How it Works
SonicWALL
Loading...
TZ170SP
User Manual
10 pgs214.32 Kb0
User Manual
54 pgs3.02 Mb0

SonicWALL TZ170SP User Manual

SonicWALLTZ170SPFAQ
OVERVIEW
How is the TZ 170 SP different from the TELE3 SP?
HARDWARE/SOFTWARE FEATURES
Can I run SonicOS Enhanced on the TZ 170 SP?
Yes.
What does the ‘SonicOS 2.6 Enhanced for TZ 170 SP’ upgrade cost?
The upgrade retails for US$500. This price applies to the 10-node, 25-node, and Unrestricted-node models of the TZ 170 SP.
Can I import a prefs file from a TELE3 SP into a TZ 170 SP?
You can, although it will import and report errors, and some settings will not be transferred since the hardware and prefs storing mechanisms are different in the two models. If you are replacing a TELE3 SP with a TZ 170 SP, it’s recommended that you recreate the TELE3 SP’s settings on the TZ 170 SP to avoid any potential issues.
How do I upgrade a TZ 170 SP from SonicOS Standard to SonicOS Enhanced?
When you purchase the upgrade, you will be provided with a new firmware image to install onto the TZ 170 SP; the new firmware is installed in the standard SonicWALL method of software upgrade (i.e. using the web management GUI and a modern web browser). Please note that since the preferences files for Standard and Enhanced are different, all settings will be erased when upgrading a TZ 170 SP from Standard to Enhanced will need to note all the settings currently on the device, and re-enter them once the TZ 170 SP reboots running Enhanced. For a more complete discussion of this topic, please see the SonicWALL whitepaper ‘Upgrading SonicOS Standard to SonicOS Enhanced’, located at
http://www.sonicwall.com/services/pdfs/SonicOS_Standard_to_Enhanced_Upgrade.pdf
Can I downgrade a TZ 170 SP running SonicOS Enhanced to SonicOS Standard?
Yes, but your SonicOS Enhanced preferences are not convertible to SonicOS Standard (the advanced objects in SonicOS Enhanced cannot be mapped onto the SonicOS Standard preference structure), so all settings will be lost when the TZ 170 SP reboots with SonicOS 2.x Standard.
. Because of this, you
1
Is there an external preferences conversion utility for older SonicWALL firmware (6.x) to SonicOS Standard and Enhanced?
No.
Is there an external preferences conversion utility for SonicOS Standard to SonicOS Enhanced?
Yes, but it only converts VPN settings, and will not convert any of the other settings. This utility is available from SonicWALL’s tech support organization.
Can I manage my TZ 170 SP remotely using SonicWALL Global Management System (GMS)?
Yes, the TZ 170 SP can be centrally managed using SonicWALL’s award-winning Global Management System version 2.8 or newer.
Can I use my TZ 170 SP with ViewPoint?
Yes, with Viewpoint 2.8 and newer.
What is the minimum firmware for the TZ 170 SP?
The minimum level of firmware the TZ 170 SP can run is SonicOS 2.6 Standard. The TZ 170 SP does not support older SonicOS releases, or any of the older “6.x”-series firmware releases.
How do I get firmware for the TZ 170 SP? SonicOS 2.6 Standard is available to customers for 90 days after they have registered their devices on the https://www.mysonicwall.com customers must purchase a support contract in order to continue to receive firmware updates and new versions. When SonicOS Enhanced for TZ 170 SP is released, it will also be available for download at mysonicwall.com for those that have purchased the SonicOS Enhanced Upgrade.
What is the difference between signed and non-signed firmware?
The TZ 170 SP requires signed firmware images, unlike other SonicWALL Firewall/VPN devices. This is a new security mechanism added to the firmware to prevent tampering, and ensures that the image is both valid and originates from SonicWALL. Because of this, the TZ 170 SP will not accept non-signed firmware images. All signed images end with a ‘.sig’ extension.
What exactly is a “security zone”?
A security zone is simply a logical grouping of one or more interfaces or subinterfaces, and is intended to make creating security policies a much simpler task. With SonicOS Enhanced, interfaces do not have the same importance in terms of how the security policy functions as they did in previous versions of firmware. Please refer to the whitepaper ‘Security Zones in SonicOS 2.x Enhanced’ for a full discussion on this topic.
What is the “Multicast” zone?
This is a default system zone introduced in SonicOS 2.5 Enhanced, and cannot be deleted or edited. You do not need to do anything with the Multicast zone’s firewall access rules in order to get multicast to work; the system automatically writes all necessary rules. Please note that the Multicast zone will not show up on the ‘Firewall > Access Rules’ page unless you activate Multicast on the firewall and set one or more interfaces to participate in Multicast.
What are zone ‘Security Types’ and what do they mean?
In SonicOS 2.5 Enhanced and newer, there are three zone types defined: ‘Trusted’, ‘Public’, and ‘Wireless’. Any zone set to ‘Trusted’ will automatically have security policy written to allow any systems in that zone to access systems in all other zones set to ‘Trusted’, and vice versa. Any zone set to ‘Public’ will automatically have security policy written to allow any systems in that zone to access systems in all other zones set to ‘Public’, but will have security policy written to deny all systems in that zone to access systems in any zone set to ‘Trusted’ or ‘Public’. Any zone set to ‘Wireless’ will gain two new tabs: a ‘Wireless’ tab that allows you to enforce WiFiSec for all users in that zone, and a ‘Guest Services’ tab that allows you to enforce wireless guest services for all users in that zone. It will also write security policy to allow all systems in that zone to access system in all other zones set to ‘Public’, but will but will have security policy written to deny all systems in that zone to access systems in any zone set to ‘Trusted’ or ‘Wireless’.
customer portal, and for customers who have valid support contracts. After 90 days,
2
What does ‘Allow Interface Trust’ mean for a zone?
When this box is checked, all interfaces added to the zone will automatically have security policy written to allow all systems connected to each interface to talk to each other – if checked, you will see these policies show up in the firewall access rules policy intersection for that zone (for example: ‘LAN > LAN’). These polices can be adjusted as needed, or deleted completely.
I created some zones, but they do not show up in the rules matrix – why?
Zones will not display in the access rules matrix unless an interface has been explicitly bound to the zone. Once an interface has been added to a zone, it will then show up in the matrix, and you can then write rules to/from this zone.
How many SonicPoints can I add to a TZ 170 SP?
You can add up to two SonicPoints to the OPT interface, once the OPT interface is added to a Wireless zone. Please note that the TZ 170 SP must be running SonicOS 2.6 Enhanced or newer to support SonicPoints.
Can I put SonicPoints in the LAN or WAN zone?
No, you cannot. In order for SonicPoints to be acquired, provisioned, and controlled by the TZ 170 SP, they must be placed into a Wireless zone. The WAN and LAN zones also do not have the WiFiSec and WGS enforcement tabs, as the Wireless zones do. While a SonicPoint can be configured to run in standalone mode and could conceivably be hand-programmed and attached to the LAN zone, you’d lose WiFiSec and WGS capabilities for the wireless users associating with that SonicPoint.
Can I connect a third-party wireless access point to the TZ 170 SP?
Yes and no – it’s not possible to connect a non-SonicWALL access point to a Wireless zone, as the TZ 170 SP will not communicate with third-party access points, and will block all wireless traffic attempting to connect through it from that access point. However, it is possible to hook a third-party access point to any zone not marked as a wireless zone, but you will not be able to enforce WiFiSec or WGS for any wireless user connecting through that access point.
What is ‘Consistent NAT’?
This is a new feature in SonicOS 2.5 Enhanced and newer. The control for this feature, which is located on the ‘Firewall > VoIP’ page, should be left unchecked by default. The Consistent NAT option modifies the SonicWALL's standard NAT behavior when handling outbound UDP traffic in order to provide higher levels of compatibility with a small handful of certain peer-to-peer applications such as some online games and Apple's ‘iChat’ application. Consistent NAT uses an MD5 hashing method to consistently assign the same remapped (i.e. Network Address Translated) public IP address and public UDP port pair to each internal private IP address and private UDP port pair. For example:
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167 Private (LAN) UDP Port: 50650 --> Consistent Remapped Public (WAN) UDP Port: 40004
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167 Private (LAN) UDP Port: 50655 --> Consistent Remapped Public (WAN) UDP Port: 40745
Private (LAN) IP: 192.168.168.20 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167 Private (LAN) UDP Port: 50650 --> Consistent Remapped Public (WAN) UDP Port: 54621
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167 Private (LAN) UDP Port: 50650 --> Consistent Remapped Public (WAN) UDP Port: 49724
With Consistent NAT, all subsequent requests from either host 192.168.168.10 or 192.168.168.20 using the same Private UDP ports as illustrated above would result in the use of the same, predictable remapped Private UDP ports. Without Consistent NAT, the remapped port would change with every subsequent request, providing no consistency, and no predictability. Most UDP based applications are perfectly compatible with the latter, and do not require Consistent NAT.
3
Loading...
+ 7 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use