Manuals / SonicWALL / Household Appliance / Home Security System

SonicWALL 3 manual 220

Models: 3

1 348

Download 348 pages 8.9 Kb

Page 239

CHAPTER 36: Configuring VPN Settings

Select an encryption method from the Encryption list for the VPN tunnel. If network speed is preferred, then select DES. If network security is preferred, select 3DES. To compromise between network speed and network security, select DES.

Select an authentication method from the Authentication list. SHA1 is preferred for network security.

Leave the default value of 28800 (8 hours) as the Life Time (seconds) for the VPN Policy. Click Next.

8ESP is selected by default from the Protocol menu. ESP is more secure than AH, but AH requires less processing overhead.

3DES is selected by default from the Encryption menu. Enter a 48-character hexadecimal key if you are using 3DES encryption.Enter a 16-character hexadecimal key in the Encryption Key field if you are using DES or ARCFour encryption. This encryption key must match the remote SonicWALL's encryption key.

The default 48-character key is a unique key generated every time a VPN Policy is created.

AH is selected by default from the Authentication Key field. When a new SA is created, a 32- character key is automatically generated in the Authentication Key field. This key can be used as a valid key. If this key is used, it must also be entered in the Authentication Key field in the remote SonicWALL. If authentication is not used, this field is ignored.

Click Next.

9To enable the VPN policy immediately, click Apply. If you prefer to disable the policy initially, select Create this Policy Disabled, and then click Apply.

Creating Site-to-Site VPN Policies Using the VPN Policy Window

You can create or modify existing VPN policies using the VPN Policy window. Clicking the Add button under the VPN Policies table displays the VPN Policy window for configuring the following IPSec Keying mode VPN policies:

•IKE using Preshared Key

•Manual Key

•IKE using 3rd Party Certificates

9Tip: You can create these policies using the VPN Policy Wizard.

220	SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE

Image 239

SonicWALL 3 manual 220

Contents

SonicOS Standard Administrators Guide Table of Contents Part 2 System Part 3 Network Part 4 Modem Part 5 Wireless Part 8 VPN Vii Configuring Site to Site VPN Policies UsingViii Part 9 UsersPart 11 Log Index Trademarks PrefaceCopyright Notice Xii Limited WarrantyPage Organization of this Guide About this Guide Part 10 Security ServicesPart 9 Users Part 11 LogIcons Used in this Manual Guide ConventionsInternational Telephone Support More Information on SonicWALL Products and ServicesSonicWALL Technical Support North America Telephone SupportXviii Current DocumentationIntroduction Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide What’s New in SonicOS Standard IntroductionSonicWALL Management Interface SonicWALL Management Interface Navigating the Management InterfaceNavigating Tables Status BarApplying Changes Logging Out Common Icons in the Management InterfaceGetting Help Introduction Collecting Required ISP Information Basic SonicWALL Security Appliance SetupSonicWALL Security Appliance Configuration Steps Internet Service Provider ISP InformationSonicWALL Management Interface Other InformationIf You Have DSL If You Have a Static IP AddressSonicWALL TZ 170 SP Using the SonicWALL Setup WizardConfiguring a Static IP Address Internet Connection SonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 WirelessUsing the SonicWALL Setup Wizard Configuring a PPPoE Internet Connection Configuring a Dhcp Internet ConnectionConfiguring Pptp Internet Connectivity Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring the TZ 170 SP using the Setup Wizard Selecting the Deployment Scenario Welcome to the SonicWALL Setup WizardChanging the Password Configuring the WAN Network ModeConfiguring Wlan 802.11b/g Settings Configuring WAN SettingsConfiguring LAN Settings Configuring LAN Dhcp SettingsConfiguring Wlan 802.11b Settings Configuring the LAN SettingsConfiguring the LAN Dhcp Settings Configuring the WAN Network Mode Configuring the TZ 170 Wireless as a Secure Wireless Bridge Configuring Secure Wireless Bridge Settings Configuring Wlan Network SettingBefore You Register Registering Your SonicWALL Security ApplianceRegistering Your SonicWALL Security Appliance Registering Your SonicWALL Security ApplianceSonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Status Viewing System Status InformationSystem Status System Information WizardsSystem Messages Latest Alerts Security ServicesSonicWALL Security Appliance Model Interfaces SonicWALL TZ SonicWALL TZ 50 WirelessSonicWALL TZ 150 Wireless Network InterfacesSystem Licenses System LicensesSystem Licenses Node License Exclusion List Node License StatusCurrently Licensed Nodes Security Services Summary Manual Upgrade for Closed Environments Manage Security Services Online Manual UpgradeFrom a Computer Connected to the Internet System Licenses System Administration Using System AdministrationSystem Administration Firewall Name Name/PasswordLogin Security Web Management Settings Click OK Enable SnmpAdvanced Management Four addresses or host names can be usedEnable Management Using SonicWALL GMS Using System Administration System Time Setting System TimeSystem Time Set TimeSetting the SonicWALL Security Appliance Time NTP SettingsImport Settings Configuring System SettingsSystem Settings SettingsNew Firmware Export SettingsClick Export Settings Firmware ManagementSystem Information SafeMode Rebooting the SonicWALL Security ApplianceFirmware Management Settings Firmware Management System Diagnostics System DiagnosticsGenerating a Tech Support Report Tech Support ReportActive Connections Monitor Diagnostic ToolsActive Connections Monitor Settings DNS Name Lookup CPU MonitorPacket Trace Find Network PathSelect Packet Trace from the Diagnostic tool menu Process Monitor Reverse Name ResolutionPing System Restart Network Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Network Settings Configuring Network SettingsNetwork Settings Interfaces Setup WizardInterface Options by SonicWALL Security Appliance DNS SettingsConfiguring Transparent Mode Configuring the WAN InterfaceConfiguring the WAN Interface Configuration ExampleConfiguring NAT with Dhcp Client Configuring NAT EnabledConfiguring NAT with L2TP Client Configuring NAT with PPPoE ClientConfiguring Ethernet Settings in WAN Properties Configuring NAT with Pptp ClientConfiguring the WAN Interface Configuring Multiple LAN Subnets Configuring the LAN InterfaceBasic LAN Configuration Configuring the OPT Interface Configuring the OPT InterfaceConfiguring Ethernet Settings Configuring Transparent Mode Select OPT in NAT Mode Configuring the DMZ InterfaceConfiguring NAT Mode Configuring the DMZ InterfaceConfiguring Transparent Mode Select DMZ in NAT Mode Configuring the Modem Interface TZ 170 SPConfiguring the Modem Interface TZ 170 SP Profiles Modem SettingsFailover Select Enable WAN FailoverActivating the Modem AdvancedSonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Network One-to-One NAT Configuring One-to-One NATSelect the Enable One-to-One NAT check box Network One-to-One NATClick Firewall, then Access Rules One-to-One NAT Configuration ExampleSelect Enable One-to-One NAT Allow Service Http Source WAN Configuring One-to-One NAT Network Web Proxy Configuring Web Proxy SettingsNetwork Web Proxy Forward OPT/DMZ/WLAN Client Requests to Proxy Server Configuring Automatic Web Proxy ForwardingBypass Proxy Servers Upon Proxy Failure Network Intranet Configuring Intranet SettingsNetwork Intranet Specified address ranges are attached to the WAN link InstallationIntranet Settings Specified address ranges are attached to the LAN linkNetwork Routing Configuring Static RoutesNetwork Routing SonicWALL LAN IP Address Static Route Configuration ExampleStatic Routes Key termsRoute Advertisement Route Advertisement ConfigurationRouting Table Network ARP Configuring Address Resolution Protocol SettingsNetwork ARP Secondary Subnets with Static ARP Adding a Secondary Subnet using the Static ARP MethodStatic ARP Entries Network ARP Prohibit Dynamic ARP Entries Flushing the ARP Cache Navigating and Sorting the ARP Cache TableConfiguring Address Resolution Protocol Settings Network Dhcp Server Configuring the Dhcp ServerDhcp Server Settings Network Dhcp ServerDhcp Server Lease Scopes Configuring Dhcp Server for Dynamic Ranges101 Configuring Static Dhcp EntriesCurrent Dhcp Leases Network Dynamic DNS Configuring Dynamic DNSNetwork Dynamic DNS Supported Ddns ProvidersAdditional Services offered by Dynamic DNS Providers 105 Configuring Dynamic DNS106 107 Dynamic DNS Settings Table108 109 Modem110 111 Viewing Modem StatusModem Status Modem StatusModem Status 113 Configuring Modem SettingsModem Settings Modem SettingsConfiguring Profile and Modem Settings Modem Failover Configuring Modem FailoverModem Failover Settings Modem FailoverConfiguring Modem Failover 117 Modem AdvancedModem Advanced Configuring Advanced Modem Settings Modem Dialup Profiles Configuring Modem Dialup PropertiesModem Dialup Profiles Dial-Up ProfilesConfiguring a Dialup Profile Modem Dialup Profiles Modem Profile Configuration121 Modem Dialup Profiles Modem Profile Configuration122 123 Chat ScriptsCustom Chat Scripts 125 Wireless126 127 LAN WANConsiderations for Using Wireless Connections 129 Optimal Wireless Performance RecommendationsWireless Guest Services WGS Optimal Wireless Performance RecommendationsMAC Filter List Wireless Node Count EnforcementWiFiSec Enforcement Using the Wireless Wizard Using the Wireless WizardWelcome to the SonicWALL Wireless Configuration Wizard Wlan Network SettingsWlan Security Settings Wlan 802.11b Settings133 WiFiSec VPN Client User AuthenticationWireless Guest Services Updating the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Wireless Configuration Summary135 Wireless StatusConfiguring Additional Wireless Features Wireless StatusAccess Point Status Wlan Settings137 Wlan StatisticsStation Status 138 Wireless Settings Configuring Wireless SettingsWireless Settings Wireless Radio ModeWireless Settings 141 Secure Wireless Bridging TZ 170 OnlyConfiguring a Secure Wireless Bridge 143 Network Settings for the Example NetworkWireless Bridging without WiFiSec Select LAN for VPN Terminated at Advanced Configuration for both VPN Policies145 Wireless Bridge VPN Policy146 147 Configuring WEP and WPA EncryptionWireless WEP/WPA Encryption Wireless WEP/WPA EncryptionWEP Encryption Keys WEP Encryption SettingsWPA Encryption Settings 149 WPA-PSK SettingsWPA-EAP Settings WPA Settings 151 Wireless AdvancedWireless Advanced Beaconing & Ssid ControlsConfigurable Antenna Diversity TZ 170 Wireless Wireless Client CommunicationsAdvanced Radio Settings 153 154 155 Configuring the MAC Filter ListWireless MAC Filter List Wireless MAC Filter List156 Wireless IDS Configuring Wireless IDSWireless IDS Wireless Bridge IDSAssociation Flood Detection Access Point IDSEnable Client Null Probing Rogue Access Point Detection159 Authorizing Access Points on Your Network160 161 Wireless Guest Services162 163 WGS StatusWGS Status Viewing Wireless Guest Services Status 165 Configuring Wireless Guest ServicesWGS Settings WGS SettingsBypass Filters for Guest Accounts Bypass Guest AuthenticationEnable Dynamic Address Translation DAT 167 Enable Smtp RedirectEnable URL Allow List for Authenticated Users Enable IP Address Deny List for Authenticated UsersCheck the Customize Login Page box Customize LoginTo add a profile Custom Post Authentication RedirectMaximum Concurrent Guests WGS Account ProfilesAccount Lifetime WGS Accounts Managing Wireless Guest AccountsWGS Accounts Working with Guest AccountsAutomatically Generating Guest Accounts 173 Manually Configuring Wireless GuestsAccount Detail Printing Account ProfileSecure Access Point with Virtual Adapter Support Flexible Default Route175 Secure Access Point with Wireless Guest Services176 177 Firewall178 179 Configuring Network Access RulesNetwork Access Rules Overview Network Access Rules OverviewFirewall Access Rules Using Bandwidth Management with Access RulesNavigating and Sorting the Access Rules Table Entries Restoring Default Network Access RulesAdding Rules using the Network Access Rule Wizard Configuring a Public Server RuleConfiguring a General Network Access Rule 183 Adding Rules Using the Add Rule Window 185 Configuring Network Access Rules Click the Bandwidth tab Select WAN from the Destination Ethernet menu Blocking LAN Access for Specific ServicesRule Examples Enabling Ping188 Access Rules Advanced Configuring Advanced Rule OptionsAccess Rules Advanced Windows Networking NetBIOS Broadcast Pass ThroughSource Routed Packets TCP Connection Inactivity TimeoutAccess Rule Service Options Detection PreventionFirewall Services Configuring Custom ServicesFirewall Services User Defined Custom ServicesPredefined Services Firewall VoIP Configuring VoIPFirewall VoIP VoIP ProtocolsSIP 323195 Configuring the VoIP SettingsSIP Settings Settings196 197 Monitoring Active Firewall ConnectionsFirewall Connections Monitor Firewall Connections MonitorSource IP Priority && Category && Source && Destination Setting Filter LogicUsing Group Filters Click Apply Filters199 VPN200 201 Configuring VPN SettingsSonicWALL VPN Options Overview SonicWALL VPN Options OverviewVPN Policies VPN SettingsVPN Global Settings Navigating and Sorting the VPN Policies Entries Configuring GroupVPN Policy on the SonicWALLConfiguring GroupVPN Policy on the SonicWALL Currently Active VPN TunnelsConfiguring IKE Preshared Secret 205 206 207 Configuring GroupVPN with IKE 3rd Party Certificates 209 210 211 212 Site-to-Site VPN Deployments Site to Site VPN ConfigurationsSite to Site VPN Configurations Export a GroupVPN Client PolicyAdditional Information VPN Planning Sheet for Site-to-Site VPN PoliciesSite a Router215 Creating a Typical IKE Preshared Secret VPN Policy 217 Creating a Custom VPN Policy IKE with Preshared SecretCreating a Manual Key VPN Policy with the VPN Policy Wizard 219 220 221 Configuring a VPN Policy IKE with Preshared SecretTip The Shared Secret must be a minimum of four characters 222 223 Select Manual Key from the IPSec Keying Mode menu Configuring a VPN Policy using Manual Key225 Configuring a VPN Policy with IKE 3rd Party CertificateGeneral tab, select IKE using 3rd Party Certificates 226 227 228 VPN Advanced Configuring Advanced VPN SettingsAdvanced VPN Settings VPN AdvancedVPN User Authentication Settings 231 Select Enable VPN Bandwidth ManagementVPN Bandwidth Management Configuring Advanced VPN Settings VPN Dhcp over VPN Configuring Dhcp Over VPNDhcp Relay Mode VPN Dhcp over VPNConfiguring the Central Gateway for Dhcp Over VPN 235 Configuring Dhcp over VPN Remote GatewayCurrent Dhcp over VPN Leases Device ConfigurationClick OK to exit the Dhcp over VPN Configuration window 237 Configuring L2TP Server SettingsVPN L2TP Server VPN L2TP ServerAdding L2TP Clients to the SonicWALL L2TP Server SettingsIP Address Settings 239 Currently Active L2TP SessionsConfiguring L2TP Server Settings Digital Certificates Overview Managing CertificatesDigital Certificates Overview SonicWALL Third-Party Digital Certificate SupportCertificate Details VPN Local CertificatesImporting Certificate with Private Key Select Add New Local Certificate from the Certificates menu Generating a Certificate Signing RequestDelete This Certificate VPN Local CertificatesSelect Add New CA Certificate VPN CA CertificatesImporting CA Certificates into the SonicWALL Click Browse for Please select a file to import Automatic CRL UpdateCertificate Revocation List CRL Importing a CRL List246 247 Users248 249 User Level Authentication OverviewUser Level Authentication Overview Users StatusActive User Sessions Users SettingsAuthentication Method 251 Global User SettingsInternet Authentication Exclusions Users SettingsAcceptable Use Policy 253 Configuring Radius AuthenticationSelect Use Radius for user authentication 254 255 256 257 Configuring Local UsersUsers Local Users Users Local UsersAdding a Local User 259 Security Services260 SonicWALL Security Services SonicWALL Security ServicesActivating Free Trials MySonicWALL.com263 Security Services SummarySecurity Services Summary Manage Licenses Security Services SummaryIf Your SonicWALL Security Appliance is Not Registered Security Services SettingsSecurity Services Information 265 SonicWALL Content Filtering ServiceSonicWALL Content Filtering Service Activating SonicWALL Content Filtering Service Security Services Content FilterContent Filter Status 267 Activating a SonicWALL Content Filtering ServiceSecurity Services Content Filter Restrict Web Features Content Filter TypeTrusted Domains Configuring SonicWALL Filter PropertiesMessage to Display when Blocking Configuring SonicWALL Filter PropertiesKeyword Blocking Custom ListAllowed/Forbidden Domains 271 Disable all Web traffic except for Allowed DomainsConsent 273 Mandatory Filtered IP AddressesConsent Page URL mandatory filtering Adding a New Address274 275 SonicWALL Network Anti-Virus OverviewSonicWALL Network Anti-Virus Overview Activating SonicWALL Network Anti-Virus Security Services Anti-Virus277 Security Services Anti-VirusActivating a SonicWALL Network Anti-Virus Free Trial Configuring SonicWALL Network Anti-Virus Security Services E-Mail Filter279 Managing SonicWALL Gateway Anti-Virus ServiceSonicWALL Gateway Anti-Virus Overview SonicWALL Gateway Anti-Virus OverviewSonicWALL Gateway Anti-Virus/Intrusion Prevention Features 281 Activating SonicWALL Gateway Anti-VirusActivating the SonicWALL Gateway Anti-Virus Activating SonicWALL Gateway Anti-Virus283 Configuring SonicWALL Gateway Anti-VirusConfiguring SonicWALL Gateway Anti-Virus 284 SonicWALL Intrusion Prevention Service Managing SonicWALL Intrusion Prevention ServiceSonicWALL Intrusion Prevention Service SonicWALL IPS FeaturesSonicWALL Deep Packet Inspection 287 How SonicWALL’s Deep Packet Inspection Architecture WorksActivating SonicWALL IPS Security Services Intrusion Prevention289 Security Services Intrusion PreventionActivating the SonicWALL IPS Free Trial 290 291 Managing SonicWALL Global Security ClientSonicWALL Global Security Client SonicWALL Global Security ClientSonicWALL Global Security Client Activation Global Security Client FeaturesHow SonicWALL Global Security Client Works 293 Activating SonicWALL Global Security Client294 295 Log296 297 Viewing Log EventsSonicOS Log Event Messages Overview SonicOS Log Event Messages OverviewNavigating and Sorting Log View Table Entries Log ViewMail Log SonicOS Log EntriesRefresh Clear Log300 Log Categories Specifying Log CategoriesLog Categories Alerts & Snmp Traps 303 Configuring Log AutomationLog Automation Log AutomationSyslog Servers Mail305 306 307 Configuring Name ResolutionLog Name Resolution Log Name ResolutionSpecifying the DNS Server Selecting Name Resolution SettingsName Resolution Method list, select Data Collection Reset DataGenerating and Viewing Log Reports Log ReportsBandwidth Usage by IP Address Bandwidth Usage by ServiceView Data Web Site Hits311 Log ViewPointSonicWALL ViewPoint Log ViewPointGenerating and Viewing Log Reports 313 SonicSetupSonicSetup Device Selection Introduction and Discovery315 DiagnosticsDiagnostics Diagnostic Results SonicROM Recovery317 SonicOS RecoverySonicOS Recovery Restoring Factory Defaults 319 Address SynchronizationAddress Synchronization 320 321 SonicWALL SafeModeSonicWALL SafeMode 322 323 Upgrading SonicOS FirmwareUpgrading SonicOS Firmware 324 Numerics Index326 327 VPNWPA, see WiFiSec Protected Access 232- 000609- 00 Rev E 02/05