SonicWALL OS Standard 3.0 User Manual
COMPREHENSIVE INTERNET SECURIT Y
SSSS SSo n i c WALL Security Ap p l i a n c e
SonicOS Standard 3.0
™
Administrator's Guide
Chapter : Table of Content s
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Copyright Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xi
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xi
Limited Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
Organization of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiv
Guide Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvi
Icons Used in this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvi
SonicWALL Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
More Information on SonicWALL Products and Services . . . . . . . . . . . . . . . . . . . . . . . . . xvii
PART 1: Introduction
Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
What’s New in SonicOS Standard 3.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SonicWALL Management Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Navigating the Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Status Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Applying Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Navigating Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Common Icons in the Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Logging Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2: Basic SonicWALL Security Appliance Setup. . . . . . . . . . . . . . . . .9
Collecting Required ISP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Internet Service Provider (ISP) Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Other Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Accessing the SonicWALL Security Appliance Management Interface. . . . . . . . . . . . . . . . 11
Using the SonicWALL Setup Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
SonicWALL TZ 170 SP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless. . . . . . . . . . . . . . . . . . . . 12
Configuring a Static IP Address Internet Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Configuring a DHCP Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Configuring a PPPoE Internet Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuring PPTP Internet Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Configuring the TZ 170 SP using the Setup Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Configuring the TZ 50 Wireless/TZ 150 Wireless/170 Wireless using the Setup Wizard.18
Configuring the TZ 50 Wireless/TZ 150 Wireless/170 Wireless as an Office Gateway . . 18
Configuring the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless
as a Secure Access Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configuring the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless
as a Guest Internet Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configuring the TZ 170 Wireless as a Secure Wirele ss Bridge . . . . . . . . . . . . . . . . . . . .22
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
i
Table of Contents
Registering Your SonicWALL Security Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Before You Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Creating a mySonicWALL.com Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Registering Your SonicWALL Security Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
PART 2: System
Chapter 3: Viewing System Status Information . . . . . . . . . . . . . . . . . . . . . . 29
System > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Wizards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
System Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Security Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Latest Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Network Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Chapter 4: System > Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
System > Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Node License Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Node License Exclusion List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Security Services Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Manage Security Services Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Manual Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Manual Upgrade for Closed Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter 5: Using System Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
System > Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Firewall Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Name/Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Login Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Web Management Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Advanced Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 6: Setting System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
System > Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Set Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
NTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter 7: Configuring System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
System > Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Firmware Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
SafeMode - Rebooting the SonicWALL Security Appliance . . . . . . . . . . . . . . . . . . . . . . 49
Chapter 8: Performing Diagnostic Tests
and Restarting the SonicWALL Security Appliance51
System > Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Tech Support Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Active Connections Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
CPU Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
DNS Name Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Find Network Path. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Packet Trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
ii
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Process Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Reverse Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
System > Restart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
PART 3: Network
Chapter 9: Configuring Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Network > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
DNS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Configuring the WAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configuring Transparent Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configuring NAT Enabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring NAT with DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring NAT with PPPoE Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Configuring NAT with L2TP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring NAT with PPTP Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Configuring Ethernet Settings in WAN Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Configuring the LAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Basic LAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configuring Multiple LAN Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Configuring Ethernet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring the OPT Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring Transparent Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Configuring NAT Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuring the DMZ Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuring Transparent Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring NAT Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuring the Modem Interface
(TZ 170 SP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Activating the Modem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring WLAN Properties
(TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless) . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Chapter 10:Configuring One-to-One NAT . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Network > One-to-One NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
One-to-One NAT Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Chapter 11:Configuring Web Proxy Settings . . . . . . . . . . . . . . . . . . . . . . . . .85
Network > Web Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Automatic Web Proxy Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Bypass Proxy Servers Upon Proxy Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Forward OPT/DMZ/WLAN Client Requests to Proxy Server . . . . . . . . . . . . . . . . . . . . . . 86
Chapter 12:Configuring Intranet Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Network > Intranet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Intranet Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
iii
Table of Contents
Chapter 13:Configuring Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Network > Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Route Advertisement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Chapter 14:Configuring Address Resolution Protocol Settings. . . . . . . . . . . 93
Network > ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Static ARP Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Secondary Subnets with Static ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Prohibit Dynamic ARP Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Navigating and Sorting the ARP Cache Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Flushing the ARP Cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Chapter 15:Configuring the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Network > DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
DHCP Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
DHCP Server Lease Scopes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Configuring DHCP Server for Dynamic Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Configuring Static DHCP Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Current DHCP Leases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Chapter 16:Configuring Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Network > Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Supported DDNS Providers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configuring Dynamic DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Dynamic DNS Settings Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
PART 4: Modem
Chapter 17:Viewing Modem Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Modem > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Modem Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Chapter 18:Configuring Modem Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Modem > Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configuring Profile and Modem Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Chapter 19:Configuring Modem Failover . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Modem > Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Modem Failover Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Configuring Modem Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Chapter 20:Configuring Advanced Modem Settings. . . . . . . . . . . . . . . . . . 117
Modem > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Chapter 21:Configuring Modem Dialup Properties . . . . . . . . . . . . . . . . . . . 119
Modem > Dialup Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Dial-Up Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Configuring a Dialup Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Modem > Dialup Profiles > Modem Profile Configuration. . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring a Dialup Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Chat Scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
iv
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
PART 5: Wireless
Chapter 22:Setting Up the WLAN Using the Wireless Wizard
and Monitoring Your WLAN127
Considerations for Using Wireless Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Optimal Wireless Performance Recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Adjusting the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Antennas. . . . . . . . . . 129
Wireless Guest Services (WGS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Wireless Node Count Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
MAC Filter List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
WiFiSec Enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Using the Wireless Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Wireless > Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
WLAN Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
WLAN Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Station Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Chapter 23:Configuring Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . .139
Wireless > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Wireless Radio Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Secure Wireless Bridging (TZ 170 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Configuring a Secure Wireless Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Chapter 24:Configuring WEP and WPA Encryption. . . . . . . . . . . . . . . . . . .147
Wireless > WEP/WPA Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
WEP Encryption Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
WEP Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
WPA Encryption Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Chapter 25:Configuring Advanced Wireless Settings. . . . . . . . . . . . . . . . . .151
Wireless > Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Beaconing & SSID Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Wireless Client Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Advanced Radio Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Chapter 26:Configuring the MAC Filter List . . . . . . . . . . . . . . . . . . . . . . . . .155
Wireless > MAC Filter List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Chapter 27:Configuring Wireless IDS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Wireless > IDS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
PART 6: Wireless Guest Services
Chapter 28:Viewing Wireless Guest Services Status. . . . . . . . . . . . . . . . . .163
WGS > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
Chapter 29:Configuring Wireless Guest Services . . . . . . . . . . . . . . . . . . . .165
WGS > Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
Bypass Guest Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Bypass Filters for Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Enable Dynamic Address Translation (DAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Enable SMTP Redirect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Enable URL Allow List for Authenticated Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Enable IP Address Deny List for Authenticated Users. . . . . . . . . . . . . . . . . . . . . . . . . . 167
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
v
Table of Contents
Customize Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Custom Post Authentication Redirect Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Maximum Concurrent Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
WGS Account Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Chapter 30:Managing Wireless Guest Accounts . . . . . . . . . . . . . . . . . . . . 171
WGS > Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Working with Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Automatically Generating Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Manually Configuring Wireless Guests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Flexible Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Secure Access Point with Wireless Guest Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
PART 7: Firewall
Chapter 31:Configuring Network Access Rules . . . . . . . . . . . . . . . . . . . . . 179
Network Access Rules Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Using Bandwidth Management with Access Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Firewall > Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Restoring Default Network Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Adding Rules using the Network Access Rule Wizard . . . . . . . . . . . . . . . . . . . . . . . . . 181
Configuring a Public Server Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Configuring a General Network Access Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Adding Rules Using the Add Rule Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Rule Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Chapter 32:Configuring Advanced Rule Options . . . . . . . . . . . . . . . . . . . . 189
Access Rules > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Windows Networking (NetBIOS) Broadcast Pass Through. . . . . . . . . . . . . . . . . . . . . . 189
Detection Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Source Routed Packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
TCP Connection Inactivity Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
TCP Checksum Validation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Access Rule Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Chapter 33:Configuring Custom Services. . . . . . . . . . . . . . . . . . . . . . . . . . 191
Firewall > Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
User Defined (Custom) Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Predefined Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Chapter 34:Configuring VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Firewall > VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
VoIP Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Configuring the VoIP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Chapter 35:Monitoring Active Firewall Connections . . . . . . . . . . . . . . . . . . 197
Firewall > Connections Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Setting Filter Logic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Using Group Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
PART 8: VPN
Chapter 36:Configuring VPN Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
SonicWALL VPN Options Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
vi
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
VPN > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
VPN Global Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
VPN Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Currently Active VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Configuring GroupVPN Policy on the SonicWALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203
Configuring IKE Preshared Secret. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Configuring GroupVPN with IKE 3rd Party Certificates . . . . . . . . . . . . . . . . . . . . . . . . . 208
Export a GroupVPN Client Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Site to Site VPN Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Site-to-Site VPN Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
VPN Planning Sheet for Site-to-Site VPN Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Configuring Site to Site VPN Policies Using the
VPN Policy Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
Creating a Typical IKE Preshared Secret VPN Policy . . . . . . . . . . . . . . . . . . . . . . . . . .216
Creating a Custom VPN Policy IKE with Preshared Secret . . . . . . . . . . . . . . . . . . . . . .217
Creating a Manual Key VPN Policy with the VPN Policy Wizard. . . . . . . . . . . . . . . . . . 218
Configuring IKE 3rd Party Certificates with the VPN Policy Wizard. . . . . . . . . . . . . . . . 219
Creating Site-to-Site VPN Policies Using the VPN Policy Window . . . . . . . . . . . . . . . . 220
Chapter 37:Configuring Advanced VPN Settings. . . . . . . . . . . . . . . . . . . . .229
VPN > Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Advanced VPN Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
VPN User Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
VPN Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Chapter 38:Configuring DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . . . . .233
VPN > DHCP over VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
DHCP Relay Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Configuring the Central Gateway for DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . . . . 234
Configuring DHCP over VPN Remote Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Current DHCP over VPN Leases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Chapter 39:Configuring L2TP Server Settings. . . . . . . . . . . . . . . . . . . . . . .237
VPN > L2TP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
L2TP Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
IP Address Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Adding L2TP Clients to the SonicWALL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Currently Active L2TP Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Chapter 40:Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
Digital Certificates Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
SonicWALL Third-Party Digital Certificate Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
VPN > Local Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Importing Certificate with Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Certificate Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Generating a Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
VPN > CA Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Importing CA Certificates into the SonicWALL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Certificate Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Certificate Revocation List (CRL). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
vii
Table of Contents
PART 9: Users
Chapter 41:Viewing User Status and Configuring User Authentication. . . . 249
User Level Authentication Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Users > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Active User Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Users > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Authentication Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Global User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Internet Authentication Exclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Acceptable Use Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Configuring RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Chapter 42:Configuring Local Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Users > Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Adding a Local User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
PART 10: Security Services
Chapter 43:Managing SonicWALL Security Services. . . . . . . . . . . . . . . . . 261
SonicWALL Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
mySonicWALL.com. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Activating Free Trials. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Security Services > Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Security Services Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Manage Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
If Your SonicWALL Security Appliance is Not Registered. . . . . . . . . . . . . . . . . . . . . . . 264
Security Services Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Security Services Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Chapter 44:Configuring SonicWALL Content Filtering Service. . . . . . . . . . 265
SonicWALL Content Filtering Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Security Services > Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Content Filter Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Activating SonicWALL Content Filtering Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Activating a SonicWALL Content Filtering Service
FREE TRIAL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Content Filter Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Restrict Web Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Trusted Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Message to Display when Blocking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Configuring SonicWALL Filter Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Custom List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Consent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Mandatory Filtered IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Chapter 45:Managing SonicWALL Network Anti-Virus and E-Mail Filter Services275
SonicWALL Network Anti-Virus Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Security Services > Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Activating SonicWALL Network Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Activating a SonicWALL Network Anti-Virus FREE TRIAL . . . . . . . . . . . . . . . . . . . . . . 277
Security Services > E-Mail Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
viii
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
Configuring SonicWALL Network
Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Chapter 46:Managing SonicWALL Gateway Anti-Virus Service. . . . . . . . . .279
SonicWALL Gateway Anti-Virus Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Configuring SonicWALL Gateway
Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283
Chapter 47:Managing SonicWALL Intrusion Prevention Service . . . . . . . . .285
SonicWALL Intrusion Prevention Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
SonicWALL IPS Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
SonicWALL Deep Packet Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
How SonicWALL’s Deep Packet Inspection Architecture Works . . . . . . . . . . . . . . . . . .287
Security Services > Intrusion Prevention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
Activating SonicWALL IPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
Activating the SonicWALL IPS FREE TRIAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289
Chapter 48:Managing SonicWALL Global Security Client . . . . . . . . . . . . . .291
SonicWALL Global Security Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Global Security Client Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
How SonicWALL Global Security Client Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
SonicWALL Global Security Client Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Activating SonicWALL Global Security Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
PART 11: Log
Chapter 49:Viewing Log Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
SonicOS Log Event Messages Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Log > View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Navigating and Sorting Log View Table Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
SonicOS Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Chapter 50:Specifying Log Categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . .301
Log > Categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301
Log Categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Alerts & SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
Chapter 51:Configuring Log Automation . . . . . . . . . . . . . . . . . . . . . . . . . . .303
Log > Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
E-mail. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Syslog Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Chapter 52:Configuring Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . .307
Log > Name Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Selecting Name Resolution Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Specifying the DNS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Chapter 53:Generating and Viewing Log Reports . . . . . . . . . . . . . . . . . . . .309
Log > Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Data Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
View Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310
Log > ViewPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
SonicWALL ViewPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
ix
Table of Contents
Appendix A:Using the SonicSetup Diagnostic and Recovery Tool . . . . . . . 313
SonicSetup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Introduction and Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Device Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Diagnostic Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
SonicROM Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
SonicOS Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Restoring Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Address Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Appendix B:Resetting the SonicWALL Security Appliance Using SafeMode321
SonicWALL SafeMode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Upgrading SonicOS Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
x
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
Copyright Notice
© 2004 SonicWALL, Inc.
All rights reserved.
Under the copyright laws, this manual or the software described within, can no t be copied, in whole or
part, without the written consent of the manufacturer, except in the normal use of the software to
make a backup copy. The same proprietary and copyright notices must be affixed to any permitted
copies as were affixed to the original. This exception does not allow copies to be made for others,
whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or
loaned to another person. Under the law, copying includes translatin g into another language or
format.
Preface
Chapter :
Chapter :
Specifications and descriptions subject to change without notice.
Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc.
Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Internet
Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other
countries. Netscape Navigator and Netscape Communicator are also trademarks of Netscape
Communications Corporation and may be registered outside the U.S.
Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe
Systems Incorporated in the U.S. and/or other countries.
Other product and company names mentioned herein may be trademarks and/or registered
trademarks of their respective companies and are the sole prope rty of their respective manufacture rs.
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
xi
Preface
Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case
commencing not more than ninety (90) days after the original shipment by SonicWALL), and
continuing for a period of twelve (12) months, that the product will be free from defects in materials
and workmanship under normal use. This Limited War ra nty is not transferable and applie s only to the
original end user of the product. SonicWALL and its suppliers' entire liability and Customer's sole and
exclusive remedy under this limited warranty will be shipment of a replacement product. At
SonicWALL's discretion the replacement product may be of eq ual or g rea ter fu nctiona lity and may be
of either new or like-new quality. SonicWALL's obligations under this warranty ar e contingent upon the
return of the defective product according to the terms of SonicWALL's then-current Support Services
policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress,
damaged by accident, abuse, misuse or misapplication, or has been modified without the written
permission of SonicWALL.
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR
IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING
FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY
EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN
IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION
TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW
LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY
NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY
ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This
disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential
purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A
REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT
SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF
THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND
REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO
USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers'
liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price
paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its
essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION
OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION
MAY NOT APPLY TO YOU.
xii
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
About this Guide
Welcome to the SonicWALL SonicOS Standard 3.0 Administrator’s Guide. This manual provides the
information you need to successfully activate, configure, and administer SonicOS Standard 3.0 on the
following SonicWALL security appliance:
SonicWALL TZ 50
SonicWALL TZ 50 Wireless
SonicWALL TZ 150
SonicWALL TZ 150 Wireless
SonicWALL TZ 170
SonicWALL TZ 170 SP
SonicWALL TZ 170 Wireless
SonicWALL PRO 1260
SonicWALL PRO 2040
SonicWALL PRO 3060
Note: For the latest version of this manual as well as other SonicWALL product documentation, refer
to <http//:www.sonicwall.com/services/documentation.html>.
About this Guide
9
Tip: The Getting Start Guide for your SonicWALL security appliance provides instructions for
installing and configuring your SonicWALL security appliance for connecting your network through the
SonicWALL security appliance for secure Internet connectivity.
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
xiii
Preface
Organization of this Guide
The SonicOS Standard 3.0 Administrator’s Guide organization is structured into the following parts
that parallel the top-level menu items of SonicWALL Web-based mana gement in terface. Within thes e
parts, individual chapters correspond to the specific configuration pages listed as submenu items in
the management interface.
Part 1 Introduction
This part provides an overview of the SonicWALL management interface conventions, explains how
to get your network securely connected to the Internet with the SonicWALL security appliance using
the Setup Wizard, and registering your SonicW AL L sec ur ity ap plia n ce .
Part 2 System
This part covers the configuration of a variety SonicWALL security appliance controls for managing
system status information, registering the SonicWALL security appliance, activating and managing
SonicWALL Security Services licenses, configuring SonicWALL security appliance local and remote
management options, managing firmware versions and preferences, and using included diagnostics
tools for troubleshooting.
Part 3 Network
This part provides instructions for configuring the SonicWALL security appliance for your network
environment. It explains configuring network interface settings manually, setting up a DHCP server,
configuring the Web proxy requests to a network proxy server, configuring static routes and ARP
settings, and configuring dynamic DNS.
Part 4 Modem (TZ 170 SP)
This part explains how to configure the SonicWALL TZ 170 SP’s built-in mo dem for use as the pr imary
Internet connection or as a dial-up failover for the primary broadband Internet connection.
Part 5 Wireless (TZ 150 Wireless/TZ 170 Wireless)
This part explains how to set up the SonicWALL TZ 150 Wireless/TZ 170 Wir eless for secure WiFiSec
or WEP/WPA Internet access, configure wireless intrusion detection settings, and configure wireless
clients for secure wireless and remote access via the SonicWALl Global VPN Client.
Part 6 Wireless Guest Services (TZ 150 Wireless/TZ 170 Wireless)
This part explains how configure wireless guest accounts for th e SonicWALL TZ 150 Wireless/TZ 170
Wireless to securely support wireless network guests.
Part 7 Firewall
This part explains how to configure and manage firewall access po licies to deny o r pe rm it traf fic, how
to configure Voice over IP (VoIP) traffic to pass through, and monitor active firewall connections.
Part 8 VPN
This part covers how to create VPN policies on the SonicWALL security appliance to support
SonicWALL Global VPN Clients for remote client access, as well as site-to-site VPN policies for
connecting Loans between offices running SonicWALL security appliances.
xiv
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
Part 9 Users
This part explains how to create and manage a user database on the So nicWALL secu rity ap plian ce.
and how to integrate the SonicWALL security appliance with a RADIUS server for user auth entication.
Part 10 Security Services
This part includes an overview of optional SonicWALL security services. When combined with
network security features of the SonicWALL security appliance, these services provide
comprehensive protection against a wid e rang e of thre a ts, inc l ud in g viru se s, wo rm s, Tr o jan s,
spyware, peer-to-peer and instant mess ag in g ap plic atio n exp loits , ma licio us co de , an d ina p pr opria te
or unproductive web sites.
These subscription-based services include SonicWALL Content Filtering Service, SonicWALL
Network Anti-Virus, Gateway Anti-Virus, SonicWALL Intrusion Prevention Service, and SonicWALL
Global Security Client. FREE trials of many of these these securit y service s ubscriptions are available
after you register your SonicWALL security appliance.
Part 11 Log
This part covers managing the SonicWALL security appliance’s enhanced logging, alerting, and
reporting features. The SonicWALL security appliance’s logging features provide a comprehensive
set of log categories for monitoring security and network activities.
About this Guide
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
xv
Preface
Guide Conventions
The following Conventions used in this guide are as follows:
Convention Use
Bold Highlights items you can select on the SonicWALL
management interface.
Italic Highlights a value to enter into a field. For example, “type
192.168.168.168 in the IP Address field.”
Menu Item > Menu Item Indicates a multiple step management interface menu
choice. For example, Security Services > Content Filter
means select Security Services, then select Content
Filter.
Icons Used in this Manual
These special messages refer to noteworthy information, and include a symbol for quick identification:
Alert: Important information that cautions about features affecting firewall performance, security
S
features, or causing potential problems with your SonicWALL security appliance.
9
Â
Tip: Useful information about security features and configurations on your SonicWALL security
appliance.
Note: Important information on a feature that requires callout for special attention.
Cross Reference: Pointer to related or more detailed information on the topic.
xvi
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
SonicWALL Technical Support
For timely resolution of technical support questions, visit SonicWALL on the Internet at
<http://www.sonicwall.com/services/support.html>. Web-based resources are available to help you
resolve most technical issues or contact SonicWALL Technical Support.
To contact SonicWALL telephone support, see the telephone numbers listed below:
North America Telephone Support
U.S./Canada - 888.777.1476 or +1 408.752.7819
International Telephone Support
Australia - + 1800.35.1642
Austria - + 43(0)820.400.105
EMEA - +31(0)411.617.810
France - + 33(0)1.4933.7414
SonicWALL Technical Support
Germany - + 49(0)1805.0800.22
Hong Kong - + 1.800.93.0997
India - + 8026556828
Italy - +39.02.7541.9803
Japan - + 81(0)3.5460.5356
New Zealand - + 0800.446489
Singapore - + 800.110.1441
Spain - + 34(0)9137.53035
Switzerland - +41.1.308.3.977
UK - +44(0)1344.668.484
Note: Please visit <http://www.sonicwall.com/services/contact.html> for the latest technical support
telephone numbers.
More Information on SonicWALL Products
and Services
Contact SonicWALL, Inc. for information about SonicWALL products and services at:
Web: http://www.sonicwall.com
E-mail: sales@sonicwall.com
Phone: (408) 745-9600
Fax: (408) 745-9300
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
xvii
Preface
Current Documentation
Check the SonicWALL documentation Web site for that latest versions
of this manual and all other SonicWALL product documentation.
http://www.sonicwall.com/services/documentation.html
xviii
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
P
ART
1
Part 1Introduction
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
1
2
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
C
HAPTER
Chapter 1: Introduction
What’s New in SonicOS Standard 3.0
• Real-time Gateway Anti Virus (GAV) - Provides per packet virus scanning using a Deep Packet
Inspection version 2.0 engine. The Real-time GAV feature provides over 4,500 signatures on the SonicWALL TZ series security appliances and over 24,000 signatures on the SonicWALL PRO series
governing gateway appliances. The Real-time GAV feature supports zip and gzip data compression.
The Real-time GAV feature supports scanning the following message delivery protocols:
HyperText Transport Protocol (HTTP)
Simple Mail Transfer Protocol (SMTP)
Internet Message Access Protocol (IMAP)
Post Office Protocol 3 (POP3)
File Transfer Protocol (FTP)
Transmission Control Protocol (TCP) packet streams
• IPS 2.0 - Includes an updated Data Packet Inspection (DPI) engine that powers Intrusion Prevention
Services (IPS) and GAV. The IPS version 2.0 engine includes the following feature enhancements:
IP Fragmentation - Provides the ability to either disallow IP fragments or to reassemble IP
fragments for full application layer inspection.
Checksum Validation - Provides the ability to detect and prevent invalid IP, ICMP, TCP, and
UDP checksums.
Global IP Exclusion List - Provides the ability to configure a range of IP addresses to exclude
specified network traffic from IPS evaluation.
Log Redundancy - Provides the ability to configure per-category and per-signature log
redundancy filter settings.
Dynamic Categorization - Groups and displays signatures automatically in expandable category
views. Category maintenance is performed through automated signature updates.
• Enhanced VoIP Support - Adds comprehensive support for third-party VoIP equipment, including
products from Cisco, Mitel, Pingtel, Grandstream, Polycom, D-Link, Pulver, Apple iChat, and softphones from Yahoo, Microsoft, Ubiquity, and OpenPhone. Enhanced VoIP support adds the ability to
handle SIP, H.323v1, H.323v2, H.323v3, and H.323v4. The internal DHCP Server capability in SonicOS Standard 2.6 allows any SIP endpoint to receive addressing information into the DHCP scope
information, this enables any SIP endpoint to receive SIP Proxy addresses when they issue a DHCP
request on the network.
1
3
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
C
HAPTER
1:
Introduction
Note: Registration Admission Status (RAS) and Internet Locator Service (ILS) LDAP for H.323 is not
supported on SonicOS Standard 3.0. For H.323 RAS and ILS LDAP support on the SonicWALL TZ
170 Series, upgrade your firmware to SonicOS Enhanced 3.0 (or greater). For H.323 RAS and ILS
LDAP support on the SonicWALL PRO 2040 or SonicWALL PRO 3060, upgrade your firmware to
SonicOS Enhanced 2.5 (or greater).
• Dynamic DNS - Enables the SonicWAL L security device to dynamically register its WAN IP
address with a Dynamic Domain Name Server (DDNS) service prov ide r.
• Lightweight Hotspot Messaging - Pr ovide s Hotspot users authentication between a SonicW ALL
wireless access device (such as a SonicWALL TZ 170 Wireless, or a SonicPoint with a SonicWALL PRO series governing gateway appliance) and an Authentication Back-End (ABE) for parametrically bound network access.
• Wireless Radio Operating Schedule - Provides the ability to create a schedule to control the
operation of the wireless radio for SonicWALL wireless access devices (such as the SonicWALL
TZ 170 Wireless or SonicPoint).
• WiFiSec Exception List - Provides wireless users the flexibility to bypass WiFiSec enforcement.
The WiFiSec Exception List enables you to allow NT Domain logons to occur prior to Global VPN
Client (GVC) tunnel establishment.
• Real-time Monitoring - Includes the following monitoring tools:
CPU Monitor allows you to generate CPU utilization reports in a customizable histogram
format.
Process Monitor allows you to generate reports on current running process es .
Active Connections Monitor allows you to generate reports on current active network
connections.
• DHCP Server Enhancements - Includes expanded hash tables for resource management, accelerated duplicate-address detection, and improved Dynamic Host Config uration Protocol (DHCP)
Server internal-database maintenance management.
• Expanded Logging - Includes additional logging capabilities to provide expanded flexibility. You
can export the log into plain text or CSV values. Logging categories are dramatically expanded,
the logs conform to Syslog severity levels so you can set the SonicWALL security appliance to only
log alerts and messages of specified levels. And you can independently specify which categories
are logged to the internal log. When dire cting logs to external Syslog servers, you can rate -limit the
messages based on events-per-second or maximum bytes-per-second, so that external Syslog
servers do not become overwhelmed.
• Static ARP Support - Enables you to create static Address Resolution Protocol (ARP) entries,
create MAC address to IP address bindings, and to publish static ARP entries for use in a secondary network subnet.
• Virtual Adapter St atic IP Support - Provides support for static IP addr essing of Global VPN Client
(GVC) virtual adapters.
SonicWALL Management Interface
The SonicWALL security appliance’s Web-based management interface provides a easy-to-use
graphical interface for configuring your SonicWALL security appliance. The following provides an
overview of the key management interface objects.
4
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
Navigating the Management Interface
Navigating the SonicWALL management interface includes a hierarchy of menu buttons on the
navigation bar (left side of your browser window).
SonicWALL Management Interface
When you click a menu button, related manage ment functions are displayed as submenu items in th e
navigation bar.
To navigate to a submenu page, click the link. When you click a menu button, the first submenu item
page is displayed. The first submenu page is automatically displaye d when you click the menu button.
For example, when you click the Network button, the Network > Settings page is displayed.
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
5
C
HAPTER
1:
Introduction
Status Bar
The Status bar at the bottom of the management interface window displays the status of actions
executed in the SonicWALL management interface.
Applying Changes
Click the Apply button at the top right corner of the SonicWALL management interface to save any
configuration changes you made on the page.
If the settings are contained in a secondary window within the management interface, when you click
OK, the settings are automatically applied to the SonicWALL security appliance.
Navigating Tables
Navigate tables in the management interface with large number of entries by using the navigation
buttons located on the upper right top corner of the table.
6
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
SonicWALL Management Interface
The table navigation bar includes buttons for moving through table pages.
Common Icons in the Management Interface
The following describe the functions of common icons used in the SonicWALL mana gement interface:
Clicking on the edit icon displays a window for editing the settings.
Clicking on the delete icon deletes a table entry
Moving the pointer over the comment icon displays text from a Comment field entry.
Getting Help
Each SonicWALL security appliance includes Web-based on-line help av ailable from the
management interface.
Clicking the question mark ? button on the top-right corner of every page accesses the
context-sensitive help for the page.
Alert: Accessing the SonicWALL security appliance online help requires an active Internet
S
connection.
Logging Out
The Logout button at the bottom of the menu bar terminates the management interface session and
displays the authentication page for logging into the SonicWALL security appliance.
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
7
C
HAPTER
1:
Introduction
8
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
Chapter 2: Basic SonicWALL Security
Appliance Setup
SonicWALL Security Appliance Configuration Steps
C
HAPTER
2
The chapter provides instructions for basic installation of the SonicWALL security appliance running
SonicOS Standard 3.0. After you complete this chapter, computers on your LAN will have secure Internet
Internet access.
• “Collecting Required ISP Information” on page 9
• “Accessing the SonicWALL Security Appliance Management Interface” on page 11
• “Using the SonicWALL Setup Wizard” on page 11
• “Registering Your SonicWALL Security Appliance” on page 24
Collecting Required ISP Information
Before you configure your SonicWALL security appliance for Internet connectivity for your computers,
make sure you have any information required for your type of Internet connection available.
Internet Service Provider (ISP) Information
If You Have a Cable Modem
Your ISP is probably using DHCP to dynamically assign an address to your computer.
You do not need any Internet connection information.
9
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
C
HAPTER
2:
Basic SonicWALL Security Appliance Setup
If You Have DSL
Your ISP is probably using PPPoE to dynamically authenticate your login and assign an address to
your computer. You will need:
User Name:
Note: Your ISP may require your user name to include the “@” symbol and the domain name, for
example, “Joe@sonicwall.com”
Password:
If You Have a Static IP Address
Your ISP may have assigned you a static IP address for your computer. If so, the paperwork or e-mail
confirmation from your ISP should contain the following configuration information:
IP Address:
Subnet Mask:
Default Gateway:
Primary DNS:
Secondary DNS (optional):
If Your ISP Provided You With a Server IP Address, User Name, and Password
Your ISP may be using PPTP to establish a secure connection between your computer and a server.
You will need:
Server Address:
User Name:
Password:
If you are unsure what kind of connection you have, the paperwork or e-mail confirmation message
from your ISP should contain the information. If you cannot find the information, you can rely on the
SonicWALL security appliance to automatically detect the correct settings during setup.
Other Information
SonicWALL Management Interface
To access the SonicWALL security appliance Web-based management interface. These are the
default settings, which you can change:
User Name:
Password: password
Note: If you are not using one of the network configurations above, refer to Chapter 3, Configuring
Network Settings.
admin
10
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
Accessing the SonicWALL Security Appliance Management Interface
Accessing the SonicWALL Security
Appliance Management Interface
To access the Web-based management interf ace of the SonicWALL security appliance:
1
On the computer you have connected to a network port, start your Web browser.
Alert: Your Web browser must support Java and HTTP uploads. Internet Explorer 5.0 or higher or
S
9
Netscape Navigator 4.7 or higher are recommended.
2
Enter 192.168.168.168 in the Location or Address field. The first time you access the
SonicWALL management interface, the SonicWALL Setup Wizard launches and guides you
through the configuration and setup of your SonicWALL security appliance.
3
If the Setup Wizard does not display, the System > Status page is displayed. Click the Setup
Wizard button on the Network > Settings page.
4
Proceed to one of the following configuration options for your type of Internet connection:
• “Configuring a Static IP Address Internet Connection” on page 12
• “Configuring a DHCP Internet Connection” on page 14
• “Configuring a PPPoE Internet Connection” on page 14
• “Configuring PPTP Internet Connectivity” on page 15
Tip: If you do not know what kind of Internet connection you have, the SonicWALL Setup Wizard will
attempt to detect your connection settings.
Using the SonicWALL Setup Wizard
The SonicWALL Setup Wizard provides user-guided instructions for configuring your SonicWALL
security appliance. If the Setup Wizard does not launch when yo u access the management interface,
you can launch the Setup Wizard using one of the following methods:
• Select the Network > Settings and then click on the Setup Wizard button.
• Select the System > Status page and then click the Wizards button. The SonicWALL
Configuration Wizard is displayed. Select Setup Wizard and click Next.
•Select Wizards on the left-navigation bar. The SonicWALL Configuration Wizard is displayed.
Select Setup Wizard and click Next.
Note: Make sure you have any required ISP information to complete the configuration before using
9
SonicWALL TZ 170 SP
the Setup Wizard.
Tip: You can also configure all your WAN and network settings on the Network > Settings page of
the SonicWALL management interface.
If you are configuring the SonicWALL TZ 70 SP, the Setup Wizard includes two additional modem
configuration pages for configuring the modem as the primary WAN connection or as a failover for the
primary Internet connection. See “Configuring the TZ 170 SP using the Setup Wizard” on page 17.
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
11
Loading...