SonicWALL OS Enhanced 2.5 User Manual

COMPREHENSIVE INTERNET SECURIT Y

SSSS So n i c WALL Security Ap p l i a n c es

SonicOS Enhanced 2.5

™

Administrator's Guide

PART 1: Introduction to SonicOS Enhanced 2.5

Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

SonicOS Enhanced 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

What’s New in SonicOS Enhanced 2.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Organization of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Guide Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

SonicWALL Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

SonicWALL Support Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

More Information on SonicWALL Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 2: Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Configuring Your Management Station . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Accessing the Management Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Using the Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

PART 2: System

Chapter 3: Viewing Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

System > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Wizards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

System Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Latest Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Registration and Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Chapter 4: Managing SonicWALL Security Services Licenses. . . . . . . . . . . . . . 23

System > Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Security Services Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Manage Security Services Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Manual Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Manual Upgrade for Closed Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Chapter 5: Configuring SonicWALL Security Appliance Administration Settings27

System > Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Firewall Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Administrator Name & Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Login Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Web Management Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Advanced Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Enabling SNMP Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Enable GMS Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

VPN Client Download URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 6: Configuring Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

System > Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

NTP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

i

:

Chapter 7: Managing SonicWALL Security Appliance Firmware. . . . . . . . . . . . .37

System > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Firmware Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

SafeMode - Rebooting the SonicWALL Security Appliance. . . . . . . . . . . . . . . . . . . . . . . 40

FIPS (PRO 3060/PRO 4060/PRO 5060) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance

43

System > Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Diagnostic Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

System > Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

PART 3: Network

Chapter 9: Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Network > Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

SonicOS Enhanced Secure Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Transparent Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Inteface Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Configuring the LAN/DMZ/Custom Interface (Static) . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Configuring the LAN/DMZ/Custom Interface

(Transparent Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Configuring the WLAN Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Configuring the WAN Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Configuring the Advanced Settings for the WAN Interface . . . . . . . . . . . . . . . . . . . . . . . 60

Chapter 10:Setting Up WAN Failover and Load Balancing . . . . . . . . . . . . . . . . . . .63

Network > WAN Failover & LB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

WAN Failover Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Setting Up WAN Failover and Load Balancing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

WAN Load Balancing Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Chapter 11:Configuring Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Network > Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

How Zones Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Predefined Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Security Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Allow Interface Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Enabling SonicWALL Security Services on Zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

The Zone Settings Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Adding a New Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Deleting a Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring the WLAN Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Chapter 12:Configuring DNS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

Network > DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

ii

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

Chapter 13:Configuring Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Network > Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Types of Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Address Object Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Creating and Managing Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Default Address Objects and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

SonicWALL PRO 5060 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

SonicWALL PRO 4060 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

SonicWALL PRO 3060 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

SonicWALL PRO 2040 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Adding an Address Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Creating Group Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Public Server Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Chapter 14:Configuring Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Network > Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Route Advertisement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Route Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Policy Based Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Route Policies Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

A Route Policy Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Chapter 15:Configuring NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Network > NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

NAT Policies Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

NAT Policy Settings Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

NAT Policies Q&A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Creating NAT Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Chapter 16:Managing ARP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Network > ARP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Navigating and Sorting the ARP Cache Table Entries . . . . . . . . . . . . . . . . . . . . . . . . . 105

Flushing the ARP Cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Chapter 17:Setting Up the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Network > DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Enabling DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Configuring DHCP Server for Dynamic Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Configuring Static DHCP Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Current DHCP Leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Chapter 18:Using IP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Network > IP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

IP Helper Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

IP Helper Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Adding an IP Helper Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Editing an IP Helper Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Deleting IP Helper Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Chapter 19:Setting Up Web Proxy Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Network > Web Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Configuring Automatic Proxy Forwarding (Web Only) . . . . . . . . . . . . . . . . . . . . . . . . . 115

Bypass Proxy Servers Upon Proxy Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

iii

:

PART 4: Wireless

Chapter 20:Managing SonicPoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Wireless > SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Before Managing SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

SonicPoint Provisioning Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Configuring a SonicPoint Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Updating SonicPoint Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Updating SonicPoint Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Automatic Provisioning (SDP & SSPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

SonicPoint States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Chapter 21:Viewing Station Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Wireless > Station Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Event and Statistics Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Chapter 22:Using and Configuring IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Wireless > IDS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Detecting Wireless Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Wireless Intrusion Detection Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

PART 5: Firewall

Chapter 23:Configuring Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Firewall > Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Stateful Packet Inspection Default Access Rules Overview. . . . . . . . . . . . . . . . . . . . . . 134

Using Bandwidth Management with Access Rules Overview . . . . . . . . . . . . . . . . . . . . 134

Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Displaying Access Rules with View Styles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Configuring Access Rules for a Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Adding Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Editing an Access Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Deleting an Access Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Enabling and Disabling an Access Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Displaying Access Rule Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Access Rule Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Enabling Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Blocking LAN Access for Specific Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Enabling Bandwidth Management on an Access Rule. . . . . . . . . . . . . . . . . . . . . . . . . . 140

Chapter 24:Configuring Advanced

Access Rule Settings141

Firewall > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Detection Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Dynamic Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Source Routed Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

TCP Connection Inactivity Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Access Rule Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Chapter 25:Setting Access Rule Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Firewall > Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Schedules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

Adding a Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Deleting Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

iv

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

Chapter 26:Configuring Firewall Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Firewall > Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Default Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Custom Services Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Supported Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Adding Custom Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Adding a Custom Services Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Chapter 27:Configuring Multicast Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Firewall > Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Multicast Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

IGMP State Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Chapter 28:Configuring VoIP Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Firewall > VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

VoIP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Configuring the VoIP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

PART 6: VPN

Chapter 29:Configuring VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

VPN > Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

VPN Policy Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

VPN Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Currently Active VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Configuring GroupVPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Configuring GroupVPN with IKE using Preshared Secret on the WAN Zone. . . . . . . . 165

Configuring GroupVPN with IKE using 3rd Party Certificates. . . . . . . . . . . . . . . . . . . . 168

Exporting a VPN Client Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Site-to-Site VPN Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

VPN Planning Sheet for Site-to-Site VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Creating Site-to-Site VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Configuring a VPN Policy with IKE using Preshared Secret . . . . . . . . . . . . . . . . . . . . . 174

Configuring a VPN Policy using Manual Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Configuring a VPN Policy with IKE using a Third Party Certificate . . . . . . . . . . . . . . . . 181

Chapter 30:Configuring Advanced VPN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

VPN>Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Advanced VPN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Chapter 31:Configuring DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

VPN > DHCP over VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

DHCP Relay Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Configuring the Central Gateway for DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . . . 187

Configuring DHCP over VPN Remote Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Current DHCP over VPN Leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Chapter 32:Configuring L2TP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

VPN > L2TP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Configuring the L2TP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

v

:

Chapter 33:Configuring VPN Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

VPN>CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Implementing Certificates for VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Importing CA Certificates into the SonicWALL Security Appliance . . . . . . . . . . . . . . . . 198

Certificate Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Delete This Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Certificate Revocation List (CRL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

VPN > Local Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Importing Certificate with Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Certificate Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Delete This Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Generating a Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

PART 7: Users

Chapter 34:Managing User Status and Authentication Settings . . . . . . . . . . . . 205

Users>Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205

User>Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Authentication Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Configuring RADIUS Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Global User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Acceptable Use Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Chapter 35:Managing Local Users and

Local Groups213

User > Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Viewing Local Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Adding Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Editing Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Users>Local Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Creating a Local Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Chapter 36:Managing Guest Services and Guest Accounts . . . . . . . . . . . . . . . . 217

Users > Guest Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Global Guest Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Guest Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Users > Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Adding Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Enabling Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Enabling Auto-prune for Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Printing Account Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Users > Guest Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Logging Accounts off the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

PART 8: Hardware Failover

Chapter 37:Setting Up Hardware Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Hardware Failover > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

How Hardware Failover Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Before Configuring Hardware Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Configuring Hardware Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Sychronizing Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Monitoring Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Hardware Failover Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

vi

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

PART 9: Security Services

Chapter 38:Managing Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Security Services>Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

mySonicWALL.com. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Security Services Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Chapter 39:Configuring SonicWALL Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . 241

Security Services>Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

SonicWALL Content Filtering Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Content Filter Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Content Filter Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Restrict Web Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Trusted Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Message to Display when Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Configuring SonicWALL Filter Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Custom List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Consent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Mandatory Filtered IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Chapter 40:Activating SonicWALL Network Anti-Virus. . . . . . . . . . . . . . . . . . . . . . 249

Security Services>Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Activating SonicWALL Network Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Activating a SonicWALL Network Anti-Virus FREE TRIAL . . . . . . . . . . . . . . . . . . . . . . 250

Security Services>E-Mail Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Chapter 41:Activating Intrusion Prevention Service. . . . . . . . . . . . . . . . . . . . . . . . . 253

Security Services > Intrusion Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

SonicWALL IPS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

SonicWALL Deep Packet Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

How SonicWALL’s Deep Packet Inspection Works . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

SonicWALL IPS Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

SonicWALL IPS Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Activating SonicWALL IPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Activating the SonicWALL IPS FREE TRIAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

PART 10: Log

Chapter 42:Managing Log Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Log > View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Log View Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Clear Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Export Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

E-mail Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Log Event Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Chapter 43:Configuring Log Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Log > Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Log Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Log Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

vii

:

Chapter 44:Configuring Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Syslog Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Syslog Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Chapter 45:Configuring Log Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Log > Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

E-mail Log Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Mail Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Chapter 46:Generating Log Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Log > Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

View Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300

Chapter 47:Activating and Enabling SonicWALL ViewPoint . . . . . . . . . . . . . . . . 301

Log > ViewPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Activating ViewPoint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Enabling ViewPoint Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

PART 11: Wizards

Chapter 48:Configuring Internet Connectivity Using the Setup Wizard . . . . . 307

Internet Connectivity Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Configuring a Static IP Address with NAT Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Configuring DHCP Networking Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Configuring NAT Enabled with PPPoE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Configuring PPTP Network Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Chapter 49:Configuring a Public Server with the Wizard . . . . . . . . . . . . . . . . . . . 329

Create a Server with the Public Server Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Chapter 50:Configuring VPN Policies with the VPN Policy Wizard . . . . . . . . . 335

Configuring GroupVPN using the VPN Policy Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Using the VPN Policy Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Connecting the Global VPN Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Configuring a Site-to-Site VPN using the VPN Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Using the VPN Wizard to Configure Preshared Secret . . . . . . . . . . . . . . . . . . . . . . . . . 339

Chapter 51:Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

viii

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

Copyright Notice

©

2004 SonicWALL, Inc. All rights reserved.

Under the copyright laws, this manual or the software described within, can not be copied, in whole or
part, without the written consent of the manufacturer, except in the normal use of the software to
make a backup copy. The same proprietary and copyright notices must be affixed to any permitted
copies as were affixed to the original. This exception does not allow copies to be made for others,
whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or
loaned to another person. Under the law, copying includes translating into another language or
format.

Preface

Chapter :

Chapter :

SonicWALL is a registered trademark of SonicWALL, Inc.

Other product and company names mentioned herein can be trademarks and/or registered
trademarks of their respective companies.

Specifications and descriptions subject to change without notice.

Limited Warranty

SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case
commencing not more than ninety (90) days after the original shipment by SonicWALL), and
continuing for a period of twelve (12) months, that the product will be free from defects in materials
and workmanship under normal use. This Limited Warranty is not transferable and applies only to the
original end user of the product. SonicWALL and its suppliers' entire liability and Customer's sole and
exclusive remedy under this limited warranty will be shipment of a replacement product. At
SonicWALL's discretion the replacement product may be of equal or greater functionality and may be
of either new or like-new quality. SonicWALL's obligations under this warranty are contingent upon
the return of the defective product according to the terms of SonicWALL's then-current Support
Services policies.

This warranty does not apply if the product has been subjected to abnormal electrical stress,
damaged by accident, abuse, misuse or misapplication, or has been modified without the written
permission of SonicWALL.

DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR
IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING
FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

ix

Preface

EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN
IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION
TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW
LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY
NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY
ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This
disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential
purpose.

DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A
REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT
SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF
THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND
REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO
USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers'
liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price
paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its
essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION
OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION
MAY NOT APPLY TO YOU.

x

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

Current Documentation

Check the SonicWALL documentation Web site for that latest versions
of this manual and all other SonicWALL product documentation.

http://www.sonicwall.com/services/documentation.html

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

xi

Preface

xii

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

P

ART

1

Part 1Introduction to SonicOS

Enhanced 2.5

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

1

:

2

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

SonicOS Enhanced 2.5

SonicOS Enhanced is the most powerful SonicOS operating system designed for the latest
generation of SonicWALL security appliances. SonicOS Enhanced 2.5 is standard on the SonicWALL
PRO 4060 and PRO 5060 and available as an upgrade on the SonicWALL TZ170 Series, PRO 2040,
and PRO 3060.

SonicOS Enhanced 2.5

C

HAPTER

1

Chapter 1: Introduction

What’s New in SonicOS Enhanced 2.5

Built on the SonicOS architecture, this operating system features multiple network interfaces and
zones, WAN ISP failover and load balancing, policy-based NAT, object-based management, a multi­level administrator GUI, and enhanced VPN functionality. SonicOS Enhanced 2.5 builds on these
features with powerful new capabilities and industry-leading technologies.

• Updated Configuration Wizard: SonicOS Enhanced 2.5 includes an new configuration wizard
that includes three configuration wizards: Setup Wizard, Public Server Wizard, and VPN Policy
Wizard to provide you with a quick, easy, and comprehensive configuration of the SonicWALL
security appliance for common deployment scenarios.

• Enhanced VoIP Support: SonicOS Enhanced 2.5 adds comprehensive support for third-party
VoIP equipment, including products from Cisco, Mitel, Pingtel, Grandstream, Polycom, D-Link,
Pulver, Apple iChat, and softphones from Yahoo, Microsoft, Ubiquity, and OpenPhone. SonicOS
Enhanced 2.5 adds the ability to handle SIP, RTSP, H.323v1, H.323v2, H.323v3, H.323v4, H.323
gatekeepers, and LDAP ILS support. The internal DHCP Server capability in SonicOS Enhanced

2.5 allows Cisco CallManager addressing information into the DHCP scope information, so that
Cisco phones can receive addresses when they issue a DHVCP request on the network.

• Hardware Failover Enhancements: SonicOS Enhanced 2.5 includes a number of useful
enhancements to hardware failover, including the ability to automatically synchronize the firmware
between the Primary and Backup SonicWALL security appliances, and the ability to load new
firmware versions on to both devices simultaneously from the Primary SonicWALL security
appliance. You can also specify logical monitoring addresses for each interface.

• Flexible VPN Termination: SonicOS Enhanced 2.5 includes the ability to terminate incoming
site-to-site VPN connections on any interface. This feature is useful in situations where untrusted
transit networks terminate on internal interfaces; an example of this might be a router sitting on a
DMZ Zone/Interface with an untrusted Frame Relay network connecting the router to a business
partner. Using the flexible VPN termination feature, you are able to run a VPN connection across
the Frame Relay connection and know the Frame Relay provider cannot see the traffic.

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

1

C

HAPTER

1:

Introduction

• Multiple GroupVPN Policies: SonicOS Enhanced 2.5 allows you to create separate, customized
GroupVPN policies for each Zone, and SonicWALL Global VPN Client connections can terminate
on any interface.

• Wireless Extensions: SonicOS Enhanced 2.5 includes the ability to terminate wireless clients
using SonicWALL SonicPoint, and incorporating wireless features such as wireless guest services
(WGS), secure wireless roaming, using SonicWALL’s Global VPN Client, and rogue access point
detection. SonicOS Enhanced 2.5 allows you to manage SonicWALL SonicPoints for secure
wireless networking behind the firewall.

• Full Stateful IGMP Multicast Support: SonicOS Enhanced 2.5 includes the ability to track and
allow/deny multicast traffic, with support for IGMPv1, IGMPv2, and IGMPv3. Multicast can be
enabled or disabled on a per-interface and per-VPN policy basis.

• Inbound Bandwidth Management: SonicOS Enhanced 2.5 adds the ability to perform ingress
and egress bandwidth management for traffic passing in and out of the WAN interfaces on a
per-rule basis. Ingress bandwidth management uses rate-limiting via delayed ACKs for TCP traffic,
drops over-limit packets for connectionless UDP traffic. For both methods, you specify the
maximum upstream and downstream throughput for each WAN interface, and on a per-rule basis,
set the priority level of the traffic, the guaranteed percentage of bandwidth for that rule, and the
maximum (i.e. burstable) bandwidth for that rule.

• Transparent Mode Support: SonicOS Enhanced 2.5 includes the ability to bridge WAN-side IP
addresses/subnets onto an internal interface, including the LAN Zone interface. This feature is
useful in network environments where it is not possible to renumber internal systems to a private
addressing scheme and perform NAT at the SonicWALL security appliance, or in “drop-in”
situations where the SonicWALL security appliance is used primarily as an IPS (Intrusion
Prevention Service) or CFS (Content Filtering Service) appliance.

• Expanded IP Protocol Support: SonicOS Enhanced 2.5 supports additional IP types (IGRE,
ESP, AH, EIGRP, OSPF, PIMSM, L2TP) as well as specify ICMP/IGMP subtypes when creating
customized service objects, across the firewall and through VPN connections.

• Policy Based Routing (PBR) - SonicOS Enhanced 2.5 allows you to create extended static
routes that match against source, service, and destination. This feature, for example, can be used
to steer traffic matching the route policies out a specific WAN. It also supports metrics, so high­cost static route entries can be used in case dynamically received route entries fail.

• Expanded Logging: SonicOS Enhanced 2.5 includes additional logging capabilities to provide
expanded flexibility. You can export the log into plain text or CSV values. Logging categories are
dramatically expanded, the logs conform to Syslog severity levels so you can set the SonicWALL
security appliance to only log alerts and messages of specified levels, and you can independently
specify which categories are logged to the internal log. When directing logs to external Syslog
servers, you can rate-limit the messages based on events per second, or maximum bytes per
second, so that external Syslog servers do not get overwhelmed. The SonicWALL security
appliance also has the ability to do “POP before SMTP” in order to e-mail logs and alerts to SMTP
mail servers that require a successful POP3 authentication before e-mail is sent through them.

About this Guide

Welcome to the SonicWALL SonicOS Enhanced 2.5 Administrator’s Guide. This manual provides the
information you need to successfully activate, configure, and administer SonicOS Enhanced 2.5 for
the SonicWALL TZ170, PRO 2040, PRO 3060, PRO 4060, and PRO 5060 Internet Security
Appliances.

Note: Always check <http//:www.sonicwall.com/services/documentation.html> for the latest version of



this manual as well as other SonicWALL products and services documentation.

2

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

Organization of this Guide

The SonicOS Enhanced 2.5 Administrator’s Guide organization is structured into the following parts
that follow the SonicWALL Web Management Interface structure. Within these parts, individual
chapters correspond to Management Interface layout.

Part 1 Introduction

This part provides an overview of new SonicWALL SonicOS Enhanced features, guide conventions,
and instructions for connecting a management station to the SonicWALL security appliance to access
the SonicWALL Management Interface.

Part 2 System

This part covers a variety SonicWALL security appliance controls for managing system status
information, registering the SonicWALL security appliance, activating and managing SonicWALL
Security Services licenses, configuring SonicWALL security appliance local and remote management
options, managing firmware versions and preferences, and using included diagnostics tools for
troubleshooting.

Part 3 Network

This part covers configuring the SonicWALL security appliance for your network environment. The
Network section of the SonicWALL Management Interface includes:

About this Guide

• Interfaces - configure logical interfaces for connectivity.

• WAN Failover and Load Balancing - configure one of the user-defined interfaces to act as a sec­ondary WAN port for backup or load balancing.

• Zones - configure security zones on your network.

• DNS - set up DNS servers for name resolution.

• Address Objects - configure host, network, and address range objects.

• Routing - view the Route Table, ARP Cache and configure static and dynamic routing by inter­face.

• NAT Policies - create NAT policies including One-to-One NAT, Many-to-One NAT, Many-to-Many
NAT, or One-to-Many NAT.

• ARP - view the ARP settings and clear the ARP cache as well as configure ARP cache time.

• DHCP Server - configure the SonicWALL as a DHCP Server on your network to dynamically as­sign IP addresses to computers on your LAN or DMZ zones.

• IP Helper - configure the SonicWALL to forward DHCP requests originating from the interfaces on
the SonicWALL to a centralized server on behalf of the requesting client.

• Web Proxy - configure the SonicWALL to automatically forward all Web proxy requests to a net­work proxy server.

Part 4 Wireless

The part covers the configuration of the SonicWALL security appliance for provisioning and managing
SonicWALL SonicPoints as part of a SonicWALL Distributed Wireless Solution.

Cross Reference: For more information on SonicWALL’s Distributed Wireless Solution, go to

Â

http://www.sonicwall.com/products/wirelesssolutions.html.

Part 5 Firewall

This part covers tools for managing how the SonicWALL security appliance handles traffic through the
the firewall, including Multicast and VoIP traffic.

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

3

C

HAPTER

1:

Introduction

Part 6 VPN

This part covers how to create VPN policies on the SonicWALL security appliance to support
SonicWALL Global VPN Clients as well as creating site-to-site VPN policies for connecting offices
running SonicWALL security appliances.

Part 7 Users

This part covers how to configure the SonicWALL security appliance for user level authentication as
well as manage guest services for managed SonicPoints.

Part 8 Hardware Failover

This part provides configuration instructions for setting a SonicWALL high availability pair for
maintaining secure, mission-critical connectivity.

Part 9 Security Services

This part includes an overview of available SonicWALL Security Services as well as instructions for
activating the service, including FREE trials. These subscription-based services include SonicWALL
Content Filtering Service, SonicWALL Instrusion Prevention Service, SonicWALL Network Anti-Virus,
and well as other services.

Â

Cross Reference: For more information on SonicWALL Security Services, go to
<http//:www.sonicwall.com.

Part 10 Log

This part covers managing the SonicWALL security appliance’s enhanced logging, alerting, and
reporting features. The SonicWALL security appliance’s logging features provide a comprehensive
set of log categories for monitoring security and network activities.

Part 11 Wizards

This part walks you through using the SonicWALL Configuration Wizards for configuring the
SonicWALL security appliance for LAN to WAN (Internet) connectivity, settings up public servers for
Internet connectivity behind the firewall, and setting GroupVPN and site-to-site VPN policies for
establishing VPN connections for remote SonicWALL Global VPN Client users or remote offices with
a SonicWALL security appliance for LAN to LAN connections.

The SonicWALL Configuration Wizards in SonicOS Enhanced 2.5 or higher include:

• The Setup Wizard takes you step by step through network configuration for Internet connectivity.
There are four types of network connectivity available: Static IP, DHCP, PPPoE, and PPTP.

• The Public Server Wizard takes you step by step through adding a server to your network, such
as a mail server or a web server. The wizard automates much of the configuration you need to
establish security and access for the server.

• The VPN Policy Wizard steps you through the configuration of Group VPNs and site-to-site
VPNs.

4

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

Guide Conventions

The following Conventions used in this guide are as follows:

Convention Use

Bold Highlights items you can select on the SonicWALL

Italic Highlights a value to enter into a field. For example, “type

Menu Item > Menu Item Indicates a multiple step Management Interface menu

Icons Used in this Manual

These special messages refer to noteworthy information, and include a symbol for quick identification:

Alert: Important information that cautions about features affecting firewall performance, security

S

features, or causing potential problems with your SonicWALL.

About this Guide

Management Interface.

192.168.168.168 in the IP Address field.”

choice. For example, “Security Services>Content Filter
means select Security Services, then select Content Filter.

9



Â

Tip: Useful information about security features and configurations on your SonicWALL.

Note: Important information on a feature that requires callout for special attention.

Cross Reference: Provides a pointer to related information in the Administrator’s Guide or other

resources.

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

5

C

HAPTER

1:

Introduction

SonicWALL Technical Support

For timely resolution of technical support questions, visit SonicWALL on the Internet at
<http://www.sonicwall.com/services/support.html>. Web-based resources are available to help you
resolve most technical issues or contact SonicWALL Technical Support.

To contact SonicWALL telephone support, see the telephone numbers listed below:

North America Telephone Support

U.S./Canada - 888.777.1476 or +1 408.752.7819

International Telephone Support

Australia - + 1800.35.1642

Austria - + 43(0)820.400.105

EMEA - +31(0)411.617.810

France - + 33(0)1.4933.7414

Germany - + 49(0)1805.0800.22

Hong Kong - + 1.800.93.0997

India - + 8026556828

Italy - +39.02.7541.9803

Japan - + 81(0)3.5460.5356

New Zealand - + 0800.446489

Singapore - + 800.110.1441

Spain - + 34(0)9137.53035

Switzerland - +41.1.308.3.977

UK - +44(0)1344.668.484



Note: Please visit <http://www.sonicwall.com/services/contact.html> for the latest technical support
telephone numbers.

SonicWALL Support Solutions



SonicWALL’s powerful security solutions give unprecedented protection from the risks of Internet
attacks. SonicWALL’s comprehensive support services protect your network security investment and
offer the support you need - when you need it.

Note: For complete information on SonicWALL Support Solutions, please visit <http://
www.sonicwall.com/services/support.html.

6

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

More Information on SonicWALL Products

Knowledge Base

All SonicWALL customers have immediate, 24X7 access to our state-of-the-art electronic support
tools. Power searching technologies on our Web site allow customers to locate information quickly
and easily from our robust collection of technical information - including manuals, product
specifications, operating instructions, FAQs, Web pages, and known solutions to common customer
questions and challenges.

Internet Security Expertise

Technical Support is only as good as the people providing it to you. SonicWALL support professionals
are Certified Internet Security Administrators with years of experience in networking and Internet
security. They are also supported by the best in class tools and processes that ensure a quick and
accurate solution to your problem.

SonicWALL Support Programs

SonicWALL offers a variety of support programs designed to get the support you need when you
need it. For more information on SonicWALL Support Services, please visit
<http://www.sonicwall.com/products/supportservices.html.

Warranty Support - North America and International

SonicWALL products are recognized as extremely reliable as well as easy to configure, install, and
manage. SonicWALL Warranty Support enhances these features with

• 1 year, factory replacement for defective hardware

• 90 days of advisory support for installation and configuration assistance during local

business hours

• 90 days of software and firmware updates

• Access to SonicWALL’s electronic support and Knowledge Base system.

More Information on SonicWALL Products

Contact SonicWALL, Inc. for information about SonicWALL products and services at:

Web: http://www.sonicwall.com
E-mail: sales@sonicwall.com
Phone: (408) 745-9600
Fax: (408) 745-9300

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

7

C

HAPTER

1:

Introduction

8

SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE

Chapter 2: Getting Started

Configuring Your Management Station

Your SonicWALL security appliance is configured with the default IP address of 192.168.168.168.
This IP address is used to initially access the Management Interface of the SonicWALL security
appliance.

Cross Reference: For instructions on setting up your SonicWALL security appliance, see the

Â

SonicWALL Quick Start Guide.

C

HAPTER

2

To access the Management Interface for the first time, you must configure your computer with an IP
address in the same network range as the SonicWALL security appliance. Follow the instructions
below for your operating system:

Windows XP

• Right-click My Network Place and select Properties.

• Right-click on the Local Area Connection icon and select Properties.

• Open the Local Area Connection Properties window.

• Double-click Internet Protocol (TCP/IP) to open the Internet Protocol (TCP/IP) Properties

window.

• Select Use the following IP address and type 192.168.168.200 in the IP address field.

• Enter 255.255.255.0 in the Subnet Mask field.

• Enter the DNS IP address in the Preferred DNS Server field. If you have more than one address,
type the second one in the Alternate DNS server field.

• Click OK for the settings to take effect on the computer.

Windows 2000

1

From your Windows task bar, click Start.

2

Then click Settings.

3

Click Network and Dial-up Connections.

4

Double-click the network icon to open the connection window.

5

Click Properties.

6

Highlight Internet Protocol (TCP/IP) and click Properties.

7

Select Use the following IP address.

8

Enter 192.168.168.200 in the IP address field.

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

9

C

HAPTER

2:

Getting Started

9

Enter 255.255.255.0 in the Subnet field.

10

If you have a DNS Server IP address from your ISP, enter it in the Preferred DNS Server field.

11

Click OK.

Windows NT

1

From the Start list, highlight Settings and then select Control Panel.

2

Double-click the Network icon in the Control Panel window.

3

Double-click TCP/IP in the TCP/IP Properties window.

4

Select Specify an IP Address.

5

Enter 192.168.168.200 in the IP Address field.

6

Enter 255.255.255.0 in the Subnet Mask field.

7

Click DNS at the top of the window.

8

Type the DNS IP address in the Preferred DNS Server field. If you have more than one address,
enter the second one in the Alternate DNS server field.

9

Click OK, and then click OK again.

10

Restart the computer.

Windows 98

1

From the Start list, highlight Settings and then select Control Panel. Double-click the Network
icon in the Control Panel window.

2

Double-click TCP/IP in the TCP/IP Properties window.

3

Select Specify an IP Address.

4

Enter 192.168.168.200 in the IP Address field.

5

Enter 255.255.255.0 in the Subnet Mask field.

6

Click DNS Configuration.

7

Type the DNS IP address in the Preferred DNS Server field. If you have more than one address,
type the second one in the Alternate DNS server field.

8

Click OK, and then click OK again.

9

Restart the computer.

Accessing the Management Interface

To access the SonicWALL Management Interface, you need to configure the Management Station
TCP/IP settings in order to initially contact the SonicWALL. A computer used to manage the
SonicWALL is referred to as the “Management Station.” Any computer on the same network as the
SonicWALL can be used to access the management interface.

MD5 authentication is used to secure communications between your Management Station and the
SonicWALL Web Management Interface. MD5 Authentication prevents unauthorized users from
detecting and stealing the SonicWALL password as it is sent over your network.

The Web browser used to access the management interface must be Java-enabled and support
HTTP uploads in order to fully manage the SonicWALL. If your Web browser does not support these
functions, certain features such as uploading firmware and saved preferences files are not available.

S

10

Alert: Please allow enough time for the SonicWALL security appliance to power up completely before
attempting to log into the Management Interface. It takes approximately one minute for the
SonicWALL security appliance to cycle completely. When the Test light is no longer lit, the
SonicWALL security appliance is ready for configuration.

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

S

Alert: Because you are temporarily disconnected from the Internet, you may receive an error
message when your Web browser first opens. This does not affect your installation process. Continue
with the steps below.

To begin the configuration of your SonicWALL security appliance, you must log into the SonicWALL
security appliance using a Web browser and the SonicWALL security appliance default LAN IP
address, 192.168.168.168. Follow the instructions below:

1

Launch your Web browser.

2

Enter 192.168.168.168 in the Location or Address field.

3

The first time you log into the SonicWALL Management Interface, the Setup Wizard is
automatically displayed for configuring your WAN (Internet) and LAN setup.

Cross Reference: See Chapter 49 Configuring Internet Connecitivity using the Setup Wizard.

Â

Troubleshooting

If you cannot connect to the SonicWALL security appliance, check the following:

• Did you correctly enter the SonicWALL security appliance default LAN IP address in your browser
window?

• Is the SonicWALL security appliance connected to the same network as your computer?

• Have you changed the TCP/IP network settings on your computer?

• Try pinging the 192.168.168.168 LAN IP address of the SonicWALL security appliance from your

computer. It should reply, assuming that you are using the correct TCP/IP network settings and
have a good ethernet connection. If it does reply, try again with the web browser to

192.168.168.168.

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

11

C

HAPTER

2:

Getting Started

Using the Management Interface

The SonicWALL’s Web Management Interface provides a easy-to-use graphical interface for
configuring your SonicWALL. SonicWALL management functions are performed through a Web
browser.

Tip: Microsoft Internet Explorer 5.0 or higher, or, Netscape Navigator 4.5 or higher are two

9

recommended Web browsers.

Navigating the Management Interface

Navigating the SonicWALL Management Interface includes a hierarchy of menu buttons on the
navigation bar (left side of window). The SonicOS Enhanced menu buttons on the navigation bar
include:

• System

• Network

• Wireless

• Firewall

• VPN

• Users

• Hardware Failover

• Security Services

• Log

• Wizards

• Help

• Logout

When you click a menu button, related management functions are displayed as submenu items in the
navigation bar. To navigate to a submenu page, click the link. When you click a menu button, the first
submenu item page is displayed.

Applying Changes

Click the Apply button at the top right corner of the SonicWALL Management Interface to save any
configuration changes you made on the page.

12

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

If the settings are contained in a secondary window within the Management Interface, when you click

OK, the settings are automatically applied to the SonicWALL.

Getting Help

Each SonicWALL includes Web-based online help available from the Management Interface. Clicking
the question mark ? button on the top right corner of every page accesses the
context-sensitive help for the page.

Alert: SonicWALL online help requires Internet connectivity.

S

Logging Out

The Logout button at the bottom of the menu bar terminates the Management Interface session and
displays the Login page.

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

13

C

HAPTER

2:

Getting Started

14

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

P

ART

2

Part 2System

SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE

15