Manuals / SonicWALL / Household Appliance / Home Security System

SonicWALL 3 manual Certificate Revocation List CRL, Importing a CRL List, Automatic CRL Update

Models: 3

1 348

Download 348 pages 8.9 Kb

Page 264

VPN > CA Certificates

Certificate Revocation List (CRL)

A Certificate Revocation List (CRL) is a way to check the validity of an existing certificate. A certificate may be invalid for several reasons:

•It is no longer needed.

•A certificate was stolen or compromised.

•A new certificate was issued that takes precedence over the old certificate.

If a certificate is invalid, the CA may publish the certificate on a Certificate Revocation List at a given interval, or on an online server in a X.509 v3 database using Online Certificate Status Protocol (OCSP). Consult your CA provider for specific details on locating a CRL file or URL.

You can import the CRL by manually downloading the CRL and then importing it into the SonicWALL. You can also enter the URL location of the CRL by entering the address in the Enter CRL’s location (URL) for auto-importfield. The CRL is downloaded automatically at intervals determined by the CA service. Certificates are checked against the CRL by the SonicWALL for validity when they are used.

Importing a CRL List

To import a CRL list, follow these steps:

1Click Browse for Please select a file to import.

2Locate the PKCS#12 (*.p12) or Micorosft (*.pfx) encoded file.

3Click Open to set the directory path to the certificate.

4Click Import to import the certificate into the SonicWALL.

Automatic CRL Update

To enable automatic CRL updates to the SonicWALL, type the URL of the CRL server for your CA service in the Enter CRL’s location (URL) for auto-import, then click Apply.

SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE

245

Image 264

SonicWALL 3 manual Certificate Revocation List CRL, Importing a CRL List, Automatic CRL Update

Contents

SonicOS Standard Administrators Guide Table of Contents Part 2 System Part 3 Network Part 4 Modem Part 5 Wireless Part 8 VPN Configuring Site to Site VPN Policies Using ViiPart 9 Users ViiiPart 11 Log Index Preface Copyright NoticeTrademarks Limited Warranty XiiPage Organization of this Guide Part 10 Security Services Part 9 UsersPart 11 Log About this GuideGuide Conventions Icons Used in this ManualMore Information on SonicWALL Products and Services SonicWALL Technical SupportNorth America Telephone Support International Telephone SupportCurrent Documentation XviiiIntroduction Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Introduction What’s New in SonicOS StandardSonicWALL Management Interface Navigating the Management Interface SonicWALL Management InterfaceStatus Bar Applying ChangesNavigating Tables Common Icons in the Management Interface Getting HelpLogging Out Introduction Basic SonicWALL Security Appliance Setup SonicWALL Security Appliance Configuration StepsInternet Service Provider ISP Information Collecting Required ISP InformationOther Information If You Have DSLIf You Have a Static IP Address SonicWALL Management InterfaceUsing the SonicWALL Setup Wizard SonicWALL TZ 170 SPSonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Configuring a Static IP Address Internet ConnectionUsing the SonicWALL Setup Wizard Configuring a Dhcp Internet Connection Configuring a PPPoE Internet ConnectionConfiguring Pptp Internet Connectivity Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring the TZ 170 SP using the Setup Wizard Welcome to the SonicWALL Setup Wizard Changing the PasswordConfiguring the WAN Network Mode Selecting the Deployment ScenarioConfiguring WAN Settings Configuring LAN SettingsConfiguring LAN Dhcp Settings Configuring Wlan 802.11b/g SettingsConfiguring the LAN Settings Configuring the LAN Dhcp SettingsConfiguring Wlan 802.11b Settings Configuring the WAN Network Mode Configuring the TZ 170 Wireless as a Secure Wireless Bridge Configuring Wlan Network Setting Configuring Secure Wireless Bridge SettingsRegistering Your SonicWALL Security Appliance Before You RegisterRegistering Your SonicWALL Security Appliance Registering Your SonicWALL Security ApplianceSonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Viewing System Status Information System StatusSystem Status Wizards System MessagesSystem Information Security Services Latest AlertsSonicWALL TZ 50 Wireless SonicWALL TZ 150 WirelessNetwork Interfaces SonicWALL Security Appliance Model Interfaces SonicWALL TZSystem Licenses System LicensesSystem Licenses Node License Status Currently Licensed NodesNode License Exclusion List Security Services Summary Manage Security Services Online Manual Upgrade Manual Upgrade for Closed EnvironmentsFrom a Computer Connected to the Internet System Licenses Using System Administration System AdministrationSystem Administration Name/Password Login SecurityFirewall Name Web Management Settings Enable Snmp Advanced ManagementFour addresses or host names can be used Click OKEnable Management Using SonicWALL GMS Using System Administration Setting System Time System TimeSet Time System TimeNTP Settings Setting the SonicWALL Security Appliance TimeConfiguring System Settings System SettingsSettings Import SettingsExport Settings Click Export SettingsFirmware Management New FirmwareSafeMode Rebooting the SonicWALL Security Appliance Firmware Management SettingsSystem Information Firmware Management System Diagnostics System DiagnosticsTech Support Report Generating a Tech Support ReportDiagnostic Tools Active Connections Monitor SettingsActive Connections Monitor CPU Monitor DNS Name LookupFind Network Path Packet TraceSelect Packet Trace from the Diagnostic tool menu Reverse Name Resolution PingProcess Monitor System Restart Network Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring Network Settings Network SettingsNetwork Settings Setup Wizard InterfacesDNS Settings Interface Options by SonicWALL Security ApplianceConfiguring the WAN Interface Configuring Transparent ModeConfiguration Example Configuring the WAN InterfaceConfiguring NAT Enabled Configuring NAT with Dhcp ClientConfiguring NAT with PPPoE Client Configuring NAT with L2TP ClientConfiguring NAT with Pptp Client Configuring Ethernet Settings in WAN PropertiesConfiguring the WAN Interface Configuring the LAN Interface Basic LAN ConfigurationConfiguring Multiple LAN Subnets Configuring the OPT Interface Configuring Ethernet SettingsConfiguring the OPT Interface Configuring Transparent Mode Configuring the DMZ Interface Configuring NAT ModeConfiguring the DMZ Interface Select OPT in NAT ModeConfiguring Transparent Mode Configuring the Modem Interface TZ 170 SP Configuring the Modem Interface TZ 170 SPSelect DMZ in NAT Mode Modem Settings ProfilesSelect Enable WAN Failover FailoverAdvanced Activating the ModemSonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring One-to-One NAT Select the Enable One-to-One NAT check boxNetwork One-to-One NAT Network One-to-One NATOne-to-One NAT Configuration Example Select Enable One-to-One NATClick Firewall, then Access Rules Allow Service Http Source WAN Configuring One-to-One NAT Configuring Web Proxy Settings Network Web ProxyNetwork Web Proxy Configuring Automatic Web Proxy Forwarding Bypass Proxy Servers Upon Proxy FailureForward OPT/DMZ/WLAN Client Requests to Proxy Server Configuring Intranet Settings Network IntranetNetwork Intranet Installation Intranet SettingsSpecified address ranges are attached to the LAN link Specified address ranges are attached to the WAN linkConfiguring Static Routes Network RoutingNetwork Routing Static Route Configuration Example Static RoutesKey terms SonicWALL LAN IP AddressRoute Advertisement Configuration Route AdvertisementRouting Table Configuring Address Resolution Protocol Settings Network ARPNetwork ARP Adding a Secondary Subnet using the Static ARP Method Static ARP EntriesSecondary Subnets with Static ARP Network ARP Prohibit Dynamic ARP Entries Navigating and Sorting the ARP Cache Table Flushing the ARP CacheConfiguring Address Resolution Protocol Settings Configuring the Dhcp Server Dhcp Server SettingsNetwork Dhcp Server Network Dhcp ServerConfiguring Dhcp Server for Dynamic Ranges Dhcp Server Lease ScopesConfiguring Static Dhcp Entries 101Current Dhcp Leases Configuring Dynamic DNS Network Dynamic DNSSupported Ddns Providers Network Dynamic DNSAdditional Services offered by Dynamic DNS Providers Configuring Dynamic DNS 105106 Dynamic DNS Settings Table 107108 Modem 109110 Viewing Modem Status Modem StatusModem Status 111Modem Status Configuring Modem Settings Modem SettingsModem Settings 113Configuring Profile and Modem Settings Configuring Modem Failover Modem Failover SettingsModem Failover Modem FailoverConfiguring Modem Failover Modem Advanced Modem Advanced117 Configuring Advanced Modem Settings Configuring Modem Dialup Properties Modem Dialup ProfilesDial-Up Profiles Modem Dialup ProfilesModem Dialup Profiles Modem Profile Configuration Configuring a Dialup ProfileModem Dialup Profiles Modem Profile Configuration 121122 Chat Scripts 123Custom Chat Scripts Wireless 125126 LAN WAN 127Considerations for Using Wireless Connections Optimal Wireless Performance Recommendations Wireless Guest Services WGSOptimal Wireless Performance Recommendations 129Wireless Node Count Enforcement WiFiSec EnforcementMAC Filter List Using the Wireless Wizard Welcome to the SonicWALL Wireless Configuration WizardWlan Network Settings Using the Wireless WizardWlan 802.11b Settings Wlan Security SettingsWiFiSec VPN Client User Authentication Wireless Guest Services133 Wireless Configuration Summary Updating the TZ 50 Wireless/TZ 150 Wireless/TZ 170 WirelessWireless Status Configuring Additional Wireless FeaturesWireless Status 135Wlan Settings Access Point StatusWlan Statistics Station Status137 138 Configuring Wireless Settings Wireless SettingsWireless Radio Mode Wireless SettingsWireless Settings Secure Wireless Bridging TZ 170 Only 141Configuring a Secure Wireless Bridge Network Settings for the Example Network Wireless Bridging without WiFiSec143 Advanced Configuration for both VPN Policies Select LAN for VPN Terminated atWireless Bridge VPN Policy 145146 Configuring WEP and WPA Encryption Wireless WEP/WPA EncryptionWireless WEP/WPA Encryption 147WEP Encryption Settings WPA Encryption SettingsWEP Encryption Keys WPA-PSK Settings WPA-EAP Settings149 WPA Settings Wireless Advanced Wireless AdvancedBeaconing & Ssid Controls 151Wireless Client Communications Advanced Radio SettingsConfigurable Antenna Diversity TZ 170 Wireless 153 154 Configuring the MAC Filter List Wireless MAC Filter ListWireless MAC Filter List 155156 Configuring Wireless IDS Wireless IDSWireless Bridge IDS Wireless IDSAccess Point IDS Enable Client Null ProbingRogue Access Point Detection Association Flood DetectionAuthorizing Access Points on Your Network 159160 Wireless Guest Services 161162 WGS Status WGS Status163 Viewing Wireless Guest Services Status Configuring Wireless Guest Services WGS SettingsWGS Settings 165Bypass Guest Authentication Enable Dynamic Address Translation DATBypass Filters for Guest Accounts Enable Smtp Redirect Enable URL Allow List for Authenticated UsersEnable IP Address Deny List for Authenticated Users 167Customize Login Check the Customize Login Page boxCustom Post Authentication Redirect Maximum Concurrent GuestsWGS Account Profiles To add a profileAccount Lifetime Managing Wireless Guest Accounts WGS AccountsWorking with Guest Accounts WGS AccountsAutomatically Generating Guest Accounts Manually Configuring Wireless Guests Account Detail PrintingAccount Profile 173Flexible Default Route Secure Access Point with Virtual Adapter SupportSecure Access Point with Wireless Guest Services 175176 Firewall 177178 Configuring Network Access Rules Network Access Rules OverviewNetwork Access Rules Overview 179Using Bandwidth Management with Access Rules Firewall Access RulesRestoring Default Network Access Rules Adding Rules using the Network Access Rule WizardConfiguring a Public Server Rule Navigating and Sorting the Access Rules Table EntriesConfiguring a General Network Access Rule 183 Adding Rules Using the Add Rule Window 185 Configuring Network Access Rules Click the Bandwidth tab Blocking LAN Access for Specific Services Rule ExamplesEnabling Ping Select WAN from the Destination Ethernet menu188 Configuring Advanced Rule Options Access Rules AdvancedWindows Networking NetBIOS Broadcast Pass Through Access Rules AdvancedTCP Connection Inactivity Timeout Access Rule Service OptionsDetection Prevention Source Routed PacketsConfiguring Custom Services Firewall ServicesUser Defined Custom Services Firewall ServicesPredefined Services Configuring VoIP Firewall VoIPVoIP Protocols Firewall VoIP323 SIPConfiguring the VoIP Settings SIP SettingsSettings 195196 Monitoring Active Firewall Connections Firewall Connections MonitorFirewall Connections Monitor 197Setting Filter Logic Using Group FiltersClick Apply Filters Source IP Priority && Category && Source && DestinationVPN 199200 Configuring VPN Settings SonicWALL VPN Options OverviewSonicWALL VPN Options Overview 201VPN Settings VPN Global SettingsVPN Policies Configuring GroupVPN Policy on the SonicWALL Configuring GroupVPN Policy on the SonicWALLCurrently Active VPN Tunnels Navigating and Sorting the VPN Policies EntriesConfiguring IKE Preshared Secret 205 206 207 Configuring GroupVPN with IKE 3rd Party Certificates 209 210 211 212 Site to Site VPN Configurations Site to Site VPN ConfigurationsExport a GroupVPN Client Policy Site-to-Site VPN DeploymentsVPN Planning Sheet for Site-to-Site VPN Policies Site aRouter Additional Information215 Creating a Typical IKE Preshared Secret VPN Policy Creating a Custom VPN Policy IKE with Preshared Secret 217Creating a Manual Key VPN Policy with the VPN Policy Wizard 219 220 Configuring a VPN Policy IKE with Preshared Secret Tip The Shared Secret must be a minimum of four characters221 222 223 Configuring a VPN Policy using Manual Key Select Manual Key from the IPSec Keying Mode menuConfiguring a VPN Policy with IKE 3rd Party Certificate General tab, select IKE using 3rd Party Certificates225 226 227 228 Configuring Advanced VPN Settings Advanced VPN SettingsVPN Advanced VPN AdvancedVPN User Authentication Settings Select Enable VPN Bandwidth Management VPN Bandwidth Management231 Configuring Advanced VPN Settings Configuring Dhcp Over VPN Dhcp Relay ModeVPN Dhcp over VPN VPN Dhcp over VPNConfiguring the Central Gateway for Dhcp Over VPN Configuring Dhcp over VPN Remote Gateway 235Device Configuration Click OK to exit the Dhcp over VPN Configuration windowCurrent Dhcp over VPN Leases Configuring L2TP Server Settings VPN L2TP ServerVPN L2TP Server 237L2TP Server Settings IP Address SettingsAdding L2TP Clients to the SonicWALL Currently Active L2TP Sessions 239Configuring L2TP Server Settings Managing Certificates Digital Certificates OverviewSonicWALL Third-Party Digital Certificate Support Digital Certificates OverviewVPN Local Certificates Importing Certificate with Private KeyCertificate Details Generating a Certificate Signing Request Delete This CertificateVPN Local Certificates Select Add New Local Certificate from the Certificates menuVPN CA Certificates Importing CA Certificates into the SonicWALLSelect Add New CA Certificate Automatic CRL Update Certificate Revocation List CRLImporting a CRL List Click Browse for Please select a file to import246 Users 247248 User Level Authentication Overview User Level Authentication OverviewUsers Status 249Users Settings Authentication MethodActive User Sessions Global User Settings Internet Authentication ExclusionsUsers Settings 251Acceptable Use Policy Configuring Radius Authentication Select Use Radius for user authentication253 254 255 256 Configuring Local Users Users Local UsersUsers Local Users 257Adding a Local User Security Services 259260 SonicWALL Security Services SonicWALL Security ServicesMySonicWALL.com Activating Free TrialsSecurity Services Summary Security Services Summary Manage LicensesSecurity Services Summary 263Security Services Settings Security Services InformationIf Your SonicWALL Security Appliance is Not Registered SonicWALL Content Filtering Service SonicWALL Content Filtering Service265 Security Services Content Filter Content Filter StatusActivating SonicWALL Content Filtering Service Activating a SonicWALL Content Filtering Service Security Services Content Filter267 Content Filter Type Restrict Web FeaturesConfiguring SonicWALL Filter Properties Message to Display when BlockingConfiguring SonicWALL Filter Properties Trusted DomainsCustom List Allowed/Forbidden DomainsKeyword Blocking Disable all Web traffic except for Allowed Domains 271Consent Mandatory Filtered IP Addresses Consent Page URL mandatory filteringAdding a New Address 273274 SonicWALL Network Anti-Virus Overview SonicWALL Network Anti-Virus Overview275 Security Services Anti-Virus Activating SonicWALL Network Anti-VirusSecurity Services Anti-Virus Activating a SonicWALL Network Anti-Virus Free Trial277 Security Services E-Mail Filter Configuring SonicWALL Network Anti-VirusManaging SonicWALL Gateway Anti-Virus Service SonicWALL Gateway Anti-Virus OverviewSonicWALL Gateway Anti-Virus Overview 279SonicWALL Gateway Anti-Virus/Intrusion Prevention Features Activating SonicWALL Gateway Anti-Virus 281Activating SonicWALL Gateway Anti-Virus Activating the SonicWALL Gateway Anti-VirusConfiguring SonicWALL Gateway Anti-Virus Configuring SonicWALL Gateway Anti-Virus283 284 Managing SonicWALL Intrusion Prevention Service SonicWALL Intrusion Prevention ServiceSonicWALL IPS Features SonicWALL Intrusion Prevention ServiceSonicWALL Deep Packet Inspection How SonicWALL’s Deep Packet Inspection Architecture Works 287Security Services Intrusion Prevention Activating SonicWALL IPSSecurity Services Intrusion Prevention Activating the SonicWALL IPS Free Trial289 290 Managing SonicWALL Global Security Client SonicWALL Global Security ClientSonicWALL Global Security Client 291Global Security Client Features How SonicWALL Global Security Client WorksSonicWALL Global Security Client Activation Activating SonicWALL Global Security Client 293294 Log 295296 Viewing Log Events SonicOS Log Event Messages OverviewSonicOS Log Event Messages Overview 297Log View Navigating and Sorting Log View Table EntriesSonicOS Log Entries RefreshClear Log Mail Log300 Specifying Log Categories Log CategoriesLog Categories Alerts & Snmp Traps Configuring Log Automation Log AutomationLog Automation 303Mail Syslog Servers305 306 Configuring Name Resolution Log Name ResolutionLog Name Resolution 307Selecting Name Resolution Settings Name Resolution Method list, selectSpecifying the DNS Server Reset Data Generating and Viewing Log ReportsLog Reports Data CollectionBandwidth Usage by Service View DataWeb Site Hits Bandwidth Usage by IP AddressLog ViewPoint SonicWALL ViewPointLog ViewPoint 311Generating and Viewing Log Reports SonicSetup SonicSetup313 Introduction and Discovery Device SelectionDiagnostics Diagnostics315 SonicROM Recovery Diagnostic ResultsSonicOS Recovery SonicOS Recovery317 Restoring Factory Defaults Address Synchronization Address Synchronization319 320 SonicWALL SafeMode SonicWALL SafeMode321 322 Upgrading SonicOS Firmware Upgrading SonicOS Firmware323 324 Index Numerics326 VPN 327WPA, see WiFiSec Protected Access 232- 000609- 00 Rev E 02/05