Manuals / SonicWALL / Kitchen Appliance / Frozen Dessert Maker

SonicWALL 4.5 manual Configuring policies for firewall protection

Models: 4.5

1 212

Download 212 pages 10.59 Kb

Page 112

Configuring policies for firewall protection

Enforced Client Product Guide	Using the Firewall Protection Service
	Configuring policies for firewall protection

5

Configuring policies for firewall protection

Policies define the operational settings for all your protection services. See Setting up policies on page 75 for general information about using policies.

See The SonicWALL Default policy on page 76 for a table listing the firewall protection settings in the SonicWALL Default policy.

By default, users configure their own firewall protection settings. When you set up a policy, you can specify whether to allow users to change their settings.

For maximum protection, we recommend that you configure firewall protection settings. If users change their settings, we recommend that you review their changes regularly. It is important that mobile users who connect to both secure (trusted) and unsecure (untrusted) networks be able to update the settings as their location changes.

On the Groups + Policies page, use the Desktop Firewall tab to configure basic settings for the firewall protection service.

Specify who configures firewall protection settings

Install the firewall protection service via policy

Enable firewall protection

Select a firewall protection mode

Specify a connection type

Set up allowed Internet applications

Specify whether to use SonicWALL recommendations

112

Image 112

SonicWALL 4.5 manual Configuring policies for firewall protection, „ Specify who configures firewall protection settings

Contents

6ERSIONS 3ONIC7!,,C%NFORCED #LIENT !NTI6IRUS AND !NTI3PYWARE 0RODUCTDUIDE02/4%#4/. !444%/30%%$!/& 53.%33 Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHT TRADEMARK ATTRIBUTIONSLICENSE INFORMATION License Agreement AttributionsInstalling Enforced Client ContentsIntroduction Using Enforced Client Using the Virus and Spyware Protection Service Using the Firewall Protection ServiceDisabling on-access scanning Managing your subscriptionsUsing the Browser Protection Service 1 Introduction „ What is Enforced Client? „ What is new in this release?„ Managing with the online SecurityCenter „ Using this guide „ How does the software work?What is Enforced Client? „ Select the right version of Enforced Client„ Protect against many kinds of threats „ Ensure continuous, automatic protectionSelect the right version of Enforced Client Protect against many kinds of threatsEnsure continuous, automatic protection What is new in this release? New featureusers when support ends on page Chapter 2, Installing Enforced ClientHow does the software work? The updating process„ The updating process „ Outbreak response „ Rumor technology „ Internet Independent Updating IIURetrieving updates Figure 1-2 Methods for updating client computersRumor technology Outbreak responseUploading security information Internet Independent Updating IIU Managing with the online SecurityCenter Figure 1-3 The online SecurityCenterSee Using the SecurityCenter on page 55 for more information User groups Customized policies Figure 1-4 Example Sales Team group and Sales policyWho should read this guide? Using this guide„ Who should read this guide? „ Conventions Conventions BoldCondensed ExampleGetting product information Contact information Avert Labs DAT Notification ServiceProduct Upgrades Valid grant number required Security Updates DATs, engine HotFix and Patch ReleasesIntroduction Enforced Client Product GuideGetting product information Installing Enforced Client „ Before you install „ Installing Enforced Client„ Completing the installation „ What should I do after installing? „ After you place your order „ System requirementsAfter you place your order System requirements Operating systems„ Operating systems „ RAM „ Email security service Protection servicesNotifying users when support ends Operating system support endingEmail security service Email server security applicationTerminal servers Before you install Uninstall existing virus protection software„ Uninstall existing virus protection software „ Uninstall existing firewall software „ Configure your browserSonicWALL Enterprise SonicWALL RetailComputer Associates FinjanUninstall existing firewall software Configure your browserInternet Explorer Non-Microsoft browsersInstall the standalone installation agent Installing Enforced Client Standard URL installationRequirements Standard URL installationSending an installation URL to users Installing on client computersWhat is the email address used for? 3 When you are prompted to do so, click InstallAdvanced installation methods Figure 2-2 Advanced installation methodsAdvanced installation method The administratorRequirements Silent installation„ Requirements „ Installation Installation What is my company key?VSSETUP parameters Push installation Considerations for scheduling push installations „ Requirements „ Installation1 Download the Push Install utility from the SecurityCenter RequirementsInstallation To install Enforced Client using the Push Install utilityEnabling relay servers If you use a corporate firewall or proxy serverFigure 2-6 Status for target computers Completing the installation Using the Push Install utilityUsing VSSETUP „ Using the Push Install utility „ Using VSSETUPTest virus protection Scan the client computerSet up the default firewall Scan the email InboxWhat should I do after installing? „ Setting up your account on page„ Viewing your security services at-a-glance on page „ Setting up policies on page „ Viewing reports on pageWhat should I do after installing? Installing Enforced ClientEnforced Client Product Guide Using Enforced Client „ Using the client software „ Updating client computers„ Using the SecurityCenter „ Getting started „ Setting up your accountUsing the client software Enforced Client system tray iconRemoving and displaying the icon „ Administrative menu and tasksUpdating client computers Administrative menu and tasksClient menu Update automatically Update manuallyUpdate during an outbreak „ Update automatically „ Update manually „ Update during an outbreakUsing the SecurityCenter Update computers where no user is logged onWhen you are Setting up your accountSetting up policies Viewing reports Managing your correspondence „ Set up your profile „ Change your SecurityCenter passwordAccess online features and functions Getting startedLog on to the SecurityCenter „ Log on to the SecurityCenter „ Access online features and functionsUsing Enforced Client Figure 3-1 SecurityCenter tabsEnforced Client Product Guide Getting startedMake the most of your online data When you want toFigure 3-2 Page controls for listings and reports Do thisCustomize listings and reports Using the online help Do thisShow Navigation Previous and NextSetting up your account Set up your profileChange your SecurityCenter password Sign up for email notificationsViewing your security services at-a-glance Install protection services View and resolve action items„ Install protection services „ View and resolve action items „ Purchase, add, and renew services „ Request a trial subscriptionManaging your computers View security coverage for your account„ Search for computers „ Install protection services „ Send email to computers „ Block computers from receiving updates„ Display details for a computer „ View detections for a computer „ View user-approved applications for a computerSearch for computers Display details for a computerInstall protection services See Chapter 2, Installing Enforced Client for more informationWhen you want to Figure 3-5 Computer Details pageDo this For System email address, type a new email address, then click SaveView user-approved applications for a computer View detections for a computerSend email to computers Block computers from receiving updates Creating groups to manage your siteDelete computers from your reports Move computers into a groupThe Default group „ Create or edit a group „ Delete a groupCreate or edit a group Designating group administratorsDelete a group Figure 3-7 Site and group administrators Create or edit a group administrator „ Create or edit a group administrator „ Delete a group administratorSetting up policies Delete a group administrator„ Restore default policy settings „ Delete a policy „ Create or edit a policy „ Assign a policy to a groupThe SonicWALL Default policy Default settingAll programs types are enabled Virus protectionCreate or edit a policy Restore default policy settingsAssign a policy to a group Viewing reports Delete a policyUse this report To viewDetections UnrecognizedView duplicate computers Figure 3-9 Duplicate Computers reportManaging your correspondence View computer profiles„ Send email to users „ Update user email addresses „ Update your account’s email address „ Add your logo to reportsUpdate user email addresses Update your account’s email addressSend email to users Add your logo to reportsView your service subscriptions Managing your subscriptions„ View your service subscriptions „ Update subscription information „ Purchase, add, and renew services „ Request a trial subscriptionUpdate subscription information Purchase, add, and renew servicesGetting assistance Request a trial subscriptionReceive subscription notifications View printed and online documentsDownload utilities Contact product supportVSSetup Run the Push Install UtilityUsing the Virus and Spyware Protection ServiceAccessing client features Scan Tasks menu „ Accessing client features Scan Tasks menuSelect this command Disable On-Access ScannerScanner see Disabling on-access scanning on page Figure 4-1 Scan Tasks menuScan automatically on-access scans Scanning client computers„ Scan automatically on-access scans „ Scan manually on-demand scans „ Schedule on-demand scans „ Scan email „ Scan for spywareView scan results Scan manually on-demand scans„ View scan results „ How detections are handled How detections are handled Scan email Schedule on-demand scansScan for spyware Clean CleanedApprove CloseConfiguring policies for virus and spyware protection Set basic virus protection optionsSchedule on-demand scans „ Schedule on-demand scansExclude files and folders from virus scans Select your update frequency Enable optional protectionSet advanced virus protection options „ Select your update frequency „ Enable optional protectionEnable script scanning Enable outbreak response Enable buffer overflow protectionScan email before delivering to the Outlook Inbox rar, .tat, .tgzEnable spyware protection Set basic spyware protection options„ Enable spyware protection „ Select a spyware protection mode „ Specify approved programsSelect a spyware protection mode Behavior of protection serviceMode ReportSet advanced spyware protection options Learn modeSpecify approved programs Password crackers 2 Click the Advanced Settings tabThreat type DescriptionViewing reports for virus and spyware detections View detections„ Detections see View detections „ Unrecognized Programs see View unrecognized programs on pageWhen you want to advanced spyware protection options on pageBuffer Overflow Processes Details pageView unrecognized programs Figure 4-7 Unrecognized Programs reportUsing the Unrecognized Programs report When you want tothe Computer Details page on pageView your detection history Figure 4-8 Detection History reportManaging detections Manage your protection strategy with best practices„ Manage your protection strategy with best practices „ Manage quarantined filesManage quarantined files Restorethe Quarantine Viewer 2 Select Scan Tasks Quarantine ViewerDisabling on-access scanning CleanedClean failed 2 Select Disable On-Access Scanner or Enable On-Access ScannerDisabling on-access scanning Using the Virus and Spyware Protection ServiceEnforced Client Product Guide Using the Firewall Protection Service Accessing client features Firewall Settings command„ Accessing client features Firewall Settings command „ Configuring policies for firewall protectionConfiguring policies for firewall protection „ Specify who configures firewall protection settings„ Install the firewall protection service via policy „ Enable firewall protection „ Select a firewall protection modeSpecify who configures firewall protection settings Figure 5-1 Desktop Firewall policy tabInstall the firewall protection service via policy Enable firewall protectionSelect a firewall protection mode Learn modeSpecify a connection type Configure a custom connection„ Configure system services for a custom connection Configure system services for a custom connection Standard system service ports„ Configure IP addresses for a custom connection „ Standard system service ports „ Open a service portOpen a service port Add and edit service ports Close a service portSet up allowed Internet applications Configure IP addresses for a custom connectionSpecify Internet applications in a policy Specify whether to use SonicWALL recommendationsView unrecognized Internet applications Viewing reports for firewall protection„ Unrecognized Programs see View unrecognized Internet applications View inbound events blocked by the firewall Managing suspicious activity with best practices Events to display the Inbound Event List„ When running the firewall protection service on a server, ensure that service ports are configured correctly to prevent disruption of system services see Configure system services for a custom connection on page 117. Ensure that no unnecessary ports are open Enforced Client Product Guide Using the Firewall Protection ServiceManaging suspicious activity with best practices Using the Browser Protection Service Accessing site safety information„ Accessing site safety information „ Configuring browser protection settings „ Submitting feedbackHow safety ratings are compiled Staying safe during searchesStaying safe while browsing SettingsSettings Configuring browser protection on the clientConfiguring browser protection settings Viewing safety reportsConfiguring browser protection from the SecurityCenter Installing via policyConfiguring browser protection on the client computer Enable or disable the display of safety icons nextEncrypt the data sent to the server using the Enable or disable the color coding for theSubmitting feedback Using the Email Security Service „ Activating the email security service „ Using the portal„ Setting up your account „ Viewing your email protection status „ Configuring a policy for email securityUsing the portal Activating the email security service2 Click Install Protection 3 Select Install email security service Update your MX records Customize your account settingsSetting up your account „ Update your MX records „ Customize your account settingsRecommended first steps Default settings1 Add your other domains Optional customization Configure general administration settings Figure 7-2 Administration pageViewing your email protection status Access basic administration features on the Administration pageUse this feature General SettingsTo view the status of your service Configuring a policy for email security Viewing reports for the email security serviceManaging quarantined email View and manage quarantined user messagesCheck the Quarantine Summary „ View and manage quarantined user messagesGetting more information View quarantined mail deliveriesEnforced Client Product Guide Using the Email Security ServiceGetting more information 8 Troubleshooting Uninstalling protection services„ Uninstalling protection services „ Frequently asked questions FAQ „ Error messages „ Contacting product supportFrequently asked questions FAQ Installing„ Installing „ Adding, renewing, and moving licenses „ Configuring and managing policies „ Scanning „ Reporting „ UpdatingConfiguring and managing policies Adding, renewing, and moving licensesScanning ReportingUpdating Firewall protection Email Browser protectionGeneral Error messages „ Installation Declined „ Installation Denied„ Invalid Entitlement Error „ Cannot find remote shared directory „ File does not exist„ MyASUtil.SecureObjectFactory error message „ MyINX Error „ Unable to connect to the Enforced Client update server„ Unable to create Cab Installer Object Cannot find remote shared directoryThe user doesn’t have administrator rights The security level of the browser is too highInternet Explorer is blocking ActiveX controls A registry file is missingInstallation Denied Common causes and solutions 1 From the Windows Control Panel, open Add/Remove Programs If you do not see a Status column, set your view options to Details1 Select Start Run You might need to adjust your corporate firewall or proxy settings See If you use a corporate firewall or proxy server on pageContacting product support Glossary Compare to group administrator and userprotection service See reportsCompare to URL installation Compare to SecurityCenter websiteSee policy Compare to trusted connection and untrusted connectionprotection service protection serviceCompare to administrator and user See also push installation, silent installation, and URL installationCompare to protect mode and report mode Compare to prompt mode and report modeCompare to silent installation and URL installation Compare to prompt mode and protect modeSee on-access scanning and on-demand scanning Compare to push installation and URL installationCustomer Home site Compare to client softwareCompare to push installation and silent installation Compare to administrator and group administratorservice Compare to trusted connectionLogin page SecurityCenter tab„ Log on to the SecurityCenter „ Change your SecurityCenter password „ Viewing your security services at-a-glanceComputers tab „ Managing your computers „ Install protection services„ Send email to computers „ Block computers from receiving updates „ Specify approved programs „ Set up allowed Internet applicationsDescription Find computersAdd Computer GroupsReports tab „ Viewing reports for the email security service„ Viewing reports „ View detections „ View unrecognized programs „ View unrecognized Internet applicationsGroups + Policies tab „ Creating groups to manage your site „ Setting up policies„ Configuring policies for virus and spyware protection „ Configuring policies for firewall protectionMy Account tab „ Setting up your account „ Change your SecurityCenter password„ Managing your subscriptions „ Designating group administrators Service Summary sectionNotification Preferences section My Logo sectionInstall Protection Help tabEmail Page „ View printed and online documents „ Download utilitiesInstall Protection New Computers Install Protection New Computers Email Text„ Installing Enforced Client „ Standard URL installation „ Using the portalInstall Protection Existing Computers Install Protection Existing Computers Email Text„ Standard URL installation „ Standard URL installation „ Advanced installation methodsInstall Email Security Service Advanced Installation Methods„ Using the portal „ Update your MX records „ Viewing reports for the email security serviceProduct Purchase Product Coverage„ Managing your subscriptions „ Purchase, add, and renew services „ Request a trial subscriptionComputer Details „ Set up allowed Internet applications„ Managing your computers „ Make the most of your online data „ Customize listings and reports „ Specify approved programsUser-Approved Application List Detection List„ View detections for a computer Search Results „ Specify approved programs „ Set up allowed Internet applications„ View user-approved applications for a computer „ Managing your computers „ Search for computersDetections report by computer „ View detections „ Make the most of your online data„ Customize listings and reports „ Manage your protection strategy with best practicesDetections report by detection „ View detections „ Make the most of your online data„ Customize listings and reports „ Manage your protection strategy with best practicesUnrecognized Programs report by computer „ Set up allowed Internet applications„ View unrecognized programs „ Make the most of your online data „ Customize listings and reportsUnrecognized Programs report by program „ Specify approved programs „ Set up allowed Internet applications„ View unrecognized programs „ View user-approved applications for a computerInbound Events Blocked by Firewall report by originating computer Inbound Events Blocked by Firewall report by destination computerLists the IP address of the computer where the event originated „ View inbound events blocked by the firewallInbound Event List Duplicate Computers report„ View inbound events blocked by the firewall „ View duplicate computers „ Display details for a computerComputer Profiles report „ View computer profilesDetection History report „ View your detection history„ Manage your protection strategy with best practices DescriptionEdit Default Group Edit Group„ Creating groups to manage your site „ Setting up policies „ Creating groups to manage your site „ Setting up policiesView Default Policy Add Group„ Setting up policies „ Assign a policy to a group „ Setting up policies „ Set basic virus protection options„ Configuring policies for firewall protection „ Configuring browser protection from the SecurityCenter„ The SonicWALL Default policy Firewall ConfigurationEnable outbreak response Enable buffer overflowEnable script scanning on-access scansEdit Policy Virus Protection Settings „ Set basic virus protection options „ Assign a policy to a groupEdit Policy Spyware Protection Settings „ Set basic spyware protection options „ Assign a policy to a group„ Configuring policies for firewall protection „ Learn mode Edit Policy Desktop Firewall Settings„ Assign a policy to a group update the policy to User configures firewall Automatically install theFirewall Protection Mode DescriptionFirewall Custom Settings „ Configure system services for a custom connectionAdd or Edit Incoming Connection „ Configure IP addresses for a custom connection„ Configure system services for a custom connection CancelEdit Policy Browser Protection Settings Edit Policy Advanced Settings„ Configuring browser protection from the SecurityCenter „ Update computers where no user is logged onSettings Check for updates every„ Enable buffer overflow protection Detect code starting to run „ Scan all file types during on-access scans Inspect all types ofAdd Policy Virus Protection Settings „ Set basic virus protection options „ Assign a policy to a groupAdd Policy Spyware Protection Settings „ Set basic spyware protection options „ Assign a policy to a group„ Configuring policies for firewall protection „ Learn mode Add Policy Desktop Firewall Settings„ Assign a policy to a group Firewall Configuration update the policy to User configures firewallAutomatically install the Firewall Protection Mode„ Configuring browser protection from the SecurityCenter Add Policy Browser Protection Settings„ Assign a policy to a group Add Policy Advanced Settings „ Update computers where no user is logged on„ Notifying users when support ends „ Assign a policy to a group „ Set advanced virus protection optionsCheck for updates every SettingsDescription Subscription History „ Managing your subscriptionsEdit Subscription Information „ Update subscription informationView Cancelled Services Managed ServicesManage Group Administrators Manage All Group Administrators„ Designating group administrators „ Designating group administratorsNotification Preferences „ Sign up for email notificationsEdit Profile Manage LogoUtilities „ Set up your profile „ Change your SecurityCenter password„ Install the standalone installation agent Silently install protectionInstall protection services previous installation