How it Works
SonicWALL
Loading...
Internet Security Appliances
User Manual
293 pgs5.69 Mb0
Table of contents
Loading...

SonicWALL Internet Security Appliances User Manual

COMPREHENSIVE INTERNET SECURIT Y
S o n i c WALL Internet Security Ap p l i a n c e s
A D M I N I S T RATOR’S GUIDE
Contents
About this Guide ..................................................................................................12
Sonic WA LL Technical Support ...... .......... .......................... ................. ................13
Firmware Version ................................................................................................13
1 Introduc tion ............ .............. .............. .............. .............. ..................14
SonicWALL Internet Security Appliance Features .............................................15
2 Configuring the Network Mode on the SonicWALL ...........................18
Config uring the Son icWALL in Stan d ard Mode ............... ..................... .............19
Configuring the SonicWALL in NAT Enabled Mode ...........................................20
Configuring NAT with PPPoE Client ....................................................................2 6
Configuring NAT with DHCP Client .....................................................................32
Confi gu ring NAT wit h L2T P C lient .............. .................. ......................... ..............37
Config u ring NAT with P P T P Cl ie n t ...... .......................... ..................... .................38
Logging into the SonicWALL Management Interface .......................................44
3 Registeri ng at myS o ni c WALL.com .............. .............. ........................46
Creating a New User Account .............................................................................46
Proble ms C reating a Mys o n icWALL.co m U se r A cco u n t? ................. .............. ...51
User Name an d P ass word Func tions ......... .................... ..................... ...............51
Registering Your SonicWALL Internet Security Appliance ................................51
Click Here Registr ation ........ .................. .................. ......................... ..................51
Quick Registration ...............................................................................................52
Status an d Options .......... .......................... .................. ......................... ..............53
Managing Your Son ic W A LL .............. .................. ......................... .................. ......54
Renaming Your SonicWALL ................................................................................54
Transferring a SonicWALL Prod u ct ............ .................... ..................... ...............5 5
Delete P ro d u ct ...................... .................... ........................... .................... ...........56
Managing Servic es f o r So n icWALL Int er net Security Applianc e s ................ ....57
Activating Services Using mySonicWALL.com ...................................................58
4 Configuring the TELE3 SP Modem Connection ..................................60
Config uring the TEL E3 SP WAN Fail o ve r Feature .............. .............. .................60
Configuring Modem Profiles ...............................................................................61
Dial-Up Configuration ..........................................................................................61
ISP Set t ings ...... .......... .......................... .................. ......................... .................. ..62
Location Settings ................................................................................................62
TELE3 SP Mod e m Configu ration .................... ........................... .................... .....64
Modem Settings ..................................................................................................64
Contents Page 1
Primary Interfa ce ...................... .................. .................. ......................... ..............65
Failover Settings ........ .......................... .................. ......................... ....................65
Configuring a Modem Profile for Manual Dial-Up .............................................66
Status ..... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. ..... .. .... .. .... .. .... .. .... .. .... .69
Modem Status ................ .................. .................. ................. .......................... ......69
Chat Scripts ...... .......... .......................... .................. ......................... .................. ..70
Custom Chat Scripts ...........................................................................................71
5 Managing Your SonicWALL Internet Security Applia n ce .............. ....72
Status ..... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. ..... .. .... .. .... .. .... .. .... .. .... .73
CLI Support and Remote Management .............................................................75
6 General and Network Setting s ............ .............. .............. .............. ....76
Netwo rk Se ttings .................... .......................... .................. ......................... ........76
Netwo rk Ad d ressing Mod e .......... .......................... ................. .......................... ..76
LAN Settings ........................................................................................................77
Multiple LAN Subnet Mask Support ..................................................................77
WAN Settings ....................................................................................................... 78
DNS Settings .......................................................................................................78
Standard Configuration ......................................................................................79
NAT Enabled Configuration ................................................................................79
NAT with DHCP Client Configuration ..................................................................81
NAT wit h PPPoE Conf iguration .............. ................................. ............................82
Restar ting the SonicWALL .. ........ .................... ..................... .................... ...........83
NAT with L2TP Clie n t Configur ation ...................... .............................................84
Restar ting the SonicWALL .. ........ .................... ..................... .................... ...........85
NAT with PPTP Client Configuration ...................................................................86
Restar ting the SonicWALL .. ........ .................... ..................... .................... ...........87
Setting the Time an d Date ................................ ......................................... ........88
NTP Settings ........................................................................................................88
Config u ring the Ad ministra to r Settings ........... .............. ..................... ...............89
Administrator Name ............................................................................................89
Change the Administrator Password .................................................................89
Settin g th e Administr ator Inac tivity Tim e o ut ..... .. ............... .................... ...........90
Login Fa ilure Handling .................... .......................... ..................... .....................9 0
Page 2 SonicWALL Internet Security Appliance Administrator’s Guide
7 Logging and Alerts ............................................................................91
View Log ...............................................................................................................91
SonicWALL Log Messages ..................................................................................92
Log Set ti ngs ........ .......... .......................... .................. ......................... ..................93
Config u re th e f o llowing s e ttings: .............. .................... ..................... .................93
Log Cate go ries ........................ .................. .......................... ................. ................95
Alerts/SNMP Traps .................... .................. .................. ................. .................. ..96
Reports ................................................................................................................96
Web Site Hits .......................................................................................................97
Bandwid th Us age by IP Ad dr e s s .. ........ .................... ........................... ...............97
Bandwid th Us age by Service .................... .................... ........................... ...........97
Sonic WA LL ViewPoint ...... .......... .......................... ................. .......................... ....98
8 Content Fi lt erin g and Bloc k ing ...................... .............. .............. .......99
Config u ring SonicW ALL Conte n t Filtering .... .................... ..................... ...........100
Restrict Web Features ......................................................................................100
URL List .... .................... .......................... .................... ........................... .............101
Custo m izing the Con tent Filtering List ...... .......... ................................. ............103
Consent .. .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. ..... .. .... .. .... .. .... .. .... .. ... 10 5
Mandatory Filtered IP Addresses .....................................................................106
Configuring N2H2 Internet Filtering .................................................................107
Restrict Web Features ......................................................................................107
Config uring the We bsense Enterprise Con tent Filte r .......... .............. .............110
Restrict Web Features ......................................................................................110
Config uring the We bsense Content Filter List . .............. ............... ................... 1 12
Websense Server Status ..................................................................................112
Settin gs ...... ........ ...... ........ ...... ........ ...... ........ ...... ........ ...... ......... ...... ........ ...... .....11 2
URL Cache .........................................................................................................113
9 Web Management Tools ................................................................. 114
Restar ting the SonicWALL .. ........ .................... ..................... .................... .........11 4
Preferences .......................................................................................................115
Exporting the Settings File ................................................................................115
Importing the Settings File ...............................................................................116
Restoring Factory Default Settings ..................................................................116
Updating Firmware ............................................................................................117
Updating Firmware Manuall y .......................... .................. ...............................118
Upgrade Features .............................................................................................119
Diagnostic Tools ................................................................................................120
DNS Name Lookup ...........................................................................................120
Contents Page 3
Packet Trace ......................................................................................................123
Trace Route .......................................................................................................126
10 Network Access Rules ...................................................................127
Viewin g N e tw o rk Access Ru les ...... .............. ........................... ......................... 1 27
Services .............................................................................................................128
LAN Out ..............................................................................................................128
DMZ In (Optional) ..............................................................................................128
LAN In .................................................................................................................128
Public LAN Server ..............................................................................................129
Windows Networking (NetBIOS) Broadcast Pass Through .............................129
Windows Me ssenger Suppor t ........................ ........................... .......................129
Detection Prevention ........................................................................................129
Netwo rk C o n nection Inactivity Timeout ...... .....................................................129
Add Service .............. .......................... .......................... ........................... ...........130
Add a Known Service ................ .................... ........................... .................... .....130
Add a Custom Service .......................................................................................130
Delete a Se rvice .... .............. .................... .................... ..................... .................131
Rules ..................................................................................................................131
Maximum Number of Rules by Product ...........................................................132
Netwo rk A c ce ss Rule Logic List ........ .......... ......................... ............................133
Bandwid t h Managem e n t .................... .......................... ........................... .........13 3
Add A New Rule .................................................................................................134
Add New Rule Example s .................................... ................. .......................... ....136
Curren t Network Ac ce ss Rules Tab le ........ ......................... ..............................137
Users . ............. .......... ............ .......... ............ .......... ............ ........... ............ .......... .139
Global User Settings .........................................................................................139
User Login ..........................................................................................................142
RADIUS ..... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... ..... .. .... .. .... .. .... .. .... .. ... 14 3
Management ....................................................................................................145
Sonic WA LL SNMP Sup po rt ...................... .......................... ...............................1 45
Sonic WA LL Manageme n t Protocol ...................... ......................... .................. ..146
Addit io n al Manageme n t .......... .......................... ................. .......................... ....146
Page 4 SonicWALL Internet Security Appliance Administrator’s Guide
11 Advanced Features .......................................................................148
Proxy Relay ............ .......................... ................................ ........................... .......148
Web Prox y Fo rwardin g ........ .......................... ........................... ......................... 1 48
Config u ring Web Pr oxy Rela y ............ ....................................... .........................149
Bypass P ro x y Servers Upon Proxy Failure ....... ..................... .................... .......149
Intranet ..............................................................................................................150
Installation .........................................................................................................150
Intranet Configuration .......................................................................................151
Intranet Settings ...............................................................................................151
VPN Single-Armed Mode (s tan d -alone VPN gatewa y) .................. ...................152
Configuring a SonicWALL for VPN Single Armed Mode ..................................153
LAN Route Advertisement ................................................................................155
RIPv2 Authentication ........................................................................................156
DMZ Route Advertisement .......... .................. ......................... .......................... 156
DMZ Addresses .............. .......................... .......................... ......................... ......156
DMZ in Standard Mode ....................................................................................157
DMZ in NAT Mode ............................ .......................... ......................... ..............157
Delete a DMZ A d d re s s Range .............. .................... ..................... ................... 1 58
HomePort Configuration ...................................................................................158
HomePort in Standard Mode ...........................................................................158
HomePo rt in N AT Mode .............................. ........................... .................... .......159
Delete a HomePort Address Range .................................................................159
One-to-One NAT .................................................................................................160
One-to-One NAT Conf igurat io n Example ...... ........ ............... .................... .........161
Ethernet .............................................................................................................162
WAN Link Settings .............................................................................................162
Enable Bandwidth Management .....................................................................162
DMZ/WorkPort Link Settings ...........................................................................163
LAN/HomePort Link Settings ...........................................................................163
Proxy Man agement wo rk station ethe rnet address on WAN ..........................1 63
MTU Set tings .................................. .......................... ......................... ................163
SonicWALL Bandwidth Management ..............................................................164
Contents Page 5
12 DHCP Server ..................................................................................166
Setup . ..... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. ..... .. .... .. .... .. .. .... .. .... .. .16 6
Allow DHCP Pass Through in Standard Mode .................................................166
Config uring the Son icWALL DH C P Server .................... ..................... ...............167
Deleting Dynamic Ranges and Static Entries .................................................168
DHCP over VPN .................................................................................................168
DHCP Relay Mode .............................................................................................168
Configuring the Central Gateway for VPN over DHCP .....................................169
Configuring the Remote Gateway for VPN over DHCP ....................................169
DHCP Statu s ...................... .................... .......................... ..................... .............172
DHCP Serve r on the Sonic W ALL TELE3 TZ and TZ X ....... ............... ........ .........173
Setup . ..... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. .... .. ..... .. .... .. .... .. .. .... .. .... .. .17 3
Allow DHCP Pass Through in Standard Mode .................................................173
Config uring the Son icWALL DH C P Server .................... ..................... ...............174
Deleting Dynamic Ranges and Static Entries .................................................175
DHCP Statu s ...................... .................... .......................... ..................... .............176
13 SonicWALL VPN ............................................................................177
VPN Management Interface .............................................................................178
Summar y Tab .......... .......................... .................... ........................... .................178
Global V P N Settings ................ .......................... ..................... .......................... .178
VPN Band w id th Management .......... .......................... ........................... ...........179
VPN Policies .......................................................................................................179
Curren tly Active VPN T u n ne ls ...................... ......................... .................. ..........1 79
SonicWALL NAT Traversal Support ..................................................................180
AES (Advanced Encryption Standard) Support ...............................................180
Config u re Tab ...... .............. .......................... .................... ........................... .......181
Add/Modify IPSec Security Associations .........................................................181
Secur ity Policy Se ttings ........................ .......................... ................................. ..182
Desti n ation Networks ........................ .......................... ................................. ....186
Advanced Settings ............................................................................................187
Enable Keep Alive .............................................................................................187
Try to bring u p all possib le SAs ...... ........ .................... ........................... ...........187
Require authentication of local users .............................................................188
Require au thenti cation of re mo te users ......... ........................... .....................188
Enable Wi n d o w s Network in g (NetBIOS) broad c ast ......................... ...............188
Apply NAT and firewall rules .............................................................................188
Forward Packets to Remote VPNs ...................................................................188
Route all interne t traffic thro ugh this SA .......................... ...............................189
Page 6 SonicWALL Internet Security Appliance Administrator’s Guide
Enable Perfect F o rward Secre cy .................... ..................... .................... .........189
Phase 2 DH Grou p ........ .................... .................... ........................... .................189
Default LAN Gateway ........................................................................................189
VPN Terminated at the LAN, DMZ, or LAN/DMZ .............................................190
Advanced Settings for VPN Configurations .....................................................191
Configuring SonicWALL VPN .............................................................................192
Group VPN Configuration for the So nicWALL an d V P N Client ........................193
Config u ring Group VPN on the So nicWALL .... ..................... .......................... ...19 3
Group VP N C lient Set u p .... ................................ ........................... .....................195
Manua l Ke y Configuration for th e So n icWALL and VP N Cl ient ................ ......199
Config u ring the SonicWALL .................. .................... ........................... .............199
Configuring the VPN Client ...............................................................................200
IKE and Manual Key Con f iguration for Two Soni cW ALLs .............. .............. ...20 6
Manual Key for Two SonicWALLs .....................................................................206
Config uring the Second Son icW A LL Applia nc e ............. ............... ................... 2 08
Example of Manual Key Configuration for Two SonicWALLs .........................208
IKE Conf iguration f o r Tw o So nicWALL s ....... .............. ......... .............. .............. .211
Exampl e of IKE Configu ration fo r Tw o So nicWALLs ........... .................... .........213
SonicWALL Third Party Digital Certificate Support ..........................................216
Overview of Third Party Digital Certificate Support .........................................217
Creating a Certificate Signing Request .. .............. ..................... .................... ...21 9
SonicWALL Enhanced VPN Logging .................................................................220
Testing a VPN Tunnel Connection Using PING ................................................221
14 High Availability ... ... ........ ... ........ ... ... ........ ... ...... ..... ... ...... ..... ...... ... 225
Before Configuring High Availability .................................................................225
Network Configuration for High Availability Pair .............................................225
Config uring High Availabi lity on the Primary SonicWALL ....................... .........226
Confi gu ration Chan ges ............................ ................................. ........................2 28
Synchronizing Changes between the Primary and Backup SonicWALLs ......229
High Availability Status ........ .......................... ......................... .......................... 229
High Availability Status Wi n d o w ...... .......... ......................... ..............................230
E-mail Alerts Indicating Status Change ...........................................................231
View Log .............................................................................................................232
Forcing Transitions ............................................................................................232
Configuration Notes ..........................................................................................233
Contents Page 7
15 SonicWAL L Op ti ons a nd U pg rad es ....................... .............. ...........234
SonicWALL VPN Client ......................................................................................234
Sonic WA LL Network An ti-Virus ................ .......................... ...............................234
Content Filter Li s t Su b s criptio n .......... .......................... ........................... .........23 5
Vulne rability Sca nning Serv ic e .......................... ......................... .................. ....235
SonicWALL Authentication Service ..................................................................235
SonicWALL ViewPoint Reporting ......................................................................236
SonicWALL Global Management System ........................................................236
Contac t Your Resell e r o r So nicWALL ................................... .......................... ..236
16 Hardware Descriptions .................................................................237
SonicWALL PRO 230 and PR O 330 ........... ........ ........ ......... ........ .............. .......237
SonicWA LL PRO 200 and PRO 300.................... .............. ..................... ...........239
SonicWALL PRO 100..........................................................................................241
SonicWALL TELE3 SP ........................................................................................243
Sonic WA LL TELE3 TZ...... .................................. ................................. ................245
SonicWALL TELE3 TZX.......................................................................................247
Sonic W ALL SOHO3 and TELE3............. .............................................................249
SonicWALL GX 250 and GX 650.......................................................................251
17 Troubleshooting Guide ..................................................................254
The Link LED is o f f ................ .......................... ..................... .................... .........254
A computer on the LAN cannot access the Internet .......................................254
The SonicWALL does not establish authenticated sessions ..........................254
The Son icWALL does not save changes that you hav e m ad e ............ ............255
Duplicate IP address errors ..............................................................................255
Machines on the WAN are not reachable ................ ..................... ................... 2 55
VPN tunn e l problem s .... ........ .......................... ........................... .......................255
18 Appendices ....................................................................................256
Append ix A - Techni cal Specifications ........................ .....................................256
Appendix B - SonicWALL Support Solutions ....................................................257
Appendix C - Introd uc tion to Net w o rking ..... ........ ..................... .................... ...26 3
Appendix D - IP Port Numbers ...... ........ .......................... ..................... .............268
Appendix E - Configu ring TCP/IP Se ttings ................. ............... .......................269
Appendix F - Basic VPN Terms and Concepts .................................................274
Append ix G- Erasin g th e Firmware ........................ ................................. ..........278
Appendix H- Mounting the SonicW A LL PRO 200 and PRO 300 ........ ........ .....279
Appendix I - Configuring RADIUS and ACE Servers .........................................280
Page 8 SonicWALL Internet Security Appliance Administrator’s Guide

Copyright Notice

©
2002 SonicWALL, Inc. All rights reserved.
Under the copyright laws, this manual or the software described within, ca n n ot b e c opied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyr ight notices must be affi xed to any permitte d copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copi es ) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format.
SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein can be trademarks and/or registered
trademarks of their respectiv e companies. Specifications and descriptions subject to change without notice.
LIMITED WARRANTY
SonicWALL, Inc. warrants the SonicWALL Internet Security Appliance (the Product) for one (1) year from the date of purchase against defects in materials and workmanship. If there is a defect in the hardware, SonicWALL will replace the product at no charge, provided that it is returned to SonicWALL with transportation charges prepaid. A Return Materials Authorization (RMA) number must be displayed on the outsid e of the package for the product being returned for replacement or the pr oduct will b e refused . The RMA n umber can be ob tained by calling Son icWALL Cu stomer Service between the hours of 8:30 AM and 5:30 PM Pacific Standard Time, Monday through Friday.
Phone:(40 8) 75 2- 781 9 Fax:(408) 745-9300 Web: <http:// www .so n ic wal l.co m /su ppo rt> This warr anty does not ap ply if the Product has been dam aged by accident , abuse, misuse , or
misapplication or has been modif ied with ou t the written permission of SonicWALL. In no event shall SonicWALL, Inc. or its suppliers be liable for any damages whatsoever (including,
without limitation, damages for loss of profits, business interruption, loss of information, or other pecuniary loss) arising out of the use of or inability to use the Product.
Some sta tes do not a ll ow the excl u sion or lim itat ion of imp lie d wa rr ant ies or li ab ili ty fo r in ci de ntal or consequential damages, so the above limitation or exclusion can not apply to you. Where liability can not be limited under applicable law, the SonicWALL liability shall be limited to the amount you paid for the Product. This warranty gives you specific legal rights, and you can have other rights which vary from state to state.
By using this Product, you agree to these limitations of liability. THIS WARRANTY AND THE REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL
OTHER WARRANTIES, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No dealer, agent, or employee of SonicWALL is authorized to make any extension or addition to this
warranty.
Page 11

About this Guide

Thank you for purchasing th e SonicWALL Internet Security appliance. The SonicWALL protects your PC from attac ks a nd int rus ions, f ilte rs obj ectio nal W eb sites, prov ides privat e V PN co nne ction s to business partners and remote offices, and offers a centrally-managed defense against software viruses.
This manual covers the conf iguration of the SonicWALL Internet Security appl ia nce installation and features.
Organization of this Guide
Chapter 1, Introduction - describes the features and applications of the SonicWALL. Chapter 2, Configuring the Network Mode on the SonicWALL - de scribes the instal lation of the
SonicWALL and configuring netwo rk settings for the SonicWALL. Chapter 3, Registering at mySonicWALL.com - provides details on registering your SonicWALL
appliance in the product registration database. Chapter 4, Configuring the TELE3 SP Modem - contains detailed instructions on modem
configuration for the TELE3 SP. Chapter 5, Managing Your SonicWALL Internet Securit y Appliance - provides a brief overview of the
SonicWALL Web Management Interface. Chapter 6, General and Network Settings - descri bes the conf igur ation o f the Soni cWALL IP setting s,
time, and password. Chapter 7, Logg in g and A ler t s - illustrates the SonicWALL logging, alerting, and reporting features. Chapter 8, Content Filtering and Blocking - describes S onicWALL We b content filte ring, including
subscription updates and customized Web blocking. Chapter 9, Web Management Too ls - provides dir ections to re start the SonicWAL L, import and ex port
settings, uplo ad new fi rmware, and perform diagnostic tests. Chapter 10, Network Access Rules - explains how to permit and block traffic through the SonicWALL,
set up servers, and enable re mote manag e m ent. Chapter 11, Advanced Features - descri be s a dv anc ed S oni c WA LL settings , su ch a s One - to- O ne NAT
and Automatic Web Proxying. Chapter 12, DHCP Server - describes the con figu rat i on an d se tup o f the Son ic W ALL DHC P se rve r. Chapter 13, SonicW ALL VPN - explains how to create a VPN tunnel be tween two SonicWALLs and
creating a VPN tunnel from the VPN client to the SonicWALL. Chapter 14, High Availabi lity - describes the configuration of two SonicWALLs (one primary and one
backup) as a High Availability pair. Chapter 15, SonicWALL Options and Upgrades - presents a brief summary of the SonicWALL's
subscription services, firmware upgrades and other options.
Page 12 SonicWALL Internet Security Appliance User’s Guide
Chapter 16, Hardware Descriptions - provides a description of the front and back of SonicWALL Intern et se curity app lia nces, incl uding LED li gh ts an d por t s.
Chapter 17, Troubleshooting Guide - shows solutions to commonly encountered problems. Appendix A, Technical Specifications - lists the SonicWALL specifications. Appendix B, SonicWALL Support Solutions - describes available support packages from SonicWALL. Appendix C, Introduction to Networking - provides an overview of the Internet, TCP/IP settings, IP
security, and other general networ king topic s. Appendix D, IP Po r t Num bers - offers information about IP port numbering. Appendix E, Configuring TCP/IP Settings - provides instructions for configuring your Management
Station's IP address. Appendix F, Basic VPN Terms and Concepts - covers VPN terminology and configur ation con cepts. Appendix G, Erasing the Firmware - descri be s the fir m war e era se proce du r e. Appendix H, Mounting the SonicWALL PRO 200 an d PRO 300 - describes how to rack mount the
SonicWALL appliance. Appendix I, Configuring RADIUS and ACE Servers - provides vendor-specific configuration
instructions fo r RADIUS and ACE s ervers. The app endix also i ncludes a RADIUS Attr ibutes Dictio nary.

SonicWALL Technical Support

For fast resolution of technical questions, please visit the SonicWALL Tech Support Web site at <http://www.sonicwall.com/support>. There, you will find resources to resolve most technical issues and a Web request form to contact one of the SonicWALL Technical Support engineers.

Firmware Version

This manual is updated and released with firmware version 6.4.0.0. Always check <http:www.sonciwall.com/products/documentation.html> for the latest version of this manual and other upgrade manuals as well.
Icons Used in this Manual
Alert - Important information about features that can affect firewall performance, security
features, or cause potential problems with your SonicWA LL.
TIP - Useful information about security features and configurations on your SonicWALL.
Page 13

1 Introduction

Your SonicWALL Inte rnet Security Appliance
The SonicWALL Int ern et Security Appliance provide s a complete security soluti on that protects your network from attacks, intrusions, and malicious tampering. In addition, the SonicWALL filters objectiona ble We b conte nt and l ogs sec urity th reats. Son icWALL V PN provi des se cure, e ncrypted communications to business partners and branch offices.
The Sonic WALL Int ernet Secu rity App liance u ses sta teful packet i nspection to ensu re secure firewal l filtering. Stateful packet inspection is widely consi dered to be th e most effective method of filtering IP traffic. MD5 authentication is used to encrypt communications between your Management Statio n and t he Sonic WALL Web Manageme nt Int erface. MD5 Aut hentic ation preven ts una uthori zed users from detecting and stealing the SonicWALL password as it is sent over your network.
SonicWALL Internet Security Appliance Functional Diagram
The following figure illustrates the SonicWALL Internet security appliance functions.
By default, the SonicWALL Internet security appliance allows outbound access from the LAN to the Internet and blocks inb ound access from the Intern et to the LAN. Users on t he Internet are restri cted from acce ssing r eso urces o n the L AN unl ess th ey are auth orized r em ote us ers or Netwo rk Acce ss Rules were created to allow inbo und acce ss. If the Son icWALL includes a DM Z port, user s on the LAN and the Internet have access to the devices on the DMZ.
Page 14 SonicWALL Internet Security Appliance Administrator’s Guide

SonicWALL Internet Security Appliance Features

Internet Security
ICSA-Certified Firewall After undergoing a rigorous suite of tests to expose security vulnerabilities, SonicWALL Internet
security a ppliances have re ceived Firewall C ertificatio n from ICSA, the internationally-accepted authority on network security. The SonicWALL uses stateful packet inspection, the most effective method of packet filtering, to protect your LAN from hackers and vandals on the Internet.
Hacker Attack Prevention The SonicWALL automatic ally detects and thwarts Denial of Service (DoS) attacks such as P ing
of Death, SYN Flood, LAND Attack, and IP Spoofing.
Network Address Translation (NAT) Network Address Translation (NAT) translates the IP addresses used on your private LAN to a
single, public IP address that is used on the Internet. NAT allows multiple computers to access the Internet, even if only one IP address has been provided by your ISP.
Network Access Rules The default Network Access Rules allow traffic from the LAN to the Internet and block traffic
from the Internet to the LAN. You can create additional Network Access Rules that allow inbound tra ffic t o ne twork se rvers, such a s Web an d e- mail s erv ers, or that r estr ict o utb ound traffic to certain destinations on the Internet.
Autoupdate The SonicWALL maintai ns the highest level of secur ity by automatically notifyi ng yo u w he n new
firmware is released. When new firmware is available, the SonicWALL Web Management Interface displays a link to download and install the latest firmware.
DMZ Port The SonicW AL L PR O 10 0, PRO 200, PRO 300, PRO 23 0, and t h e S o nicW AL L PRO 330 inc lude
a DMZ port allowing users to access public servers, such as Web and FTP servers. While Internet users have unli mited acces s to the DM Z, the se rvers on the DMZ are s till p rotec ted against D oS attacks.
HomePort The TELE3 TZ and TELE3 TZX include a HomePort that allows you to separate company
computers from home computers on your home network yet share the same Internet connection.
WorkPort The TELE3 TZ and TELE3 TZX include a WorkPort that allows you to isolate your IPSec VPN and
secures your corporate connections with a stateful pack et inspection firewall.
SNMP (Simp l e Net work Managem e nt Prot oc ol ) Support SNMP is a network protocol used over User Datagram Protocol (UDP) that allows network
administrators to monit or the status of the Son icWALL Internet Secur ity Appl iances and recei ve notification of any critical events as they occur on the network.
Introduction Page 15
Content Filtering
SonicWALL Content Filtering You can use the SonicWALL Web content filtering to enforce your company's Internet access
policies. The SonicWALL blocks specified categories, such as violence or nudity, using an optional Content Filter List. Users on your network can bypass the Content Filter List by authenticating with a unique user name and password.
Content Filter List Updates (optional) Since content on the Internet is constantly changing, the SonicWALL automaticall y updates the
optional Content Filter List every week to ensure that access restrictions to new and relocated Websites and newsgroups are properly enforced.
Log and Blo ck or Lo g Only You can configure the SonicWALL to log and block access to objectional Web sites, or to log
inappropriate usage without blocking Web access.
Filter P r ot ocols In addition to filtering access to We b sites, the SonicWALL can also block Newsgroups, ActiveX,
Java, Cookies, and Web Proxies.
Logging and Reporting
Log Cate go r ies You can select the information you wish to display in the SonicWALL event log. You can view the
event log from the SonicWALL Web Management Interface or receive the log as an e-mail file.
Syslog Server Support In addition to the standard screen log, the SonicWALL can write detailed event log information
to an external Syslog server. Syslog is the industry-standard method to capture information about network activity.
ViewPoint Re po r tin g (optional) Monitoring critical network ev ents and ac tivity , such as s ecurity t hreats , inappro priate Web u se,
and bandwidth levels, is an essential component of network security. SonicWALL ViewPoint complements the SonicWALL security features by providing detailed and comprehensive reports of network activity.
SonicWALL ViewPoint is a software application that creates dynamic, Web-based network reports. ViewPoint reporting generates both real-time and histor ical reports to offer a complete view of all activity through your SonicWALL Internet Security Appli a nc e.
E-mail Alerts The Soni cWA LL can be c on fi gured to s end a lert s o f hi gh-p ri ori ty event s, s uch as atta ck s, sys tem
errors, and blocked Web sites. When these events occur, alerts can be immediately sent to an e-ma il ad dress or e- mail pag er.
Page 16 SonicWALL Internet Security Appliance Administrator’s Guide
Dynamic Host Configuration Protocol (DHCP)
DHCP Server The DHCP Server offers centralized management of TCP/IP client configurations, including IP
addresses, gateway addresses, and DNS addresses. Upon startup, e ach network client receives its TCP/IP settings automatic a lly from the SonicWALL DHCP Server.
DHCP Client The DHCP Client allows the SonicWALL to acquire TCP/IP settings (such as IP address, gateway
address, DNS add ress) from your I SP. This i s necessar y if you r ISP a ssigns you a dynam ic IP address.
DHCP over VPN DHCP over VPN allows a Host (DHCP Client) behind a SonicWALL obtain an IP address lease
from a DHCP server at the end of a VPN tunnel. In some network deployments, it is desirable to have all VPN networks residing in one IP subnet address space. This facilitates address administration for the networks using VPN tunnel s.
Easy Installation and Configuration
Installation Wizard The SonicWA LL Installation Wi za rd helps yo u qu ic k ly inst al l and con figu r e the Son icW AL L.
Online help SonicWA LL h elp doc ument ation is b uilt i nto the So nicWA LL We b Manag ement I nter face f or ea sy
access during installation and management.
IPSec VPN
SonicWAL L VPN SonicWALL VPN provides a simple, secure tool that enables corporate offices and business
partners to connect securely over the Internet. By encrypting data, SonicWALL VPN provides private communications between two or more sites without the expense of leased site-to-site lines.
VPN Client Software for Windows Mobile users wi th di al-up I nternet accounts c an se curely access re mote netwo rk res ources wit h
the SonicWALL VPN Client. The SonicWALL VPN Client establishes a private, encrypted VPN tunnel to the SonicWALL, allowing users to transparently access network servers from any location.
Contact SonicWALL, Inc. for information about the Content Filter List, Network Anti-Virus subscripti ons, an d othe r upgrades.
Web: http://www.sonicwall.com E-mail: sales@sonicwall.com Phone: (408) 745-9600 Fax: (408) 745-93 00
Introduction Page 17

2 Configuring the Network Mode on the SonicWALL

The SonicWALL Internet security appliance allows the following common network configurations: Standard, NA T E na bl ed, NAT with PPPoE Client, NAT with DHCP Client, NAT with L2TP Client, and NAT with PP TP Cli e nt are included in this chapter.
Standard Mode
Config uring th e SonicW ALL in Sta ndard mo de requ ires a stat ic IP addr ess from your ISP. In this mode, you must have separate static IP addresses for all computers on your network.
Instructions for configuring a SonicWALL in Standard mode begi n on pa ge 19.
Networ k Add r ess Trans lation (NAT) Enabl ed
Using NAT to set up y our Soni cWALL el iminate s the need for separa te IP addr esses f or all com puters on your LAN. It is a way to conserve IP addresses available from the pool of IPv4 addresses for the Internet. If you do not have enough individual IP addresses for all computers on your network, you can use NAT for your network configurat ion.
Instruct ions for configuring NAT Enabled mod e be gi n on page 2 0.
NAT with PPPoE Client
NAT with PPPoE Client is a networ k protocol that uses Point to Point Protocol over Ethernet (PPPoE) to connect with a remote site using various Remote Access Service products. This protocol is typically found when using a DSL modem with an ISP requiring a user name and password to log into the remote server. The ISP may then allow you to obtain an IP address automatically or give you a specific IP address.
Instruct ions for configuring NAT with PPPoE Client mode begin on page26.
Page 18 SonicWALL Internet Security Appliance Administrator’s Guide
NAT with DHCP Client
NAT with DHCP Client is a networking mode that allows you to obtain an IP address for a specific length of time from a DHCP server. The length of time is called a lease, which is renewed by the DHCP server typically after a few days. When the lease is ready to expire, the client contacts the server to renew the l ease. This is a common network configuration for customers with cable or D SL modems. You are not assigned a specific IP address by your ISP.
Instruct ions for configuring NAT with DHCP Client mode begin on page 32.
NAT with L2TP Client
NAT with L2TP Client is a networking mode that allows you to connect to a remote L2TP server to obtain IP address settings. L2TP (Layer 2 Tunneling Protocol) is a network protocol using IPSec to encrypt transmit ted data, and is only suppor ted by Win dows 2000. If you are runnin g othe r versions of Windows, you must use PPTP as your tunneling protocol.
Instruct ions for configuring NAT with L2TP Client mode begin on page 37.
NAT with PPTP Client
NAT with PPT P Client is a networking mode supporting PPTP (Point to Point Tunneling Protocol) to connect to a remote server. It uses Mi crosoft Point to Point Encryption (MPPE) to prov ide encryptio n of transmitted data. PPTP typically supports older Microsoft clients that require tunneling connectivity or situations in which a tunnel passes through a firewall performing NAT.
Instruct ions for configuring NAT with PPTP Client begin o n pa ge 38.

Configuring the SonicWALL in Standard Mode

This section describes configur ing the SonicW AL L in Standard mode. You must have a single, static IP address to begin configuration. Follow the instructions below.
TIP Be sure to have your network information including your WAN IP address, subnet mask, and DNS
settings ready. This information is obtained from your ISP.
1. Open a We b bro wser and enter the def ault So nicWALL IP add ress, 192 .168.16 8.168 , in the Location or Address field.
2. The Login window appears. Enter admin in the User Name field, and password in the Password field.
3. Click Cancel on the initial Installation Wizard page to cancel the wizard.
4. Click Network in the General section.
5. Select Standard from the Net w o rk Ad dr e ssi n g Mo d e menu.
6. Enter 192.1 68.168.1 in the SonicWALL LA N IP Address field.
7. Enter 255.2 55.255.0 in the LAN Subnet Ma sk field.
8. Enter your WAN router or default gateway IP address i n the WAN Gateway (Rout er) Address field. If you have DSL or cable, your WAN router is typically located at your ISP.
9. Enter your DNS IP address(es) in the DNS Server fields.
10. Click Upd ate. Once the SonicWALL is updated, you must restart the SonicWALL for the changes to take effect.
Configuring the Network Mode on the SonicWALL Page 19

Configuring the SonicWALL in NAT Enabled Mode

This section describes configuring the SonicWALL appliance in the NAT mode. Essentially, NAT translates the IP addresses in one network into those for a different network. As a form of packet filter ing for fi rewalls, it prote cts a net work from outsid e intrusi on from h ackers b y repla cing the internal (LAN) IP address on packets passing through a SonicWALL with a “fake” one from a fixed pool of a ddr esse s. T he act ual IP ad dr esse s of co mputer s o n t he LAN are h id den fro m ou tsid e vi ew.I f you are assign ed a single IP address by your IS P, fol low t he ins tru cti on s be lo w .
Tip Be sure to have your network information including your WAN IP address, subnet mask, and DNS
settings ready. This information is obtained from your ISP.
The SonicWALL Installation Wizard simplifies the initial installation and configuration of the Sonic WA LL. T he Wizard provides a series of menu-driven instructions for setting the administrator password and configuring the setting s necessary to access the Internet.
Accessing the Wizard
Alert Yo ur We b bro wse r m ust be Java-enabl ed an d su ppo rt H TTP u plo ad s i n o rde r to full y m an age SonicWALL. Internet Explorer 5.0 an d above as well as Netscape Navigator 4.0 and above are recommended.
1. Open a We b B row se r . The n e nte r t he default So n icWALL IP a d dr e ss, "1 92. 16 8.168.168", i nto the Location or Address field in the Web browser.
The first time you access the SonicWALL Management i nterfac e, the SonicWALL Installati on Wiz ard automatically launches and begins the install ation process.Click Next to continue.
Tip To bypass the Wizard, click Cancel. Then log into the SonicWALL Management Interface by
entering the User Nam e "adm in " and the Passwo rd "password".
Page 20 SonicWALL Internet Security Appliance Administrator’s Guide
Settin g th e Pa s s word
2. To set the password, enter a new password in the New Password and Confirm New Password fields.
Alert It is very important to choose a password which cannot be easily guessed by others. This page al so displays the Use SonicWALL Glo bal Manageme nt System check box. SonicWALL
Global Management System (SonicWALL GMS) is a Web browser-based security management system. SonicWALL GMS al low s en terpri ses and se rvice prov iders to m onitor and manage h undr eds of rem ote Soni cWAL Ls fr om a ce ntral locat ion . For mo re inf ormat ion about S oni cWALL G MS, co ntact SonicWALL Sales at (408) 745-9600.
3. Do not select the Use Global Mana gement S ystem c heck bo x unle ss y our Soni cWAL L is remo tely managed by SonicWALL GMS. Click Next to continue.
Setting th e Time and Date
Configuring the Network Mode on the SonicWALL Page 21
4. Select the appropriate Time Zon e fro m t he Ti me Z one menu. The SonicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next to continue.
Connecting to the Internet
The Connectin g to the Internet screen lists the informatio n required to c omplete the ins tallation. You need instructions for obtaining an IP address automatically or IP addresses from your ISP.
5. Confirm that you ha ve the proper net work infor mation nece ssary to config ure the Sonic WALL to access the Internet. Click the hyperlinks for definitions of the networking terms. Click Next to proceed to the next step.
Selecting Your Internet Connection
6. Select Assigned you a single static IP address, if your ISP has provided you with a single, valid IP address. You can configure the SonicWALL to use NAT with a single, static IP address. The advantages of Network Address Translation (NAT) are IP address conservation, and h id ing your IP address from a public WAN such as the Internet.
Page 22 SonicWALL Internet Security Appliance Administrator’s Guide
Confirming Network Address Translation (NAT) Mode
If you select Assigned you a single static IP address in the Connecting to the Internet page, the Use Network Address Translation (NAT) page is di splayed .
The Use Network Address Translation (NAT) page verifies that the SonicWALL has a registered IP address.
Selecting NAT Enabled Mode
If you selected Assigned you two or more static IP Addresses, the Optional-Network Address Translation page is displ aye d.
7. The Optional-Network Address Translation (NAT) page offers the ability to enable NAT. Select Don’t Use NAT, if there are enough static IP addresses for your SonicWALL, all PCs, and all network devices on your LAN. Selecting Don’t Use NAT enables the Standard mode. Select Use NAT, if valid IP addresses are in short supply or to hide all devices on your LAN behind the SonicW ALL vali d IP address. Click Next to continue.
Configuring the Network Mode on the SonicWALL Page 23
Configuring WAN Network Settings
If you selected either NAT or Standard mode, the Getting to the Internet page is displayed.
8. Enter the IP add ress provi ded by your I SP in the Son ic W AL L WA N I P Ad dr e ss , WAN /DMZ Subn et Mask, WAN Gateway (Router) Address, and DNS Server Addresses. Click Next to continue.
Configuring LAN Network Settings
9. The Fill in information about your LAN page allows the configuration of the SonicWALL LAN IP Address and the LAN Subnet Mask. The SonicWALL LAN IP Address is the private IP address assigned to the LAN port of the SonicWALL. The LAN Subnet Mask defines the range of IP addresses on the LAN. The default values provided by the SonicWALL work for most networks. If you do not use the default settings, enter the SonicWALL LAN settings and click Next to continue.
Page 24 SonicWALL Internet Security Appliance Administrator’s Guide
Configuration Summary
10. The Configuration Summary page displays the configuration defined using the Installation Wizard. To modify any of the setti ngs, click Back to return to th e Connecting to the Internet page. If the configuration is correct, click Next to proceed to the Congratulations page.
Congratulations
Alert The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations page, is used to log in and manage the SonicWALL.
11. Click Restart to restart the SonicWALL.
Configuring the Network Mode on the SonicWALL Page 25
Restarting
Alert The final page provides important information to help configure the computers on the LAN. Click Print this Page to print the windo w information.
12. The SonicWALL takes 90 seconds to restart. During this time, the yellow Test LED is lit. Click Close to exit the SonicWALL Wizard.

Configuring NAT with PPPoE Client

The SonicWALL Installation Wizard simplifies the initial installation and configuration of the SonicWALL. The Wizard provides a series of menu-driven instructions for setting the administrator password and configuring the setting s necessary to access the Internet.
Alert Be sure to have your network information including your user name and password ready. This
information is obtained from your ISP.
To configure your SonicWALL appliance, read the instructions on the Wizard Welcome page and click Next to continue.
Page 26 SonicWALL Internet Security Appliance Administrator’s Guide
Settin g th e Pa s s word
Alert It is very important to choose a password which cannot be easily guessed by others.
1. To set the password, enter a new password in the New Password and Confirm New Password fields.
This window also displays the Use So ni cW A LL G l obal Mana g e ment Sys te m che c k bo x.
2. Do not select the Use Global Mana gement S ystem c heck bo x unle ss y our Soni cWAL L is remo tely managed by SonicWALL GMS. Click Next to continue.
Setting th e Time and Date
3. Select the appropriate Time Zon e fro m t he Ti me Z one menu. The SonicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next to continue.
Configuring the Network Mode on the SonicWALL Page 27
Connecting to the Internet
The Connecting to the Internet page lists the information required to complete the installation. Tip Confirm that you have the necessary network information from your ISP before proceeding with
the Connecting to the Internet page s.
4. Click the hyperlinks for definitions of the networking terms. Click Next to continue.
Selecting Your Internet Connection
5. Select Provided you with desktop software, a user name and password (PPPoE), if your ISP has provided you with desktop software, a user name and password information.
Page 28 SonicWALL Internet Security Appliance Administrator’s Guide
Setting the User Name and Password for PPPoE
6. If you s elected Pr ovided you wit h desktop softwa re, a use r name a nd pass word ( PPPoE), t he SonicWAL L ISP Set tin gs (PPP oE) pa ge is displ aye d.
7. Enter the User Name and Password provided by your ISP into the User Name and Password fields.
Configuring LAN Network Settings
8. The Fill in information about your LAN page allows the configuration of the SonicWALL LAN IP Address and the LAN Subnet Mask.The SonicWALL LAN IP Address is the private IP address assigned to the LAN port of the SonicWALL. The LAN Subnet Mask defines the range of IP addresses on the LAN. The default values provided by the SonicWALL work for most networks. If you do not use the default settings, enter the SonicWALL LAN settings and click Next to continue.
Configuring the Network Mode on the SonicWALL Page 29
Configuring the SonicWALL DHCP Server
9. The Option al-S oni cWAL L DHCP Se rver pag e c on fi gures th e Soni cWA LL DH CP Serve r. If en abled , the SonicWALL automaticall y confi gures the IP set tings of computers on the LAN. To enable the DHCP server, select the Enable DHC P Server check box, and specify the range of IP addresses that are assigned to computers on the LAN.
If the Enable DHCP Server check box is not selected, the DHCP Server is disabled. Click Next to continue.
Configuration Summary
10. The Configuration Summary page displays the configuration defined using the Installation Wizard. To modify any of the settings, click Back to return to the Connecting to the Internet window. If the configuration is correct, click Next to proceed to the Congratulations page.
Page 30 SonicWALL Internet Security Appliance Administrator’s Guide
Congratulations
Alert The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations page, is used to log in and manage the SonicWALL.
11. Click Restart to restart the SonicWALL.
Restarting
Alert The final window provides important information to help configure the computers on the LAN.
12. Click Print this Page to print the window information.
The SonicWALL takes 90 seconds to restart. During this time, the yellow Test LED is li t . C l ic k Close to exit the SonicWALL Wizard.
Configuring the Network Mode on the SonicWALL Page 31
Loading...
+ 263 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use