Sonicwall 034 TA 170 User Manual SonicOS Standard

Sonicwall, Inc. TA 170 SonicOS Standard

UserManual.wiki >

Sonicwall >

034 User Manual >

Users Manual Part 1

COMPREHENSIVE INTERNET SECURITY™S o n i c WALL Internet Security Ap p l i a n c e s SonicWALL TZ 170 SP/W/SPWSonicOS Standard 2.2Administrator's Guide

Page 1Table of ContentsPreface .................................................................................................. 1Copyright Notice .............................................................................. 1Limited Warranty.............................................................................. 1Introduction......................................................... 1SonicWALL SonicOS Standard Overview............................................. 1SonicWALL Management Interface....................................................... 1Accessing the Management Interface.............................................. 1Navigating the Management Interface ............................................. 2Applying Changes............................................................................ 2Getting Help ..................................................................................... 2Logging Out ..................................................................................... 2About this Guide.................................................................................... 3Organization of this Guide ............................................................... 3Guide Conventions .......................................................................... 4Icons Used in this Manual................................................................ 4SonicWALL Technical Support.............................................................. 5North America Telephone Support ............................................. 5International Telephone Support ................................................ 5More Information on SonicWALL Products and Services ..................... 5Internet Connectivity Using the Setup Wizard .... 7Configuring a Static IP Address with NAT Enabled............................... 7Setup Wizard ................................................................................... 8Step 1: Change Password ............................................................... 8Step 2: Change Time Zone.............................................................. 9Step 3: WAN Network Mode ............................................................ 9Step 4: WAN Network Mode: NAT Enabled................................... 10Step 5: LAN Settings...................................................................... 10Step 6: LAN DHCP Settings ......................................................... 11Step 7: SonicWALL Configuration Summary ................................. 11Storing SonicWALL Configuration ................................................. 12Setup Wizard Complete ................................................................. 12Configuring DHCP Networking Mode.................................................. 13Step 1: Change Password ............................................................. 13Step 2: Change Time Zone ........................................................... 14Step 3: WAN Network Mode .......................................................... 14Step 4: WAN Network Mode: NAT with DHCP Client .................... 15Step 5: LAN Settings...................................................................... 15Step 6: DHCP Settings .................................................................. 16

Page 2 SonicWALL SonicOS Standard Administrator’s GuideConfiguration Summary..................................................................16Storing SonicWALL Configuration..................................................17Setup Wizard Complete .................................................................17Configuring NAT Enabled with PPPoE ................................................18Step 1: Change Password..............................................................18Step 2: Change Time Zone ...........................................................19Step 3: WAN Network Mode ..........................................................19Step 4: WAN Network Mode: NAT with PPPoE Client ...................20Step 5: LAN Settings ......................................................................20Step 6: DHCP Server .....................................................................21Step 7: SonicWALL Configuration Summary .................................21Storing SonicWALL Configuration .................................................22Setup Wizard Complete .................................................................22Configuring PPTP Network Mode........................................................23 Step 1: Change Password.............................................................23Step 2: Change Time Zone ...........................................................24Step 3: WAN Network Mode ..........................................................24Step 4: WAN Network Mode: NAT with PPTP Client .....................25Step 5: LAN Settings ......................................................................25Step 6: DHCP Server .....................................................................26Step 7: SonicWALL Configuration Summary .................................26Storing SonicWALL Configuration .................................................27Setup Wizard Complete .................................................................27System Settings ................................................29System>Status.....................................................................................29System Messages ..........................................................................29System Information ........................................................................29Security Services............................................................................30Registering Your SonicWALL.........................................................30mySonicWALL.com...................................................................30Latest Alerts ...................................................................................31Network Interfaces .........................................................................31System>Licenses.................................................................................31Security Services Summary ...........................................................31Manage Security Services Online ..................................................31Manual Upgrade.............................................................................32System>Administration ........................................................................32Firewall Name ................................................................................32Name/Password .............................................................................33Administrator Name ..................................................................33Changing the Administrator Password......................................33

Page 3Login Security ................................................................................ 33Enable Administrator/User Lockout .......................................... 33Management Protocol.................................................................... 34Advanced Management ................................................................. 34Enable SNMP ........................................................................... 34Enable Management Using SonicWALL GMS ......................... 35System>Time ...................................................................................... 36Set Time......................................................................................... 36NTP Settings.................................................................................. 37System>Settings ................................................................................. 37Settings .......................................................................................... 37Import Settings ......................................................................... 37Export Settings ......................................................................... 37Firmware Management .................................................................. 38New Firmware .......................................................................... 38Updating Firmware Manually.................................................... 39Firmware Management Settings............................................... 39SafeMode - Rebooting the SonicWALL ......................................... 39System Information................................................................... 40Firmware Management............................................................. 40System>Diagnostics............................................................................ 41DNS Name Lookup ........................................................................ 41Find Network Path ......................................................................... 41Ping................................................................................................ 42Packet Trace.................................................................................. 42Tech Support Report...................................................................... 43Generating a Tech Support Report .......................................... 44Trace Route ................................................................................... 44System>Restart................................................................................... 44Network............................................................. 45Network>Settings ................................................................................ 45Network Addressing Modes ........................................................... 46Interfaces ....................................................................................... 46Configuring WAN Settings ............................................................. 47WAN Properties>General ......................................................... 47Configuring LAN Settings............................................................... 48LAN Properties>General .......................................................... 48Multiple LAN Subnet Support ................................................... 48Configuring OPT/DMZ Settings ..................................................... 50Configuring the OPT/DMZ Port in Transparent Mode.................... 50Configuring the OPT/DMZ Port in NAT Mode................................ 51Configuring the SonicWALL in Transparent Mode......................... 52

Page 4 SonicWALL SonicOS Standard Administrator’s GuideConfiguration Example..............................................................53Configuring NAT with DHCP Client ................................................53Configuring LAN Settings..........................................................55LAN Properties>General...........................................................55Configuring NAT with PPPoE Client...............................................56Configuring LAN Properties for NAT with PPPoE Client...........58Configuring NAT with L2TP Client..................................................59Configuring LAN Properties for NAT with L2TP Client..............61Configuring NAT with PPTP Client.................................................62Configuring LAN Properties for NAT with PPTP Client.............64DNS Settings..................................................................................65Network>One-to-One NAT ..................................................................65One-to-One NAT Configuration Example.......................................66Network>Web Proxy............................................................................68Configuring Automatic Proxy Forwarding (Web Only)....................68Bypass Proxy Servers Upon Proxy Failure...............................69Network>Intranet .................................................................................69Installation ......................................................................................69Intranet Settings .............................................................................70Network>Routing .................................................................................71Static Routes.............................................................................71Static Route Configuration Example ..............................................72Route Advertisement......................................................................72Route Table....................................................................................73Network>ARP ......................................................................................74Network>DHCP Server........................................................................75DHCP Settings ...............................................................................75Configuring DHCP Server for Dynamic Ranges.............................75The General Tab.......................................................................76The DNS/WINS Tab..................................................................77Configuring Static DHCP Entries....................................................77The General Tab.......................................................................78The DNS/WINS Tab..................................................................78Current DHCP Leases....................................................................79Configuring the TZ 170 Wireless.......................81Considerations for Using Wireless Connections..................................81Recommendations for Optimal Wireless Performance ..................82Adjusting the TZ 170 Wireless Antennas .......................................82Wireless Guest Services (WGS) ....................................................82Wireless Node Count Enforcement...........................................82MAC Filter List................................................................................83WiFiSec Enforcement.....................................................................83

Page 5SonicOS Standard Wireless Features and Enhancements...... 83Wireless Status Page Updates ...................................................... 83TZ 170 Wireless Deployment Scenarios........................................ 84Configuring the TZ 170 Wireless as an Office Gateway ................ 85Welcome to the SonicWALL Setup Wizard .............................. 85Selecting the Deployment Scenario ......................................... 85Changing the Password ........................................................... 86Selecting Your Time Zone ........................................................ 86Configuring the WAN Network Mode........................................ 86Configuring WAN Settings........................................................ 87Configuring LAN Settings ......................................................... 87Configuring WLAN 802.11b Settings........................................ 87Configuring WiFiSec - VPN Client User Authentication............ 88Configuring Wireless Guest Services ....................................... 88SonicWALL Configuration Summary ........................................ 88Storing SonicWALL Configuration ............................................ 89Congratulations! ....................................................................... 89Configuring the TZ 170 Wireless as a Secure Access Point ......... 90Welcome to the SonicWALL Setup Wizard .............................. 90Selecting the Deployment Scenario ......................................... 90Changing the Password ........................................................... 90Selecting Your Time Zone ........................................................ 91Configuring the WAN Network Mode........................................ 91Configuring WAN Settings........................................................ 92Configuring the LAN Settings ................................................... 92Configuring WLAN 802.11b Settings........................................ 92Configuring WiFiSec - VPN Client User Authentication............ 93Configuring Wireless Guest Services ....................................... 93SonicWALL Configuration Summary ........................................ 93Storing SonicWALL Configuration ............................................ 94Congratulations! ....................................................................... 94Configuring the TZ 170 Wireless as a Guest Internet Gateway..... 95Welcome to the SonicWALL Setup Wizard .............................. 95Selecting the Deployment Scenario ......................................... 95Changing the Password ........................................................... 95Selecting Your Time Zone ........................................................ 96Configuring the WAN Network Mode........................................ 96Configuring WAN Settings........................................................ 96Configuring the LAN Settings ................................................... 97Configuring WLAN 802.11b Settings........................................ 97Configuring Wireless Guest Services ....................................... 97SonicWALL Configuration Summary ........................................ 98Storing SonicWALL Configuration ............................................ 98Congratulations! ....................................................................... 98Configuring the TZ 170 Wireless using a Custom Deployment ..... 99Welcome to the SonicWALL Setup Wizard .............................. 99

Page 6 SonicWALL SonicOS Standard Administrator’s GuideSelecting the Deployment Scenario..........................................99Changing the Password............................................................99Selecting Your Time Zone ......................................................100Configuring the WAN Network Mode ......................................100Configuring WAN Settings ......................................................100Configuring LAN Settings........................................................101Configuring WLAN 802.11b Settings ......................................101Configuring WiFiSec - VPN Client User Authentication ..........101Configuring Wireless Guest Services .....................................102SonicWALL Configuration Summary ......................................102Storing SonicWALL Configuration ..........................................102Congratulations!......................................................................103Using the Wireless Wizard ...........................................................103Welcome to the SonicWALL Wireless Configuration Wizard..103WLAN Network ......................................................................104WLAN 802.11b Settings..........................................................104WLAN Security Settings..........................................................105WiFiSec - VPN Client User Authentication .............................105Wireless Guest Services.........................................................106Wireless Configuration Summary ...........................................106Updating the TZ 170 Wireless! ...............................................107Congratulations!......................................................................107Access Point Status ................................................................109WLAN Statistics ......................................................................109Station Status ...............................................................................110Wireless > Settings............................................................................111Wireless Radio Mode ...................................................................111WiFiSec Enforcement...................................................................111Secure Wireless Bridging .............................................................113Wireless Bridging (without WiFiSec).......................................113Configuring a Secure Wireless Bridge .........................................114Network Settings for the Example Network ............................115Configuring VPN Policies for the Access Point and Wireless Bridge115Advanced Configuration for both VPN Policies.......................115Wireless > WEP Encryption .........................................................117WEP Encryption Settings........................................................117WEP Encryption Keys.............................................................118Beaconing & SSID Controls....................................................119Wireless Client Communications ............................................119Advanced Radio Settings .............................................................119Configurable Antenna Diversity ..............................................119Wireless>MAC Filter List ..............................................................121Wireless Intrusion Detection Services..........................................122Wireless Bridge IDS................................................................122Access Point IDS ....................................................................122Enable Client Null Probing ......................................................123

Page 8 SonicWALL SonicOS Standard Administrator’s GuideFirewall>Access Rules.........................................................................12Restoring Default Network Access Rules.......................................12Adding Rules using the Network Access Rule Wizard ...................13Step 1: Access Rule Type.........................................................13Configuring a Public Server Rule ...................................................14Step 2: Public Server ................................................................14Configuring a General Network Access Rule .................................15Step 1: Access Rule Type.........................................................15Step 2: Access Rule Service.....................................................16Step 3: Access Rule Action ......................................................16Step 4: Access Rule Source Interface and Address ................17Step 5: Access Rule Destination Interface and Address ..........17Step 6: Access Rule Time.........................................................18Completing the Network Access Rule Wizard .........................18Adding Rules Using the Add Rule Window ....................................19Rule Examples ...............................................................................20Blocking LAN Access for Specific Services ..............................20Enabling Ping............................................................................21Access Rules> Advanced....................................................................21Windows Networking (NetBIOS) Broadcast Pass Through............21Detection Prevention ......................................................................22Enable Stealth Mode.................................................................22Randomize IP ID.......................................................................22Dynamic Ports...........................................................................22Source Routed Packets..................................................................22TCP Connection Inactivity Timeout ................................................22Firewall>Services.................................................................................23User Defined (Custom) Services....................................................23VPN................................................................... 25VPN>Settings ......................................................................................25VPN Global Settings.......................................................................25VPN Policies...................................................................................26Currently Active VPN Tunnels........................................................26Configuring GroupVPN Policy on the SonicWALL...............................26Configuring IKE using Preshared Secret........................................26General .....................................................................................27Proposals ..................................................................................27Advanced ..................................................................................28Client.........................................................................................29Configuring GroupVPN with IKE using 3rd Party Certificates ........30General .....................................................................................30Proposals ..................................................................................30Advanced ..................................................................................30

Page 9Client ........................................................................................ 31Export a GroupVPN Client Policy .................................................. 32Site to Site VPN Configurations .......................................................... 33VPN Planning Sheet for Site-to-Site VPN Policies ........................ 34Site A ........................................................................................ 34Router....................................................................................... 34Additional Information............................................................... 34Configuring Site to Site VPN PoliciesUsing the VPN Policy Wizard .............................................................. 35Creating a Typical IKE using Preshared Secret VPN Policy.......... 35Creating a Custom VPN Policy using IKE and a Preshared Secret35Creating a Manual Key VPN Policy with the VPN Policy Wizard... 36Configuring IKE using 3rd Party Certificates with the VPN Policy Wizard37Creating VPN Policies Using the VPN Policy Window ........................ 38Configuring a VPN Policy using IKE with Preshared Secret.......... 38................................. Configuring a VPN Policy using Manual Key41Configuring a VPN Policy with IKE using a Third Party Certificate 44VPN>Advanced ................................................................................... 46Advanced VPN Settings................................................................. 46VPN Single-Armed Mode (stand-alone VPN gateway).................. 47Configuring a SonicWALL for VPN Single Armed Mode .......... 48VPN User Authentication Settings ................................................. 49VPN Bandwidth Management........................................................ 49VPN>DHCP over VPN ........................................................................ 50DHCP Relay Mode......................................................................... 50Configuring the Central Gateway for DHCP Over VPN............ 51Configuring DHCP over VPN Remote Gateway ............................ 52Device Configuration...................................................................... 52Current DHCP over VPN Leases................................................... 53VPN>L2TP Server............................................................................... 53General .......................................................................................... 54L2TP Server Settings ............................................................... 54IP Address Settings .................................................................. 55Adding L2TP Clients to the SonicWALL ................................... 55Currently Active L2TP Sessions ............................................... 55Digital Certificates ............................................................................... 55Overview of X.509 v3 Certificates.................................................. 55SonicWALL Third Party Digital Certificate Support........................ 55VPN>Local Certificates ....................................................................... 56Importing Certificate with Private Key ............................................ 56Certificate Details........................................................................... 56Delete This Certificate .............................................................. 57

Page 10 SonicWALL SonicOS Standard Administrator’s GuideGenerating a Certificate Signing Request ......................................57VPN>CA Certificates ...........................................................................58Importing CA Certificates into the SonicWALL...............................58Certificate Details ...........................................................................58Delete This Certificate...............................................................58Certificate Revocation List (CRL) ...................................................59Importing a CRL List .................................................................59Automatic CRL Update .............................................................59Users................................................................. 61Users>Status .......................................................................................61Active User Sessions .....................................................................61Users>Settings ....................................................................................62Authentication Method....................................................................62Global User Settings ......................................................................62Acceptable Use Policy....................................................................63Configuring RADIUS Authentication...............................................63Users>Local Users ..............................................................................65Settings ..........................................................................................65Security Services...............................................67Security Services>Summary................................................................68Security Services Summary ...........................................................68Manage Services Online ................................................................68If Your SonicWALL is Not Registered ............................................69Security Services Settings..............................................................69SonicWALL Content Filtering Service..................................................69Security Services>Content Filter .........................................................70Content Filter Status.......................................................................70Activating SonicWALL CFS ......................................................71Activating a SonicWALL CFS FREE TRIAL..............................71Content Filter Type.........................................................................71Restrict Web Features....................................................................71Trusted Domains ............................................................................72Message to Display when Blocking................................................73Configuring SonicWALL Filter Properties ............................................73....................................................................................Custom List73Enable Keyword Blocking .........................................................74Disable all Web traffic except for Allowed Domains..................74Settings ..........................................................................................74Consent ..........................................................................................75Mandatory Filtered IP Addresses ...................................................76

Page 11Consent Page URL (mandatory filtering).................................. 76Adding a New Address ............................................................. 76SonicWALL Network Anti-Virus........................................................... 76Security Services>Anti-Virus ............................................................... 77Activating SonicWALL Network Anti-Virus..................................... 77Activating a SonicWALL Network Anti-Virus FREE TRIAL ............ 77Network Anti-Virus E-Mail Filter .......................................................... 78Intrusion Prevention Service ............................................................... 78SonicWALL IPS Features .............................................................. 78SonicWALL Deep Packet Inspection ............................................. 79How SonicWALL’s Deep Packet Inspection Architecture Works ... 79SonicWALL IPS Terminology......................................................... 80SonicWALL IPS Activation .................................................................. 81mySonicWALL.com........................................................................ 81Activating SonicWALL IPS............................................................. 81Activating the SonicWALL IPS FREE TRIAL ................................. 82Log.................................................................... 83Log>View............................................................................................. 83SonicWALL Log Messages............................................................ 84Clear Log .................................................................................. 84E-mail Log ................................................................................ 84Log>Categories................................................................................... 85Log Categories............................................................................... 85Alerts & SNMP Traps..................................................................... 86Log>Automation .................................................................................. 87E-mail............................................................................................. 87Syslog Servers............................................................................... 87Log>Reports........................................................................................ 88Data Collection............................................................................... 89View Data....................................................................................... 89Web Site Hits............................................................................ 89Bandwidth Usage by IP Address .............................................. 89Bandwidth Usage by Service.................................................... 89Log>ViewPoint .................................................................................... 90SonicWALL ViewPoint ................................................................... 90Appendices....................................................... 91Appendix A - SonicWALL Support Solutions....................................... 91Knowledge Base ............................................................................ 91Internet Security Expertise............................................................. 91SonicWALL Support Programs ...................................................... 91

Page 12 SonicWALL SonicOS Standard Administrator’s GuideWarranty Support - North America and International .....................91Appendix B- Configuring the Management StationTCP/IP Settings ...................................................................................92Windows 98....................................................................................92Windows NT ...................................................................................93Windows 2000................................................................................94Windows XP ...................................................................................95Macintosh OS 10............................................................................95

Page 1PrefaceCopyright Notice© 2004 SonicWALL, Inc. All rights reserved.Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format.SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein can be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.Limited WarrantySonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any casecommencing not more than ninety (90) days after the original shipment by SonicWALL), and continuingfor a period of twelve (12) months, that the product will be free from defects in materials and workmanshipunder normal use. This Limited Warranty is not transferable and applies only to the original end user ofthe product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy underthis limited warranty will be shipment of a replacement product. At SonicWALL's discretion thereplacement product may be of equal or greater functionality and may be of either new or like-new quality.SonicWALL's obligations under this warranty are contingent upon the return of the defective productaccording to the terms of SonicWALL's then-current Support Services policies. This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged byaccident, abuse, misuse or misapplication, or has been modified without the written permission ofSonicWALL.

Page 2 SonicWALL SonicOS Standard Administrator’s GuideDISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS ORIMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUTLIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR APARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM ACOURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THEMAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTYCANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTYPERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOWLONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THISWARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTSWHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall applyeven if the express warranty set forth above fails of its essential purpose.DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF AREPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENTSHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESSINTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THEUSE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORYOF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWAREEVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort(including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shallapply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES ORJURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL ORINCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

Page 1 SonicWALL SonicOS 2.2 Standard Administrator’s Guide 1 IntroductionThank you for purchasing the SonicWALL Internet Security Appliance. Organizations of all kinds face an array of security threats -- and must react quickly with limited IT resources. That means that SonicWALL offers security solutions for specific business applications such as networking, site-to-site communications, telecommuting, POS transactions, or secure web-sites. SonicWALL offers solutions that are specifically designed to meet the objectives of today's Internet connected business.SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications. With integrated support for firewall, VPN, Anti Virus, content filtering, and an award-winning Global Management System (GMS), IT administrators can trust SonicWALL to protect their network while securely and reliably connecting their remote businesses or personnel.SonicWALL SonicOS Standard OverviewSonicWALL SonicOS Standard is the standard operating system for the SonicWALL TZ 170, SonicWALL 2040, and SonicWALL 3060, which provides a complete security solution to protect your network from attacks, intrusions, and malicious tampering. In addition, SonicOS provides secure, encrypted communications via IPSec VPN to business partners and branch offices as well as support for a growing number of SonicWALL Security Services, such as SonicWALL Content Filtering Service and SonicWALL Network Anti-Virus.Tip!SonicWALL SonicOS Standard can be upgraded to SonicOS Enhanced. For detailed instructions on upgrading to SonicOS Enhanced, see the Upgrading SonicOS Standard to SonicOS Enhanced Technote available on the PRO 2040 Product CD or at <http:www.sonicwall.com/services/documentation.html.SonicWALL Management InterfaceThe SonicWALL’s Web Management Interface provides a easy-to-use graphical interface for configuring your SonicWALL. SonicWALL management functions are performed through a Web browser.Tip!Microsoft Internet Explorer 5.0 or higher, or, Netscape Navigator 4.5 or higher are two recommended Web browsers. Accessing the Management InterfaceTo access the SonicWALL Management Interface, you need to configure the Management Station TCP/IP settings in order to initially contact the SonicWALL. A computer used to manage the SonicWALL is referred to as the “Management Station.” Any computer on the same network as the SonicWALL can be used to access the management interface.MD5 authentication is used to secure communications between your Management Station and the SonicWALL Web Management Interface. MD5 Authentication prevents unauthorized users from detecting and stealing the SonicWALL password as it is sent over your network.The Web browser used to access the management interface must be Java-enabled and support HTTP uploads in order to fully manage the SonicWALL. If your Web browser does not support these functions, certain features such as uploading firmware and saved preferences files are not available.

Page 2 SonicWALL SonicOS Standard Administrator’s GuideNote:For instructions on setting up your Management Station for accessing the SonicWALL Management Interface, see Appendix B.Navigating the Management InterfaceNavigating the SonicWALL Management Interface includes a hierarchy of menu buttons on the navigation bar (left side of window). The SonicOS Standard menu buttons on the navigation bar include:•System•Network•Firewall• VPN•Users• Security Services•Log•Help•Wizards• LogoutWhen you click a menu button, related management functions are displayed as submenu items in the navigation bar. To navigate to a submenu page, click the link. When you click a menu button, the first submenu item page is displayed.Applying ChangesClick the Apply button at the top right corner of the SonicWALL Management Interface to save any configuration changes you made on the page.If the settings are contained in a secondary window within the Management Interface, when you click OK, the settings are automatically applied to the SonicWALL.Getting HelpEach SonicWALL includes Web-based online help available from the Management Interface.Clicking the question mark ? button on the top right corner of every page accesses the context-sensitive help for the page.Alert!SonicWALL online help requires Internet connectivity.Logging OutThe Logout button at the bottom of the menu bar terminates the Management Interface session and displays the Authentication page.

Introduction Page 3About this GuideWelcome to the SonicWALL SonicOS Standard Administrator’s Guide. This manual provides the information you need to successfully activate, configure, and administer SonicOS Standard 2.2 for the SonicWALL TZ170, PRO 2040, and PRO 3060 Internet Security Appliances.This manual is updated and released with SonicOS Standard 2.2. Always check <http//:www.sonicwall.com/services/documentation.html> for the latest version of this manual as well as other SonicWALL Security Service and upgrade manuals.Tip!The Quick Start Guide for your SonicWALL provides instructions for quickly installing and configuring your SonicWALL for connecting your network through the SonicWALL for secure Internet connectivity.Organization of this GuideThe SonicOS Standard Administrator’s Guide organization follows the SonicWALL Web Management Interface structure.Chapter 1, Introduction - Overview of SonicOS Standard, the SonicWALL Web-based Management Interface, and this manual’s conventions.Chapter 2, Internet Connectivity Using the Setup Wizard - explains how to get your network securely connected to the Internet with the SonicWALL using the Setup Wizard.Chapter 3, System Setting - describes the configuration of the SonicWALL IP settings, time, and password as well as providing instructions to restart the SonicWALL, import and export settings, upload new firmware, and perform diagnostic tests.Chapter 4, Network - outlines configuring network settings manually for the SonicWALL as well as static routes and RIPv2 advertising on the network. Setting up the SonicWALL to act as the DHCP server on your network is also covered in this chapter. Chapter 5, Firewall - explains how to permit and block traffic through the SonicWALL, set up One-to-One NAT, and configuring automatic proxy forwarding.Chapter 6, VPN - explains how to create a VPN tunnel between two SonicWALLs and creating a VPN tunnel from the VPN client to the SonicWALL.Chapter 7, Users - describes the configuration of user level authentication as well as the setup of RADIUS servers for user authentication. Chapter 8, Security Services - provides configuration instructions for SonicWALL Content Filtering Service and Anti-Virus features. Chapter 9, Logging and Alerts - illustrates the SonicWALL logging, alerting, and reporting features.Chapter 10, Appendices Appendix A, SonicWALL Support Solutions - describes available support options from SonicWALL. Appendix B, Configuring Management Station TCP/IP Settings - provides instructions for configuring your Management Station's IP address.

Page 4 SonicWALL SonicOS Standard Administrator’s GuideGuide ConventionsThe following Conventions used in this guide are as follows:Icons Used in this ManualThese special messages refer to noteworthy information, and include a symbol for quick identification:Alert!Important information that cautions about features affecting firewall performance, security features, or causing potential problems with your SonicWALL.Tip! Useful information about security features and configurations on your SonicWALL. Note:Important information on a feature that requires callout for special attention.Convention UseBold Highlights items you can select on the SonicWALL Management Interface.Italic Highlights a value to enter into a field. For example, “type 192.168.168.168 in the IP Address field.”Menu Item>Menu Item Indicates a multiple step Management Interface menu choice. For example, “Security Services>Content Filter means select Security Services, then select Content Filter.

Introduction Page 5SonicWALL Technical SupportFor timely resolution of technical support questions, visit SonicWALL on the Internet at <http://www.sonicwall.com/services/support.html>. Web-based resources are available to help you resolve most technical issues or contact SonicWALL Technical Support.To contact SonicWALL telephone support, see the telephone numbers listed below:North America Telephone SupportU.S./Canada - 888.777.1476 or +1 408.752.7819International Telephone SupportAustralia - + 1800.35.1642Austria - + 43(0)820.400.105EMEA - +31(0)411.617.810France - + 33(0)1.4933.7414Germany - + 49(0)1805.0800.22Hong Kong - + 1.800.93.0997India - + 8026556828Italy - +39.02.7541.9803Japan - + 81(0)3.5460.5356New Zealand - + 0800.446489Singapore - + 800.110.1441Spain - + 34(0)9137.53035Switzerland - +41.1.308.3.977UK - +44(0)1344.668.484Note:Please visit <http://www.sonicwall.com/services/contact.html> for the latest technical support telephone numbers.More Information on SonicWALL Products and ServicesContact SonicWALL, Inc. for information about SonicWALL products and services at:Web: http://www.sonicwall.comE-mail: sales@sonicwall.comPhone: (408) 745-9600Fax:(408) 745-9300

Page 6 SonicWALL SonicOS Standard Administrator’s Guide

Page 7 SonicWALL SonicOS 2.2 Standard Administrator’s Guide 2 Internet Connectivity Using the Setup WizardThe Setup Wizard takes you step by step through network configuration for Internet connectivity. There are four types of network connectivity available: Static IP, DHCP, PPPoE, and PPTP. The first time you log into the SonicWALL, the Setup Wizard is launched automatically. To launch the Setup Wizard at any from the Management Interface, log into the SonicWALL. Click Wizards and select Setup Wizard.Note:The Wizard pages shown in this chapter are for the SonicWALL TZ170 but they are identical to Wizard pages for the PRO 2040 and PRO 3060.Tip!You can also configure all your WAN and network settings on the Network>Settings page of the SonicWALL Management Interface Configuring a Static IP Address with NAT EnabledUsing NAT to set up your SonicWALL eliminates the need for public IP addresses for all computers on your LAN. It is a way to conserve IP addresses available from the pool of IPv4 addresses for the Internet. NAT also allows you to conceal the addressing scheme of your network. If you do not have enough individual IP addresses for all computers on your network, you can use NAT for your network configuration. Essentially, NAT translates the IP addresses in one network into those for a different network. As a form of packet filtering for firewalls, it protects a network from outside intrusion from hackers by replacing the internal (LAN) IP address on packets passing through a SonicWALL with a “fake” one from a fixed pool of addresses. The actual IP addresses of computers on the LAN are hidden from outside view. This section describes configuring the SonicWALL appliance in the NAT mode. If you are assigned a single IP address by your ISP, follow the instructions below.Tip!: Be sure to have your network information including your WAN IP address, subnet mask, and DNS settings ready. This information is obtained from your ISP.

Page 8 SonicWALL SonicOS Standard Administrator’s GuideSetup WizardNote:Your Web browser must be Java-enabled and support HTTP uploads in order to fully manage SonicWALL. Internet Explorer 5.0 and above as well as Netscape Navigator 4.0 and above are recommended. 1. Click the Setup Wizard button on the Network>Settings page. Read the instructions on the Welcome window and click Next to continue.Step 1: Change Password2. To set the password, enter a new password in the New Password and Confirm New Password fields. Click Next.Tip!It is very important to choose a password which cannot be easily guessed by others.

Internet Connectivity Using the Setup Wizard Page 9Step 2: Change Time Zone3. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next.Step 3: WAN Network Mode4. Confirm that you have the proper network information necessary to configure the SonicWALL to access the Internet. Click the hyperlinks for definitions of the networking terms. You can choose:•Static IP, if your ISP assigns you a specific IP address or group of addresses.•DHCP, if your ISP automatically assigns you a dynamic IP address.•PPPoE, if your ISP provided you with client software, a user name, and a password.•PPTP, if your ISP provided you with a server IP address, a user name, and password. 5. Choose Static IP and click Next.

Page 10 SonicWALL SonicOS Standard Administrator’s GuideStep 4: WAN Network Mode: NAT Enabled6. Enter the public IP address provided by your ISP in the SonicWALL WAN IP Address, then fill in the rest of the fields: WAN/OPT/DMZ Subnet Mask, WAN Gateway (Router) Address, and DNS Server Addresses. Click Next. Step 5: LAN Settings7. The LAN page allows the configuration of the SonicWALL LAN IP Addresses and the LAN Subnet Mask.The SonicWALL LAN IP Addresses are the private IP address assigned to the LAN port of the SonicWALL. The LAN Subnet Mask defines the range of IP addresses on the LAN. The default values provided by the SonicWALL work for most networks. If you do not use the default settings, enter your preferred private IP address and subnet mask in the fields. Click Next.

Internet Connectivity Using the Setup Wizard Page 11Step 6: LAN DHCP Settings 8. The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatically configures the IP settings of computers on the LAN. To enable the DHCP server, select Enable DHCP Server, and specify the range of IP addresses that are assigned to computers on the LAN. If Disable DHCP Server is selected, you must configure each computer on your network with a static IP address on your LAN. Click Next.Step 7: SonicWALL Configuration Summary9. The Configuration Summary window displays the configuration defined using the Installation Wizard. To modify any of the settings, click Back to return to the Connecting to the Internet window. If the configuration is correct, click Next.

Page 12 SonicWALL SonicOS Standard Administrator’s GuideStoring SonicWALL ConfigurationSetup Wizard Complete10. The SonicWALL stores the network settings. 11. Click Restart to restart the SonicWALL. The SonicWALL takes approximately 90 seconds or longer to restart. During this time, the yellow Test LED is lit.

Internet Connectivity Using the Setup Wizard Page 13Configuring DHCP Networking ModeDHCP is a networking mode that allows you to obtain an IP address for a specific length of time from aDHCP server. The length of time is called a lease which is renewed by the DHCP server typically after afew days. When the lease is ready to expire, the client contacts the server to renew the lease. This is acommon network configuration for customers with cable or DSL modems. You are not assigned a specificIP address by your ISP.1. Click the Setup Wizard button on the Network>Settings page. 2. Read the instructions on the Welcome window and click Next to continue.Step 1: Change Password3. To set the password, enter a new password in the New Password and Confirm New Password fields. Click Next.

Page 14 SonicWALL SonicOS Standard Administrator’s GuideStep 2: Change Time Zone 4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next.Step 3: WAN Network Mode5. Select DHCP, the Obtain an IP address automatically window is displayed. Click Next.

Internet Connectivity Using the Setup Wizard Page 15Step 4: WAN Network Mode: NAT with DHCP Client6. The Obtain an IP address automatically window states that the ISP dynamically assigns an IP address to the SonicWALL. To confirm this, click Next. DHCP-based configurations are most common with cable modem connections.Step 5: LAN Settings7. The Fill in information about your LAN page allows the configuration of SonicWALL LAN IP Addresses and Subnet Masks. SonicWALL LAN IP Addresses are the private IP addresses assigned to the LAN of the SonicWALL. The LAN Subnet Mask defines the range of IP addresses on the networks. The default values provided by the SonicWALL are useful for most networks. Click Next.

Page 16 SonicWALL SonicOS Standard Administrator’s GuideStep 6: DHCP Settings8. The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatically assigns IP settings to computers on the LAN. To enable the DHCP server, select Enable DHCP Server, and specify the range of IP addresses assigned to computers on the LAN. If Disable DHCP Server is selected, the DHCP Server is disabled. Click Next to continue. Configuration Summary9. The Configuration Summary window displays the configuration defined using the Installation Wizard. To modify any of the settings, click Back to return to the Connecting to the Internet window. If the configuration is correct, click Apply.

Internet Connectivity Using the Setup Wizard Page 17Storing SonicWALL ConfigurationSetup Wizard Complete10. Click Restart to restart the SonicWALL. The SonicWALL takes 90 seconds to restart. During this time, the yellow Test LED is lit.Tip!The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL.

Page 18 SonicWALL SonicOS Standard Administrator’s GuideConfiguring NAT Enabled with PPPoENAT with PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connectwith a remote site using various Remote Access Service products. This protocol is typically found whenusing a DSL modem with an ISP requiring a user name and password to log into the remote server. TheISP may then allow you to obtain an IP address automatically or give you a specific IP address.1. Click the Setup Wizard button on the Network>Settings page.2. Read the instructions on the Welcome window and click Next to continue.Step 1: Change Password3. To set the password, enter a new password in the New Password and Confirm New Password fields. Click Next.

Internet Connectivity Using the Setup Wizard Page 19Step 2: Change Time Zone 4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next.Step 3: WAN Network Mode5. The SonicWALL automatically detects the presence of a PPPoE server on the WAN. If not, then select PPPoE: Your ISP provided you with desktop software, a user name and password. Click Next.

Page 20 SonicWALL SonicOS Standard Administrator’s GuideStep 4: WAN Network Mode: NAT with PPPoE Client6. Enter the user name and password provided by your ISP into the User Name and Password fields. Click Next.Step 5: LAN Settings7. The LAN Settings page allows the configuration of SonicWALL LAN IP Addresses and LAN Subnet Mask.The SonicWALL LAN IP Address is the private IP address assigned to the LAN port of the SonicWALL. The LAN Subnet Mask defines the range of IP addresses on the LAN. The default values provided by the SonicWALL are useful for most networks. If you do not use the default settings, enter your preferred IP addresses in the fields. Click Next.

Internet Connectivity Using the Setup Wizard Page 21Step 6: DHCP Server8. The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatically assigns IP settings to computers on the LAN. To enable the DHCP server, select Enable DHCP Server, and specify the range of IP addresses that are assigned to computers on the LAN. If Disable DHCP Server is selected, you must configure each computer on your network with a static IP address on your LAN. Click Next.Step 7: SonicWALL Configuration Summary9. The Configuration Summary window displays the configuration defined using the Installation Wizard. To modify any of the settings, click Back to return to the WAN Settings window. If the configuration is correct, click Next to proceed to the Congratulations window.

Page 22 SonicWALL SonicOS Standard Administrator’s GuideStoring SonicWALL Configuration Tip!The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL. Setup Wizard Complete10. Click Restart to restart the SonicWALL. 11. The SonicWALL takes approximately 90 seconds or longer to restart. During this time, the yellow Test LED is lit.

Internet Connectivity Using the Setup Wizard Page 23Configuring PPTP Network ModeNAT with PPTP Client mode uses Point to Point Tunneling Protocol (PPTP) to connect to a remoteserver. It supports older Microsoft implementations requiring tunneling connectivity.1. Click the Setup Wizard button on the Network>Settings page. 2. Read the instructions on the Welcome window and click Next to continue. Step 1: Change Password3. To set the password, enter a new password in the New Password and Confirm New Password fields. Click Next.

Page 24 SonicWALL SonicOS Standard Administrator’s GuideStep 2: Change Time Zone 4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL internal clock is set automatically by a Network Time Server on the Internet. Click Next.Step 3: WAN Network Mode5. Select PPTP: Provided you with a server IP address, a user name and password. Click Next.

Internet Connectivity Using the Setup Wizard Page 25Step 4: WAN Network Mode: NAT with PPTP Client6. Enter the user name and password provided by your ISP into the User Name and Password fields. Click Next.Step 5: LAN Settings7. The LAN Settings page allows the configuration of SonicWALL LAN IP Addresses and LAN Subnet Mask.The SonicWALL LAN IP Address is the private IP address assigned to the LAN port of the SonicWALL. The LAN Subnet Mask defines the range of IP addresses on the LAN. The default values provided by the SonicWALL are useful for most networks. If you do not use the default settings, enter your preferred IP addresses in the fields. Click Next.

Page 26 SonicWALL SonicOS Standard Administrator’s GuideStep 6: DHCP Server8. The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatically assigns IP settings to computers on the LAN. To enable the DHCP server, select Enable DHCP Server, and specify the range of IP addresses that are assigned to computers on the LAN. If Disable DHCP Server is selected, you must configure each computer on your network with a static IP address on your LAN. Click Next.Step 7: SonicWALL Configuration Summary9. The Configuration Summary window displays the configuration defined using the Installation Wizard. To modify any of the settings, click Back to return to the Connecting to the Internet window. If the configuration is correct, click Next to proceed to the Storing SonicWALL Configuration window.

Internet Connectivity Using the Setup Wizard Page 27Storing SonicWALL Configuration Tip!The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL. Setup Wizard Complete10. Click Restart to restart the SonicWALL. The SonicWALL takes approximately 90 seconds or longer to restart. During this time, the yellow Test LED is lit.

Page 28 SonicWALL SonicOS Standard Administrator’s Guide

System Settings Page 29 3 System SettingsThis chapter describes the configuration of the SonicWALL IP settings, time, and password as well as providing instructions to restart the SonicWALL, import and export settings, upload new firmware, and perform diagnostic tests.System>StatusThe Status page contains five sections: System Messages, System Information, Latest Alerts, Security Services, and Network Interfaces. System MessagesAny information considered relating to possible problems with configurations on the SonicWALL such as password, log messages, etc. System InformationThe following information is displayed in this section:•Model - type of SonicWALL product•Serial Number - also the MAC address of the SonicWALL•Authentication Code - the alphanumeric code used to authenticate the SonicWALL on the registra-tion database at <https://www.mysonicwall.com>. •Firmware Version - the firmware version loaded on the SonicWALL.•ROM Version - indicates the ROM version.•CPU Type - displays the type and speed of the SonicWALL processor.•Total Memory - indicates the amount of RAM and flash memory.•Uptime - the length of time, in days, hours, and seconds the SonicWALL is active. •Current Connections - the number of network connections currently existing on the SonicWALL.•Registration Code - the registration code is generated when your SonicWALL is registered at <http://www.mysonicwall.com>.

System Settings Page 31Tip!For more information on mySonicWALL.com, access the online help available at https://www.mysonicwall.com.Note:mySonicWALL.com registration information is not sold or shared with any other company.Latest AlertsAny messages relating to system errors or attacks are displayed in this section. Attack messages include AV Alerts, forbidden e-mail attachments, fraudulent certificates, etc. System errors include WAN IP changed and encryption errors. Clicking the blue arrow displays the Log>Log View page. Network InterfacesThe following information is contained in this section:•WAN - network speed, for example 100 Mbps, and devices connected to the WAN link.•LAN - network speed and network address mode•OPT/DMZ - network speed and network address modeClicking the arrow displays the Network>Settings page. System>LicensesThe System>Licenses page provides links to activate, upgrade, or renew SonicWALL Security Services and upgrades.Note:For more information on SonicWALL Security Services and Upgrades, visit <http://www.sonicwall.com>Security Services SummaryThe Security Services Summary table lists the available and activated security services on the SonicWALL. The Security Service column lists all the available SonicWALL security services and upgrades available for the SonicWALL. The Status column indicates is the security service is activated (Licensed), available for activation (Not Licensed), or no longer active (Expired). The number of nodes/users allowed for the license is displayed in the Count column.The information listed in the Security Services Summary table is updated from your mySonicWALL.com account the next time the SonicWALL automatically synchronizes with your mySonicWALL.com account (once a day) or you can click the link in To synchronize licenses with mySonicWALL.com click here in the Manage Security Services Online section.Manage Security Services OnlineTo activate, upgrade, or renew services, click the link in To Activate, Upgrade, or Renew services, click here. Click the link in To synchronize licenses with mySonicWALL.com click here to synchronize your mySonicWALL.com account with the Security Services Summary table.

Page 32 SonicWALL SonicOS Standard Administrator’s GuideYou can also get free trial subscriptions to SonicWALL Content Filter Service and Network Anti-Virus by clicking the For Free Trials click here link. When you click these links, the mySonicWALL.com Login page is displayed. Enter your mySonicWALL.com account username and password in the User Name and Password fields and click Submit. The Manage Services Online page is displayed with licensing information from your mySonicWALL.com account.Manual UpgradeManual Upgrade allows you to activate your services by typing the service activation key supplied with the service subscription not activated on mySonicWALL.com. Type the activation key from the product into the Enter upgrade key field and click Submit. Tip!You must have a mysonicwall.com account to upgrade and activate services through the SonicWALL. Note:If your SonicWALL is deployed in a high-security environment that does not allow direct Internet connectivity from the SonicWALL, you can enter the encrypted license key information manually in the enter keyset field. See the SonicWALL TechNote Manual Upgrades for Closed Environments using License Keyset at <www.sonicwall.com/services/SonicOS_FW_documentation.html for instructions.System>AdministrationFirewall NameThe Firewall Name uniquely identifies the SonicWALL and defaults to the serial number of the SonicWALL. The serial number is also the MAC address of the unit. The Firewall Name is mainly used in e-mailed log files. To change the Firewall Name, enter a unique alphanumeric name in the Firewall Name field. It must be at least 8 characters in length.

System Settings Page 33Name/PasswordAdministrator Name The Administrator Name can be changed from the default setting of admin to any word using alphanumeric characters up to 32 characters in length. To create an new administrator name, enter the new name in the Administrator Name field. Click Apply for the changes to take effect on the SonicWALL. Changing the Administrator PasswordTo set the password, enter the old password in the Old Password field, and the new password in the New Password field. Enter the new password again in the Confirm New Password field and click Apply. Once the SonicWALL has been updated, a message confirming the update is displayed at the bottom of the browser window.Login SecurityThe Administrator Inactivity Timeout setting allows you to set the length of inactivity time that elapses before you are automatically logged out of the Web Management Interface. By default, the SonicWALL logs out the administrator after 5 minutes of inactivity. Tip!If the Administrator Inactivity Timeout is extended beyond 5 minutes, you should end every management session by clicking Logout to prevent unauthorized access to the SonicWALL Web Management Interface. Enter the desired number of minutes in the Administrator Inactivity Timeout section and click Update. The Inactivity Timeout can range from 1 to 99 minutes. Click Apply, and a message confirming the update is displayed at the bottom of the browser window.Enable Administrator/User LockoutYou can configure the SonicWALL to lockout an administrator or a user if the login credentials are incorrect. Select the Enable Administrator/User Lockout check box to prevent users from attempting to log into the SonicWALL without proper authentication credentials. Enter the number of failed attempts before the user is locked out in the Lock out user after __ failed login attempts in a 1 minute period field. Enter the length of time that must elapse before the user attempts to log into the SonicWALL again in the Lockout Period (minutes) field. Alert!If the administrator and a user are logging into the SonicWALL using the same source IP address, the administrator is also locked out of the SonicWALL. The lockout is based on the source IP address of the user or administrator.

Page 34 SonicWALL SonicOS Standard Administrator’s GuideManagement ProtocolThe SonicWALL can be managed using HTTP or HTTPS and a Web browser. Both HTTP and HTTPS are enabled by default. The default port for HTTP is port 80, but you can configure access through another port. Enter the number of the desired port in the Port field, and click Update. However, if you configure another port for HTTP management, you must include the port number when you use the IP address to log into the SonicWALL. For example, if you configure the port to be 76, then you must enter <LAN IP Address>:76 into the Web browser, i.e. <http://192.168.168.1:76>The default port for HTTPS management is 443, the standard port. You can add another layer of security for logging into the SonicWALL by changing the default port. To configure another port for HTTPS management, enter the preferred port number into the Port field, and click Update. For example, if you configure the HTTPS Management Port to be 700, then you must log into the SonicWALL using the port number as well as the IP address, for example, <https://192.168.168.1:700> to access the SonicWALL. The Certificate Common Name field defaults to the SonicWALL LAN Address. This allows you to continue using a certificate without downloading a new one each time you log into the SonicWALL.Advanced ManagementEnable SNMPSNMP (Simple Network Management Protocol) is a network protocol used over User Datagram Protocol (UDP) that allows network administrators to monitor the status of the SonicWALL and receive notification of critical events as they occur on the network. The SonicWALL supports SNMP v1/v2c and all relevant Management Information Base II (MIB) groups except egp and at. The SonicWALL replies to SNMP Get commands for MIBII via any interface and supports a custom SonicWALL MIB for generating trap messages. The custom SonicWALL MIB is available for download from the SonicWALL Web site and can be loaded into third-party SNMP management software such as HP Openview, Tivoli, or SNMPC. To enable SNMP on the SonicWALL, select the Enable SNMP check box, and then click Configure in the System>Administration page.Note:v1 traps are not supported on the SonicWALL.1. Enter the host name of the SonicWALL in the System Name field. 2. Enter the network administrator’s name in the System Contact field.

System Settings Page 353. Enter an e-mail address, telephone number, or pager number in the System Location field.4. Enter a name for a group or community of administrators who can view SNMP data in the Get Community Name field. 5. Enter a name for a group or community of administrators who can view SNMP traps in the Trap Community Name field.6. Enter the IP address or host name of the SNMP management system receiving SNMP traps in the Host 1 through Host 4 fields. You must configure at least one IP address or host name, but up to four addresses or host names can be used. 7. Click OK. Trap messages are generated only for the alert message categories normally sent by the SonicWALL. For example, attacks, system errors, or blocked Web sites generate trap messages. If none of the categories are selected on the Log>Settings page, then no trap messages are generated.By default, the SonicWALL responds only to Get SNMP messages received on its LAN interface. Appropriate rules must be configured to allow SNMP traffic to and from the WAN interface. SNMP trap messages can be sent via the LAN or WAN. See Chapter 5, Firewall, for instructions on adding services and rules to the SonicWALL. If your SNMP management system supports discovery, the SonicWALL agent automatically discover the SonicWALL appliance on the network. Otherwise, you must add the SonicWALL to the list of SNMP-managed devices on the SNMP management system. Enable Management Using SonicWALL GMSTo enable the SonicWALL to be managed by SonicWALL Global Management System (GMS). Select the Enable Management using GMS checkbox, then click Configure. The Configure GMS Settings window is displayed.To configure the SonicWALL for GMS management:1. Enter the host name or IP address of the GMS Console in the GMS Host Name or IP Address field. 2. Enter the port in the GMS Syslog Server Port field. The default value is 514.3. Select Send Heartbeat Status Messages Only to send only heartbeat status instead of log messages.4. Select GMS behind NAT Device if the GMS Console is placed behind a device using NAT on the network. Type the IP address of the NAT device in the NAT Device IP Address field.5. Select one of the following GMS modes from the Management Mode menu.IPSEC Management Tunnel - Use the IPSec management tunnel included with the SonicWALL. The default IPSec VPN settings are displayed.Existing Tunnel - Use an existing tunnel for GMS management of the SonicWALL. HTTPS - Use HTTPS for GMS management of the SonicWALL. The following configuration settings for HTTPS management mode are displayed:

$Page 36 SonicWALL SonicOS Standard Administrator’s GuideSend Syslog Messages in Cleartext Format - Sends Syslog messages as cleartext.Send Syslog Messages to a Distributed GMS Reporting Server - Sends Syslog Messages to a GMS Reporting Server separated from the GMS management server.GMS Reporting Server IP Address - Enter the IP address of the GMS Reporting Server, if the server is separate from the GMS management server.GMS Reporting Server Port - Enter the port for the GMS Reporting Server. The default value is 5146. Click OK. System>TimeSet TimeThe SonicWALL uses the time and date settings to time stamp log events, to automatically update SonicWALL Security Services, and for other internal purposes. By default, the SonicWALL uses an internal list of public NTP servers to automatically update the time. Network Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network of computers. NTP uses Coordinated Universal Time (UTC) to synchronize computer clock times to a millisecond, and sometimes to a fraction of a millisecond.To select your time zone and automatically update the time, choose the time zone from the Time Zone menu. The Use NTP to set time automatically is activated by default to use the NTP (Network Time Protocol) to set time automatically. If you want to set your time manually, uncheck this setting. Select the time in the 24-hour format using the Time (hh:mm:ss) menus and the date from the Date menus. Automatically adjust clock for daylight saving changes is activated by default to enable automatic adjustments for daylight savings time.Selecting Display UTC in logs (instead of local time) specifies the use universal time (UTC) rather than local time for log events.Selecting Display time in International format displays the date in International format, with the day preceding the month.After selecting your System Time settings, click Apply.$

$System Settings Page 37NTP SettingsNetwork Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network of computers. NTP uses Coordinated Universal Time (UTC) to synchronize computer clock times to a millisecond, and sometimes, to a fraction of a millisecond. The SonicWALL use an internal list of NTP servers so manually entering a NTP server is optional. Select Use NTP to set time automatically if you want to use your local server to set the SonicWALL clock. You can also configure Update Interval (minutes) for the NTP server to update the SonicWALL. The default value is 60 minutes. To add an NTP server to the SonicWALL configuration, click Add. The Add NTP Server window is displayed. Type the IP address of an NTP server in the NTP Server field. Click Ok. Then click Apply on the System>Time page to update the SonicWALL. To delete an NTP server, highlight the IP address and click Delete. Or, click Delete All to delete all servers.System>SettingsSettingsImport Settings To import a previously saved preferences file into the SonicWALL, follow these instructions:1. Click Import Settings to import a previously exported preferences file into the SonicWALL. The Import Settings window is displayed. 2. Click Browse to locate the file which has a *.exp file name extension. 3. Select the preferences file.4. Click Import, and restart the firewall.Export Settings To export configuration settings from the SonicWALL, use the instructions below:1. Click Export Settings.2. Click Export. 3. Click Save, and then select a location to save the file. The file is named “sonicwall.exp” but can be renamed.$

Sonicwall 034 TA 170 User Manual SonicOS Standard

Sonicwall, Inc. TA 170 SonicOS Standard

Contents

Users Manual Part 1

Navigation menu

Namespaces

Views

Navigation