254 | SonicWALL 3 specs

CHAPTER 41: Viewing User Status and Configuring User Authentication

11Click the RADIUS Users tab.

12Select the default privileges for all RADIUS users in this section.

Access to the Internet (when access is restricted) - If you have selected Allow only authenticated users to access the Internet, you can allow individual users to access the Internet.

Bypass Filters - Enable this feature if the user has unlimited access to the Internet from the LAN, bypassing SonicWALL security appliance Web, News, Java, and ActiveX blocking.

Access to VPNs - Enable feature to allow the user to send information over the VPN connection with authentication enforcement.

Access from the VPN Client with XAUTH - Enable this feature if the user requires XAUTH for authentication and accesses the SonicWALL security appliance via a VPN client.

Access from L2TP VPN client - Enable this feature to allow the user to send information using a L2TP VPN Client with authentication enforcement.

Limited Management Capabilities - Enabling this feature allows the user to have limited local management access to the SonicWALL security appliance Management Interface. This access is limited to the following pages: General (Status, Network, Time); Log (View Log, Log Settings, Log Reports); Diagnostics (All tools except Tech Support Report).

13Click Apply, then click the Test tab.

254	SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE

Image 273

SonicWALL 3 manual 254

Contents

SonicOS Standard Administrators Guide Table of Contents Part 2 System Part 3 Network Part 4 Modem Part 5 Wireless Part 8 VPN Vii Configuring Site to Site VPN Policies Using Viii Part 9 Users Part 11 Log Index Preface Copyright NoticeTrademarks Xii Limited WarrantyPage Organization of this Guide Part 9 Users Part 10 Security ServicesPart 11 Log About this Guide Icons Used in this Manual Guide Conventions SonicWALL Technical Support More Information on SonicWALL Products and ServicesNorth America Telephone Support International Telephone Support Xviii Current Documentation Introduction Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide What’s New in SonicOS Standard Introduction SonicWALL Management Interface SonicWALL Management Interface Navigating the Management Interface Status Bar Applying ChangesNavigating Tables Common Icons in the Management Interface Getting HelpLogging Out Introduction SonicWALL Security Appliance Configuration Steps Basic SonicWALL Security Appliance SetupInternet Service Provider ISP Information Collecting Required ISP Information If You Have DSL Other InformationIf You Have a Static IP Address SonicWALL Management Interface SonicWALL TZ 170 SP Using the SonicWALL Setup Wizard Configuring a Static IP Address Internet Connection SonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Using the SonicWALL Setup Wizard Configuring a PPPoE Internet Connection Configuring a Dhcp Internet Connection Configuring Pptp Internet Connectivity Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring the TZ 170 SP using the Setup Wizard Changing the Password Welcome to the SonicWALL Setup WizardConfiguring the WAN Network Mode Selecting the Deployment Scenario Configuring LAN Settings Configuring WAN SettingsConfiguring LAN Dhcp Settings Configuring Wlan 802.11b/g Settings Configuring the LAN Settings Configuring the LAN Dhcp SettingsConfiguring Wlan 802.11b Settings Configuring the WAN Network Mode Configuring the TZ 170 Wireless as a Secure Wireless Bridge Configuring Secure Wireless Bridge Settings Configuring Wlan Network Setting Before You Register Registering Your SonicWALL Security Appliance Registering Your SonicWALL Security Appliance Registering Your SonicWALL Security Appliance Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Viewing System Status Information System StatusSystem Status Wizards System MessagesSystem Information Latest Alerts Security Services SonicWALL TZ 150 Wireless SonicWALL TZ 50 WirelessNetwork Interfaces SonicWALL Security Appliance Model Interfaces SonicWALL TZ System Licenses System LicensesSystem Licenses Node License Status Currently Licensed NodesNode License Exclusion List Security Services Summary Manual Upgrade for Closed Environments Manage Security Services Online Manual Upgrade From a Computer Connected to the Internet System Licenses Using System Administration System AdministrationSystem Administration Name/Password Login SecurityFirewall Name Web Management Settings Advanced Management Enable SnmpFour addresses or host names can be used Click OK Enable Management Using SonicWALL GMS Using System Administration System Time Setting System TimeSet Time System Time Setting the SonicWALL Security Appliance Time NTP Settings System Settings Configuring System SettingsSettings Import Settings Click Export Settings Export SettingsFirmware Management New Firmware SafeMode Rebooting the SonicWALL Security Appliance Firmware Management SettingsSystem Information Firmware Management System Diagnostics System Diagnostics Generating a Tech Support Report Tech Support Report Diagnostic Tools Active Connections Monitor SettingsActive Connections Monitor DNS Name Lookup CPU Monitor Packet Trace Find Network Path Select Packet Trace from the Diagnostic tool menu Reverse Name Resolution PingProcess Monitor System Restart Network Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring Network Settings Network SettingsNetwork Settings Interfaces Setup Wizard Interface Options by SonicWALL Security Appliance DNS Settings Configuring Transparent Mode Configuring the WAN Interface Configuring the WAN Interface Configuration Example Configuring NAT with Dhcp Client Configuring NAT Enabled Configuring NAT with L2TP Client Configuring NAT with PPPoE Client Configuring Ethernet Settings in WAN Properties Configuring NAT with Pptp Client Configuring the WAN Interface Configuring the LAN Interface Basic LAN ConfigurationConfiguring Multiple LAN Subnets Configuring the OPT Interface Configuring Ethernet SettingsConfiguring the OPT Interface Configuring Transparent Mode Configuring NAT Mode Configuring the DMZ InterfaceConfiguring the DMZ Interface Select OPT in NAT Mode Configuring Transparent Mode Configuring the Modem Interface TZ 170 SP Configuring the Modem Interface TZ 170 SPSelect DMZ in NAT Mode Profiles Modem Settings Failover Select Enable WAN Failover Activating the Modem Advanced Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Select the Enable One-to-One NAT check box Configuring One-to-One NATNetwork One-to-One NAT Network One-to-One NAT One-to-One NAT Configuration Example Select Enable One-to-One NATClick Firewall, then Access Rules Allow Service Http Source WAN Configuring One-to-One NAT Configuring Web Proxy Settings Network Web ProxyNetwork Web Proxy Configuring Automatic Web Proxy Forwarding Bypass Proxy Servers Upon Proxy FailureForward OPT/DMZ/WLAN Client Requests to Proxy Server Configuring Intranet Settings Network IntranetNetwork Intranet Intranet Settings InstallationSpecified address ranges are attached to the LAN link Specified address ranges are attached to the WAN link Configuring Static Routes Network RoutingNetwork Routing Static Routes Static Route Configuration ExampleKey terms SonicWALL LAN IP Address Route Advertisement Route Advertisement Configuration Routing Table Configuring Address Resolution Protocol Settings Network ARPNetwork ARP Adding a Secondary Subnet using the Static ARP Method Static ARP EntriesSecondary Subnets with Static ARP Network ARP Prohibit Dynamic ARP Entries Flushing the ARP Cache Navigating and Sorting the ARP Cache Table Configuring Address Resolution Protocol Settings Dhcp Server Settings Configuring the Dhcp ServerNetwork Dhcp Server Network Dhcp Server Dhcp Server Lease Scopes Configuring Dhcp Server for Dynamic Ranges 101 Configuring Static Dhcp Entries Current Dhcp Leases Network Dynamic DNS Configuring Dynamic DNSSupported Ddns Providers Network Dynamic DNS Additional Services offered by Dynamic DNS Providers 105 Configuring Dynamic DNS 106 107 Dynamic DNS Settings Table 108 109 Modem 110 Modem Status Viewing Modem StatusModem Status 111 Modem Status Modem Settings Configuring Modem SettingsModem Settings 113 Configuring Profile and Modem Settings Modem Failover Settings Configuring Modem FailoverModem Failover Modem Failover Configuring Modem Failover Modem Advanced Modem Advanced117 Configuring Advanced Modem Settings Modem Dialup Profiles Configuring Modem Dialup PropertiesDial-Up Profiles Modem Dialup Profiles Configuring a Dialup Profile Modem Dialup Profiles Modem Profile Configuration 121 Modem Dialup Profiles Modem Profile Configuration 122 123 Chat Scripts Custom Chat Scripts 125 Wireless 126 127 LAN WAN Considerations for Using Wireless Connections Wireless Guest Services WGS Optimal Wireless Performance RecommendationsOptimal Wireless Performance Recommendations 129 Wireless Node Count Enforcement WiFiSec EnforcementMAC Filter List Welcome to the SonicWALL Wireless Configuration Wizard Using the Wireless WizardWlan Network Settings Using the Wireless Wizard Wlan Security Settings Wlan 802.11b Settings WiFiSec VPN Client User Authentication Wireless Guest Services133 Updating the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Wireless Configuration Summary Configuring Additional Wireless Features Wireless StatusWireless Status 135 Access Point Status Wlan Settings Wlan Statistics Station Status137 138 Wireless Settings Configuring Wireless SettingsWireless Radio Mode Wireless Settings Wireless Settings 141 Secure Wireless Bridging TZ 170 Only Configuring a Secure Wireless Bridge Network Settings for the Example Network Wireless Bridging without WiFiSec143 Select LAN for VPN Terminated at Advanced Configuration for both VPN Policies 145 Wireless Bridge VPN Policy 146 Wireless WEP/WPA Encryption Configuring WEP and WPA EncryptionWireless WEP/WPA Encryption 147 WEP Encryption Settings WPA Encryption SettingsWEP Encryption Keys WPA-PSK Settings WPA-EAP Settings149 WPA Settings Wireless Advanced Wireless AdvancedBeaconing & Ssid Controls 151 Wireless Client Communications Advanced Radio SettingsConfigurable Antenna Diversity TZ 170 Wireless 153 154 Wireless MAC Filter List Configuring the MAC Filter ListWireless MAC Filter List 155 156 Wireless IDS Configuring Wireless IDSWireless Bridge IDS Wireless IDS Enable Client Null Probing Access Point IDSRogue Access Point Detection Association Flood Detection 159 Authorizing Access Points on Your Network 160 161 Wireless Guest Services 162 WGS Status WGS Status163 Viewing Wireless Guest Services Status WGS Settings Configuring Wireless Guest ServicesWGS Settings 165 Bypass Guest Authentication Enable Dynamic Address Translation DATBypass Filters for Guest Accounts Enable URL Allow List for Authenticated Users Enable Smtp RedirectEnable IP Address Deny List for Authenticated Users 167 Check the Customize Login Page box Customize Login Maximum Concurrent Guests Custom Post Authentication RedirectWGS Account Profiles To add a profile Account Lifetime WGS Accounts Managing Wireless Guest AccountsWorking with Guest Accounts WGS Accounts Automatically Generating Guest Accounts Account Detail Printing Manually Configuring Wireless GuestsAccount Profile 173 Secure Access Point with Virtual Adapter Support Flexible Default Route 175 Secure Access Point with Wireless Guest Services 176 177 Firewall 178 Network Access Rules Overview Configuring Network Access RulesNetwork Access Rules Overview 179 Firewall Access Rules Using Bandwidth Management with Access Rules Adding Rules using the Network Access Rule Wizard Restoring Default Network Access RulesConfiguring a Public Server Rule Navigating and Sorting the Access Rules Table Entries Configuring a General Network Access Rule 183 Adding Rules Using the Add Rule Window 185 Configuring Network Access Rules Click the Bandwidth tab Rule Examples Blocking LAN Access for Specific ServicesEnabling Ping Select WAN from the Destination Ethernet menu 188 Access Rules Advanced Configuring Advanced Rule OptionsWindows Networking NetBIOS Broadcast Pass Through Access Rules Advanced Access Rule Service Options TCP Connection Inactivity TimeoutDetection Prevention Source Routed Packets Firewall Services Configuring Custom ServicesUser Defined Custom Services Firewall Services Predefined Services Firewall VoIP Configuring VoIPVoIP Protocols Firewall VoIP SIP 323 SIP Settings Configuring the VoIP SettingsSettings 195 196 Firewall Connections Monitor Monitoring Active Firewall ConnectionsFirewall Connections Monitor 197 Using Group Filters Setting Filter LogicClick Apply Filters Source IP Priority && Category && Source && Destination 199 VPN 200 SonicWALL VPN Options Overview Configuring VPN SettingsSonicWALL VPN Options Overview 201 VPN Settings VPN Global SettingsVPN Policies Configuring GroupVPN Policy on the SonicWALL Configuring GroupVPN Policy on the SonicWALLCurrently Active VPN Tunnels Navigating and Sorting the VPN Policies Entries Configuring IKE Preshared Secret 205 206 207 Configuring GroupVPN with IKE 3rd Party Certificates 209 210 211 212 Site to Site VPN Configurations Site to Site VPN ConfigurationsExport a GroupVPN Client Policy Site-to-Site VPN Deployments Site a VPN Planning Sheet for Site-to-Site VPN PoliciesRouter Additional Information 215 Creating a Typical IKE Preshared Secret VPN Policy 217 Creating a Custom VPN Policy IKE with Preshared Secret Creating a Manual Key VPN Policy with the VPN Policy Wizard 219 220 Configuring a VPN Policy IKE with Preshared Secret Tip The Shared Secret must be a minimum of four characters221 222 223 Select Manual Key from the IPSec Keying Mode menu Configuring a VPN Policy using Manual Key Configuring a VPN Policy with IKE 3rd Party Certificate General tab, select IKE using 3rd Party Certificates225 226 227 228 Advanced VPN Settings Configuring Advanced VPN SettingsVPN Advanced VPN Advanced VPN User Authentication Settings Select Enable VPN Bandwidth Management VPN Bandwidth Management231 Configuring Advanced VPN Settings Dhcp Relay Mode Configuring Dhcp Over VPNVPN Dhcp over VPN VPN Dhcp over VPN Configuring the Central Gateway for Dhcp Over VPN 235 Configuring Dhcp over VPN Remote Gateway Device Configuration Click OK to exit the Dhcp over VPN Configuration windowCurrent Dhcp over VPN Leases VPN L2TP Server Configuring L2TP Server SettingsVPN L2TP Server 237 L2TP Server Settings IP Address SettingsAdding L2TP Clients to the SonicWALL 239 Currently Active L2TP Sessions Configuring L2TP Server Settings Digital Certificates Overview Managing CertificatesSonicWALL Third-Party Digital Certificate Support Digital Certificates Overview VPN Local Certificates Importing Certificate with Private KeyCertificate Details Delete This Certificate Generating a Certificate Signing RequestVPN Local Certificates Select Add New Local Certificate from the Certificates menu VPN CA Certificates Importing CA Certificates into the SonicWALLSelect Add New CA Certificate Certificate Revocation List CRL Automatic CRL UpdateImporting a CRL List Click Browse for Please select a file to import 246 247 Users 248 User Level Authentication Overview User Level Authentication OverviewUsers Status 249 Users Settings Authentication MethodActive User Sessions Internet Authentication Exclusions Global User SettingsUsers Settings 251 Acceptable Use Policy Configuring Radius Authentication Select Use Radius for user authentication253 254 255 256 Users Local Users Configuring Local UsersUsers Local Users 257 Adding a Local User 259 Security Services 260 SonicWALL Security Services SonicWALL Security Services Activating Free Trials MySonicWALL.com Security Services Summary Manage Licenses Security Services SummarySecurity Services Summary 263 Security Services Settings Security Services InformationIf Your SonicWALL Security Appliance is Not Registered SonicWALL Content Filtering Service SonicWALL Content Filtering Service265 Security Services Content Filter Content Filter StatusActivating SonicWALL Content Filtering Service Activating a SonicWALL Content Filtering Service Security Services Content Filter267 Restrict Web Features Content Filter Type Message to Display when Blocking Configuring SonicWALL Filter PropertiesConfiguring SonicWALL Filter Properties Trusted Domains Custom List Allowed/Forbidden DomainsKeyword Blocking 271 Disable all Web traffic except for Allowed Domains Consent Consent Page URL mandatory filtering Mandatory Filtered IP AddressesAdding a New Address 273 274 SonicWALL Network Anti-Virus Overview SonicWALL Network Anti-Virus Overview275 Activating SonicWALL Network Anti-Virus Security Services Anti-Virus Security Services Anti-Virus Activating a SonicWALL Network Anti-Virus Free Trial277 Configuring SonicWALL Network Anti-Virus Security Services E-Mail Filter SonicWALL Gateway Anti-Virus Overview Managing SonicWALL Gateway Anti-Virus ServiceSonicWALL Gateway Anti-Virus Overview 279 SonicWALL Gateway Anti-Virus/Intrusion Prevention Features 281 Activating SonicWALL Gateway Anti-Virus Activating the SonicWALL Gateway Anti-Virus Activating SonicWALL Gateway Anti-Virus Configuring SonicWALL Gateway Anti-Virus Configuring SonicWALL Gateway Anti-Virus283 284 SonicWALL Intrusion Prevention Service Managing SonicWALL Intrusion Prevention ServiceSonicWALL IPS Features SonicWALL Intrusion Prevention Service SonicWALL Deep Packet Inspection 287 How SonicWALL’s Deep Packet Inspection Architecture Works Activating SonicWALL IPS Security Services Intrusion Prevention Security Services Intrusion Prevention Activating the SonicWALL IPS Free Trial289 290 SonicWALL Global Security Client Managing SonicWALL Global Security ClientSonicWALL Global Security Client 291 Global Security Client Features How SonicWALL Global Security Client WorksSonicWALL Global Security Client Activation 293 Activating SonicWALL Global Security Client 294 295 Log 296 SonicOS Log Event Messages Overview Viewing Log EventsSonicOS Log Event Messages Overview 297 Navigating and Sorting Log View Table Entries Log View Refresh SonicOS Log EntriesClear Log Mail Log 300 Specifying Log Categories Log CategoriesLog Categories Alerts & Snmp Traps Log Automation Configuring Log AutomationLog Automation 303 Syslog Servers Mail 305 306 Log Name Resolution Configuring Name ResolutionLog Name Resolution 307 Selecting Name Resolution Settings Name Resolution Method list, selectSpecifying the DNS Server Generating and Viewing Log Reports Reset DataLog Reports Data Collection View Data Bandwidth Usage by ServiceWeb Site Hits Bandwidth Usage by IP Address SonicWALL ViewPoint Log ViewPointLog ViewPoint 311 Generating and Viewing Log Reports SonicSetup SonicSetup313 Device Selection Introduction and Discovery Diagnostics Diagnostics315 Diagnostic Results SonicROM Recovery SonicOS Recovery SonicOS Recovery317 Restoring Factory Defaults Address Synchronization Address Synchronization319 320 SonicWALL SafeMode SonicWALL SafeMode321 322 Upgrading SonicOS Firmware Upgrading SonicOS Firmware323 324 Numerics Index 326 327 VPN WPA, see WiFiSec Protected Access 232- 000609- 00 Rev E 02/05