How it Works
SonicWALL
Loading...
TZ 190
User Manual
843 pgs15.52 Mb0
Table of contents
Loading...

SonicWALL TZ 180, TZ 190 User Manual

COMPREHENSIVE INTERNET SECURITY
SonicWALL Internet Security Appliances
SonicOS 4.0 Enhanced
Administrator’s Guide
For the SonicWALL TZ 180 and TZ 190

Table of Contents

Part 1: Introduction
Chapter 1: Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Copyright Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Limited Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Organization of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Guide Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
SonicWALL Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
More Information on SonicWALL Products . . . . . . . . . . . . . . . . . . . .28
Current Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Chapter 2: Common Criteria Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Common Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Overview of Common Criteria Operation . . . . . . . . . . . . . . . . . . . . . .31
Use of GUI Interface for Local Management . . . . . . . . . . . . . . . . . . .32
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Chapter 3: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
What’s New in SonicOS Enhanced 4.0 . . . . . . . . . . . . . . . . . . . . . . .35
SonicWALL Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . .40
SonicOS Enhanced 4.0 Administrator Guide
iii
Part 2: System
System > Security Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
SonicWALL Security Dashboard Overview . . . . . . . . . . . . . . . . . . . . 47
Using the SonicWALL Security Dashboard . . . . . . . . . . . . . . . . . . . 50
Related Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 5: Viewing Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . 61
System > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Wizards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
System Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Latest Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Registering Your SonicWALL Security Appliance . . . . . . . . . . . . . . . 64
Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Chapter 6: Managing SonicWALL Licenses . . . . . . . . . . . . . . . . . . . . . . 67
System > Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Node License Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Security Services Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Manage Security Services Online . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Manual Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Manual Upgrade for Closed Environments . . . . . . . . . . . . . . . . . . . . 70
Chapter 7: Configuring Administration Settings . . . . . . . . . . . . . . . . . . 73
System > Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Firewall Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Administrator Name & Password . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Login Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Multiple Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Web Management Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
SSH Management Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Advanced Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Download URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Selecting UI Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
iv
SonicOS Enhanced 4.0 Administrator Guide
Chapter 8: Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
System > Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Digital Certificates Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Certificates and Certificate Requests . . . . . . . . . . . . . . . . . . . . . . . . .86
Certificate Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Importing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Deleting a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Certificate Revocation List (CRL) . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Generating a Certificate Signing Request . . . . . . . . . . . . . . . . . . . . .90
Chapter 9: Configuring Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
System > Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
NTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Chapter 10: Setting Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
System > Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Adding a Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Deleting Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Chapter 11: Managing SonicWALL Security Appliance Firmware . . . . .99
System > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Firmware Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
SafeMode - Rebooting the SonicWALL Security Appliance . . . . . . .103
FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Chapter 12: Using SonicWALL Packet Capture . . . . . . . . . . . . . . . . . . .105
System > Packet Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Packet Capture Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Using Packet Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Configuring Packet Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Verifying Packet Capture Activity . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
SonicOS Enhanced 4.0 Administrator Guide
v
Chapter 13: Using Diagnostic Tools & Restarting the Appliance . . . . 125
System > Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Tech Support Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Active Connections Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
CPU Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
DNS Name Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Find Network Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Packet Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Process Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Real-Time Black List Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Reverse Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Trace Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Web Server Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
System > Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Part 3: Network
Chapter 14: Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Network > Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Interface Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
SonicOS Enhanced Secure Objects . . . . . . . . . . . . . . . . . . . . . . . . 140
Transparent Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
vi
SonicOS Enhanced 4.0 Administrator Guide
Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Configuring the LAN and OPT Interfaces (Static) . . . . . . . . . . . . . . .141
Configuring Advanced Settings for the Interface . . . . . . . . . . . . . . .142
Configuring Interfaces in Transparent Mode . . . . . . . . . . . . . . . . . .143
Configuring Wireless Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Configuring a WAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
Configuring SonicWALL PortShield Interfaces . . . . . . . . . . . . . . . . .150
Configuring the Wireless WAN Interface . . . . . . . . . . . . . . . . . . . . .152
Managing WWAN Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Specifying the WAN Connection Model . . . . . . . . . . . . . . . . . . . . . .153
Configuring Basic Wireless WAN Settings . . . . . . . . . . . . . . . . . . . .154
Configuring Remotely Triggered Dial-Out on the WWAN . . . . . . . . .156
Configuring the Maximum Allowed WWAN Connections . . . . . . . . .157
Creating a WLAN Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Chapter 15: Configuring PortShield Interfaces . . . . . . . . . . . . . . . . . . .159
SonicWALL PortShield Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Security Services with PortShield . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Network > SwitchPorts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Using Different Approaches to Configuration . . . . . . . . . . . . . . . . . .161
Creating a PortShield Interface from the Interfaces Area . . . . . . . . .162
Creating a New Zone for the PortShield Interface . . . . . . . . . . . . . .166
Refining the PortShield Interface . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Creating Transparent Mode PortShield Interfaces . . . . . . . . . . . . . .169
Mapping Ports from the Switch Ports Window . . . . . . . . . . . . . . . . .172
PortShield Deployment Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Deployment Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Configuring the Hospitality Example Deployment . . . . . . . . . . . . . .176
Chapter 16: Setting Up WAN Failover and Load Balancing . . . . . . . . .181
Network > WAN Failover & Load Balancing . . . . . . . . . . . . . . . . . . . . .181
WAN Failover Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Setting Up WAN Failover and Load Balancing . . . . . . . . . . . . . . . . .182
WAN Probe Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
WAN Load Balancing Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
SonicOS Enhanced 4.0 Administrator Guide
vii
Chapter 17: Configuring Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Network > Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
How Zones Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Predefined Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Security Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Allow Interface Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Enabling SonicWALL Security Services on Zones . . . . . . . . . . . . . 194
The Zone Settings Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Adding a New Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Deleting a Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Configuring the WLAN Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Chapter 18: Configuring DNS Settings . . . . . . . . . . . . . . . . . . . . . . . . . 201
Network > DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Chapter 19: Configuring Address Objects . . . . . . . . . . . . . . . . . . . . . . 203
Network > Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Types of Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Address Object Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Creating and Managing Address Objects . . . . . . . . . . . . . . . . . . . . 204
Default Address Objects and Groups . . . . . . . . . . . . . . . . . . . . . . . 206
Adding an Address Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Editing or Deleting an Address Object . . . . . . . . . . . . . . . . . . . . . . 210
Creating Group Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Public Server Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Working with Dynamic Addresses . . . . . . . . . . . . . . . . . . . . . . . . . 212
Chapter 20: Configuring Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Network > Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Route Advertisement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Route Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Advanced Routing Services (OSPF and RIP) . . . . . . . . . . . . . . . . . 230
Configuring Advanced Routing Services . . . . . . . . . . . . . . . . . . . . 237
viii
SonicOS Enhanced 4.0 Administrator Guide
Chapter 21: Configuring NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . .245
Network > NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
NAT Policies Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
NAT Policy Settings Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
NAT Policies Q&A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
NAT Load Balancing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250
Creating NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Using NAT Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
Chapter 22: Managing ARP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271
Network > ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271
Static ARP Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272
Secondary Subnets with Static ARP . . . . . . . . . . . . . . . . . . . . . . . .273
Navigating and Sorting the ARP Cache Table . . . . . . . . . . . . . . . . .275
Navigating and Sorting the ARP Cache Table Entries . . . . . . . . . . .276
Flushing the ARP Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276
Chapter 23: Setting Up the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . .277
Network > DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
DHCP Server Options Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .278
DHCP Server Persistence Overview . . . . . . . . . . . . . . . . . . . . . . . .279
Enabling the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280
DHCP Server Lease Scopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280
Configuring DHCP Server for Dynamic Ranges . . . . . . . . . . . . . . . .281
Configuring Static DHCP Entries . . . . . . . . . . . . . . . . . . . . . . . . . . .283
Configuring SonicWALL DHCP Server Options . . . . . . . . . . . . . . . .285
Current DHCP Leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
DHCP Option Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
Chapter 24: Using IP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
Network > IP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
IP Helper Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
IP Helper Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Adding an IP Helper Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Editing an IP Helper Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
Deleting IP Helper Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
SonicOS Enhanced 4.0 Administrator Guide
ix
Chapter 25: Setting Up Web Proxy Forwarding . . . . . . . . . . . . . . . . . . 305
Network > Web Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Configuring Automatic Proxy Forwarding (Web Only) . . . . . . . . . . 305
Bypass Proxy Servers Upon Proxy Failure . . . . . . . . . . . . . . . . . . . 306
Chapter 26: Configuring Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . 307
Network > Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Supported DDNS Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Configuring Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Dynamic DNS Settings Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Part 4: Wireless Chapter 27: Viewing WLAN Settings, Statistics, and Station Status . 315
Wireless Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Considerations for Using Wireless Connections . . . . . . . . . . . . . . . 316
Recommendations for Optimal Wireless Performance . . . . . . . . . . 316
Adjusting the Antennas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Wireless Node Count Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . 317
MAC Filter List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
WiFiSec Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Wireless > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
WLAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
WLAN Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
WLAN Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Station Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Chapter 28: Configuring Wireless Settings . . . . . . . . . . . . . . . . . . . . . . 323
Wireless > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Wireless Radio Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Secure Wireless Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Configuring a Secure Wireless Bridge . . . . . . . . . . . . . . . . . . . . . . 326
Chapter 29: Configuring WEP and WPA Security . . . . . . . . . . . . . . . . 333
Wireless > WEP/WPA Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Authentication Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
WEP Encryption Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
WEP Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
WPA Encryption Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
WPA/WPA2 Encryption Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
x
SonicOS Enhanced 4.0 Administrator Guide
Chapter 30: Configuring Advanced Wireless Settings . . . . . . . . . . . . .339
Wireless > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339
Beaconing & SSID Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Wireless Client Communications . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Configurable Antenna Diversity . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Advanced Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342
Chapter 31: Configuring MAC Filter List . . . . . . . . . . . . . . . . . . . . . . . . .345
Wireless > MAC Filter List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345
Allow or Deny Specific Resources . . . . . . . . . . . . . . . . . . . . . . . . . .345
Chapter 32: Configuring Wireless IDS . . . . . . . . . . . . . . . . . . . . . . . . . .347
Wireless > IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
Wireless Bridge IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
Access Point IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348
Enable Client Null Probing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348
Association Flood Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348
Intrusion Detection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349
Discovered Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349
Scanning for Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350
Authorizing Access Points on Your Network . . . . . . . . . . . . . . . . . .350
Chapter 33: Configuring Virtual Access Points . . . . . . . . . . . . . . . . . . .351
Wireless > Virtual Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351
SonicPoint VAP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352
Virtual AP Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . .353
Thinking Critically About VAPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Determining Your VAP Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
A Sample Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Determining Security Configurations . . . . . . . . . . . . . . . . . . . . . . . .366
VAP Configuration Worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
SonicOS Enhanced 4.0 Administrator Guide
xi
Part 5: WWAN
Chapter 34: Configuring Wireless WAN (TZ 190 only) . . . . . . . . . . . . . 371
WWAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Wireless WAN Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Wireless WAN Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Viewing the WWAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Configuring Wireless WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Monitoring WWAN Data Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
WWAN Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Part 6: SonicPoint
Chapter 35: Managing SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
SonicPoint > SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Before Managing SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
SonicPoint Provisioning Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Chapter 36: Viewing Station Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
SonicPoint > Station Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Chapter 37: Using and Configuring IDS . . . . . . . . . . . . . . . . . . . . . . . . 405
SonicPoint > IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Wireless Intrusion Detection Services . . . . . . . . . . . . . . . . . . . . . . 405
Chapter 38: Configuring RF Monitoring . . . . . . . . . . . . . . . . . . . . . . . . 409
SonicPoint > RF Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
RF Monitoring Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Enabling RF Monitoring on SonicPoint(s) . . . . . . . . . . . . . . . . . . . . 411
Using The RF Monitoring Interface . . . . . . . . . . . . . . . . . . . . . . . . . 411
Types of RF Threat Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Practical RF Monitoring Field Applications . . . . . . . . . . . . . . . . . . . 415
Part 7: Firewall
Chapter 39: Configuring Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . 421
Firewall > Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Stateful Packet Inspection Default Access Rules Overview . . . . . . 422
Using Bandwidth Management with Access Rules Overview . . . . . 422
Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
xii
SonicOS Enhanced 4.0 Administrator Guide
Chapter 40: Configuring Advanced Access Rule Settings . . . . . . . . . .433
Firewall > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433
Detection Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Dynamic Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Source Routed Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Access Rule Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435
IP and UDP Checksum Enforcement . . . . . . . . . . . . . . . . . . . . . . . .435
UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435
Chapter 41: Configuring TCP Settings . . . . . . . . . . . . . . . . . . . . . . . . . .437
Firewall > TCP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437
TCP Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437
TCP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .438
Working with SYN/RST/FIN Flood Protection . . . . . . . . . . . . . . . . .439
Chapter 42: Configuring Firewall Services . . . . . . . . . . . . . . . . . . . . . . .447
Firewall > Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .447
Default Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448
Custom Services Configuration Task List . . . . . . . . . . . . . . . . . . . . .448
Chapter 43: Configuring Multicast Settings . . . . . . . . . . . . . . . . . . . . . .457
Firewall > Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457
Multicast Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .458
Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .458
IGMP State Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459
Enabling Multicast on LAN-Dedicated Interfaces . . . . . . . . . . . . . . .460
Enabling Multicast Through a VPN . . . . . . . . . . . . . . . . . . . . . . . . . .461
Chapter 44: Monitoring Active Connections . . . . . . . . . . . . . . . . . . . . .463
Firewall > Connections Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463
Viewing Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .464
Filtering Connections Viewed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .464
SonicOS Enhanced 4.0 Administrator Guide
xiii
Chapter 45: Managing Quality of Service . . . . . . . . . . . . . . . . . . . . . . . 467
Firewall > QoS Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Conditioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
802.1p and DSCP QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Outbound Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . . . 482
Inbound Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Chapter 46: Configuring SSL Control . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Firewall > SSL Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Overview of SSL Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
SSL Control Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Enabling SSL Control on Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
SSL Control Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Part 8: VoIP
Chapter 47: Configuring VoIP Support . . . . . . . . . . . . . . . . . . . . . . . . . 509
VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
VoIP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
SonicWALL’s VoIP Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Configuring SonicWALL VoIP Features . . . . . . . . . . . . . . . . . . . . . 520
VoIP Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Part 9: VPN
Chapter 48: Configuring VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . 537
VPN > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
VPN Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Configuring VPNs in SonicOS Enhanced . . . . . . . . . . . . . . . . . . . . 542
Configuring GroupVPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Site-to-Site VPN Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
Creating Site-to-Site VPN Policies . . . . . . . . . . . . . . . . . . . . . . . . . 562
VPN Auto-Added Access Rule Control . . . . . . . . . . . . . . . . . . . . . . 578
Chapter 49: Configuring Advanced VPN Settings . . . . . . . . . . . . . . . . 581
VPN > Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
Advanced VPN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
xiv
SonicOS Enhanced 4.0 Administrator Guide
Chapter 50: Configuring DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . .587
VPN > DHCP over VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .587
DHCP Relay Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .587
Configuring the Central Gateway for DHCP Over VPN . . . . . . . . . .588
Configuring DHCP over VPN Remote Gateway . . . . . . . . . . . . . . . .588
Current DHCP over VPN Leases . . . . . . . . . . . . . . . . . . . . . . . . . . .591
Chapter 51: Configuring L2TP Server . . . . . . . . . . . . . . . . . . . . . . . . . . .593
VPN > L2TP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593
Configuring the L2TP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .594
Part 10: User Management
Chapter 52: Managing Users and Authentication Settings . . . . . . . . . .599
User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .599
Introduction to User Management . . . . . . . . . . . . . . . . . . . . . . . . . .599
Viewing Status on Users > Status . . . . . . . . . . . . . . . . . . . . . . . . . .613
Configuring Settings on Users > Settings . . . . . . . . . . . . . . . . . . . . .614
Configuring Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .618
Configuring Local Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .621
Configuring RADIUS Authentication . . . . . . . . . . . . . . . . . . . . . . . . .625
Configuring LDAP Integration in SonicOS Enhanced . . . . . . . . . . . .631
Configuring Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641
Configuring Multiple Administrator Support . . . . . . . . . . . . . . . . . . .670
Chapter 53: Managing Guest Services and Guest Accounts . . . . . . . .677
Users > Guest Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .677
Global Guest Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .678
Guest Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .678
Users > Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .679
Viewing Guest Account Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .680
Adding Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .680
Enabling Guest Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .682
Enabling Auto-prune for Guest Accounts . . . . . . . . . . . . . . . . . . . . .682
Printing Account Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683
Users > Guest Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683
Logging Accounts off the Appliance . . . . . . . . . . . . . . . . . . . . . . . . .684
SonicOS Enhanced 4.0 Administrator Guide
xv
Part 11: Security Services
Chapter 54: Managing SonicWALL Security Services . . . . . . . . . . . . . 687
SonicWALL Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687
Security Services Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688
Managing Security Services Online . . . . . . . . . . . . . . . . . . . . . . . . 690
Security Services Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 690
Security Services Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691
Update Signature Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691
Activating Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693
Chapter 55: Configuring SonicWALL Content Filtering Service . . . . . 695
Security Services > Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695
SonicWALL Content Filtering Service . . . . . . . . . . . . . . . . . . . . . . . 696
Content Filter Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696
Content Filter Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697
Restrict Web Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698
Trusted Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
CFS Exclusion List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
Message to Display when Blocking . . . . . . . . . . . . . . . . . . . . . . . . 700
Configuring SonicWALL Filter Properties . . . . . . . . . . . . . . . . . . . . 700
Custom List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
Consent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
Configuring N2H2 Internet Filtering . . . . . . . . . . . . . . . . . . . . . . . . 703
N2H2 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
Configuring SonicWALL Blocking Features . . . . . . . . . . . . . . . . . . 704
Configuring Websense Enterprise Content Filtering . . . . . . . . . . . . 705
Websense Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Configuring SonicWALL Blocking Features . . . . . . . . . . . . . . . . . . 706
Chapter 56: Activating SonicWALL Client Anti-Virus . . . . . . . . . . . . . 709
Security Services > Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 709
Activating SonicWALL Client Anti-Virus . . . . . . . . . . . . . . . . . . . . . 710
Activating a SonicWALL Client Anti-Virus FREE TRIAL . . . . . . . . . 712
Configuring Client Anti-Virus Service . . . . . . . . . . . . . . . . . . . . . . . 712
Security Services > E-mail Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 714
xvi
SonicOS Enhanced 4.0 Administrator Guide
Chapter 57: Managing SonicWALL Gateway Anti-Virus Service . . . . .715
Security Services > Gateway Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . .715
SonicWALL GAV Multi-Layered Approach . . . . . . . . . . . . . . . . . . . .716
HTTP File Downloads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718
SonicWALL GAV Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718
Creating a mySonicWALL.com Account . . . . . . . . . . . . . . . . . . . . . .719
Registering Your SonicWALL Security Appliance . . . . . . . . . . . . . .721
Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License .721
Activating FREE TRIALs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .723
Setting Up SonicWALL Gateway Anti-Virus Protection . . . . . . . . . .723
Enabling SonicWALL GAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724
Applying SonicWALL GAV Protection on Interfaces . . . . . . . . . . . .724
Applying SonicWALL GAV Protection on Zones . . . . . . . . . . . . . . .725
Viewing SonicWALL GAV Status Information . . . . . . . . . . . . . . . . .726
Updating SonicWALL GAV Signatures . . . . . . . . . . . . . . . . . . . . . . .727
Specifying Protocol Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .727
Enabling Inbound Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .727
Enabling Outbound SMTP Inspection . . . . . . . . . . . . . . . . . . . . . . .728
Restricting File Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .728
Configuring Gateway AV Settings . . . . . . . . . . . . . . . . . . . . . . . . . .729
Configuring HTTP Clientless Notification . . . . . . . . . . . . . . . . . . . . .730
Configuring a SonicWALL GAV Exclusion List . . . . . . . . . . . . . . . . .731
Viewing SonicWALL GAV Signatures . . . . . . . . . . . . . . . . . . . . . . .732
Chapter 58: Activating Intrusion Prevention Service . . . . . . . . . . . . . .735
Security Services > Intrusion Prevention Service . . . . . . . . . . . . . . . . .735
SonicWALL Deep Packet Inspection . . . . . . . . . . . . . . . . . . . . . . . .735
How SonicWALL’s Deep Packet Inspection Works . . . . . . . . . . . . .736
SonicWALL IPS Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .736
SonicWALL Gateway Anti-Virus, Anti-Spyware, and IPS Activation 737
Creating a mySonicWALL.com Account . . . . . . . . . . . . . . . . . . . . . .738
Registering Your SonicWALL Security Appliance . . . . . . . . . . . . . .739
Activating FREE TRIALs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .740
Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License 740 Setting Up SonicWALL Intrusion Prevention Service Protection . . .742
SonicOS Enhanced 4.0 Administrator Guide
xvii
Chapter 59: Activating Anti-Spyware Service . . . . . . . . . . . . . . . . . . . . 745
Security Services > Anti-Spyware Service . . . . . . . . . . . . . . . . . . . . . . 745
SonicWALL Gateway Anti-Virus, Anti-Spyware, and IPS Activation 746
Creating a mySonicWALL.com Account . . . . . . . . . . . . . . . . . . . . . 747
Registering Your SonicWALL Security Appliance . . . . . . . . . . . . . . 748
Activating FREE TRIALs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748
Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License 749
Setting Up SonicWALL Anti-Spyware Service Protection . . . . . . . . 750
Chapter 60: Configuring SonicWALL Real-Time Blacklist . . . . . . . . . 753
SMTP Real-Time Black List Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . 753
Security Services > RBL Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754
Adding RBL Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754
User-Defined SMTP Server Lists . . . . . . . . . . . . . . . . . . . . . . . . . . 755
Chapter 61: Configuring SonicWALL Global Security Client . . . . . . . 757
Security Services > Global Security Client . . . . . . . . . . . . . . . . . . . . . . 757
Global Security Client Features . . . . . . . . . . . . . . . . . . . . . . . . . . . 758
How SonicWALL Global Security Client Works . . . . . . . . . . . . . . . 759
Global Security Client Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . 760
Activating Global Security Client Licenses on Your SonicWALL . . 760
Configuring Security Policies for Global Security Clients . . . . . . . . 761
Part 12: Log
Chapter 62: Managing Log Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
Log > View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
Log View Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766
Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766
Clear Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
Export Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
E-mail Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
Filtering Log Records Viewed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
Log Event Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768
Chapter 63: Configuring Log Categories . . . . . . . . . . . . . . . . . . . . . . . 769
Log > Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769
Log Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 770
Log Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771
xviii
SonicOS Enhanced 4.0 Administrator Guide
Chapter 64: Configuring Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . .775
Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .775
Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .776
Syslog Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .777
Chapter 65: Configuring Log Automation . . . . . . . . . . . . . . . . . . . . . . . .779
Log > Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .779
E-mail Log Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .780
Mail Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .780
Chapter 66: Configuring Name Resolution . . . . . . . . . . . . . . . . . . . . . . .781
Log > Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .781
Selecting Name Resolution Settings . . . . . . . . . . . . . . . . . . . . . . . .781
Specifying the DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .782
Chapter 67: Generating Log Reports . . . . . . . . . . . . . . . . . . . . . . . . . . .783
Log > Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .783
Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784
View Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784
Chapter 68: Activating SonicWALL ViewPoint . . . . . . . . . . . . . . . . . . . .787
Log > ViewPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .787
Activating ViewPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .788
Enabling ViewPoint Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .789
Part 13: Wizards Chapter 69: Configuring Internet Connectivity Using the Setup Wizard 793
Wizards > Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .793
Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .793
Configuring a Static IP Address with NAT Enabled . . . . . . . . . . . . .795
Configuring DHCP Networking Mode . . . . . . . . . . . . . . . . . . . . . . . .800
Configuring NAT Enabled with PPPoE . . . . . . . . . . . . . . . . . . . . . . .805
Configuring PPTP Network Mode . . . . . . . . . . . . . . . . . . . . . . . . . . .810
Chapter 70: Using the Registration & License Wizard . . . . . . . . . . . . .815
Wizards > Registration & License Wizard . . . . . . . . . . . . . . . . . . . . . . .815
Chapter 71: Configuring a Public Server with the Wizard . . . . . . . . . . .821
Wizards > Public Server Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .821
SonicOS Enhanced 4.0 Administrator Guide
xix
Chapter 72: Configuring VPN Policies with the VPN Policy Wizard . . 827
Wizards > VPN Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827
Using the VPN Policy Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828
Connecting the Global VPN Clients . . . . . . . . . . . . . . . . . . . . . . . . 831
Configuring a Site-to-Site VPN using the VPN Wizard . . . . . . . . . . 832
Index .......................................................................................................... 837
xx
SonicOS Enhanced 4.0 Administrator Guide
PART 1

Introduction

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATORS GUIDE
21
22
SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATORS GUIDE

Preface

Copyright Notice
© 2007 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, can not be copied, in
whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format.
Specifications and descriptions subject to change without notice.
CHAPTER 1

Chapter 1: Preface

Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003,
Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
eDirectory and NetWare are registered trademarks of Novell, Inc. Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and
other countries. Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S.
Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries.
Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers.
SonicOS Enhanced 4.0 Administrator Guide
23

About this Guide

Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case commencing not more than ninety (90) days after the original shipment by SonicWALL), and continuing for a period of twelve (12) months, that the product will be free from defects in materials and workmanship under normal use. This Limited Warranty is not transferable and applies only to the original end user of the product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under this limited warranty will be shipment of a replacement product. At SonicWALL's discretion the replacement product may be of equal or greater functionality and may be of either new or like-new quality. SonicWALL's obligations under this warranty are contingent upon the return of the defective product according to the terms of SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by accident, abuse, misuse or misapplication, or has been modified without the written permission of SonicWALL.
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, LAW, USAG E, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
About this Guide
Welcome to the SonicWALL SonicOS Enhanced 4.0 Administrator’s Guide. This manual provides the information you need to successfully activate, configure, and administer SonicOS Enhanced 4.0 for the SonicWALL PRO 4060, PRO 4100, and PRO 5060 security appliances.
24
SonicOS Enhanced 4.0 Administrator Guide
Note Always check <http//:www.sonicwall.com/services/documentation.html> for the latest
version of this manual as well as other SonicWALL products and services documentation.
Organization of this Guide
The SonicWALL SonicOS Enhanced 4.0 Administrator’s Guide organization is structured into the following parts that follow the SonicWALL Web Management Interface structure. Within these parts, individual chapters correspond to SonicWALL security appliance management interface layout.
Part 1 Introduction
This part provides an overview of new SonicWALL SonicOS Enhanced features, guide conventions, support information, and an overview of the SonicWALL security appliance management interface.
Part 2 System
About this Guide
Part 3 Network
This part covers a variety SonicWALL security appliance controls for managing system status information, registering the SonicWALL security appliance, activating and managing SonicWALL Security Services licenses, configuring SonicWALL security appliance local and remote management options, managing firmware versions and preferences, and using included diagnostics tools for troubleshooting.
This part covers configuring the SonicWALL security appliance for your network environment. The Network section of the SonicWALL Management Interface includes:
Interfaces - configure logical interfaces for connectivity.
WAN Failover and Load Balancing - configure one of the user-defined interfaces to act
as a secondary WAN port for backup or load balancing.
Zones - configure security zones on your network.
DNS - set up DNS servers for name resolution.
Address Objects - configure host, network, and address range objects.
Routing - view the Route Table, ARP Cache and configure static and dynamic routing by
interface.
NAT Policies - create NAT policies including One-to-One NAT, Many-to-One NAT, Many-
to-Many NAT, or One-to-Many NAT.
ARP - view the ARP settings and clear the ARP cache as well as configure ARP cache time.
DHCP Server - configure the SonicWALL as a DHCP Server on your network to
dynamically assign IP addresses to computers on your LAN or DMZ zones.
IP Helper - configure the SonicWALL to forward DHCP requests originating from the
interfaces on the SonicWALL to a centralized server on behalf of the requesting client.
Web Proxy - configure the SonicWALL to automatically forward all Web proxy requests to
a network proxy server.
SonicOS Enhanced 4.0 Administrator Guide
25
About this Guide
Dynamic DNS - configure the SonicWALL to dynamically register its WAN IP address with
a DDNS service provider.
Part 4 SonicPoint
The part covers the configuration of the SonicWALL security appliance for provisioning and managing SonicWALL SonicPoints as part of a SonicWALL Distributed Wireless Solution.
Part 5 Firewall
This part covers tools for managing how the SonicWALL security appliance handles traffic through the firewall.
Part 6 VoIP
This part provides instructions for configuring the SonicWALL security appliance to support H.323 or SIP Voice over IP (VoIP) connections.
Part 7 Application Firewall
Application firewall is a set of application-specific policies that gives you granular control over network traffic on the level of users, email users, schedules, and IP-subnets. The primary functionality of this application-layer access control feature is to regulate Web browsing, file transfer, email, and email attachments.
Part 8 VPN
This part covers how to create VPN policies on the SonicWALL security appliance to support SonicWALL Global VPN Clients as well as creating site-to-site VPN policies for connecting offices running SonicWALL security appliances.
Part 9 Users
This part covers how to configure the SonicWALL security appliance for user level authentication as well as manage guest services for managed SonicPoints.
Part 10 Hardware Failover
This part explains how to configure the SonicWALL security appliance for failover to another SonicWALL security appliance in the event of hardware failure.
Part 11 Security Services
26
This part includes an overview of available SonicWALL Security Services as well as instructions for activating the service, including FREE trials. These subscription-based services include SonicWALL Gateway Anti-Virus, SonicWALL Intrusion Prevention Service, SonicWALL Content Filtering Service, SonicWALL Client Anti-Virus, and well as other services.
SonicOS Enhanced 4.0 Administrator Guide
Part 12 Log
Part 13 Wizards
About this Guide
This part covers managing the SonicWALL security appliance’s enhanced logging, alerting, and reporting features. The SonicWALL security appliance’s logging features provide a comprehensive set of log categories for monitoring security and network activities.
This part walks you through using the SonicWALL Configuration Wizards for configuring the SonicWALL security appliance for LAN to WAN (Internet) connectivity, settings up public servers for Internet connectivity behind the firewall, and setting GroupVPN and site-to-site VPN policies for establishing VPN connections for remote SonicWALL Global VPN Client users or remote offices with a SonicWALL security appliance for LAN to LAN connections.
The SonicWALL Configuration Wizards in SonicOS Enhanced 4.0 include:
The Setup Wizard takes you step by step through network configuration for Internet
connectivity. There are four types of network connectivity available: Static IP, DHCP, PPPoE, and PPTP.
The Registration & License Wizard simplifies the process of registering your SonicWALL
security appliance and obtaining licenses for additional security services.
The Public Server Wizard takes you step by step through adding a server to your network,
such as a mail server or a web server. The wizard automates much of the configuration you need to establish security and access for the server.
The VPN Policy Wizard steps you through the configuration of Group VPNs and site-to-
site VPNs.
Guide Conventions
The following conventions used in this guide are as follows:
Convention
Bold Highlights items you can select on the SonicWALL
Italic Highlights a value to enter into a field. For example, “type
Menu Item > Menu Item Indicates a multiple step Management Interface menu
Icons Used in this Manual
These special messages refer to noteworthy information, and include a symbol for quick identification:
Caution Important information that cautions about features affecting firewall performance, security
features, or causing potential problems with your SonicWALL.
Use
security appliance management interface.
192.168.168.168 in the IP Address field.”
choice. For example, Security Services > Content Filter means select Security Services, then select Content Filter.
SonicOS Enhanced 4.0 Administrator Guide
27
About this Guide
Tip Useful information about security features and configurations on your SonicWALL.
Note Important information on a feature that requires callout for special attention.
SonicWALL Technical Support
For timely resolution of technical support questions, visit SonicWALL on the Internet at
http://www.sonicwall.com/us/Support.html. Web-based resources are available to help you
resolve most technical issues or contact SonicWALL Technical Support. To contact SonicWALL telephone support, see the telephone numbers listed below:
North America Telephone Support
U.S./Canada - 888.777.1476 or +1 408.752.7819
International Telephone Support
Australia - + 1800.35.1642 Austria - + 43(0)820.400.105 EMEA - +31(0)411.617.810 France - + 33(0)1.4933.7414 Germany - + 49(0)1805.0800.22 Hong Kong - + 1.800.93.0997 India - + 8026556828 Italy - +39.02.7541.9803 Japan - + 81(0)3.5460.5356 New Zealand - + 0800.446489 Singapore - + 800.110.1441 Spain - + 34(0)9137.53035 Switzerland - +41.1.308.3.977 UK - +44(0)1344.668.484
More Information on SonicWALL Products
Contact SonicWALL, Inc. for information about SonicWALL products and services at:
28
Web:http://www.sonicwall.com E-mail:sales@sonicwall.com Phone:(408) 745-9600 Fax:(408) 745-9300
SonicOS Enhanced 4.0 Administrator Guide
About this Guide
Current Documentation
Check the SonicWALL documentation Web site for that latest versions of this manual and all other SonicWALL product documentation.
http://www.sonicwall.com/us/Support.html
SonicOS Enhanced 4.0 Administrator Guide
29
About this Guide
30
SonicOS Enhanced 4.0 Administrator Guide
Loading...
+ 813 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use