287 | SonicWALL 3 instruction

SonicWALL Intrusion Prevention Service

How SonicWALL’s Deep Packet Inspection Architecture Works

Deep Packet Inspection technology enables the firewall to investigate farther into the protocol to examine information at the application layer and defend against attacks targeting application vulnerabilities. This is the technology behind SonicWALL Intrusion Prevention Service. SonicWALL’s Deep Packet Inspection technology enables dynamic signature updates pushed from the SonicWALL Distributed Enforcement Architecture.

The following steps describe how the SonicWALL Deep Packet Inspection Architecture works:

1Pattern Definition Language Interpreter uses signatures that can be written to detect and prevent against known and unknown protocols, applications and exploits.

2TCP packets arriving out-of-order are reassembled by the Deep Packet Inspection framework.

3Deep Packet Inspection engine preprocessing involves normalization of the packet’s payload. For example, a HTTP request may be URL encoded and thus the request is URL decoded in order to perform correct pattern matching on the payload.

4Deep Packet Inspection engine postprocessors perform actions which may either simply pass the packet without modification, or could drop a packet or could even reset a TCP connection.

5SonicWALL’s Deep Packet Inspection framework supports complete signature matching across the TCP fragments without performing any reassembly (unless the packets are out of order). This results in more efficient use of processor and memory for greater performance.

SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE

287

Image 306

SonicWALL 3 manual How SonicWALL’s Deep Packet Inspection Architecture Works, 287

Contents

SonicOS Standard Administrators Guide Table of Contents Part 2 System Part 3 Network Part 4 Modem Part 5 Wireless Part 8 VPN Configuring Site to Site VPN Policies Using Vii Part 9 Users Viii Part 11 Log Index Preface Copyright NoticeTrademarks Limited Warranty XiiPage Organization of this Guide Part 11 Log Part 10 Security ServicesPart 9 Users About this Guide Guide Conventions Icons Used in this Manual North America Telephone Support More Information on SonicWALL Products and ServicesSonicWALL Technical Support International Telephone Support Current Documentation Xviii Introduction Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Introduction What’s New in SonicOS Standard SonicWALL Management Interface Navigating the Management Interface SonicWALL Management Interface Status Bar Applying ChangesNavigating Tables Common Icons in the Management Interface Getting HelpLogging Out Introduction Internet Service Provider ISP Information Basic SonicWALL Security Appliance SetupSonicWALL Security Appliance Configuration Steps Collecting Required ISP Information If You Have a Static IP Address Other InformationIf You Have DSL SonicWALL Management Interface Using the SonicWALL Setup Wizard SonicWALL TZ 170 SP SonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Configuring a Static IP Address Internet Connection Using the SonicWALL Setup Wizard Configuring a Dhcp Internet Connection Configuring a PPPoE Internet Connection Configuring Pptp Internet Connectivity Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring the TZ 170 SP using the Setup Wizard Configuring the WAN Network Mode Welcome to the SonicWALL Setup WizardChanging the Password Selecting the Deployment Scenario Configuring LAN Dhcp Settings Configuring WAN SettingsConfiguring LAN Settings Configuring Wlan 802.11b/g Settings Configuring the LAN Settings Configuring the LAN Dhcp SettingsConfiguring Wlan 802.11b Settings Configuring the WAN Network Mode Configuring the TZ 170 Wireless as a Secure Wireless Bridge Configuring Wlan Network Setting Configuring Secure Wireless Bridge Settings Registering Your SonicWALL Security Appliance Before You Register Registering Your SonicWALL Security Appliance Registering Your SonicWALL Security Appliance Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Viewing System Status Information System StatusSystem Status Wizards System MessagesSystem Information Security Services Latest Alerts Network Interfaces SonicWALL TZ 50 WirelessSonicWALL TZ 150 Wireless SonicWALL Security Appliance Model Interfaces SonicWALL TZ System Licenses System LicensesSystem Licenses Node License Status Currently Licensed NodesNode License Exclusion List Security Services Summary Manage Security Services Online Manual Upgrade Manual Upgrade for Closed Environments From a Computer Connected to the Internet System Licenses Using System Administration System AdministrationSystem Administration Name/Password Login SecurityFirewall Name Web Management Settings Four addresses or host names can be used Enable SnmpAdvanced Management Click OK Enable Management Using SonicWALL GMS Using System Administration Set Time Setting System TimeSystem Time System Time NTP Settings Setting the SonicWALL Security Appliance Time Settings Configuring System SettingsSystem Settings Import Settings Firmware Management Export SettingsClick Export Settings New Firmware SafeMode Rebooting the SonicWALL Security Appliance Firmware Management SettingsSystem Information Firmware Management System Diagnostics System Diagnostics Tech Support Report Generating a Tech Support Report Diagnostic Tools Active Connections Monitor SettingsActive Connections Monitor CPU Monitor DNS Name Lookup Find Network Path Packet Trace Select Packet Trace from the Diagnostic tool menu Reverse Name Resolution PingProcess Monitor System Restart Network Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring Network Settings Network SettingsNetwork Settings Setup Wizard Interfaces DNS Settings Interface Options by SonicWALL Security Appliance Configuring the WAN Interface Configuring Transparent Mode Configuration Example Configuring the WAN Interface Configuring NAT Enabled Configuring NAT with Dhcp Client Configuring NAT with PPPoE Client Configuring NAT with L2TP Client Configuring NAT with Pptp Client Configuring Ethernet Settings in WAN Properties Configuring the WAN Interface Configuring the LAN Interface Basic LAN ConfigurationConfiguring Multiple LAN Subnets Configuring the OPT Interface Configuring Ethernet SettingsConfiguring the OPT Interface Configuring Transparent Mode Configuring the DMZ Interface Configuring the DMZ InterfaceConfiguring NAT Mode Select OPT in NAT Mode Configuring Transparent Mode Configuring the Modem Interface TZ 170 SP Configuring the Modem Interface TZ 170 SPSelect DMZ in NAT Mode Modem Settings Profiles Select Enable WAN Failover Failover Advanced Activating the Modem Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Network One-to-One NAT Configuring One-to-One NATSelect the Enable One-to-One NAT check box Network One-to-One NAT One-to-One NAT Configuration Example Select Enable One-to-One NATClick Firewall, then Access Rules Allow Service Http Source WAN Configuring One-to-One NAT Configuring Web Proxy Settings Network Web ProxyNetwork Web Proxy Configuring Automatic Web Proxy Forwarding Bypass Proxy Servers Upon Proxy FailureForward OPT/DMZ/WLAN Client Requests to Proxy Server Configuring Intranet Settings Network IntranetNetwork Intranet Specified address ranges are attached to the LAN link InstallationIntranet Settings Specified address ranges are attached to the WAN link Configuring Static Routes Network RoutingNetwork Routing Key terms Static Route Configuration ExampleStatic Routes SonicWALL LAN IP Address Route Advertisement Configuration Route Advertisement Routing Table Configuring Address Resolution Protocol Settings Network ARPNetwork ARP Adding a Secondary Subnet using the Static ARP Method Static ARP EntriesSecondary Subnets with Static ARP Network ARP Prohibit Dynamic ARP Entries Navigating and Sorting the ARP Cache Table Flushing the ARP Cache Configuring Address Resolution Protocol Settings Network Dhcp Server Configuring the Dhcp ServerDhcp Server Settings Network Dhcp Server Configuring Dhcp Server for Dynamic Ranges Dhcp Server Lease Scopes Configuring Static Dhcp Entries 101 Current Dhcp Leases Supported Ddns Providers Configuring Dynamic DNSNetwork Dynamic DNS Network Dynamic DNS Additional Services offered by Dynamic DNS Providers Configuring Dynamic DNS 105 106 Dynamic DNS Settings Table 107 108 Modem 109 110 Modem Status Viewing Modem StatusModem Status 111 Modem Status Modem Settings Configuring Modem SettingsModem Settings 113 Configuring Profile and Modem Settings Modem Failover Configuring Modem FailoverModem Failover Settings Modem Failover Configuring Modem Failover Modem Advanced Modem Advanced117 Configuring Advanced Modem Settings Dial-Up Profiles Configuring Modem Dialup PropertiesModem Dialup Profiles Modem Dialup Profiles Modem Dialup Profiles Modem Profile Configuration Configuring a Dialup Profile Modem Dialup Profiles Modem Profile Configuration 121 122 Chat Scripts 123 Custom Chat Scripts Wireless 125 126 LAN WAN 127 Considerations for Using Wireless Connections Optimal Wireless Performance Recommendations Optimal Wireless Performance RecommendationsWireless Guest Services WGS 129 Wireless Node Count Enforcement WiFiSec EnforcementMAC Filter List Wlan Network Settings Using the Wireless WizardWelcome to the SonicWALL Wireless Configuration Wizard Using the Wireless Wizard Wlan 802.11b Settings Wlan Security Settings WiFiSec VPN Client User Authentication Wireless Guest Services133 Wireless Configuration Summary Updating the TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Wireless Status Wireless StatusConfiguring Additional Wireless Features 135 Wlan Settings Access Point Status Wlan Statistics Station Status137 138 Wireless Radio Mode Configuring Wireless SettingsWireless Settings Wireless Settings Wireless Settings Secure Wireless Bridging TZ 170 Only 141 Configuring a Secure Wireless Bridge Network Settings for the Example Network Wireless Bridging without WiFiSec143 Advanced Configuration for both VPN Policies Select LAN for VPN Terminated at Wireless Bridge VPN Policy 145 146 Wireless WEP/WPA Encryption Configuring WEP and WPA EncryptionWireless WEP/WPA Encryption 147 WEP Encryption Settings WPA Encryption SettingsWEP Encryption Keys WPA-PSK Settings WPA-EAP Settings149 WPA Settings Beaconing & Ssid Controls Wireless AdvancedWireless Advanced 151 Wireless Client Communications Advanced Radio SettingsConfigurable Antenna Diversity TZ 170 Wireless 153 154 Wireless MAC Filter List Configuring the MAC Filter ListWireless MAC Filter List 155 156 Wireless Bridge IDS Configuring Wireless IDSWireless IDS Wireless IDS Rogue Access Point Detection Access Point IDSEnable Client Null Probing Association Flood Detection Authorizing Access Points on Your Network 159 160 Wireless Guest Services 161 162 WGS Status WGS Status163 Viewing Wireless Guest Services Status WGS Settings Configuring Wireless Guest ServicesWGS Settings 165 Bypass Guest Authentication Enable Dynamic Address Translation DATBypass Filters for Guest Accounts Enable IP Address Deny List for Authenticated Users Enable Smtp RedirectEnable URL Allow List for Authenticated Users 167 Customize Login Check the Customize Login Page box WGS Account Profiles Custom Post Authentication RedirectMaximum Concurrent Guests To add a profile Account Lifetime Working with Guest Accounts Managing Wireless Guest AccountsWGS Accounts WGS Accounts Automatically Generating Guest Accounts Account Profile Manually Configuring Wireless GuestsAccount Detail Printing 173 Flexible Default Route Secure Access Point with Virtual Adapter Support Secure Access Point with Wireless Guest Services 175 176 Firewall 177 178 Network Access Rules Overview Configuring Network Access RulesNetwork Access Rules Overview 179 Using Bandwidth Management with Access Rules Firewall Access Rules Configuring a Public Server Rule Restoring Default Network Access RulesAdding Rules using the Network Access Rule Wizard Navigating and Sorting the Access Rules Table Entries Configuring a General Network Access Rule 183 Adding Rules Using the Add Rule Window 185 Configuring Network Access Rules Click the Bandwidth tab Enabling Ping Blocking LAN Access for Specific ServicesRule Examples Select WAN from the Destination Ethernet menu 188 Windows Networking NetBIOS Broadcast Pass Through Configuring Advanced Rule OptionsAccess Rules Advanced Access Rules Advanced Detection Prevention TCP Connection Inactivity TimeoutAccess Rule Service Options Source Routed Packets User Defined Custom Services Configuring Custom ServicesFirewall Services Firewall Services Predefined Services VoIP Protocols Configuring VoIPFirewall VoIP Firewall VoIP 323 SIP Settings Configuring the VoIP SettingsSIP Settings 195 196 Firewall Connections Monitor Monitoring Active Firewall ConnectionsFirewall Connections Monitor 197 Click Apply Filters Setting Filter LogicUsing Group Filters Source IP Priority && Category && Source && Destination VPN 199 200 SonicWALL VPN Options Overview Configuring VPN SettingsSonicWALL VPN Options Overview 201 VPN Settings VPN Global SettingsVPN Policies Currently Active VPN Tunnels Configuring GroupVPN Policy on the SonicWALLConfiguring GroupVPN Policy on the SonicWALL Navigating and Sorting the VPN Policies Entries Configuring IKE Preshared Secret 205 206 207 Configuring GroupVPN with IKE 3rd Party Certificates 209 210 211 212 Export a GroupVPN Client Policy Site to Site VPN ConfigurationsSite to Site VPN Configurations Site-to-Site VPN Deployments Router VPN Planning Sheet for Site-to-Site VPN PoliciesSite a Additional Information 215 Creating a Typical IKE Preshared Secret VPN Policy Creating a Custom VPN Policy IKE with Preshared Secret 217 Creating a Manual Key VPN Policy with the VPN Policy Wizard 219 220 Configuring a VPN Policy IKE with Preshared Secret Tip The Shared Secret must be a minimum of four characters221 222 223 Configuring a VPN Policy using Manual Key Select Manual Key from the IPSec Keying Mode menu Configuring a VPN Policy with IKE 3rd Party Certificate General tab, select IKE using 3rd Party Certificates225 226 227 228 VPN Advanced Configuring Advanced VPN SettingsAdvanced VPN Settings VPN Advanced VPN User Authentication Settings Select Enable VPN Bandwidth Management VPN Bandwidth Management231 Configuring Advanced VPN Settings VPN Dhcp over VPN Configuring Dhcp Over VPNDhcp Relay Mode VPN Dhcp over VPN Configuring the Central Gateway for Dhcp Over VPN Configuring Dhcp over VPN Remote Gateway 235 Device Configuration Click OK to exit the Dhcp over VPN Configuration windowCurrent Dhcp over VPN Leases VPN L2TP Server Configuring L2TP Server SettingsVPN L2TP Server 237 L2TP Server Settings IP Address SettingsAdding L2TP Clients to the SonicWALL Currently Active L2TP Sessions 239 Configuring L2TP Server Settings SonicWALL Third-Party Digital Certificate Support Managing CertificatesDigital Certificates Overview Digital Certificates Overview VPN Local Certificates Importing Certificate with Private KeyCertificate Details VPN Local Certificates Generating a Certificate Signing RequestDelete This Certificate Select Add New Local Certificate from the Certificates menu VPN CA Certificates Importing CA Certificates into the SonicWALLSelect Add New CA Certificate Importing a CRL List Automatic CRL UpdateCertificate Revocation List CRL Click Browse for Please select a file to import 246 Users 247 248 Users Status User Level Authentication OverviewUser Level Authentication Overview 249 Users Settings Authentication MethodActive User Sessions Users Settings Global User SettingsInternet Authentication Exclusions 251 Acceptable Use Policy Configuring Radius Authentication Select Use Radius for user authentication253 254 255 256 Users Local Users Configuring Local UsersUsers Local Users 257 Adding a Local User Security Services 259 260 SonicWALL Security Services SonicWALL Security Services MySonicWALL.com Activating Free Trials Security Services Summary Security Services SummarySecurity Services Summary Manage Licenses 263 Security Services Settings Security Services InformationIf Your SonicWALL Security Appliance is Not Registered SonicWALL Content Filtering Service SonicWALL Content Filtering Service265 Security Services Content Filter Content Filter StatusActivating SonicWALL Content Filtering Service Activating a SonicWALL Content Filtering Service Security Services Content Filter267 Content Filter Type Restrict Web Features Configuring SonicWALL Filter Properties Configuring SonicWALL Filter PropertiesMessage to Display when Blocking Trusted Domains Custom List Allowed/Forbidden DomainsKeyword Blocking Disable all Web traffic except for Allowed Domains 271 Consent Adding a New Address Mandatory Filtered IP AddressesConsent Page URL mandatory filtering 273 274 SonicWALL Network Anti-Virus Overview SonicWALL Network Anti-Virus Overview275 Security Services Anti-Virus Activating SonicWALL Network Anti-Virus Security Services Anti-Virus Activating a SonicWALL Network Anti-Virus Free Trial277 Security Services E-Mail Filter Configuring SonicWALL Network Anti-Virus SonicWALL Gateway Anti-Virus Overview Managing SonicWALL Gateway Anti-Virus ServiceSonicWALL Gateway Anti-Virus Overview 279 SonicWALL Gateway Anti-Virus/Intrusion Prevention Features Activating SonicWALL Gateway Anti-Virus 281 Activating SonicWALL Gateway Anti-Virus Activating the SonicWALL Gateway Anti-Virus Configuring SonicWALL Gateway Anti-Virus Configuring SonicWALL Gateway Anti-Virus283 284 SonicWALL IPS Features Managing SonicWALL Intrusion Prevention ServiceSonicWALL Intrusion Prevention Service SonicWALL Intrusion Prevention Service SonicWALL Deep Packet Inspection How SonicWALL’s Deep Packet Inspection Architecture Works 287 Security Services Intrusion Prevention Activating SonicWALL IPS Security Services Intrusion Prevention Activating the SonicWALL IPS Free Trial289 290 SonicWALL Global Security Client Managing SonicWALL Global Security ClientSonicWALL Global Security Client 291 Global Security Client Features How SonicWALL Global Security Client WorksSonicWALL Global Security Client Activation Activating SonicWALL Global Security Client 293 294 Log 295 296 SonicOS Log Event Messages Overview Viewing Log EventsSonicOS Log Event Messages Overview 297 Log View Navigating and Sorting Log View Table Entries Clear Log SonicOS Log EntriesRefresh Mail Log 300 Specifying Log Categories Log CategoriesLog Categories Alerts & Snmp Traps Log Automation Configuring Log AutomationLog Automation 303 Mail Syslog Servers 305 306 Log Name Resolution Configuring Name ResolutionLog Name Resolution 307 Selecting Name Resolution Settings Name Resolution Method list, selectSpecifying the DNS Server Log Reports Reset DataGenerating and Viewing Log Reports Data Collection Web Site Hits Bandwidth Usage by ServiceView Data Bandwidth Usage by IP Address Log ViewPoint Log ViewPointSonicWALL ViewPoint 311 Generating and Viewing Log Reports SonicSetup SonicSetup313 Introduction and Discovery Device Selection Diagnostics Diagnostics315 SonicROM Recovery Diagnostic Results SonicOS Recovery SonicOS Recovery317 Restoring Factory Defaults Address Synchronization Address Synchronization319 320 SonicWALL SafeMode SonicWALL SafeMode321 322 Upgrading SonicOS Firmware Upgrading SonicOS Firmware323 324 Index Numerics 326 VPN 327 WPA, see WiFiSec Protected Access 232- 000609- 00 Rev E 02/05