SonicWALL INTERNET SECURITY APPLIANCE User Manual

SONICWALL
Internet Security Appliances
Contents
Copyright Notice ...... ... ......................... ... ......................... .... ... ....... 5
About this Guide ......... ......................... ... ......................... .............. 7
SonicWALL Technical Support ......................................................... 8
1 Introduction
Your SonicWALL Internet Security Appliance ................................... 9
SonicWALL Internet Security Appliance Functional Diagram .............10
SonicWALL Internet Security Appliance Features .............................11
2 SonicWALL Installation
Inspecting the Package .................................................................15
Overview .....................................................................................15
Connecting the SonicWALL to the Network ..................... ................16
Performing the Initial Configuration ...............................................18
3 Managing Your SonicWALL
Status .............. .......... .............. .............. ........... .............. ........... .. 29
CLI Support and Remote Management ...........................................30
4 General and Network Settings
Network .............. ........... .......... ....... ........... ........... .......... ....... ......32
Network Settings ..........................................................................33
Standard Configuration .................................................................35
NAT with DHCP Client Configuration ..............................................37
NAT with PPPoE Configuration .......................................................39
NAT with L2TP Client ......... .... ... ......................... .... .......................41
Setting the Time and Date ............................................................43
Setting the Administrator Password ...............................................44
Setting the Administrator Inactivity Timeout ...................................45
5 Logging and Alerts
View Log .....................................................................................46
SonicWALL Log Messages .............................................................47
Log Settings .................................................................................48
Log Categories .............................................................................50
Alert Categories ............................................................................51
Reports ............ ... .... ........................ .... ......................... ... .............51
6 Content Filtering and Blocking
Categories ...................................................................................53
Time of Day .................................................................................55
List Update .................................. ......................... .......................55
Contents Page 1
Customize .............. ..................... ..................... .................. .......... 57
Keywords ............... ....... ....... ....... .... ....... ....... ....... ... ........ ....... ......59
Consent ................. ................................... ................................... 59
7 Web Management Tools
Restarting the SonicWALL .............................................................63
Preferences ............ ........... ....... .......... ........... ....... ........... .......... ...64
Exporting the Settings File ............................................................65
Importing the Settings File ............................................................66
Restoring Factory Default Settings .................................................67
Upgrade Features .........................................................................70
Diagnostic Tools ...........................................................................71
DNS Name Lookup .......................................................................71
Ping ............................................................................................72
Packet Trace ................................................................................74
Tech Support Report ....................................................................75
8 Network Access Rules
Services ................. ..................... ......................... ........................77
Windows Networking (NetBIOS) Broadcast Pass Through ................78
Detection Prevention .............................. ... ......................... .... ......78
Network Connection Inactivity Timeout ..........................................79
Add Service ................ ........................ .... ......................... .............79
Rules .................. ............................ ........................ ..................... 80
Understanding the Access Rule Hierarch y . ......................... ... ..........86
SonicWALL TELE3 and SOHO3 IP Address Management ..................89
Users .................. ....... .......... ........... .......... ....... ........... ........... ......90
SonicWALL Management ..............................................................92
SonicWALL Remote Management ..................................................93
9 Advanced Features
Proxy Relay ................................. .... ........................ .... .................96
Intranet ................. ................................... ................................... 98
Routes ................ .............. .............. .............. .......... ............... ....100
DMZ Addresses .......... ... .... ........................ .... ......................... ... .101
Delete a DMZ Address Range ........................................... ...........103
One-to-One NAT ........................................................................103
The Ethernet Tab .............. ........................ ......................... .... ....106
10 DHCP Server
Setup ........................................................................................108
Enable DHCP Server ...................................................................109
Page 2 SonicWALL Internet Security Appliance User’s Guide
Deleting Dynamic Ranges and Static Entries .................................110
DHCP Status ..............................................................................110
SonicWALL TELE3 and SOHO3 IP Address Management ................111
11 SonicWALL VPN
VPN Applications ........................................................................113
The VPN Interface ................................................. .....................114
SonicWALL VPN Client for Remote Access and Management ..........115
The Configure Tab ... ........................ .... ......................... ... ...........116
VPN Advanced Settings ...............................................................119
Advanced Settings for VPN Configurations ....................................123
Enabling Group VPN on the SonicWALL ........................................124
Group VPN Client Configuration ................... ......................... ... ....126
Manual Key Configuration for a SonicWALL and VPN Client ............129
Installing the VPN Client Software ................................................131
VPN for Two SonicWALLs ............................................................136
Example of Manual Key Configuration for Two SonicWALLs ...........139
IKE Configuration for Two SonicWALLs ........................................142
Example: Linking Two SonicWALLs using IKE ...............................145
Testing a VPN Tunnel Connection Using PING ..............................149
Configuring Windows Networking ................................................150
Adding, Modifying and Deleting Destination Networks ...................152
RADIUS and XAUTH Authentication ..............................................153
SonicWALL Enhanced VPN Logging ..............................................156
Disabling Security Associations ....................................................157
Basic VPN Terms and Concepts ...................................................158
12 SonicWALL Options and Upgrades
SonicWALL VPN Upgrade ............................................................161
SonicWALL VPN Client for Windows .............................................161
SonicWALL Network Anti-Virus ....................................................162
Content Filter List Subscription ....................................................162
SonicWALL High Availability Upgrade ...........................................162
Vulnerability Scanning Service .....................................................163
SonicWALL Authentication Service ...............................................163
SonicWALL ViewPoint Reporting ..................................................163
SonicWALL Per Incident Support ..................................................164
SonicWALL Premium Support ......................................................164
SonicWALL Extended Warranty ....................................................164
SonicWALL Global Management System .......................................164
Contents Page 3
13 Hardware Description
SonicWALL PRO 200 and PRO 300 Fron t Pan el .............................165
SonicWALL PRO 200 and PRO 300 Ba ck Pane l ............... ...............166
SonicWALL PRO 100 Front Panel ............................................. ... .167
SonicWALL PRO 100 Front Panel Description ................................167
SonicWALL PRO 100 Back Panel .......... ......................... ...............168
The SonicWALL PRO 100 Back Panel Descript ion .................. .... ... .168
SonicWALL SOHO3 and TELE3 Front Panel ...................................169
SonicWALL SOHO3 and SonicWALL TELE3 Front Panel Description .169
SonicWALL SOHO3 and TELE3 Back Panel ....................................170
The SonicWALL SOHO3 and TELE3 Back Panel Description ............170
14 Troubleshooting Guide
The Link LED is off. ....................................................................172
A computer on the LAN cannot access the Internet. ......................172
The SonicWALL does not establish authenticated sessions. ............172
The SonicWALL does not save changes that you have made. .........173
Duplicate IP address errors .........................................................173
Machines on the WAN are not reachable. .................. .... ...............173
15 Appendices
Appendix A - Technical Specifications ...........................................174
Appendix B - Introduction to Networking ................ ......................178
Overview ................................................................................... 178
Network Hardware Components ..................................................178
Network Types ...........................................................................178
Firewalls .................................................................................... 178
Gateways ............ ........................ .... ........................ .... ...............179
Network Protocols ......................................................................179
IP Addressing .............................................................................180
Appendix C - IP Port Numbers .....................................................183
Appendix D - Configuring TCP/IP Settings ................................ ... .184
Appendix E - Erasing the Firmware ..............................................186
Appendix F - Securing the SonicWALL .................................. ........188
Mounting the SonicWALL PRO 200 and SonicWALL PRO 300 ..........188
Appendix G - Electromagnetic Compatibility ..................................189
SonicWALL PRO 200 and SonicWALL PRO 300 ..............................189
SonicWALL PRO 100, SonicWALL SOHO3 an d SonicWALL TELE3 ....190
Notes ........................................................................................192
Page 4 SonicWALL Internet Security Appliance User’s Guide
Copyright Notice
©
2001 SonicWALL, Inc. All rights reserved.
Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loan ed to another person. Under the law, copying includes translating into another language or format.
SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein can be trademarks and/or registered
trademarks of their respective companies. Specifications and descriptions subject to change without notice.
LIMITED WARRANTY
SonicWALL, Inc. warrants the SonicWALL Internet Security Appliance (the Product) for one (1) year from the date of purchase against defects in materials and workmanship. If there is a defect in the hardware, SonicWALL will replace the product at no charge, provided that it is returned to SonicWALL with transportation charges prepaid. A Return Materials Authorization (RMA) number must be displayed on the outside of the package for the product being returned for replacement or the product will be refused. The RMA number can be obtained by calling SonicWALL Customer Service between the hours of 8:30 AM and 5:30 PM Pacific Standard Time, Monday through Friday.
Phone:(408) 752-7819 Fax:(408) 745-9300 Web: <http://www.sonicwall.com/support> This warranty does not apply if the Product has been damaged by accident, abuse, misuse,
or misapplication or has been modified without the written permission of SonicWALL. In no event shall SonicWALL , Inc. or its suppliers be liable for any damages whatsoever
(including, without limitation, damages for loss of profits, business interruption, los s of information, or other pecuniary loss) arising out of the use of or inability to use the Product.
Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion can not apply to you. Where liability can not be limited under applicable law, the SonicWALL liability shall be limited to the amount you paid for the Product. This warra nty gives you spec ific legal rights, and you can have other rights which vary from state to state.
By using this Product, you agree to these limitations of liability.
Preface Page 5
THIS WARRANTY AND THE REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, ORAL OR WRITTEN, EXPRESS OR IMPLIED.
No dealer, agent, or employee of SonicWALL is authorized to make any extension or addition to this warranty.
Page 6 SonicWALL Internet Security Appliance User’s Guide
About this Guide
Thank you for purchasing the SonicWALL Internet Security Appliance. The SonicWALL protects your Local Area Network (LAN) from attacks and intrusions, filters objectional Web sites, provides private VPN connections to business partners and remote offices, and offers a centrally-managed defense against software viruses.
This guide covers the installation and configuration of the SonicWALL SOHO3, SonicWALL TELE3, SonicWALL PRO 100, SonicWALL PRO 200 and SonicWALL PRO 300. The instructions are the same for every hardware model except where specifically noted.
Organization of This Guide
Chapter 1, Introduction, describes the features and applications of the SonicWALL. Chapter 2, SonicWALL QuickStart Installation, demonstrates how to connect the
SonicWALL to your network and perform the initial configuration. Chapter 3, Managing Your SonicWALL, provides a brief overview of the SonicWALL Web
Management Interface. Chapter 4, Network Set tings, describes the configuration of the SonicWALL IP setting s,
time and password. Chapter 5, Logging and Alerting, illustrates the SonicWALL logging, alerting and
reporting features. Chapter 6, Content Filtering and Blocking, describes SonicWALL Web content filtering,
including subscription updates and customized Web blocking. Chapter 7, Web Management Tools, provides directions to restart the SonicWALL,
import and export settings, upload new firmware, and perform diagnostic tests. Chapter 8, Network Access Rules, explains how to permit and block traffic through the
SonicWALL, set up servers, and enable remote management. Chapter 9, Advanced Features, describes advanced SonicWALL settings, such as One-to-
One NAT, Automatic Web Proxying and DMZ addresses. Chapter 10, DHCP Server, describes the configuration and setup of the SonicWALL DHCP
server. Chapter 11, SonicWALL VPN, explains how to create a VPN tunnel between two
SonicWALLs and from the VPN client to the SonicWALL. Chapter 12, SonicWALL Options and Upgrades, presents a brief summary of the
SonicWALL's subscription services, firmware upgrades and other options. Chapter 13, Hardware Description, illustrates and describes the SonicWALL front and
back panel displays. This chapter is divided into three sections f or the Son icW ALL SOHO3 and SonicWALL TELE3, the SonicWALL PRO 100, and the SonicWALL PRO 200 and SonicWALL PRO 300.
Preface Page 7
Chapter 14, Troubleshooting Guide, shows solutions to commonly encountered problems.
Appendix A, Technical Specifications, lists the SonicW ALL specifications. Appendix B, Introduction t o N etw ork in g, provides an overview of the Internet, TCP/IP
settings, IP security, and other general networking topics. Appendix C, IP Port Number s, offers information about IP port numbering. Appendix D, Configuring TCP/IP Settings, provides instructions for configuring your
Management Station's IP address. Appendix E, Erasing the Firmware, describes the firmware erase procedure. Appendix F, Securing the SonicWALL, details the steps necessary to safely mount the
SonicWALL on a mounting rack. Appendix G, Electromagnetic Compat ibility, presents important emissions standards
approvals and EMC information.
SonicWALL Technical Support
For fast resolution of technical question s, please visit the SonicWALL Tech Support Web site at <http://www.sonicwall.com/support>. There, you will find resources to resolve most technical issues and a Web request form to contact one of the SonicWALL Technical Support engineers.
Page 8 SonicWALL Internet Security Appliance User’s Guide
1 Introduction
Your SonicWALL Inter n et Se cu rit y Ap plian ce
The SonicWALL Internet security appliance provides a complete security solution that protects your network from attacks, intrusions, and malicious tampering. In addition, the SonicWALL filters objectionable Web content and logs security threats. SonicWALL VPN provides secure, encrypted communications to business partners and branch offices. SonicWALL VPN is included with the SonicWALL TELE3, the SonicWALL PRO 200, the SonicWALL PRO 300, and the GX series of appliances. It is also available as an upgrade.
The SonicWALL Internet security appliance uses stateful packet inspection to ensure secure firewall filtering. Stateful packet inspection is widely considered to be the most effective method of filtering IP traffic. MD5 authentication is used to encrypt communications between your Management Station and the SonicWALL Web Management Interface. MD5 Authentication prevents unauthorized users from detecting and stealing the SonicWALL password as it is sent over your network.
The SonicWALL family of Internet security appliances include eight SonicWALL models customized to the requirements of different networks.
SonicWALL Feature Chart
SonicWALL
Model
TELE3 5 Included SOHO3/10 10 Optional SOHO3/50 50 Optional PRO 100 Unlimited Optional Included PRO 200 Unlimited Included Included Optional Optional PRO 300 Unlimited Included Included Included Optional GX 2500 Unlimite d Included Included Included Optional GX 6500 Unlimite d Included Included Included Optional
Nodes VPN DMZ Port
High
Availability
Introduction Page 9
Anti­Virus
SonicWALL Internet Security Appliance Functional Diagram
The following figure illustrates the SonicWALLInternet Security Appliance functions.
By default, the SonicWALL allows outbound access from the LAN to the Internet and blocks inbound access from the Internet to the LAN. Users on the Internet are restricted from accessing resources on the LAN unless they are authorized remote u sers or Network Access Rules were created to allow inbound access.
If the SonicWALL includes a DMZ port, users on the LAN and on the Internet have full access to the devices on the DMZ.
Page 10 SonicWALL Internet Security Appliance User’s Guide
SonicWALL Internet Security Appliance Features
Internet Security
ICSA-Certified Firewall After undergoing a rigorous suite of tests to expose security vulnerabilities, SonicWALL
Internet security appliances have received Firewall Certification from ICSA, the internationally-accepted authority on network security. The SonicWALL uses stateful packet inspection, the most effective method of packet filtering, to protect your LAN from hackers and vandals on the Internet.
Hacker Attack Prevention The SonicWALL automatically detects and thwarts Denial of Service (DoS) attacks such
as Ping of Death, SYN Flood, LAND Attack, and IP Spoofing.
Network Address Translation (NAT) Network Address Translation (NAT) translates the IP addresses used on your private
LAN to a single, public IP address that is used on the Internet. NAT allows multiple computers to access the Internet, even if only one IP address has been provided by your ISP.
Network Access Rules The default Network Access Rules allow traffic from the LAN to the Internet and block
traffic from the Internet to the LAN. You can create additional Network Access Rules that allow inbound traffic to network servers, such as Web and mail servers, or that restrict outbound traffic to certain destinations on the Internet.
AutoUpdate The SonicWALL maintains the highest level of security by automatically notifying you
when new firmware is released. When new firmware is available, the SonicWALL Web Management Interface displays a link to download and install the latest firmware. The SonicWALL also sends an e-mail with firmware release notes.
DMZ Port SonicWALL PRO 100, SonicWAL L PRO 200 and SonicW ALL PRO 300 inc lude a DMZ port
allowing users to access public servers, such as Web and FTP servers. While Internet users have unlimited access to the DMZ, the servers located on the DMZ are still protected against DoS attacks.
SNMP Support SNMP (Simple Network Management Pro tocol ) is a network protocol u sed over
User Datagram Protocol (UDP) that allows network administrators to monitor the status of the SonicWALL Int ernet Security applian ces and receive notification of any critical events as they occur on the network.
Introduction Page 11
Content Filtering
SonicWALL Content Filt ering Overview You can use the SonicWALL Web content filtering to enforce your company's Internet
access policies. The SonicWALL blocks specified categories, such as violence or nudity, using an optional Content Filter List. Users on your network can bypass the Content Filter List by authenticating with a unique user name and password.
Content Filter List Updates (optional) Since content on the Internet is constantly changing, the SonicWALL automatically
updates the optional Content Filter List every week to ensure that access restrictions to new and relocated websites and newsgroups are properly enforced.
Log and Block or Log Only You can configure the SonicWALL to log and block access to obje ction al Web sites, or
to log inappropriate usage without blocking Web access.
Filter Protocols In addition to filtering access to We b sites, the SonicWALL can also block Newsgroups,
ActiveX, Java, Cookies, and Web Proxies.
Logging and Reportin g
Log Categorie s You can select the information you wish to display in the SonicWALL event log. You can
view the event log from the SonicWALL Web Management Interface or receive the log as an e-mail file.
Syslog Serve r Support In addition to the standard screen log, the SonicWALL can write extremely detailed
event log information to an external Syslog server. Syslog is the industry-standard method to capture information about network activity.
ViewPoint Reporting Monitoring critical network events and activity, such as security threats, inappropriate
Web use, and bandwidth levels, is an essential component of network security. SonicWALL ViewPoint compliments the SonicWALL security features by providing detailed and comprehensive reports of network activity. SonicWALL ViewPoint is a software application that creates dynamic, Web-based network reports. ViewPoint reporting generates both real-time and historical reports to offer a complete view of all activity through your SonicWALL Internet security appliance.
E-mail Alerts The SonicWALL can be configured to send alerts of high-priority events, such as
attacks, system errors, and blocked Web sites. When these events occur, alerts can be immediately sent to an e-mail address or e-mail pager.
Page 12 SonicWALL Internet Security Appliance User’s Guide
Dynamic Host Configuration Prot ocol ( DHC P )
DHCP Server The DHCP Server offers centralized management of TCP/IP client configurations,
including IP addresses, gateway addresses, and DNS addresses. Upon startup, each network client rece ives its TCP/IP settings automatically from the SonicWALL DHCP Server.
DHCP Client DHCP Client allows the SonicWALL to acquire TCP/IP settings (such as IP address,
gateway address, DNS address) from your ISP. This is necessary if your ISP assigns you a dynamic IP address.
Installation and Configuration
Installation Wizard The SonicWALL Installation Wizard helps quickly install and configure the SonicWALL.
Online help SonicWALL help documentation is built into the SonicWALL Web Management Interface
for easy access during installation and management.
IPSec VPN
SonicWALL VPN SonicWALL VPN provides a simple, secure tool that enables corporate offices and
business partners to connect securely over the Internet. By encrypting data, SonicWALL VPN provides private communications between two or more sites without the expense of leased site-to-site lines. SonicWALL VPN comes standard with the SonicWALL TELE3, the SonicWALL PRO 200 and the SonicWALL PRO 300, and can also be purchased as an upgrade.
VPN Client Software for Windows Mobile users with dial-up Internet accounts can securely access remote network
resources with the SonicWALL VPN Client. The Sonic WALL VPN Client establishes a private, encrypted VPN tunnel to the SonicW ALL, allowing users to trans parently access network servers from any location. The SonicWALL PRO 200 includes a single VPN client for secure remote management. The SonicWALL PRO 300 includes 50 VPN client licenses for remote management and remote access. Single, 10, 50 and 100 VPN client license packs can be purchased separately.
Introduction Page 13
Contact SonicWALL, Inc. for information about the Content Filter List, Network Anti- Virus subscriptions, and other upgrades.
Web: http://www.sonicwall.com E-mail: sales@sonicwall.com Phone: (408) 745-9600 Fax: (408) 745-9300
Page 14 SonicWALL Internet Security Appliance User’s Guide
2 SonicWALL Installation
This chapter describes the procedure used to install your SonicWALL and perform the initial configuration.
Inspecting the Package
The following items should be included in the package:
One SonicWALL Internet security appliance
One power supply (not included with International SonicWALL PRO 200 or PRO 300)
One Category 5 Ethernet crossover cable (labeled "Crossover")
One Category 5 Ethernet standard cable
One SonicWALL Quickstart Guide
One Companion CD
One SonicWALL Internet Security Appliance User's Guide
If an item is missing from the package, you can contact SonicWALL, Inc. by phone at (408) 752-7819 or submit a Web Support Form at <http://techsupport.sonicwall.com/ swtech.html>.
Overview
Here are a few helpful guidelines for installing the SonicWALL appliance.
•The WAN Ethernet port should be connected to the Internet router or modem.
•The LAN Ethernet port should be connected to a network hub or switch on the internal, protected network.
•The DMZ Ethernet port, included with the SonicWALL PRO 100, the SonicWALL PRO 200 and the Sonic WALL P RO 30 0, sho uld b e connected to public ly accessible servers, such as Web and Mail servers.
A crossover cable should be used when connecting the SonicWALL directly to another machine or router.
A standard Ethernet cable should be used when connecting the SonicWALL to a network hub, switch, or modem.
SonicWALL Internet Security Appliance User’s Guide Page 15
Connecting the SonicWALL to the Network
The following diagram illustrates how the SonicWALL is connected to the network:
The following steps describe integration of the SonicWALL into the network.
1. Connect the WAN Ethernet port on the back of the SonicWALL to the Ethernet port on your Internet router or modem. Use a crossover cable when conn ecting the SonicWALL to a router. Use a standard Ethernet cable when connecting to a modem or a hub.
2. Connect the LAN Ethernet port to your Local Area Network (LAN). Use a standard Ethernet cable when connecting the SonicWALL to a hub or switch. Use a crossover cable when connecting directly to a computer.
3. Optional: Connect the DMZ Ethernet po rt to a hub or switch with a standard Ethern et cable. Or connect the DMZ port directly to a public server with a crossover cable.
4. Plug the SonicWALL power supply into an AC power outlet, then plug the power supply output cable into the port on the back labeled Power. Use the power adapter supplied with the SonicWALL, do not use another power supply.
Note: If you are installing a SonicWALL PRO 200 or a SonicWALL PRO 300, connect the SonicWALL to an AC power outlet using a power cable. Then press the power switch to the On position.
5. The SonicWALL runs a series of self-diagnostic tests to check for proper operation. During the diagnostic tests, which take about 90 seconds, the Test LED remains on. Wait for the Test LED to turn off.
Verify that all used Link LEDs are illuminated. If not, go to Chapter 14 for troubleshooting tips. The SonicWALL is now properly attached to your network.
SonicWALL Installation Page 16
SonicWALL Installation Checklist
The SonicWALL requires information about the IP address configuration of your network. Your Internet Service Provider (ISP) should be able to provide this information. If you are unfamiliar with the terms used in the section, review Appendix B for networking basic terms and information.
WAN Gateway (Router) IP Address The WAN Gateway (Router) IP Address is the address of the router t hat connec ts your
LAN to the Internet. If you have cable or DSL Internet access, the route r is probably located at your ISP.
DNS Addresses The DNS Addresses are the addresses of Domain Name Servers, either on your LAN or
the Internet. These addresses are required for downloading the Content Filter List and for the DNS Name Lookup tool. The DNS addresses should be supplied by your ISP.
Mail Server (Optional) The Mail Server address is the name or the IP address of the mail server used to e- mail
log messages; it can be a server on your LAN or the Internet. For best results, use the same server used on your LAN for e-mail.
If you are using Network Address Translation (NAT), then you also must h ave the following information:
SonicWALL WAN IP (NAT Public) Address The SonicWALL WAN IP (NAT Public) Address is the valid IP address that your entire
network uses to access the Internet. This address should be supplied by your ISP.
WAN/DMZ Subnet Mask The WAN Subnet Mask defines which IP addresses are co nnec t ed t o t he WA N port of
the SonicWALL but not accessed through the WAN router. This subnet mask should be supplied by your ISP.
SonicWALL LAN IP Address The SonicWALL LAN IP address is the address assigned to the SonicWALL LAN port and
is used to manage the SonicWALL. It should be a unique IP address from your Local Area Network (LAN) address range.
LAN Subnet Mask The LAN Subnet Mask defines the range of IP addresses located on your LAN.
SonicWALL Internet Security Appliance User’s Guide Page 17
Performing the Initial Conf igu ration
Setting up your Management Stati on
All management functio ns on the SonicWALL are performed from a Web browser-based user interface. Management can be performed from any computer connected to the LAN port of the SonicWALL. The computer used for management is referred to as the Management Station.
The SonicWALL is pre-configured with the IP add res s “1 92 .16 8. 1 68 .1 68 " , whi ch i s us ed t o access it during initial configuration. During the initial configuration, it is necessary to temporarily change the IP address of your Management Station to one in the same subnet as the SonicWALL. For example, set the IP address of your Management Statio
“192.168.168.200". Restart the Management Station to activate the address change.
Note: Appendix D describes how to change the IP address of your Management Station.
Launching the Web br owser
1. Open a Web Browser. Then type the default SonicWALL IP address, "192.168.168.168", into the Location or Address field in the Web browser.
Note: Your Web browser must be Java-enabled a nd support HTTP uploads in order to fully manage SonicWALL. Netscape Navigator 3.0 and above is recommended.
The first time you contact the SonicWALL, the SonicWALL Installation Wizard automatically launches and begins the installation process.
n to
The SonicWALL Installation Wizard simplifies the initial installation and configuration of the SonicWALL. The Wizard provides a series of menu-driven instructions for setting the administrator password and configuring the settings necessary to access the Internet.
Note: To bypass the Wizard, click Cancel. Then log into the SonicWALL Management Interface by entering the User Name "admin" and the Password "password".
SonicWALL Installation Page 18
To configure you r SonicWALL appliance, read the instructions on the Wizard Welcome window and click Next to continue.
Setting the Password
Note: It is very important to choose a password which cannot be easily guessed by others.
2. To set the password, enter a new password in the New Password and Confirm New Password fields.
This window also displays the Use SonicWALL Global Management System check box. SonicWALL Global Management System (SonicWALL GMS) is a web browser-based security management system. SonicWALL GMS allows enterprises and service providers to monitor and manage hundreds of remote SonicWALLs from a ce ntral location. For more information about SonicWALL GMS, contact SonicWALL Sales at (408 ) 745-9600.
3. Do not select the Use Global Management System check box unless your SonicWALL is remotely managed by SonicWALL GMS. Click Next to continue.
SonicWALL Internet Security Appliance User’s Guide Page 19
Setting the Time and Date
4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL internal clock is set automatically by a Netw ork Time Server on the Internet. Click Next to continue.
Connecting to the Internet
The Connecting to the Internet screen lists the information required to complete the installation. You need instructions for obtaining an IP address automatically or IP addresses from your ISP.
5. Confirm that you have the proper network information necessary to configure the SonicWALL to access the Internet. Click the hyperlinks for definitions of the networking terms. Click Next to proceed to the next step.
SonicWALL Installation Page 20
Selecting Your Internet Connection
6. Select Assigned you a single static IP address, if your ISP has provided you with a single, valid IP address. Now go to Step 10.
7. Select the second option, Assigned you two or more IP addresses, if your ISP has provided you with two or more IP addresses. Either NAT or Standard mode can be enabled if your network has two or more valid IP addresses. If you select the second option, go to Step 11.
8. Select the third option, Provided you with desktop software, a user name, and password (PPPoE ), if your ISP requires us er name and password authen ti ca ti on a s well as the installation of log in software. If you select the third option, go to Step 12.
9. Select the fourth option, Automatically assigns you a dynamic IP address (DHCP), if your ISP automatically assigns you an IP address from their DHCP server. Your SonicWALL enables NAT with DHCP Client, a typical network addressing mode for cable and DSL u sers. If you select the fourth option, go to Step 13.
Note: The SonicWALL Installation Wizard autodetects PPPoE and DHCP connections. Therefore, it may not be necessary to select from the above options.
Confirming Network Address Translation (NAT) Mode
If you select Assigned you a single static IP address in the Connecting to the Internet window, the Use Network Address Translation (NAT) window is
displayed.
SonicWALL Internet Security Appliance User’s Guide Page 21
The Use Network Address Translation (NAT) window verifies that the SonicWALL has a registered IP address. To confirm this, click Next and go to Step 10.
Selecting Standard or NAT Enabled Mode If you selected Assigned you a single static IP Address in Step 6, the Optional-
Network Address Translation window is displayed.
10. The Optional-Network Address Translation (NAT) window offers the ability to enable NAT. Select Don’t Use NAT if there are enough static IP addresses for your SonicWALL, all PCs, and all network devices on your LAN. Selecting Don’t Use NAT enables the Standard mode. Select Use NAT if valid IP addresses are in short supply or to hide all devices on your LAN behind the SonicWALL valid IP address. Click Next to continue.
SonicWALL Installation Page 22
Configuring WAN Ne twork Settings
If you selected either NAT or Standard mode, the Getting to the Internet window is displayed.
11. Enter the valid IP address provided by your ISP in the Getting to the Internet window. Enter the SonicWALL WAN IP Address, WAN/DMZ Subnet Mask, WAN Gateway (Router) Address, and DNS Server Addresses. Click Next to continue. If NAT is disabled, go to Step 13. If Standard mode is selected, go to Step 14.
Setting the User Name and Password for PPPoE If you select NAT with PPPoE in the Connecting to the Internet window, the
SonicWALL I S P Settings (PPPo E ) window is displayed
.
12. Enter the User Name and Password provided by your ISP. The Password is case­sensitive. Click Next and go to Step 13.
SonicWALL Internet Security Appliance User’s Guide Page 23
Confirming DHCP Client Mode
If you select DHCP in Step 6, the Obtain an IP address automatically window is displayed.
13. The Obtain an IP address automatically window states that the ISP dynamically assigns an IP address to the SonicWAL L. To confirm th is, click Next and go to Step
15.
Configuring LAN Ne twork Settings
14. The Fill in informat ion about your LAN window allows the configuration of the SonicWALL LAN IP Address and the LAN Subnet Mask .The SonicWALL LAN IP Address is the private IP address assigned to the LAN port of th e SonicWALL. The LAN Subnet Mask defines the range of IP addresses on the LAN. The default values
provided by the SonicWALL work for most networks. Enter the SonicWALL LAN settings and click Next to continue.
SonicWALL Installation Page 24
Configuring the SonicWALL DHCP Server
15. The Optional-SonicWALL DHCP Server windo w configures the S onicWALL DHCP Server. If enabled, the SonicWALL automatically configures the IP settings of computers on the LAN. To enable the DHCP server, select the Enable DHCP Server check box, and specify the range of IP addresses that are assigned to computers on the LAN.
If the Enable DHCP Server check box is not selected, th e DHCP Server is disabled. Click Next to continue.
Configuration Summary
16. The Configuration Summary window displays the configuration defined usin g the Installation Wizard. To modify any of the settings, click Back to return to the Connecting to the Internet window. If the configuration is correct, click Next to
proceed to the Congratulations window.
SonicWALL Internet Security Appliance User’s Guide Page 25
Congratulations
Note:The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicW ALL.
17. Click Restart to restart the SonicWALL. Restarting
Note:The final window provides important information to help configure the computers on
the LAN. Click Print this Page to print the window information.
The SonicWALL takes 90 seconds to restart. During this time, the yellow Test LED is lit. Click Close to exit the SonicWALL Wizard.
SonicWALL Installation Page 26
18. Reset the Management Station Information Reset the IP address of the Management Station according to the information
displayed in the final window of the Installation Wizard.
19. Log into the SonicWALL Management Interface Once the SonicWALL restarts, contact the SonicWALL Web Management Interface at
the new SonicWALL LAN IP address. Type the User Name “admin” and enter the new administrator password to log into t he SonicWALL.
20. Register the SonicWALL The Status window in the SonicWALL Web Management Inte rface displays a link
to the online registration form. Registering the SonicWALL provides access to technical support, software updates, and information about new products. Once registered, you are eligible for a free one-month subscription to the SonicWALL Content Filter List and a 15-day trial o f SonicWALL Network Anti-Virus.
SonicWALL Internet Security Appliance User’s Guide Page 27
3 Managing Your SonicWALL
This chapter c onta ins a b rief o ver view of Sonic WALL mana gemen t com mands and functions. The commands and functions are accessed through the SonicWALL Web Management Interface. Th e configuration is the same for all SonicWAL L Internet security appliances; any exceptions are noted.
1. Log into the SonicWALL using a Web Browser
You can manage the SonicWALL from any computer connected to the LAN port of the SonicWALL using a Web browser. The computer used for management is referred to as the "Management Station".
Note: To manage the SonicWALL, your Web browser must have Java and Java
applets enabled and support HTTP uploads.
2. Open a Web browser and type the SonicWALL IP address---initially, "192.168.168.168" --- into the Location or Address field at the top of the browser. An Authentication window with a Password dialogue box is displayed.
3. Type “admin” in the User Name field and the password previously defined in the Installation Wizard in the Password field. Passwords are case-sensitive. Enter the password exactly as defined and click Login.
Note: All SonicWALLs are configured with the User Name “admin” and the defau lt Password “password”. The User Name is not configurable.
If you cannot log into the SonicWALL, a cached copy of the page is displayed instead of the correct page. Click Reload or Refresh on the Web browser and try again. Also, be sure to wait until the Java applet has finished loading before attempting to log in.
Once the password is entered, an authenticated management session is established. This session times out after 5 minutes of inactivity. The default time­out can be increased on the Password window in the General section.
Page 28 Managing Your SonicWALL
Status
To view the Status tab, log into your SonicWALL us ing your web browser. Click General and then click the Status tab.
Note: The SonicWALL Status window is displayed above. Each SonicWALL Internet Security appliance displays unique characteristics, such as th e presence of VPN acceleratio n hardware or a different amount of memory.
The Status tab displays the following information:
SonicWAL L Serial Numbe r - the serial number of the SonicWALL unit.
Number of LAN IP addresses allowed with this license - number of IP addresses that can be managed by the SonicWALL
Registration code - the registration code generated when the SonicWALL is registered at <http//www.mysonicwall.com>.
SonicWALL Active time - the length of time in days, hours and minutes that the SonicWALL is active.
Firmware version - shows the current versio n number of the firmware installed on the SonicWALL.
ROM version - the version number of the ROM.
CPU - the type and speed of the SonicWALL processor.
SonicWALL Internet Security Appliance User’s Guide Page 29
Loading...
+ 172 hidden pages