How it Works
SonicWALL
Loading...
ViewPoint 2.0
User guide
144 pgs7.4 Mb0
Table of contents
Loading...

SonicWALL ViewPoint 2.0 User guide

COMPREHENSIVE INTERNET SECURITY
SonicWALL ViewPoint 2.0 User's Guide
TM
Copyright Information
© 2003 SonicWALL, Inc. All rights reserved.
Under the copyright laws, this manual or the software described within, may not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. Under the law, copying includes translating into another language or format.
SonicWALL is a registered trademark of SonicWALL, Inc.
Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
Specifications and descriptions subject to change without notice.
Part Number: 232-000369-00 Rev A
Software License Agreement for SonicWALL ViewPoint
This Software License Agreement (SLA) is a legal agreement between you and SonicWALL, Inc. (SonicWALL) for the SonicWALL software product identified above, which includes computer software and any and all associated media, printed materials, and online or electronic documentation (SOFT­WARE PRODUCT). By opening the sealed package(s), installing, or otherwise using the SOFTWARE PRODUCT, you agree to be bound by the terms of this SLA. If you do not agree to the terms of this SLA, do not open the sealed package(s), install or use the SOFTWARE PRODUCT. You may however return the unopened SOFTWARE PRODUCT to your place of purchase for a full refund.
The SOFTWARE PRODUCT is licensed, not sold.
You acknowledge and agree that all right, title, and interest in and to the SOFTWARE PRODUCT, including all associated intellectual property rights, are and shall remain with SonicWALL. This SLA does not convey to you an interest in or to the SOFTWARE PRODUCT, but only a limited right of use revocable in accordance with the terms of this SLA.
oThe SOFTWARE PRODUCT is licensed as a single product.
oYou may also store or install a copy of the SOFTWARE PRODUCT on a storage device, such as a net­work server, used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network.
oYou may not resell, or otherwise transfer for value, rent, lease, or lend the SOFTWARE PRODUCT.
oThe SOFTWARE PRODUCT is trade secret or confidential information of SonicWALL or its licensors. You shall take appropriate action to protect the confidentiality of the SOFTWARE PRODUCT. You shall not reverse-engineer, de-compile, or disassemble the SOFTWARE PRODUCT, in whole or in part. The provisions of this section will survive the termination of this SLA.
oYou agree and certify that neither the SOFTWARE PRODUCT nor any other technical data received from SonicWALL, nor the direct product thereof, will be exported outside the United States except as permitted by the laws and regulations of the United States, which may require U.S. Government export approval/licensing. Failure to strictly comply with this provision shall automatically invalidate this License.
LICENSE
SonicWALL grants you a non-exclusive license to use the SOFTWARE PRODUCT for a number of SonicWALL Internet Security Appliances. This number is specified and shipped with the SOFTWARE PRODUCT. Support for additional SonicWALL Internet Security Appliances is subject to a separate upgrade license.
OEM - If the SOFTWARE PRODUCT is modified and enhanced for a SonicWALL OEM partner, you must adhere to the software license agreement of the SonicWALL OEM partner.
UPGRADES
If the SOFTWARE PRODUCT is labeled as an upgrade, you must be properly licensed to use a product identified by SonicWALL as being eligible for the upgrade in order to use the SOFTWARE PRODUCT. A SOFTWARE PRODUCT labeled as an upgrade replaces and/or supplements the product that formed the basis for your eligibility for the upgrade. You may use the resulting upgraded product only in accor­dance with the terms of this SLA. If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product, the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be separated for use on more than one computer.
DISTRIBUTION RIGHTS
To i-net SPRINTA(tm) 2000 DRIVER - SonicWALL has been given a non-exclusive, worldwide license by i-net software GmbH to distribute directly and indirectly (through SonicWALL's distribution chan­nels) the i-net SPRINTA(tm) 2000 driver to SonicWALL's end user customers to use the driver with Son­icWALL ViewPoint. SonicWALL's end user customers may make a copy of the driver for backup or archival purposes only. SonicWALL's end user customers are not allowed to make other copies, transfer, re-distribute, use, translate, or reverse assemble/compile the driver with any other non-SonicWALL appli­cations. i-net software GmbH holds copyright and title to the i-net SPRINTA(tm) 2000 Driver.
To Microsoft's SQL Server Developer's Edition (MSDE) - This software incorporates Microsoft's SQL Server Developer's Edition (MSDE) and your use is subject to the terms and conditions of Microsoft's MSDE End-User License Agreement (a copy of which is available on Microsoft's website: <http:// www.microsoft.com/sql/howtobuy/deveula.asp>).
To Quest Software's (formerly Sitraka) JClass ServerChart - This software incorporates Quest Software's (formerly Sitraka) JClass ServerChart and your use is subject to the terms and conditions of Quest's Jclass License Agreement (a copy of which is available on Quest's website: <http://java.quest.com/jclass/licens­ing.shtml>).
SUPPORT SERVICES
SonicWALL may provide you with support services related to the SOFTWARE PRODUCT (“Support Services”). Use of Support Services is governed by the SonicWALL policies and programs described in the user manual, in “online” documentation, and/or in other SonicWALL-provided materials. Any supple­mental software code provided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to terms and conditions of this SLA. With respect to technical information you provide to SonicWALL as part of the Support Services, SonicWALL may use such infor­mation for its business purposes, including for product support and development. SonicWALL shall not utilize such technical information in a form that identifies its source.
OWNERSHIP
As between the parties, SonicWALL retains all title to, ownership of, and all proprietary rights with respect to the SOFTWARE PRODUCT (including but not limited to any images, photographs, anima­tions, video, audio, music, text, and 'applets” incorporated into the SOFTWARE PRODUCT), the accom­panying printed materials, and any copies of the SOFTWARE PRODUCT. The SOFTWARE PRODUCT is protected by copyrights laws and international treaty provisions. The SOFTWARE PRODUCT is licensed, not sold. This SLA does not convey to you an interest in or to the SOFTWARE PRODUCT, but only a limited right of use revocable in accordance with the terms of this SLA.
U.S. GOVERNMENT RESTRICTED RIGHTS
If you are acquiring the Software including accompanying documentation on behalf of the U.S. Govern­ment, the following provisions apply. If the Software is supplied to the Department of Defense (“DoD”), the Software is subject to “Restricted Rights”, as that term is defined in the DOD Supplement to the Fed­eral Acquisition Regulations (“DFAR”) in paragraph 252.227 7013(c) (1). If the Software is supplied to any unit or agency of the United States Government other than DOD, the Government's rights in the Soft­ware will be as defined in paragraph 52.227 19(c) (2) of the Federal Acquisition Regulations (“FAR”). Use, duplication, reproduction or disclosure by the Government is subject to such restrictions or succes­sor provisions. Contractor/Manufacturer is: SonicWALL, Inc. 1160 Bordeaux Drive, Sunnyvale, California 94089.
MISCELLANEOUS
This SLA represents the entire agreement concerning the subject matter hereof between the parties and supersedes all prior agreements and representations between them. It may be amended only in writing executed by both parties. This SLA shall be governed by and construed under the laws of the State of California as if entirely performed within the State and without regard for conflicts of laws. Should any term of this SLA be declared void or unenforceable by any court of competent jurisdiction, such declara­tion shall have no effect on the remaining terms hereof. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.
TERMINATION
This SLA is effective upon your opening of the sealed package(s), installing or otherwise using the SOFTWARE PRODUCT, and shall continue until terminated. Without prejudice to any other rights, SonicWALL may terminate this SLA if you fail to comply with the terms and conditions of this SLA. In such event, you agree to return or destroy the SOFTWARE PRODUCT (including all related documents and components items as defined above) and any and all copies of same.
LIMITED WARRANTY
SonicWALL warrants that a) the software product will perform substantially in accordance with the accompanying written materials for a period of ninety (90) days from the date of purchase, and b) any support services provided by SonicWALL shall be substantially as described in applicable written materi­als provided to you by SonicWALL. Any implied warranties on the software product are limited to ninety (90) days. Some states and jurisdictions do not allow limitations on duration of an implied warranty, so the above limitation may not apply to you.
CUSTOMER REMEDIES
SonicWALL's and its suppliers' entire liability and your exclusive remedy shall be, at SonicWALL's option, either a) return of the price paid, or b) repair or replacement of the SOFTWARE PRODUCT that does not meet SonicWALL's Limited Warranty and which is returned to SonicWALL with a copy of your receipt. This Limited Warranty is void if failure of the SOFTWARE PRODUCT has resulted from acci­dent, abuse, or misapplication. Any replacement SOFTWARE PRODUCT shall be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. Outside of the United States, neither these remedies nor any product Support Services offered by SonicWALL are available without proof of purchase from an authorized SonicWALL international reseller or distributor.
NO OTHER WARRANTIES
To the maximum extent permitted by applicable law, SonicWALL and its suppliers/licensors disclaim all other warranties and conditions, either express or implied, including, but not limited to, implied warran­ties of merchantability, fitness for a particular purpose, title, and non-infringement, with regard to the SOFTWARE PRODUCT, and the provision of or failure to provide support services. This limited war­ranty gives you specific legal rights. You may have others, which vary from state/jurisdiction to state/ jurisdiction.
LIMITATION OF LIABILITY
Except for the warranties provided hereunder, to the maximum extent permitted by applicable law, in no event shall SonicWALL or its suppliers/licensors be liable for any special, incidental, indirect, or conse­quential damages for lost business profits, business interruption, loss of business information,) arising out of the use of or inability to use the SOFTWARE PRODUCT or the provision of or failure to provide sup­port services, even if SonicWALL has been advised of the possibility of such damages. In any case,
SonicWALL's entire liability under any provision of this SLA shall be limited to the amount actually paid by you for the SOFTWARE PRODUCT; provided, however, if you have entered into a SonicWALL sup­port services agreement, SonicWALL's entire liability regarding support services shall be governed by the terms of that agreement. Because some states and jurisdiction do not allow the exclusion or limitation of liability, the above limitation may not apply to you.
Manufacturer is SonicWALL, Inc. with headquarters located at 1143 Borregas Avenue, Sunnyvale, CA 94089, USA.
CONTENTS
Chapter 1 Introducing SonicWALL ViewPoint 11
Chapter 2 Installing SonicWALL ViewPoint 13
Installation Overview 14 Installation 14 Logging in and out of SonicWALL ViewPoint 18 Registering SonicWALL ViewPoint 19
Creating a mysonicwall.com Account 19 Registering the SonicWALL Appliance 19 Activating the ViewPoint Software 20 Enabling the ViewPoint License 21
Chapter 3 Configuring ViewPoint 23
Configuring a SonicWALL Appliance for ViewPoint 23 Configuring Access to a SonicWALL Appliance 25 Adding a SonicWALL Appliance to SonicWALL ViewPoint 29 Viewing and Updating SonicWALL Information 31 Deleting a SonicWALL Appliance from SonicWALL ViewPoint 32 Modifying Settings for a SonicWALL Appliance 33 Changing ViewPoint Login Password 34 Configuring ViewPoint Settings 35 Managing ViewPoint Logs 36 Managing ViewPoint Sessions 37 Summarizer Settings 38
General Report Settings 39 Configuring Log Viewer Settings 40 Adding a Service 41
Chapter 4 Viewing Reports 43
Viewing Bandwidth Reports 43
Viewing the Bandwidth Summary Report 44 Monitoring Bandwidth Usage in Real Time 46 Viewing the Top Users of Bandwidth 48
7
Viewing Bandwidth Usage Over Time 49 Viewing the Top Users of Bandwidth Over Time 51
Viewing Service Usage Reports 53
Monitoring Service Usage in Real Time 54 Viewing the Services Summary Report 55
Viewing Web Usage Reports 56
Viewing the Web Usage Summary Report 57 Viewing the Top Sites 58 Viewing the Top Users of HTTP Bandwidth 60 Viewing HTTP Bandwidth Usage by User 62 Viewing Bandwidth Usage Over Time 63 Viewing Top Sites Over Time 65 Viewing Top Users Over Time 67 Viewing Bandwidth Usage By User Over Time 69
Viewing Web Filter Reports 71
Viewing the Web Filter Summary Report 72 Viewing the Web Filter Top Sites Report 73 Viewing the Top Users that Try to Access Blocked Sites 75 Viewing the Top Blocked Sites for Each User 77 Viewing Blocked Site Attempts Over Time 79 Viewing the Top Blocked Site Attempts Over Time 81 Viewing the Top Blocked Site Users Over Time 83 Viewing the Top Blocked Sites for Each User Over Time 85
Viewing File Transfer Protocol Reports 87
Viewing the FTP Summary Report 88 Viewing the Top Users of FTP Bandwidth 89 Viewing FTP Bandwidth Usage Over Time 91 Viewing the Top Users of FTP Bandwidth Over Time 93 Viewing Mail Usage Reports 95 Viewing the Mail Usage Summary Report 96 Viewing the Top Users of Mail Bandwidth 97 Viewing Mail Usage Over Time 99 Viewing the Top Users of Mail Bandwidth Over Time 101
Viewing VPN Usage Reports 103
Viewing the VPN Usage Summary Report 104 Viewing the Top VPN Users 105 Viewing VPN Usage Over Time 107 Viewing the Top VPN Users Over Time 109
Viewing Attack Reports 111
Viewing the Attack Summary Report 112
8 SonicWALL ViewPoint User Guide
Viewing the Attacks by Category 113 Viewing the Attacks by Source 115 Viewing the Errors and Exceptions Report 117 Viewing Attack Reports Over Time 119 Viewing Errors Over Time 121 Categories Over Time 123 Sources Over Time 125
Viewing Authentication Reports 127
Viewing the User Login Report 127 Viewing the Administrator Login Report 129
Viewing the Failed Login Report 130 Viewing the Log 132 Tec hn ic al Tip s 135
Modifying the Serial Number of an Appliance 135
ViewPoint Database Port Number 136
Changing the ViewPoint Web Server Port Number 136
Changing the ViewPoint Server IP Address 137
Changing the Default Syslog Server Port Number 137
The SonicWALL ViewPoint Log Files 137
Encrypting the sgmsConfig.xml File 138
Encrypted Data in the sgmsConfig.xml File 138
Resetting the Admin Password 138
Copying into the SonicWALL ViewPoint User Interface 138
Securing Access to the ViewPoint Web Server 139 Troubleshooting 141
Installation Failure 141
9
10 SonicWALL ViewPoint User Guide

Introducing SonicWALL ViewPoint

Monitoring critical network events and activity, such as security threats, inappropriate Web use, and bandwidth levels, is an essential component of network security. SonicWALL ViewPoint comple­ments SonicWALL’s Internet security offerings by providing detailed and comprehensive reports of network and firewall activities.
SonicWALL ViewPoint is a browser-based software application that creates dynamic web-based network reports. With SonicWALL ViewPoint, you can monitor network access, enhance security, and anticipate future bandwidth needs.
SonicWALL ViewPoint generates both real-time and historical reports to offer a complete view of all activity through one or more SonicWALL Internet Security appliances. It generates the reports based on the stream of syslog data received from each SonicWALL appliance and summarizes this data, allowing you to view the reports for current date, a previous day, or for a range of days.
SonicWALL ViewPoint:
Displays bandwidth use by IP address and service.
Identifies inappropriate Internet use.
Provides detailed reports of attacks.
Collects and aggregates system and network errors.
Shows Virtual Private Network (VPN) events and problems.
Presents visitor traffic to your website.
Provides detailed daily firewall logs to analyze specific events.
CHAPTER 1
SonicWALL ViewPoint offers the following features:
Web-based browser reporting application—SonicWALL ViewPoint can be accessed from a local or remote system using a web browser.
On-demand reporting—SonicWALL ViewPoint provides immediate reporting function for users requiring quick results.
Comprehensive set of graphical reports—SonicWALL ViewPoint offers a comprehensive set of graphical reports including firewall attacks, bandwidth usage, Web site visits, user activity, and others. These reports can be generated for a single firewall or as aggregate reports for multi­ple firewalls.
Introducing SonicWALL ViewPoint 11
Single firewall real-time and historical reports—SonicWALL ViewPoint offers numerous reports for one SonicWALL appliance.
Aggregate real-time and historical reports—SonicWALL ViewPoint offers aggregate reports for multiple SonicWALL appliances.
Summarized Data—SonicWALL ViewPoint summarizes its data, allowing the user to view reports for the current date, a previous day, or a range of days.
Support for multiple firewalls—SonicWALL ViewPoint can generate reports for one or more Son- icWALL appliances.
Log Viewer—Enables you to search the database for a specific firewall activity or event. It can also be used to search the database for activity types, narrowing the set of matches by specifying a destina­tion or source IP address over a specified range of dates.
Top Usage Reports—SonicWALL ViewPoint includes a large range of reports that display the top sites, top users, and top sites per user including 5, 10, 20, 50, and 100.
Concurrent login sessions—Multiple users can log into SonicWALL ViewPoint concurrently.
Syslog reporting—SonicWALL ViewPoint generates reports based on the stream of syslog data
received from each SonicWALL appliance.
Embedded MSDE database—SonicWALL ViewPoint installs MSDE database to store raw and summarized syslog data from each SonicWALL appliance.
Platform support—SonicWALL ViewPoint supports Windows 2000 Professional, Windows 2000 Server and Windows XP Professional. SonicWALL ViewPoint software must be installed on a Win­dows server that can be located on the same network of the SonicWALL appliance's LAN interface or on the WAN side.
Supports SonicWALL Internet Security Appliances—SonicWALL ViewPoint supports 2nd and 3rd generation SonicWALL appliances, including the new SonicWALL Wireless product.
SonicWALL firmware—SonicWALL ViewPoint supports SonicWALL appliances running firm- ware 6.3.1.4 and above and SonicWALL Wireless product running SonicOS 1.0 and above.
12 SonicWALL ViewPoint User Guide

Installing SonicWALL ViewPoint

This chapter describes how to install SonicWALL ViewPoint.
To install SonicWALL ViewPoint, complete the following procedures:
Review the installation requirements. See “Installation Overview” on page 14.
Install SonicWALL ViewPoint, see “Installation” on page 14.
Register SonicWALL ViewPoint, see “Installation” on page 14.
CHAPTER 2
Installing SonicWALL ViewPoint 13

Installation Overview

In order to install and run SonicWALL ViewPoint, you must be logged in as the administrator and the SonicWALL ViewPoint server must meet the following requirements:
Windows 2000 or Windows XP Professional.
If accessed from the WAN interface, the SonicWALL appliance must have a static IP address. Other-
wise, it may have either a static or dynamic IP address.
Local and remote browser access: Microsoft Internet Explorer 5.5 or later.
Support for Java Plug-in JRE 1.3.1
Pentium III or IV with a 1.4 GHz or faster processor.
Minimum 512 MB RAM.
At least 20 GB of free disk space.
Hostname that is 20 characters or less.
The SonicWALL ViewPoint system must be connected to the network.
SonicWALL ViewPoint cannot be installed in a folder that has an embedded blank space. For exam-
ple, “Program Files.”

Installation

When you are ready to install SonicWALL ViewPoint, follow these steps:
1. Log on to the computer as administrator.
2. Locate the SonicWALL ViewPoint install file on the network. Double-click the VPS.exe. The Intro­duction screen appears.
14 SonicWALL ViewPoint User Guide
3. Click Next. The License Agreement screen appears.
4. Select from the following:
To accept the terms of the license agreement, select I accept the terms of the License Agree- ment and click Next. The Choose Install Folder screen appears.
To not accept the terms, select I do NOT accept the terms of the License Agreement and click Next. The SonicWALL ViewPoint installation program closes and the product does not install.
5. To accept the default location, click Next. To select a different location, click Choose and select a folder. Click Next.
Installing SonicWALL ViewPoint 15
The Settings screen appears.
Do the following:
Enter the IP address or host name of the Simple Mail Transfer Protocol (SMTP) server in the SMTP Server Address field.
Enter the number of the web server port in the Web Server Port field (default: 80).
Enter the e-mail addresses of administrators who will receive e-mail notifications from Son-
icWALL ViewPoint.
Enter and confirm the database password in the Database Password and Confirm Password fields.
To validate the entries on this page, select the Validate fields on this screen check box.
Click Install. The installation program begins copying SonicWALL ViewPoint files and installing the MSDE database.
16 SonicWALL ViewPoint User Guide
6. Click Next. Phase 2 of the installation begins.
7. Click OK.
Note: The database name “sa” cannot be changed.
The installation program begins installing the database components. When it is finished, the Install Complete screen appears.
8. Click Done. Installation is complete.
9. Restart the server.
10.Ensure the following SonicWALL ViewPoint services are running on your system:
SNWL ViewPoint Summarizer
SNWL ViewPoint Syslogd
SNWL ViewPoint WebServer
MSSQL$SNWL (MSDE database)
Installing SonicWALL ViewPoint 17

Logging in and out of SonicWALL ViewPoint

To start and log into SonicWALL ViewPoint, follow these steps:
1. Do one of the following:
If you are logging in locally, double-click the SonicWALL ViewPoint icon on your desktop.
If you are logging in from a remote location, open a web browser and enter http://
viewpoint_ipaddress/sgms/login or http://viewpoint_ipaddress.
where viewpoint_ipaddress is the IP address or hostname of the server.
The SonicWALL ViewPoint login page appears.
2. Enter the SonicWALL ViewPoint user ID (default: admin) and password (default: password).
Note: After the password is entered, an authenticated management session is established that times out after 5 minutes of inactivity. For the security purposes, it is highly recommended to change the default password for the user admin. The maximum size of the SonicWALL ViewPoint User ID is 24 alphanumeric characters. If the password is more than 32 characters long, it is automatically be truncated. Do not use special characters (e.g., # + , % &). Embedded spaces in the password are also not allowed.
3. Click Submit. SonicWALL ViewPoint opens.
4. If you are prompted to install the Java Plug-in 1.3 application from Sun, click Ye s and follow the on­screen instructions to install the Java Plug-in application.
5. To logout, click Logout in the SonicWALL ViewPoint user interface (UI).
18 SonicWALL ViewPoint User Guide

Registering SonicWALL ViewPoint

To register SonicWALL ViewPoint, follow these steps:
Create a mysonicwall.com account—see “Creating a mysonicwall.com Account” on page 19.
Register the SonicWALL appliance—see “Registering the SonicWALL Appliance” on page 19.
Activate the ViewPoint Software—see “Activating the ViewPoint Software” on page 20.
Enable the ViewPoint license on the SonicWALL appliance—see “Enabling the ViewPoint License”
on page 21.

Creating a mysonicwall.com Account

If you do not already have a mysonicwall.com account, open a web browser and navigate to the following website:
http://www.mysonicwall.com
Then, follow the on-screen prompts to create a user account.

Registering the SonicWALL Appliance

To register the SonicWALL appliance, follow these steps:
1. Log on to your mysonicwall.com account.
Installing SonicWALL ViewPoint 19
2. Click My Products. The SonicWALL Product Registration page appears.
3. Enter your SonicWALL serial number in the Serial Number field.
4. If you are registering a SonicWALL SOHO TZW, enter the authentication code in the Authentica- tion Code field.
5. Enter a descriptive name for the SonicWALL appliance in the Friendly Name field.
6. Click Register. The mysonicwall.com website registers the SonicWALL appliance.

Activating the ViewPoint Software

To activate the SonicWALL ViewPoint software, follow these steps:
1. Log on to your mysonicwall.com account.
20 SonicWALL ViewPoint User Guide
2. Click the label of the newly registered SonicWALL appliance. The Service Management page appears.
3. Locate the ViewPoint service and click its Activate button. The Activate Service dialog box appears.
4. Enter the ViewPoint Activation Key in the Activation Key field. The ViewPoint Activation Key is printed on the ViewPoint Software License Certificate shipped with the SonicWALL ViewPoint package.
5. Click Submit. After the Activation Key is registered, a ViewPoint License Key appears.
Note: SonicWALL ViewPoint shows up as an active licensed product under the SonicWALL appliance in your Mysonicwall.com account; it does not appear alongside the list of your SonicWALL appliances in the account.

Enabling the ViewPoint License

To enable the SonicWALL ViewPoint license, follow these steps:
1. Log into the SonicWALL appliance.
2. Expand the Log tree and click ViewPoint. The ViewPoint page appears.
3. Enter the ViewPoint License Key provided by mysonicwall.com in the Enter upgrade key field.
4. Click Upgrade.
5. Restart the SonicWALL for the change to take effect.
Installing SonicWALL ViewPoint 21
If the SonicWALL appliance is running SonicOS, follow these steps:
1. Log on to the SonicWALL appliance.
2. Click Log, and then ViewPoint.
3. Enter the ViewPoint License Key collected from MySonicwall.com into the Enter upgrade key field.
4. Click Apply.
5. Restart the SonicWALL for the change to take effect.
22 SonicWALL ViewPoint User Guide

Configuring ViewPoint

This chapter describes configure SonicWALL ViewPoint. Select from the following:
To configure a SonicWALL appliance for SonicWALL ViewPoint, see “Configuring a Son­icWALL Appliance for ViewPoint” on page 23.
To configure access settings, see “Configuring Access to a SonicWALL Appliance” on page 25.
To add a SonicWALL appliance to SonicWALL ViewPoint, see “Adding a SonicWALL Appli-
ance to SonicWALL ViewPoint” on page 29.
To delete a SonicWALL appliance from SonicWALL ViewPoint, see “Deleting a SonicWALL Appliance from SonicWALL ViewPoint” on page 32.
To modify a SonicWALL appliance’s settings, see “Modifying Settings for a SonicWALL Appli­ance” on page 33.
To change the SonicWALL ViewPoint password, see “Changing ViewPoint Login Password” on page 34.
To configure ViewPoint settings, see “Configuring ViewPoint Settings” on page 35.
To manage ViewPoint sessions, see “Managing ViewPoint Sessions” on page 37.
To configure reporting settings, see “Summarizer Settings” on page 38.
CHAPTER 3

Configuring a SonicWALL Appliance for ViewPoint

The following instructions describe how to configure a SonicWALL appliance to send data to Son­icWALL ViewPoint.
1. Log into the SonicWALL appliance.
Configuring ViewPoint 23
2. Expand the Log tree and click Log Settings. The Log Settings page appears.
3. Enter the IP address or hostname and port (default: 514) of the SonicWALL ViewPoint server in the Add Syslog Server fields.
Note: For firmware 6.3.1.4, the fields are Syslog Server 1 and Syslog Server Port 1.
4. Enter 0 in the Syslog Individual Event Rate field.
The Syslog Individual Event Rate field reduces the number of repetitive events that are logged by SonicWALL ViewPoint. Although this prevents a log file from being full of repetitive events, setting the Syslog Individual Event Rate field to anything other than 0 results in inaccurate ViewPoint reports.
5. Select Default from the Syslog Format list box.
6. To ensure accurate and complete reporting, make sure that every event category in the Categories area is selected except for Network Debug.
7. When you are finished, click Update.
Note: SonicWALL ViewPoint expects the syslog data in UTC format. Make sure the Display UTC in logs check box on the General/Time screen for the SonicWALL appliance is selected.
If the SonicWALL appliance is running SonicOS, follow these steps:
1. Log into the SonicWALL appliance.
24 SonicWALL ViewPoint User Guide
2. Click Log and then click Automation. The Automation page appears.
3. Enter 0 in the Syslog Individual Event Rate field.
The Syslog Individual Event Rate field reduces the number of repetitive events that are logged by SonicWALL ViewPoint. Although this prevents a log file from being full of repetitive events, setting the Syslog Individual Event Rate field to anything other than 0 results in inaccurate ViewPoint reports.
4. Select Default from the Syslog Format list box.
5. Click Add in the Server Name section and enter the IP address or hostname and port (default: 514) of the SonicWALL ViewPoint server in the Add Syslog Server fields. Then, click Apply.
6. To ensure accurate and complete reporting, click Categories and make sure that every event category in the Log Categories area is selected except for Network Debug.
7. When you are finished, click Apply.
Note: SonicWALL ViewPoint expects the syslog data to come in UTC format from a SonicWALL appliance. Therefore, it is important that the Display UTC in logs check box on the General/Time screen in the SonicWALL appliance is selected.

Configuring Access to a SonicWALL Appliance

For reporting, your SonicWALL appliance must be added to the SonicWALL ViewPoint UI. To function properly, SonicWALL ViewPoint must be able to access, log into, and authenticate the ViewPoint license
Configuring ViewPoint 25
on the SonicWALL appliance. To accomplish this, SonicWALL ViewPoint can access the SonicWALL appliance from the LAN, WLAN, WAN, or over a VPN tunnel using HTTPS or HTTP.
LAN interface—If the SonicWALL ViewPoint server is located on the same network as the Son- icWALL appliance's LAN interface, SonicWALL ViewPoint can log into the SonicWALL appliance using HTTP or HTTPS. By default, both HTTP and HTTPS are enabled in your SonicWALL appli­ance. In this configuration, syslog traffic is sent to SonicWALL ViewPoint unencrypted and in the clear.
VPN tunnel—If the SonicWALL ViewPoint server is located behind a VPN/firewall device, and if there is a VPN tunnel between your SonicWALL appliance and the firewall, SonicWALL ViewPoint can access your SonicWALL appliance using HTTPS or HTTP over the VPN tunnel. In this configu­ration, syslog traffic is sent to SonicWALL ViewPoint encrypted.
WAN interface—If the SonicWALL ViewPoint server is located on the WAN side of your Son- icWALL appliance, the SonicWALL appliance can be configured to allow SonicWALL ViewPoint to access it using HTTPS. In this configuration, syslog traffic is sent to the SonicWALL ViewPoint server in the clear.
Note: If you use the WAN interface HTTPS option, the WAN IP address must be static. If the WAN IP address is dynamic, use the VPN tunnel option instead.
To enable WAN access using HTTPS, follow these steps:
1. Log into the SonicWALL appliance.
2. Expand the Access tree, and click Management. The Management page appears.
26 SonicWALL ViewPoint User Guide
3. From the Management Method section, select from the LAN interface and remotely from the WAN interface from the Managed menu.
4. Click Update.
5. Click the Add Service tab. The Add Service page appears.
6. Select HTTPS Management from the Add a Known service list and click Add.
Configuring ViewPoint 27
7. Click the Rules tab. The Rules page appears.
28 SonicWALL ViewPoint User Guide
8. Click Add New Rule. The Add Network Access Rule dialog box appears.
9. Create a rule that allows SonicWALL ViewPoint to access your SonicWALL appliance using HTTPS (HTTPS Management service) from the WAN and click Update. The rule is added.
Note: The common name for the HTTPS Certificate must match the IP address or host name of the WAN i n t e r f a c e .
Note: If your SonicWALL ViewPoint server is behind a firewall, you need to ensure the syslog traffic can reach the SonicWALL ViewPoint server. To do this, add the IP address of the firewall as the sys­log server in your SonicWALL appliance, and create a rule in the firewall to allow syslog traffic from your SonicWALL appliance to the SonicWALL ViewPoint server.

Adding a SonicWALL Appliance to SonicWALL ViewPoint

This section describes how to add a SonicWALL appliance to SonicWALL ViewPoint. To add a Son­icWALL appliance, follow these steps:
Configuring ViewPoint 29
1. Start and log into SonicWALL ViewPoint. The Status page appears.
2. Right-click MyReportsView in the left pane of the SonicWALL ViewPoint UI and select Add Unit
from the pop-up menu. The Add Unit dialog box appears.
3. Enter a descriptive name for your SonicWALL appliance in the SonicWALL Name field.
Note: Do not enter the single quote character (') in the SonicWALL Name field.
4. Enter the username used to access your SonicWALL appliance in the SonicWALL Login Name field (default: admin).
5. Enter the password used to access the SonicWALL appliance in the SonicWALL Password field.
6. Enter the IP address that is used to access the SonicWALL appliance in the SonicWALL IP Address field.
30 SonicWALL ViewPoint User Guide
Loading...
+ 114 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use