reboot checkbox allows the Prim ary And Backup SonicWALL security appliances in Har dware Failover mode to have firmware uploaded on both devices at on ce, in stagge red seque nce to [...]

  • Page 249

    234 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover during config uration. If preempt mode is en abled, the primary Son icWALL becom es the ac tive firewall and the backup fire wall returns to Idle status. • E-mail Alerts Indicating Status Ch ange - If you have configured the primary Son [...]

  • Page 250

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 235 P ART 9 Part 9 Security Services[...]

  • Page 251

    236 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 252

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 237 Security Services>Summary C HAPTER 38 Chapter 38: Managing Security Services Security Services>Summary SonicWALL, Inc. offers a variety of subscription -b ased Security Services a nd Upgrades to enhance the functiona lity of your SonicWALL se curity a ppliance to provide comp[...]

  • Page 253

    238 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 38: Managing Security Services Creating a mySonicWALL . com account is easy and FREE. Simply complete an online registratio n form. Once your account is created, you can r egister So nicWALL security app liance and activate SonicWALL Secur ity Services associat ed with th[...]

  • Page 254

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 239 Security Services>Summary Manage Licenses Clicking the Manage Licenses button displays the mySonicWALL. com Login page. Enter your mySonicWALL.com userna me and password in the User Name and Pa ssword fields, and then click Submit . The System>Licenses page is displayed with [...]

  • Page 255

    240 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 38: Managing Security Services[...]

  • Page 256

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 241 Security Services>Content Filter C HAPTER 39 Chapter 39: Configuring SonicW ALL Content Filter Security Services>Content Filter The Security Ser vices >Content Filter page allows you to configu re the SonicWALL Restrict Web Features and Trusted Dom ains settings, which are[...]

  • Page 257

    242 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter • SonicWALL CFS Premium blocks 56 categor ies of objectionable, inappro priate or unproductive Web content. SonicWALL CFS Premium provides network adm inistrators w ith greater control b y automatically an d transparen tly enforc[...]

  • Page 258

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 243 Security Services>Content Filter 3 Click Activate or Renew in the Manage Service column in the Manage Services Online table. Type in the Activation Key in the New License Key field and click Submit . Your SonicWALL CFS subscription is activated on your SonicWALL. 4 If you activa[...]

  • Page 259

    244 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter Restrict W eb Features Restrict Web Feat ures enhances your network security by blocking poten tially harmful Web applications from entering your network. Restrict Web Feat ures are included with SonicOS. Select any of the foll owi[...]

  • Page 260

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 245 Security Services>Content Filter To delete all trus ted domains, click Delete Al l . To edit a trusted domain entry, click the No tepad icon. Message to Display when Blocking You can enter your customized text to display to t he user wh en a ccess to a blocked si te is attempt e[...]

  • Page 261

    246 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter S Alert: Do not include the prefix “http://” in eithe r the Allowed Domains or Forbid den Domains the fields. All subdomains are affected. For example, ente ring “yahoo.com” applies to “mail.yahoo.com” and “my.y ahoo.[...]

  • Page 262

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 247 Security Services>Content Filter the Internet again. To configur e the value, follow the link to the Users window and enter the desired value in the User Idle Timeout section. • Consent Page URL (optional filter ing) - When a user opens a Web browser on a co mputer requiring c[...]

  • Page 263

    248 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter[...]

  • Page 264

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 249 Security Services>Anti-Virus C HAPTER 40 Chapter 40: Activating SonicW ALL Network Anti-V irus Security Services>Anti-V irus By their nature, anti-virus products typically require regular, active maintenan c e on every PC. When a new virus is discovered, all anti-v irus softw[...]

  • Page 265

    250 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 40: Activating SonicWALL Network Anti-Virus Activating SonicW ALL Network Anti-V irus If SonicWALL Network Anti-Virus is no t activa ted, you mu st activate it. If you do no t have an Activa tion Key, you m ust purcha se SonicWALL Network Anti-Vir us from a SonicWALL rese[...]

  • Page 266

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 251 Security Services>E-Mail Filter security appliance is alrea dy connected to your mySonicWALL.com account, th e System>Licen ses page appears after you click the FREE TRIAL link. 3 Click FREE TRIAL in the Manage Service column in the Manage Services Online table. Your SonicWAL[...]

  • Page 267

    252 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 40: Activating SonicWALL Network Anti-Virus[...]

  • Page 268

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 253 Security Services > Intrusion Prevention C HAPTER 41 Chapter 41: Activating Intrusion Prevention Service Security Services > Intrusion Prevention SonicWALL Intru sion Preven tion Service (Son icWALL IPS) deliv ers a configura ble, high perf ormance Deep Packet Inspection engi[...]

  • Page 269

    254 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service Inspection engine can also read signatures wr itten in the popular Snort format, allowing SonicWALL to easily in corporate new signa tur es as they are published by third parties. SonicWALL mainta ins a current an d robust sign [...]

  • Page 270

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 255 Security Services > Intrusion Prevention How SonicW ALL ’ s Deep Packet Inspection Works Deep Packet Inspection t echnology enables th e firewall to investigate farther into the prot ocol to examine information at the application layer a nd defend against attacks targeting app[...]

  • Page 271

    256 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service • Intrusion Detection - a process of identifying and flagging malicious activity aimed at information technology. • False Positive - a false ly identified attack traffic pattern. • Intrusion Prevention - finding an omalies[...]

  • Page 272

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 257 Security Services > Intrusion Prevention Activating SonicW ALL IPS If you have an Activation Key for your SonicW ALL IPS, follow these steps to activate IPS : 1 Click the SonicWALL IDP Subscription link on the Security Services>Intrusion Prevention page. The mySonicWALL.com L[...]

  • Page 273

    258 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service[...]

  • Page 274

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 259 P ART 10 Part 10 Log[...]

  • Page 275

    260 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 276

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 261 Log > View C HAPTER 42 Chapter 42: Managing Log Event s Log > V iew The SonicWALL security appliance main tains an Event log for tracking potential s ecurity threats. This log can be viewed in the Log > View pag e, or it can be automatically sent to an e-mail ad dress for [...]

  • Page 277

    262 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Log V iew T able The log is disp layed in a table and is sor table by column. The log table co lumns include: •T i m e - the date and time of the event. •P r i o r i t y - the level of priority associated with your log event. Syslog uses eight [...]

  • Page 278

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 263 Log Event Messages Export Log To export the contents of the log to a defined destination, click the Ex port Log button.You can export log content to two formats: • Plain text format --Used in log and alert email. • Comma-sepa rated valu e ( CSV ) format --Used for importing int[...]

  • Page 279

    264 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Alert Log Messages Critical Log Messages Error Log Messages Message ID Priority Description of Log Event 29 Alert Administrat or login allowed 30 Alert Administrator login d enied 31 Alert Local user login allowed 32 Alert Local user login denie d [...]

  • Page 280

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 265 Log Event Messages 119 logstrDHCPCVe rifyFailInit Error DHCP Client failed to verify and lease has expired. Go to INIT state. 120 logstrDHCPCVerif yFailBound Error DHC P Client failed to verify and lease is still valid. Go to BOUND state. 121 logstrDHCPCGotNewIP Error DHCP Client g[...]

  • Page 281

    266 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 472 logstrDhcpr NoRelayIpAv ailable Err or WARNING: Central Gateway does not have a Relay IP Address. DHCP message dropped. 473 logstrDhc prRequestM essage Error DHCP REQU EST received from remote device 474 logstrDhcprDiscoverMessage Error D HCP D[...]

  • Page 282

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 267 Log Event Messages W arning Log Messages 572 logStrOlderPrefs Error A prior version of preferences was loaded because th e most recent preferences file was inaccessible 573 logStrPrefsTooBig Error The preferences file is too large to be saved in available flash memory 574 logStrPre[...]

  • Page 283

    268 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 239 log strVpnNatTravPeerBehindNat Warning NAT Discovery: Peer IPSec Security Gateway behind a NAT/ NAPT Device 240 log strVpnNatTravWeBehindNat Warning NAT Discovery: Local IPSec Security Gateway behind a NAT/ NAPT Device 241 logstrVpnNatTravNo Na[...]

  • Page 284

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 269 Log Event Messages 307 lo g strWanModeIs Warning The network connection in use i s %s 326 lo g strWfoProbeFailed Warning Probing failure on %s 342 logstrLogIkeP roposalBadModeForX auth Warning IKE Responder: Mode %d - not transport mode. Xauth is re quired but not supported by peer[...]

  • Page 285

    270 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 450 logPkeEntityCertLimit Warning PKI Failure: Reached the limit for local certs, cannot load any more 451 log PkeImportFailed Warn ing PKI Failure: Import fa iled 452 log PkeBadPassword Warning PKI Failure: Incorre c t admin password 453 logPkeCaC[...]

  • Page 286

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 271 Log Event Messages 470 logPkeCouldNotV alidateCha in Warning PKI Failure: Loade d the certificate but could not verify it's chain 483 logstrInvalidId Warning R eceived notify : INVALID_ID_INFO 487 lo g strWlanFirmwareUpdated Warning wlan firmware image has bee n updated 488 lo[...]

  • Page 287

    272 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Notice Log Messages 556 log strWlanPassiveRogueAP Warning Found Rogue Access Point 581 logstrWlbOnSpill Warning WLB Sp ill-over started, configured threshold excee ded 582 logstrWlbOffSpill W arnin g WLB Spill-over stopped 584 log strWlbFailover Wa[...]

  • Page 288

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 273 Log Event Messages 253 logstrLogIkeProposalAddrWithDefG w Notice IKE Responder: Default LAN gateway is set but peer is not proposing t o use this SA a s a default rou te 254 logstrLogIkeProposalOutsideNotNat Pub Notice IKE Respon der: Tunnel terminates outside firewall but propose [...]

  • Page 289

    274 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Info Log Messages Message ID Log Event Priority Description of Log Event 0 logstrL ogHeader1 In fo Log (part 1 logstrLogHeader2 I nfo ) dumped to email at 2 logstrL ogEmailSubjec t Info Log file fro m SonicWALL 3 logstrAlertEmailSub ject Info *** A[...]

  • Page 290

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 275 Log Event Messages 43 logstrIpsecInterruptErr Info IPSec connection interrupt 44 logstrNATCouldntRemap Info NAT could not remap incoming packet 45 logstrArpFailure Info ARP timeout 46 logstrBroadcastDropped Info Broa dcast packet dropped 47 logstrNoICMPRedirectSent In fo No ICMP re[...]

  • Page 291

    276 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 85 logstrLocalRange Info local range: 86 logstrRemoteRa nge I nfo remote range: 96 logstrLogStatusEvent Info Status 97 logstrSyslogWebSiteAccessed Info #Web site hit 98 logstrSyslogConnectionLog ged Info Connection Opened 123 logstrAVAccessWithout [...]

  • Page 292

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 277 Log Event Messages 147 logstrHaIdleBackup Info Backup firewall has transitioned to Idle 148 logstrHaMissedHeartbeatPrimary In fo Primary missed heartbeats from Backup 149 logstrHaMissedHeartbeatBackup Info Backup missed heartbeats from Primary 150 logstrHaErrorReceivedPrimary Info [...]

  • Page 293

    278 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 169 logstrPpp oeLcpUnacked Info No response from ISP Disconnecting PPPoE. 170 logstrBackupActivePreemp t Info Backup going Active in preem pt mode afte r reboot 171 logstrVpn Info VPN Log 172 logstrVpn Debug Info VPN Log Debug 173 logstrLanTCPDenie[...]

  • Page 294

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 279 Log Event Messages 195 logstrTCPStatFIN Info VPN TCP FIN 196 logstrTCPStatPSH Info VPN TCP PSH 197 logstrCflSubscrip tionExpiredE mailS ubject Info Content fi lter subscription expired. 201 logstrL2tpTunnelStarting Info L2TP Tunnel Negotiation Started 202 logstrL2tpSessionStarting [...]

  • Page 295

    280 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 245 logstrUserL oginRadiusError Info User login denied - RADIUS configuration error 246 logstrUse rLoginFromWrongLocation Info User login denied - User has no privileges for login from that location 248 logstrFor biddenAtt Deleted Info Forbidd en E[...]

  • Page 296

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 281 Log Event Messages 298 logstrPppduIpcpFailed Info PPP Dial-Up: Failed to get IP address 299 logstrPppduIpcpUp Info PPP Dia l-Up: Received new IP address 300 logstrPppduPppEst Info PPP Dial-Up: PPP link established 301 logstrPppduLinkDown In fo PPP Dial-Up: PPP link down 302 logstrP[...]

  • Page 297

    282 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 321 logstrPppduNeedManualAction Info PPP Dial-Up: Manual intervention needed. Check Primar y Profile or Profile details 322 logstrWfoManualProfile Info PPP Dia l-Up: Trying to failover but Primary Profile is manual 323 logstrPppduAutoDetect Inf o P[...]

  • Page 298

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 283 Log Event Messages 377 logstrPptpMaxReTransExceed Info PPTP Max Retransmission Exceeded 378 logstrPptpCtrlConnEstablished Info PPTP Control Connection Established 379 logstrPptpTunnelDisconRem Info PPTP Tunnel Disconnect from Remote 380 logstrPptpSessionSuccess In fo PPTP Session E[...]

  • Page 299

    284 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 402 logstrLogIkePro posalReject Info IKE Responder: IKE proposal does not match (Phas e 1) 403 logstrLogIkeAbo rt Info IKE negotiation abor ted due to timeout 404 logstrDecryptFailedWithPsk Info Failed payload verification after decryption. Possibl[...]

  • Page 300

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 285 Log Event Messages 441 logstrRuleModified Info Access Rule modified 442 logstrRuleDeleted Inf o Access Rule deleted 443 logstrRuleTableDefaulted Info Access Rules restored to defaults 444 logstrPptpServerDown Info PPTP Server is not responding , check if the server is UP and runnin[...]

  • Page 301

    286 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 526 logstrWebAccessReque stRcvd Info Web management reque st allowed 527 logstrFtpPortBounceAtta ck Info FTP: PORT bounce attack dropped. 528 logstrFtpPasvBou n ceAttack Info FTP: PASV response bounce attack dropped. 537 logstrSyslogCloseLogg ed In[...]

  • Page 302

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 287 Log Event Messages 609 logstrIDPPreventionAlert Info IPS Prevention Alert: %s 614 logstrIDPExpiredMsg Info Received IPS Alert: Your SonicWALL Intrusion Prevention (IDP) subscription has expired. 622 logstrVoipCallConnect I nfo VoIP Call Connected 623 logstrVoipCallDisconnect In fo [...]

  • Page 303

    288 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Debug Log Messages 652 logstrVoipSpar e31 Info unused/spare 653 logstrVoipSpar e32 Info unused/spare 655 logstrLog SyslogDataRa teExceede d In fo Maximum syslog data per second threshold exceeded 656 logstrLogSpare 3 Info unused/spare 657 logstrLog[...]

  • Page 304

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 289 Log Event Messages 364 logstrCryptRsaTestFail e d Debug Crypto RSA test failed 365 logstrCryptSha1TestFa iled Debug Crypto Sha1 test failed 366 logstrCryptHwDesT e stFailed Debug Cr ypto hardware DES test failed 367 logstrCryptHw3DesTestFailed Deb ug Cr ypto Hardware 3D es test fai[...]

  • Page 305

    290 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 618 logstrBootpCentralAck Debug BOOTP server r esponse relayed to remote device 619 logstrBootpReplyConflict Debug B OOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table 620 logstrBootpRemoteAck Debug[...]

  • Page 306

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 291 Log > Categories C HAPTER 43 Chapter 43: Configuring Log Categories Log > Categories This chapter provides configur ation tasks to enable you to categorize and custo mize the logging functions on your SonicWALL security app lian c e for troublesho oting and diagnostics.  [...]

  • Page 307

    292 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 43: Configuring Log Categories Log Priority This section provides information on config uring the level of priority log messages are captured and corresponding alert message s are sent through e-mail for notification. Logging Level The Logging Level contr o l filters event[...]

  • Page 308

    S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 293 Log > Categories of attacks evolved, it’s become essential to dig de eper into the traffic, and to develop the sort of adaptability that could keep pace with the new threats. All SonicWALL secu rity appliance s, even thos e running SonicWALL IP S, continue to recognize th ese[...]

  • Page 309

    294 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 43: Configuring Log Categories Managing Log Categories The Log Categories table d isplays log category informat ion organized into the following columns : • Categor y - Displays log c ategory name. • Description - Provides description of the log category activity type.[...]

  • Page 310

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 295 Log > Syslog C HAPTER 44 Chapter 44: Configuring Syslog Settings Log > Syslog In addition to the standard event log, the SonicWA LL security appliance can send a detailed log to an external Syslo g server. T he SonicWA LL Syslog captures all log activity and includes every co[...]

  • Page 311

    296 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 44: Configuring Syslog Settings Syslog Settings Syslog Facility • Syslog Facility - Allows you to select the facilities and severities of the messages based on the syslog protoc ol. Â Cross Reference: See RCF 3 164 - The BSD Syslog Protocol for more information. • Ov[...]

  • Page 312

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 297 Log > Automation C HAPTER 45 Chapter 45: Configuring Log Automation Log > Automation The Log>Automation pag e includes settings for configuring the SonicWALL to send log files using e-mail and configu ring mail server settings. E-mail Log Automation • Send Log to E-mail [...]

  • Page 313

    298 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 45: Configuring Log Automation standard e-mail address or an e- mail paging service. If this field is left blank, e-mail alert messages are not sent. •S e n d Log - determines the freq uency of sending log files. The options are When Full , Weekly , or Daily . If the We[...]

  • Page 314

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 299 Log > Reports C HAPTER 46 Chapter 46: Generating Log Report s Log > Report s The SonicWALL security appliance can perform a rolling analysis of th e event log to show the top 25 most frequently accessed Web sites, the top 25 us ers of bandwidth by IP addres s, and the top 25 [...]

  • Page 315

    300 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 46: Generating Log Reports Dat a Collection The Reports window includes the followin g functions and commands: •S t a r t D a t a Collection Click Start Data Collection to begin log an alysis. When log analysis is enabled, the butto n label changes to Stop Dat a Collect[...]

  • Page 316

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 301 Log > ViewPoint C HAPTER 47 Chapter 47: Activating and Enabling SonicW ALL V iewPoint Log > V iewPoint SonicWALL ViewPoint is a Web-based grap hical repo rting tool that provides unprecedented security awareness and control over your network environment thr ough detailed and [...]

  • Page 317

    302 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 47: Activating and Enabling SonicWALL ViewPoint Activating V iewPoint The Log>ViewPoint page allows you to activate the ViewPo int license directly from the SonicWALL Management Interface using two methods. If you received a license activation key, ente r the activatio[...]

  • Page 318

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 303 Log > ViewPoint Enabling V iewPoint Settings Once you have installed the SonicWAL L ViewPoint software, you can point the SonicWALL security appliance to the server running ViewPoint. 1 Check the Enable ViewPoint Settings checkbox in the Syslog Server s section of the Log>Vie[...]

  • Page 319

    304 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 47: Activating and Enabling SonicWALL ViewPoint[...]

  • Page 320

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 305 P ART 11 Part 11 Wi z a r d s[...]

  • Page 321

    306 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :[...]

  • Page 322

    307 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE C HAPTER 48 Chapter 48: Configuring Internet Connectivity Using the Setup Wizard Internet Connectivity Using the Setup Wiz a r d The first time you log into the SonicWALL, the Setup Wizard is launched automati cally. To launch the Setup Wizard at any from the Mana gement Interf ace[...]

  • Page 323

    308 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Setup Wizard  Note: Your Web browser must b e Java-enabled and su pport HTTP uploads in or der to fully manage SonicWALL. In ternet Explo rer 5.0 an d above as well as N etscape Nav igator 4.0 and abov e meet[...]

  • Page 324

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 309 Internet Connectivity Using the Setup Wizard S t ep 2: Change Time Zone 3 Select the appropriate Time Zone from the Time Zone menu. The SonicWALL inter nal clock is set automatically by a Network Time Server on the Internet. Click Next . S t ep 3: W AN Network Mode 4 Confirm that y[...]

  • Page 325

    310 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 4: W AN Network Mode: NA T Enabled 6 Enter the public IP address provided by yo ur ISP in the SonicWALL WAN IP Address , then fill in the rest of the fields: WAN/OPT/DMZ Subnet Mask , WAN Gateway (Router) A[...]

  • Page 326

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 311 Internet Connectivity Using the Setup Wizard S t ep 6: LAN DHCP Settings 8 The Optional-SonicWALL DHCP Serve r window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatica lly configures the IP settings of computers on the LAN. To enable the DHCP server, select[...]

  • Page 327

    312 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Storing SonicW ALL Configuration Setup Wizard Complete 10 The SonicWA LL stores the networ k settings. 11 Click Restart to restart the SonicWALL. The SonicWALL takes approximately 90 seconds or longer to restart[...]

  • Page 328

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 313 Internet Connectivity Using the Setup Wizard 1 Click the Setup Wizard button on the Net work>Settings page. 2 Read the instructions on the Welcome window and click Next to continue. S t ep 1: Change Password 3 To set the password, enter a new pa ssword in the New Password and Co[...]

  • Page 329

    314 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 3: W AN N etwork Mode 5 Select DHCP , the Obtain an IP address automat ically w indow is displayed. Click Next . Step 4: W AN Network M ode: NA T with DHCP Client 6 The Obtain an IP address automatically wi[...]

  • Page 330

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 315 Internet Connectivity Using the Setup Wizard S t ep 5: LAN Settings 7 The Fill in information about your LAN page allows the configuration of SonicWALL LAN IP Addresses and Subnet Masks. SonicWALL LAN IP Addresses are the private IP addr esses assigned to the LAN of the SonicWAL L.[...]

  • Page 331

    316 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Configuration Su mmary 9 The Configuration Summary windo w displays the configuration defined using the Installation Wizard . To modify any of the setting s, click Back to return to the Conn ecting to th e Inter[...]

  • Page 332

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 317 Internet Connectivity Using the Setup Wizard S t oring SonicW ALL Configuration Setup Wizard Complete 10 Click Restart to restart the SonicWALL. The SonicWALL takes 90 se conds to restart . During this time, the yellow Test LED is lit. 9 Ti p: The new SonicWALL LAN IP address, disp[...]

  • Page 333

    318 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard 1 Click th e Setup Wizard button on the Network>Setting s page. 2 Read the instructions on the Welcome window and click Next to continue. Step 1: Change Password 3 To set the p assword, en ter a ne w password[...]

  • Page 334

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 319 Internet Connectivity Using the Setup Wizard S t ep 2: Change Time Zone 4 Select the appropriate Time Zone from the Time Zone menu. The SonicWALL inter nal clock is set automatically by a Network Time Server on the Internet. Click Next . S t ep 3: W AN Network Mode 5 The SonicWALL [...]

  • Page 335

    320 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 4: W AN N etwork M ode: NA T with PPPoE Client 6 Select whether to use a dynamic o r static IP address, and enter the user name and password provided by your ISP into the User Name and Password fields. Clic[...]

  • Page 336

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 321 Internet Connectivity Using the Setup Wizard S t ep 6: DHCP Server 8 The Optional-SonicWALL DHCP Serve r window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatica lly assigns IP settings to computers on the LAN. To enable the DHCP server, select Enable DHCP [...]

  • Page 337

    322 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Storing SonicW ALL Configuration 9 Tip : The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manag e the SonicWALL. Setup Wizard Complete 10 Click Re[...]

  • Page 338

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 323 Internet Connectivity Using the Setup Wizard 1 Click the Setup Wizard button on the Net work>Settings page. 2 Read the instructions on the Welcome window and click Next to continue. S t ep 1: Change Password 3 To set the password, enter a new pa ssword in the New Password and Co[...]

  • Page 339

    324 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 2: Change Time Zone 4 Select the appro priate Time Zone from the Time Zone menu. The So nicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next . Step 3: W AN N etwo[...]

  • Page 340

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 325 Internet Connectivity Using the Setup Wizard S t ep 4: W AN Network Mode: NA T with PPTP Client 6 Enter the user name and passwo rd provided by your ISP into the User Name and Password fields. Click Next . S t ep 5: LAN Settings 7 The LAN Settings page allows the configuration of S[...]

  • Page 341

    326 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 6: DHCP Server 8 The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatically assigns IP settings to compute r s on the LAN. To enable the DHCP ser[...]

  • Page 342

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 327 Internet Connectivity Using the Setup Wizard S t oring SonicW ALL Configuration 9 Ti p: The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL. Setup Wizard Complete 10 Click Restart to restart the Soni[...]

  • Page 343

    328 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard[...]

  • Page 344

    329 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE C HAPTER 49 Chapter 49: Configuring a Public Server with the Wizard Create a Server with the Public Server Wizard 1 Start wizard: In the navigator, click Wizards .[...]

  • Page 345

    330 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard 2 Select Public Serve r Wizard and click Next . 3 Select the type of server from the Serv er Type list. Depending on the type you select, the available services change. Check the box for the services you ar e enabling on thi[...]

  • Page 346

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 331 6 Click Next . 7 Enter the public IP add ress of the server. The defau lt is the WAN public IP address. If you enter a different IP, the Public Server Wi zard will create an addr ess object for that IP address and bind the address object to the WAN zone. 8 Click Next . 9 The Summar[...]

  • Page 347

    332 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard The wizard creates the address object for the new se rver. Because the IP address of the server added in the example is in the IP address ra nge assigned to the DMZ, the wizard binds the address object to the DMZ zone. It gi[...]

  • Page 348

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 333 9 Ti p: The new IP address used to access the new server, internally and externally is displayed in the URL field of the Congratulations window. 11 Click Close to close the wizard.[...]

  • Page 349

    334 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard[...]

  • Page 350

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 335 Configuring GroupVPN using the VPN Policy Wizard C HAPTER 50 Chapter 50: Configuring VPN Policies with the VPN Policy Wizard Configuring GroupVPN using the VPN Policy Wizard The VPN Policy Wizard walks you step-by-step thr ough the configuration of GroupVPN on the SonicWALL. After [...]

  • Page 351

    336 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 3. In the VPN Policy Type page, select WAN GroupVPN and click Next . 4. In the IKE Phase 1 Key Met hod page, you select the authenticati on key to use for this VPN policy:  Default Key : If you choose the de fau[...]

  • Page 352

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 337 Configuring GroupVPN using the VPN Policy Wizard 6. In the IKE Security Settings page, you select the security sett ings for IKE Phase 2 negotiations and for the VPN tunnel. You ca n use the defaults settings.  DH Group : The Diffie-Hellman (D H) group are the group of numbers u[...]

  • Page 353

    338 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard  Note: If you enable user authenticatio n, the users must be entered in the SonicWALL database for authentication. Users are en tered into the SonicWALL database on the Users>Local Users page, and then added [...]

  • Page 354

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 339 Configuring a Site-to-Site VPN using the VPN Wizard Configuring a Site-to-Site VPN using the VPN Wizard You use the VPN Policy Wizard to create the site-to-site VPN policy. Using the VPN Wizard to Configure Preshared Secret 1. On the System>St atus page, click on W i zards . 2. [...]

  • Page 355

    340 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 4. In the Creat e Site-to-Site Policy page, enter th e following informat ion: • Policy Name : Enter a name you can use to refer to the poli c y . For example, Boston Of fice. • Preshared Key : Enter a characte[...]

  • Page 356

    S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 341 Configuring a Site-to-Site VPN using the VPN Wizard For this example, select LAN Subnet s . • Destination Networks : Select the network resources on the destination end of the VPN T un- nel. If the object or group does no t exist, select Create new Address Object or Create new Ad[...]

  • Page 357

    342 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 9. The Configuration Summary page details the settings that will be pushed to the security appli- ance when you apply the configu ration. 10. Click Apply to create the VPN.[...]

  • Page 358

    343 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE Chapter 51: Index Numerics 802.11a 121 802.11g 121 A acceptable us e policy 211 access aules bandwidth man agement 134 access point IDS 130 access points SonicPoints 119 access rules adding 135 advanced options 139 deleting 135 display ing traffic statistics 135 editing 135 enablin[...]

  • Page 359

    Index 344 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE diagnostics DNS name lookup 44 find network path 44 packet trac e 45 ping 44 tech report 46 trace route 47 Diffie-Hellman, see DH group Distributed En forcement Architecture (DEA) 253 DNS configuring 77 inherit settings dynamically 77 specify DNS servers manually 77 with L2TP[...]

  • Page 360

    Index S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE 345 info log messages 274 legacy attacks 292 log categories 29 4 mail server settings 297 notice log messag es 272 redundancy filter 292 view table 262 viewing events 261 warning log messages 26 7 login status window 218 logs priority, configuring 292 loopback policy 332 M manag[...]

  • Page 361

    Index 346 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE S SDP 124 , 157 security services licenses 23 manage licenses 239 manual upgrade 25 manual upgrade for close d environments 25 settings 239 summary 238 service group public server wizard 332 services 145 adding cust om services 147 adding cust om services group 148 default se[...]

  • Page 362

    Index S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE 347 VPN 161 , 185 active L2TP sessions 19 5 active tunnels 164 advanced settings 185 CA certificates 197 CRL 200 DF bit 186 DHCP leases 191 DHCP over VPN 187 central gateway 187 remote gat eway 189 DHCP relay mode 187 export client policy 170 global security client 161 global VP[...]

  • Page 363

    Index 348 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE[...]

  • Page 364

    © 200 4 Soni cWALL, I n c . Soni cWALL is a reg istered tradem ark of S onicWAL L, I n c . Other produ ct and c ompany n ame s men tioned h erein ma y be t r ademar ks and/ or re gi stered tr ade m arks of the ir respe cti ve com pan ie s. Speci f icat ions and desc ription s subject to chang e with out n otice. T: 408.745.9600 F: 408.745.9300 www[...]