Manuals / SonicWALL / Household Appliance / Home Security System

SonicWALL 3 manual Prohibit Dynamic ARP Entries

Models: 3

1 348

Download 348 pages 8.9 Kb

Page 115

CHAPTER 14: Configuring Address Resolution Protocol Settings

Navigate to the Network > Routing page, and add a static route for the 192.168.50.0/24 network as follows:

The entry will appear in the table as follows:

To allow the traffic to reach the 192.168.50.0/24 subnet, and to allow the 192.168.50.0/24 subnet to reach the hosts on the LAN, navigate to the Firewall > Access Rules page, and add the following Access Rule:

Prohibit Dynamic ARP Entries

SonicOS Standard provides the ability to prohibit dynamic ARP entries on a per-interface basis. Enabling this feature on an interface will prevent that interface from dynamically adding ARP entries. This is offered as a security mechanism to statically and strictly define the MAC addresses of hosts that will be permitted to operate on a particular interface.

SAlert: Misuse or misconfiguration of this feature can render the SonicWALL inaccessible and recoverable only by restoring factory defaults. Be certain to understand the behavior of this feature, and to have properly configured static ARP entries for allowed hosts prior to applying any 'prohibit dynamic ARP entry' settings.

A typical use for this feature would be prohibiting dynamic ARP on the WAN interface, after adding a static ARP entry for the upstream router. This will help to ensure that the router will be the only host allowed on the WAN interface.

96	SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE

Image 115

SonicWALL 3 manual Prohibit Dynamic ARP Entries

Contents

SonicOS Standard Administrators Guide Table of Contents Part 2 System Part 3 Network Part 4 Modem Part 5 Wireless Part 8 VPN Vii Configuring Site to Site VPN Policies Using Viii Part 9 Users Part 11 Log Index Copyright Notice PrefaceTrademarks Xii Limited WarrantyPage Organization of this Guide About this Guide Part 10 Security ServicesPart 9 Users Part 11 Log Icons Used in this Manual Guide Conventions International Telephone Support More Information on SonicWALL Products and ServicesSonicWALL Technical Support North America Telephone Support Xviii Current Documentation Introduction Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide What’s New in SonicOS Standard Introduction SonicWALL Management Interface SonicWALL Management Interface Navigating the Management Interface Applying Changes Status BarNavigating Tables Getting Help Common Icons in the Management InterfaceLogging Out Introduction Collecting Required ISP Information Basic SonicWALL Security Appliance SetupSonicWALL Security Appliance Configuration Steps Internet Service Provider ISP Information SonicWALL Management Interface Other InformationIf You Have DSL If You Have a Static IP Address SonicWALL TZ 170 SP Using the SonicWALL Setup Wizard Configuring a Static IP Address Internet Connection SonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Using the SonicWALL Setup Wizard Configuring a PPPoE Internet Connection Configuring a Dhcp Internet Connection Configuring Pptp Internet Connectivity Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring the TZ 170 SP using the Setup Wizard Selecting the Deployment Scenario Welcome to the SonicWALL Setup WizardChanging the Password Configuring the WAN Network Mode Configuring Wlan 802.11b/g Settings Configuring WAN SettingsConfiguring LAN Settings Configuring LAN Dhcp Settings Configuring the LAN Dhcp Settings Configuring the LAN SettingsConfiguring Wlan 802.11b Settings Configuring the WAN Network Mode Configuring the TZ 170 Wireless as a Secure Wireless Bridge Configuring Secure Wireless Bridge Settings Configuring Wlan Network Setting Before You Register Registering Your SonicWALL Security Appliance Registering Your SonicWALL Security Appliance Registering Your SonicWALL Security Appliance Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Status Viewing System Status InformationSystem Status System Messages WizardsSystem Information Latest Alerts Security Services SonicWALL Security Appliance Model Interfaces SonicWALL TZ SonicWALL TZ 50 WirelessSonicWALL TZ 150 Wireless Network Interfaces System Licenses System LicensesSystem Licenses Currently Licensed Nodes Node License StatusNode License Exclusion List Security Services Summary Manual Upgrade for Closed Environments Manage Security Services Online Manual Upgrade From a Computer Connected to the Internet System Licenses System Administration Using System AdministrationSystem Administration Login Security Name/PasswordFirewall Name Web Management Settings Click OK Enable SnmpAdvanced Management Four addresses or host names can be used Enable Management Using SonicWALL GMS Using System Administration System Time Setting System TimeSystem Time Set Time Setting the SonicWALL Security Appliance Time NTP Settings Import Settings Configuring System SettingsSystem Settings Settings New Firmware Export SettingsClick Export Settings Firmware Management Firmware Management Settings SafeMode Rebooting the SonicWALL Security ApplianceSystem Information Firmware Management System Diagnostics System Diagnostics Generating a Tech Support Report Tech Support Report Active Connections Monitor Settings Diagnostic ToolsActive Connections Monitor DNS Name Lookup CPU Monitor Packet Trace Find Network Path Select Packet Trace from the Diagnostic tool menu Ping Reverse Name ResolutionProcess Monitor System Restart Network Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Network Settings Configuring Network SettingsNetwork Settings Interfaces Setup Wizard Interface Options by SonicWALL Security Appliance DNS Settings Configuring Transparent Mode Configuring the WAN Interface Configuring the WAN Interface Configuration Example Configuring NAT with Dhcp Client Configuring NAT Enabled Configuring NAT with L2TP Client Configuring NAT with PPPoE Client Configuring Ethernet Settings in WAN Properties Configuring NAT with Pptp Client Configuring the WAN Interface Basic LAN Configuration Configuring the LAN InterfaceConfiguring Multiple LAN Subnets Configuring Ethernet Settings Configuring the OPT InterfaceConfiguring the OPT Interface Configuring Transparent Mode Select OPT in NAT Mode Configuring the DMZ InterfaceConfiguring NAT Mode Configuring the DMZ Interface Configuring Transparent Mode Configuring the Modem Interface TZ 170 SP Configuring the Modem Interface TZ 170 SPSelect DMZ in NAT Mode Profiles Modem Settings Failover Select Enable WAN Failover Activating the Modem Advanced Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Network One-to-One NAT Configuring One-to-One NATSelect the Enable One-to-One NAT check box Network One-to-One NAT Select Enable One-to-One NAT One-to-One NAT Configuration ExampleClick Firewall, then Access Rules Allow Service Http Source WAN Configuring One-to-One NAT Network Web Proxy Configuring Web Proxy SettingsNetwork Web Proxy Bypass Proxy Servers Upon Proxy Failure Configuring Automatic Web Proxy ForwardingForward OPT/DMZ/WLAN Client Requests to Proxy Server Network Intranet Configuring Intranet SettingsNetwork Intranet Specified address ranges are attached to the WAN link InstallationIntranet Settings Specified address ranges are attached to the LAN link Network Routing Configuring Static RoutesNetwork Routing SonicWALL LAN IP Address Static Route Configuration ExampleStatic Routes Key terms Route Advertisement Route Advertisement Configuration Routing Table Network ARP Configuring Address Resolution Protocol SettingsNetwork ARP Static ARP Entries Adding a Secondary Subnet using the Static ARP MethodSecondary Subnets with Static ARP Network ARP Prohibit Dynamic ARP Entries Flushing the ARP Cache Navigating and Sorting the ARP Cache Table Configuring Address Resolution Protocol Settings Network Dhcp Server Configuring the Dhcp ServerDhcp Server Settings Network Dhcp Server Dhcp Server Lease Scopes Configuring Dhcp Server for Dynamic Ranges 101 Configuring Static Dhcp Entries Current Dhcp Leases Network Dynamic DNS Configuring Dynamic DNSNetwork Dynamic DNS Supported Ddns Providers Additional Services offered by Dynamic DNS Providers 105 Configuring Dynamic DNS 106 107 Dynamic DNS Settings Table 108 109 Modem 110 111 Viewing Modem StatusModem Status Modem Status Modem Status 113 Configuring Modem SettingsModem Settings Modem Settings Configuring Profile and Modem Settings Modem Failover Configuring Modem FailoverModem Failover Settings Modem Failover Configuring Modem Failover Modem Advanced Modem Advanced117 Configuring Advanced Modem Settings Modem Dialup Profiles Configuring Modem Dialup PropertiesModem Dialup Profiles Dial-Up Profiles Configuring a Dialup Profile Modem Dialup Profiles Modem Profile Configuration 121 Modem Dialup Profiles Modem Profile Configuration 122 123 Chat Scripts Custom Chat Scripts 125 Wireless 126 127 LAN WAN Considerations for Using Wireless Connections 129 Optimal Wireless Performance RecommendationsWireless Guest Services WGS Optimal Wireless Performance Recommendations WiFiSec Enforcement Wireless Node Count EnforcementMAC Filter List Using the Wireless Wizard Using the Wireless WizardWelcome to the SonicWALL Wireless Configuration Wizard Wlan Network Settings Wlan Security Settings Wlan 802.11b Settings Wireless Guest Services WiFiSec VPN Client User Authentication133 Updating the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Wireless Configuration Summary 135 Wireless StatusConfiguring Additional Wireless Features Wireless Status Access Point Status Wlan Settings Station Status Wlan Statistics137 138 Wireless Settings Configuring Wireless SettingsWireless Settings Wireless Radio Mode Wireless Settings 141 Secure Wireless Bridging TZ 170 Only Configuring a Secure Wireless Bridge Wireless Bridging without WiFiSec Network Settings for the Example Network143 Select LAN for VPN Terminated at Advanced Configuration for both VPN Policies 145 Wireless Bridge VPN Policy 146 147 Configuring WEP and WPA EncryptionWireless WEP/WPA Encryption Wireless WEP/WPA Encryption WPA Encryption Settings WEP Encryption SettingsWEP Encryption Keys WPA-EAP Settings WPA-PSK Settings149 WPA Settings 151 Wireless AdvancedWireless Advanced Beaconing & Ssid Controls Advanced Radio Settings Wireless Client CommunicationsConfigurable Antenna Diversity TZ 170 Wireless 153 154 155 Configuring the MAC Filter ListWireless MAC Filter List Wireless MAC Filter List 156 Wireless IDS Configuring Wireless IDSWireless IDS Wireless Bridge IDS Association Flood Detection Access Point IDSEnable Client Null Probing Rogue Access Point Detection 159 Authorizing Access Points on Your Network 160 161 Wireless Guest Services 162 WGS Status WGS Status163 Viewing Wireless Guest Services Status 165 Configuring Wireless Guest ServicesWGS Settings WGS Settings Enable Dynamic Address Translation DAT Bypass Guest AuthenticationBypass Filters for Guest Accounts 167 Enable Smtp RedirectEnable URL Allow List for Authenticated Users Enable IP Address Deny List for Authenticated Users Check the Customize Login Page box Customize Login To add a profile Custom Post Authentication RedirectMaximum Concurrent Guests WGS Account Profiles Account Lifetime WGS Accounts Managing Wireless Guest AccountsWGS Accounts Working with Guest Accounts Automatically Generating Guest Accounts 173 Manually Configuring Wireless GuestsAccount Detail Printing Account Profile Secure Access Point with Virtual Adapter Support Flexible Default Route 175 Secure Access Point with Wireless Guest Services 176 177 Firewall 178 179 Configuring Network Access RulesNetwork Access Rules Overview Network Access Rules Overview Firewall Access Rules Using Bandwidth Management with Access Rules Navigating and Sorting the Access Rules Table Entries Restoring Default Network Access RulesAdding Rules using the Network Access Rule Wizard Configuring a Public Server Rule Configuring a General Network Access Rule 183 Adding Rules Using the Add Rule Window 185 Configuring Network Access Rules Click the Bandwidth tab Select WAN from the Destination Ethernet menu Blocking LAN Access for Specific ServicesRule Examples Enabling Ping 188 Access Rules Advanced Configuring Advanced Rule OptionsAccess Rules Advanced Windows Networking NetBIOS Broadcast Pass Through Source Routed Packets TCP Connection Inactivity TimeoutAccess Rule Service Options Detection Prevention Firewall Services Configuring Custom ServicesFirewall Services User Defined Custom Services Predefined Services Firewall VoIP Configuring VoIPFirewall VoIP VoIP Protocols SIP 323 195 Configuring the VoIP SettingsSIP Settings Settings 196 197 Monitoring Active Firewall ConnectionsFirewall Connections Monitor Firewall Connections Monitor Source IP Priority && Category && Source && Destination Setting Filter LogicUsing Group Filters Click Apply Filters 199 VPN 200 201 Configuring VPN SettingsSonicWALL VPN Options Overview SonicWALL VPN Options Overview VPN Global Settings VPN SettingsVPN Policies Navigating and Sorting the VPN Policies Entries Configuring GroupVPN Policy on the SonicWALLConfiguring GroupVPN Policy on the SonicWALL Currently Active VPN Tunnels Configuring IKE Preshared Secret 205 206 207 Configuring GroupVPN with IKE 3rd Party Certificates 209 210 211 212 Site-to-Site VPN Deployments Site to Site VPN ConfigurationsSite to Site VPN Configurations Export a GroupVPN Client Policy Additional Information VPN Planning Sheet for Site-to-Site VPN PoliciesSite a Router 215 Creating a Typical IKE Preshared Secret VPN Policy 217 Creating a Custom VPN Policy IKE with Preshared Secret Creating a Manual Key VPN Policy with the VPN Policy Wizard 219 220 Tip The Shared Secret must be a minimum of four characters Configuring a VPN Policy IKE with Preshared Secret221 222 223 Select Manual Key from the IPSec Keying Mode menu Configuring a VPN Policy using Manual Key General tab, select IKE using 3rd Party Certificates Configuring a VPN Policy with IKE 3rd Party Certificate225 226 227 228 VPN Advanced Configuring Advanced VPN SettingsAdvanced VPN Settings VPN Advanced VPN User Authentication Settings VPN Bandwidth Management Select Enable VPN Bandwidth Management231 Configuring Advanced VPN Settings VPN Dhcp over VPN Configuring Dhcp Over VPNDhcp Relay Mode VPN Dhcp over VPN Configuring the Central Gateway for Dhcp Over VPN 235 Configuring Dhcp over VPN Remote Gateway Click OK to exit the Dhcp over VPN Configuration window Device ConfigurationCurrent Dhcp over VPN Leases 237 Configuring L2TP Server SettingsVPN L2TP Server VPN L2TP Server IP Address Settings L2TP Server SettingsAdding L2TP Clients to the SonicWALL 239 Currently Active L2TP Sessions Configuring L2TP Server Settings Digital Certificates Overview Managing CertificatesDigital Certificates Overview SonicWALL Third-Party Digital Certificate Support Importing Certificate with Private Key VPN Local CertificatesCertificate Details Select Add New Local Certificate from the Certificates menu Generating a Certificate Signing RequestDelete This Certificate VPN Local Certificates Importing CA Certificates into the SonicWALL VPN CA CertificatesSelect Add New CA Certificate Click Browse for Please select a file to import Automatic CRL UpdateCertificate Revocation List CRL Importing a CRL List 246 247 Users 248 249 User Level Authentication OverviewUser Level Authentication Overview Users Status Authentication Method Users SettingsActive User Sessions 251 Global User SettingsInternet Authentication Exclusions Users Settings Acceptable Use Policy Select Use Radius for user authentication Configuring Radius Authentication253 254 255 256 257 Configuring Local UsersUsers Local Users Users Local Users Adding a Local User 259 Security Services 260 SonicWALL Security Services SonicWALL Security Services Activating Free Trials MySonicWALL.com 263 Security Services SummarySecurity Services Summary Manage Licenses Security Services Summary Security Services Information Security Services SettingsIf Your SonicWALL Security Appliance is Not Registered SonicWALL Content Filtering Service SonicWALL Content Filtering Service265 Content Filter Status Security Services Content FilterActivating SonicWALL Content Filtering Service Security Services Content Filter Activating a SonicWALL Content Filtering Service267 Restrict Web Features Content Filter Type Trusted Domains Configuring SonicWALL Filter PropertiesMessage to Display when Blocking Configuring SonicWALL Filter Properties Allowed/Forbidden Domains Custom ListKeyword Blocking 271 Disable all Web traffic except for Allowed Domains Consent 273 Mandatory Filtered IP AddressesConsent Page URL mandatory filtering Adding a New Address 274 SonicWALL Network Anti-Virus Overview SonicWALL Network Anti-Virus Overview275 Activating SonicWALL Network Anti-Virus Security Services Anti-Virus Activating a SonicWALL Network Anti-Virus Free Trial Security Services Anti-Virus277 Configuring SonicWALL Network Anti-Virus Security Services E-Mail Filter 279 Managing SonicWALL Gateway Anti-Virus ServiceSonicWALL Gateway Anti-Virus Overview SonicWALL Gateway Anti-Virus Overview SonicWALL Gateway Anti-Virus/Intrusion Prevention Features 281 Activating SonicWALL Gateway Anti-Virus Activating the SonicWALL Gateway Anti-Virus Activating SonicWALL Gateway Anti-Virus Configuring SonicWALL Gateway Anti-Virus Configuring SonicWALL Gateway Anti-Virus283 284 SonicWALL Intrusion Prevention Service Managing SonicWALL Intrusion Prevention ServiceSonicWALL Intrusion Prevention Service SonicWALL IPS Features SonicWALL Deep Packet Inspection 287 How SonicWALL’s Deep Packet Inspection Architecture Works Activating SonicWALL IPS Security Services Intrusion Prevention Activating the SonicWALL IPS Free Trial Security Services Intrusion Prevention289 290 291 Managing SonicWALL Global Security ClientSonicWALL Global Security Client SonicWALL Global Security Client How SonicWALL Global Security Client Works Global Security Client FeaturesSonicWALL Global Security Client Activation 293 Activating SonicWALL Global Security Client 294 295 Log 296 297 Viewing Log EventsSonicOS Log Event Messages Overview SonicOS Log Event Messages Overview Navigating and Sorting Log View Table Entries Log View Mail Log SonicOS Log EntriesRefresh Clear Log 300 Log Categories Specifying Log CategoriesLog Categories Alerts & Snmp Traps 303 Configuring Log AutomationLog Automation Log Automation Syslog Servers Mail 305 306 307 Configuring Name ResolutionLog Name Resolution Log Name Resolution Name Resolution Method list, select Selecting Name Resolution SettingsSpecifying the DNS Server Data Collection Reset DataGenerating and Viewing Log Reports Log Reports Bandwidth Usage by IP Address Bandwidth Usage by ServiceView Data Web Site Hits 311 Log ViewPointSonicWALL ViewPoint Log ViewPoint Generating and Viewing Log Reports SonicSetup SonicSetup313 Device Selection Introduction and Discovery Diagnostics Diagnostics315 Diagnostic Results SonicROM Recovery SonicOS Recovery SonicOS Recovery317 Restoring Factory Defaults Address Synchronization Address Synchronization319 320 SonicWALL SafeMode SonicWALL SafeMode321 322 Upgrading SonicOS Firmware Upgrading SonicOS Firmware323 324 Numerics Index 326 327 VPN WPA, see WiFiSec Protected Access 232- 000609- 00 Rev E 02/05