Manuals
/
Brands
/
Household Appliance
/
Home Security System
/
SonicWALL
/
Household Appliance
/
Home Security System
SonicWALL
3 manual
1
1
348
348
Download
348 pages, 24.83 Mb
COMPREHENSIVE INTERNET SECURITY
™
SSSS
S
S
o n i c W
ALL
Sec
urit
y A
p p l i a n c e
S
onicOS Standard
3
.
0
Administrator's Guid
e
Contents
Main
Chapter 2: Basic SonicWALL Security Appliance Setup. . . . . . . . . . . . . . . . .9
Chapter 5: Using System Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Chapter 6: Setting System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Chapter 7: Configuring System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Chapter 8: Performing Diagnostic Tests and Restarting the SonicWALL Security Appliance51
Chapter 10:Configuring One-to-One NAT . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Chapter 11:Configuring Web Proxy Settings . . . . . . . . . . . . . . . . . . . . . . . . .85
Chapter 12:Configuring Intranet Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Page
Page
Chapter 30:Managing Wireless Guest Accounts . . . . . . . . . . . . . . . . . . . . 171
Chapter 32:Configuring Advanced Rule Options . . . . . . . . . . . . . . . . . . . . 189
Chapter 33:Configuring Custom Services. . . . . . . . . . . . . . . . . . . . . . . . . . 191
Chapter 35:Monitoring Active Firewall Connections . . . . . . . . . . . . . . . . . . 197
Chapter 37:Configuring Advanced VPN Settings. . . . . . . . . . . . . . . . . . . . .229
Chapter 38:Configuring DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . . . . .233
Chapter 39:Configuring L2TP Server Settings. . . . . . . . . . . . . . . . . . . . . . . 237
Chapter 40:Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
PART 9: Users Chapter 41:Viewing User Status and Configuring User Authentication. . . . 249
Chapter 42:Configuring Local Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Chapter 44:Configuring SonicWALL Content Filtering Service. . . . . . . . . . 265
Chapter 45:Managing SonicWALL Network Anti-Virus and E-Mail Filter Services275
Chapter 46:Managing SonicWALL Gateway Anti-Virus Service. . . . . . . . . .279
Chapter 47:Managing SonicWALL Intrusion Prevention Service . . . . . . . . .285
Chapter 48:Managing SonicWALL Global Security Client . . . . . . . . . . . . . .291
Chapter 50:Specifying Log Categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . .301
Chapter 51:Configuring Log Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Appendix A:Using the SonicSetup Diagnostic and Recovery Tool . . . . . . . 313
Appendix B:Resetting the SonicWALL Security Appliance Using SafeMode321
Copyright Notice
Trademarks
Limited Warranty
About this Guide
9
Organization of this Guide
Part 1 Introduction
Part 2 System
Part 3 Network
Part 4 Modem (TZ 170 SP)
Part 9 Users
Part 10 Security Services
Part 11 Log
Guide Conventions
Icons Used in this Manual
S
9
SonicWALL Technical Support
North America Telephone Support
Current Documentation
http://www.sonicwall.com/services/documentation.html
Page
Page
Whats New in SonicOS Standard 3.0
SonicWALL Management Interface
Navigating the Management Interface
Status Bar
Applying Changes
Navigating Tables
Common Icons in the Management Interface
Getting Help
S
Logging Out
Page
Appliance Setup
SonicWALL Security Appliance Configuration Steps
Collecting Required ISP Information
Internet Service Provider (ISP) Information
If You Have a Cable Modem
S
9
Using the SonicWALL Setup Wizard
9
SonicWALL TZ 170 SP
Page
9
Configuring a DHCP Internet Connection
9
Configuring a PPPoE Internet Connection
Configuring PPTP Internet Connectivity
Page
Configuring the TZ 170 SP using the Setup Wizard
Configuring the TZ 50 Wireless/TZ 150 Wireless/170 Wireless using the Setup Wizard
Configuring the TZ 50 Wireless/TZ 150 Wireless/170 Wireless as an Office Gateway
Configuring the WAN Network Mode
Configuring WAN Settings
Configuring LAN Settings
Configuring LAN DHCP Settings
Configuring WLAN 802.11b/g Settings
Configuring WiFiSec - VPN Client User Authentication
Configuring the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless as a Secure Access Point
Configuring the LAN Settings
Configuring the LAN DHCP Settings
Configuring WiFiSec - VPN Client User Authentication
Configuring the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless as a Guest Internet Gateway
Configuring the WAN Network Mode
Configuring WAN Settings
Configuring Wireless Guest Services
Configuring the TZ 170 Wireless as a Secure Wireless Bridge
Configuring LAN Settings
Configuring LAN DHCP Settings
Configuring WLAN Network Setting
Configuring Secure Wireless Bridge Settings
Registering Your SonicWALL Security Appliance
S
Creating a mySonicWALL.com Account
Registering Your SonicWALL Security Appliance
Page
Page
Page
Information
System > Status
Wizards
System Messages
System Information
Security Services
Latest Alerts
System > Licenses
Node License Status
Currently Licensed Nodes
Node License Exclusion List
Security Services Summary
Manage Security Services Online
9
Manual Upgrade for Closed Environments
From a Computer Connected to the Internet
From the Management Interface of the SonicWALL Security Appliance
Page
System > Administration
Firewall Name
Name/Password
Administrator Name
Changing the Administrator Password
9
Enable Administrator/User Lockout
S
Web Management Settings
Changing the Default Size for SonicWALL Management Interface Tables
Advanced Management
Enable SNMP
Enable Management Using SonicWALL GMS
Page
System > Time
Set Time
Setting the SonicWALL Security Appliance Time
NTP Settings
System > Settings
Import Settings
Export Settings
Firmware Management
New Firmware
Page
Tech Support Report
S
Generating a Tech Support Report
Diagnostic Tools
Active Connections Monitor
Active Connections Monitor Settings
CPU Monitor
DNS Name Lookup
Find Network Path
Packet Trace
9
Ping
Process Monitor
Reverse Name Resolution
System > Restart
Page
Page
Network > Settings
Setup Wizard
Interfaces
Interface Options by SonicWALL Security Appliance
DNS Settings
Configuring the WAN Interface
Configuration Example
Configuring NAT Enabled
Configuring NAT with DHCP Client
Configuring NAT with PPPoE Client
Configuring NAT with L2TP Client
Configuring NAT with PPTP Client
Configuring Ethernet Settings in WAN Properties
9
S
Configuring the LAN Interface
Basic LAN Configuration
Configuring Multiple LAN Subnets
Configuring Ethernet Settings
Configuring the OPT Interface
Page
Configuring NAT Mode
Configuring the DMZ Interface
Page
Configuring NAT Mode
Configuring the Modem Interface (TZ 170 SP)
Modem Settings
Profiles
Failover
Advanced
Activating the Modem
Configuring WLAN Properties (TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless)
Page
Network > One-to-One NAT
S
9
One-to-One NAT Configuration Example
S
9
Page
Page
Network > Web Proxy
Configuring Automatic Web Proxy Forwarding
S
Bypass Proxy Servers Upon Proxy Failure
Forward OPT/DMZ/WLAN Client Requests to Proxy Server
Network > Intranet
Installation
S
Intranet Settings
9
Network > Routing
Static Routes
9
Static Route Configuration Example
9
Route Advertisement
Route Advertisement Configuration
Routing Table
Protocol Settings
Network > ARP
Static ARP Entries
Secondary Subnets with Static ARP
Adding a Secondary Subnet using the Static ARP Method
Page
Prohibit Dynamic ARP Entries
S
Navigating and Sorting the ARP Cache Table
Flushing the ARP Cache
Page
Network > DHCP Server
DHCP Server Settings
DHCP Server Lease Scopes
Configuring DHCP Server for Dynamic Ranges
Configuring Static DHCP Entries
9
Current DHCP Leases
Network > Dynamic DNS
Supported DDNS Providers
Additional Services offered by Dynamic DNS Providers
Configuring Dynamic DNS
Page
Dynamic DNS Settings Table
Page
Page
Page
Modem > Status
Modem Status
Modem > Settings
Configuring Profile and Modem Settings
9
Modem > Failover
S
Modem Failover Settings
S
Configuring Modem Failover
9
Modem > Advanced
Page
Properties
Modem > Dialup Profiles
9
Dial-Up Profiles
Configuring a Dialup Profile
Modem > Dialup Profiles > Modem Profile Configuration
Configuring a Dialup Profile
Page
S
Chat Scripts
Custom Chat Scripts
9
Page
Page
Wireless Wizard and Monitoring Your WLAN
Considerations for Using Wireless Connections
Optimal Wireless Performance Recommendations
Adjusting the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Antennas
Wireless Guest Services (WGS)
Wireless Node Count Enforcement
MAC Filter List
WiFiSec Enforcement
Using the Wireless Wizard
Welcome to the SonicWALL Wireless Configuration Wizard
S
WLAN 802.11b Settings
WLAN Security Settings
WiFiSec - VPN Client User Authentication
S
Wireless Guest Services
Wireless Configuration Summary
Updating the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless
Congratulations
Configuring Additional Wireless Features
Wireless > Status
WLAN Settings
Access Point Status
WLAN Statistics
Station Status
Page
Wireless > Settings
Wireless Radio Mode
Wireless Settings
Secure Wireless Bridging (TZ 170 Only)
Configuring a Secure Wireless Bridge
Network Settings for the Example Network
Wireless Bridging (without WiFiSec)
Configuring VPN Policies for the Access Point and Wireless Bridge
Access Point
Advanced Configuration for both VPN Policies
Wireless Bridge VPN Policy
Page
Encryption
Wireless > WEP/WPA Encryption
WEP Encryption Settings
WEP Encryption Keys
WPA Encryption Settings
WPA-PSK Settings
Preshared Key Settings (PSK)
WPA-EAP Settings
WPA Settings:
Extensible Authentication Protocol Settings (PSK)
Wireless > Advanced
Beaconing & SSID Controls
Wireless Client Communications
Advanced Radio Settings
Configurable Antenna Diversity (TZ 170 Wireless)
Page
Page
Wireless > MAC Filter List
Page
Wireless > IDS
Wireless Bridge IDS
Access Point IDS
Enable Client Null Probing
Association Flood Detection
Rogue Access Point Detection
S
Authorizing Access Points on Your Network
Page
Page
Page
Status
WGS > Status
Page
Wireless Guest Services
WGS > Settings
Bypass Guest Authentication
Bypass Filters for Guest Accounts
Enable Dynamic Address Translation (DAT)
Enable SMTP Redirect
Enable URL Allow List for Authenticated Users
9
Enable IP Address Deny List for Authenticated Users
9
Customize Login Page
Custom Post Authentication Redirect Page
Maximum Concurrent Guests
WGS Account Profiles
Page
Accounts
WGS > Accounts
Working with Guest Accounts
Automatically Generating Guest Accounts
Manually Configuring Wireless Guests
Account Detail Printing
Flexible Default Route
Secure Access Point with Virtual Adapter Support
Secure Access Point with Wireless Guest Services
Page
Page
Page
Rules
Network Access Rules Overview
S
Using Bandwidth Management with Access Rules
S
Firewall > Access Rules
9
Navigating and Sorting the Access Rules Table Entries
Restoring Default Network Access Rules
Adding Rules using the Network Access Rule Wizard
Configuring a Public Server Rule
Configuring a General Network Access Rule
Page
Adding Rules Using the Add Rule Window
Page
9
Rule Examples
Blocking LAN Access for Specific Services
Enabling Ping
Page
Options
Access Rules > Advanced
Windows Networking (NetBIOS) Broadcast Pass Through
Detection Prevention
Enable Stealth Mode
Randomize IP ID
Dynamic Ports
Source Routed Packets
Firewall > Services
User Defined (Custom) Services
Predefined Services
Firewall > VoIP
VoIP Protocols
H.323
SIP
Configuring the VoIP Settings
SIP Settings
H.323 Settings
Page
Connections
Firewall > Connections Monitor
Setting Filter Logic
Using Group Filters
Page
Page
SonicWALL VPN Options Overview
VPN > Settings
VPN Global Settings
VPN Policies
Navigating and Sorting the VPN Policies Entries
Currently Active VPN Tunnels
Configuring IKE Preshared Secret
S
Page
Page
Configuring GroupVPN with IKE 3rd Party Certificates
S
Page
Page
Page
Page
Export a GroupVPN Client Policy
S
Site to Site VPN Configurations
Site-to-Site VPN Deployments
VPN Planning Sheet for Site-to-Site VPN Policies
Site A
Workstation
SonicWALL
Router
Creating a Typical IKE Preshared Secret VPN Policy
Creating a Custom VPN Policy IKE with Preshared Secret
Creating a Manual Key VPN Policy with the VPN Policy Wizard
S
Configuring IKE 3rd Party Certificates with the VPN Policy Wizard
S
Creating Site-to-Site VPN Policies Using the VPN Policy Window
9
Configuring a VPN Policy IKE with Preshared Secret
9
Page
Page
Configuring a VPN Policy using Manual Key
S
Configuring a VPN Policy with IKE 3rd Party Certificate
S
Page
Page
Page
VPN > Advanced
Advanced VPN Settings
VPN User Authentication Settings
VPN Bandwidth Management
9
Page
VPN > DHCP over VPN
DHCP Relay Mode
Configuring the Central Gateway for DHCP Over VPN
Configuring DHCP over VPN Remote Gateway
S
Device Configuration
S
9
Current DHCP over VPN Leases
VPN > L2TP Server
L2TP Server Settings
IP Address Settings
Adding L2TP Clients to the SonicWALL
Currently Active L2TP Sessions
Page
Digital Certificates Overview
SonicWALL Third-Party Digital Certificate Support
VPN > Local Certificates
9
Importing Certificate with Private Key
Certificate Details
Delete This Certificate
Generating a Certificate Signing Request
VPN > CA Certificates
Importing CA Certificates into the SonicWALL
Certificate Details
Delete This Certificate
Certificate Revocation List (CRL)
Importing a CRL List
Automatic CRL Update
Page
Page
Page
Configuring User Authentication
User Level Authentication Overview
Users > Status
Active User Sessions
Users > Settings
Authentication Method
Global User Settings
Internet Authentication Exclusions
Acceptable Use Policy
9
Configuring RADIUS Authentication
Page
Page
Page
Users > Local Users
Adding a Local User
Page
Page
Services
SonicWALL Security Services
9
mySonicWALL.com
Activating Free Trials
Security Services > Summary
Security Services Summary
Manage Licenses
If Your SonicWALL Security Appliance is Not Registered
Security Services Settings
Filtering Service
SonicWALL Content Filtering Service
Security Services > Content Filter
Content Filter Status
Activating SonicWALL Content Filtering Service
Activating a SonicWALL Content Filtering Service FREE TRIAL
Content Filter Type
Restrict Web Features
Trusted Domains
Message to Display when Blocking
Configuring SonicWALL Filter Properties
S
Keyword Blocking
Disable all Web traffic except for Allowed Domains
Consent
Mandatory Filtered IP Addresses
Consent Page URL (mandatory filtering)
Adding a New Address
Page
Anti-Virus and E-Mail Filter Services
SonicWALL Network Anti-Virus Overview
Security Services > Anti-Virus
Activating SonicWALL Network Anti-Virus
Activating a SonicWALL Network Anti-Virus FREE TRIAL
Security Services > E-Mail Filter
Configuring SonicWALL Network Anti-Virus
Gateway Anti-Virus Service
SonicWALL Gateway Anti-Virus Overview
SonicWALL Gateway Anti-Virus/Intrusion Prevention Features
Activating SonicWALL Gateway Anti-Virus
Activating SonicWALL Gateway Anti-Virus
Activating the SonicWALL Gateway Anti-Virus FREE TRIAL
Configuring SonicWALL Gateway Anti-Virus
Page
Intrusion Prevention Service
SonicWALL Intrusion Prevention Service
SonicWALL IPS Features
SonicWALL Deep Packet Inspection
How SonicWALLs Deep Packet Inspection Architecture Works
Security Services > Intrusion Prevention
Activating SonicWALL IPS
Activating the SonicWALL IPS FREE TRIAL
Page
Global Security Client
SonicWALL Global Security Client
Global Security Client Features
How SonicWALL Global Security Client Works
SonicWALL Global Security Client Activation
Activating SonicWALL Global Security Client
Page
Page
Page
SonicOS Log Event Messages Overview
Log > View
Navigating and Sorting Log View Table Entries
SonicOS Log Entries
9
Refresh
Clear Log
E-mail Log
Page
Log > Categories
Log Categories
Alerts & SNMP Traps
Log > Automation
E-mail
Syslog Servers
Page
Page
Log > Name Resolution
Selecting Name Resolution Settings
Specifying the DNS Server
Log Reports
Log > Reports
Data Collection
View Data
Web Site Hits
Bandwidth Usage by IP Address
Bandwidth Usage by Service
Log > ViewPoint
Page
A
PPENDIX
A
and Recovery Tool
SonicSetup
Introduction and Discovery
Device Selection
Diagnostics
Diagnostic Results
SonicROM Recovery
SonicOS Recovery
Restoring Factory Defaults
Address Synchronization
Page
A
PPENDIX
B
Appliance Using SafeMode
SonicWALL SafeMode
Page
Upgrading SonicOS Firmware