Manuals / SonicWALL / Computer Equipment / Network Router

SonicWALL Internet Security Appliances manual Public LAN Server, Windows Messenger Support

Models: Internet Security Appliances

1 293

Download 293 pages 54.59 Kb

Page 128

Public LAN Server

A Public LAN Server is a LAN server designated to receive inbound traffic for a specific service, such as Web or e-mail. You can define a Public LAN Server by entering the server's IP address in the Public LAN Server field for the appropriate service. If you do not have a Public LAN Server for a service, enter "0.0.0.0" in the field.

Windows Networking (NetBIOS) Broadcast Pass Through

Computers running Microsoft Windows communicate with one another through NetBIOS broadcast packets. By default, the SonicWALL blocks these broadcasts. If you select From LAN to WAN, your SonicWALL allows NetBIOS broadcasts from LAN to DMZ or from LAN to WAN. Then, LAN users are able to view machines on the DMZ and the WAN in their Windows Network Neighborhood.

Windows Messenger Support

Select Enable Support if you are having problems using Windows Messenger through the SonicWALL. If Enable Support is selected, it may affect the performance of the SonicWALL.

Detection Prevention

Enable Stealth Mode

By default, the SonicWALL responds to incoming connection requests as either "blocked" or "open". If you enable Stealth Mode, your SonicWALL does not respond to blocked inbound connection requests. Stealth Mode makes your SonicWALL essentially invisible to hackers.

Randomize IP ID

A Randomize IP ID check box is available to prevent hackers using various detection tools from detecting the presence of a SonicWALL appliance. IP packets are given random IP IDs which makes it more difficult for hackers to “fingerprint” the SonicWALL appliance. Use this check box for additional security from hackers.

Network Connection Inactivity Timeout

If a connection to a remote server remains idle for more than five minutes, the SonicWALL closes the connection. Without this timeout, Internet connections could stay open indefinitely, creating potential security holes. You can increase the Inactivity Timeout if applications, such as Telnet and FTP, are frequently disconnected.

Network Access Rules Page 129

Image 128

SonicWALL Internet Security Appliances manual Public LAN Server, Windows Networking NetBIOS Broadcast Pass Through

Contents

ADMINISTRATOR’S Guide Contents NAT with PPPoE Configuration Restarting the SonicWALL Status CLI Support and Remote ManagementRestrict Web Features 100 100101 103Viewing Network Access Rules 127 Services 128 Add a Known Service 130 Add a Custom ServiceDelete a Service 131 Rules Network Access Rule Logic List 133Intranet Settings 151 Proxy Relay 148 Web Proxy Forwarding149 Bypass Proxy Servers Upon Proxy Failure 149 Intranet 150Allow Dhcp Pass Through in Standard Mode 166 Allow Dhcp Pass Through in Standard Mode 173Configure Tab 181 Add/Modify IPSec Security Associations 166Advanced Settings for VPN Configurations 191 Configuration Changes 228Configuration Notes 233 190SonicWALL Authentication Service 235 234235 236Limited Warranty About this Guide Organization of this GuideSonicWALL Technical Support Firmware Version Icons Used in this ManualIntroduction Your SonicWALL Internet Security ApplianceInternet Security Content Filtering Logging and ReportingIPSec VPN Dynamic Host Configuration Protocol DhcpEasy Installation and Configuration Configuring the Network Mode on the SonicWALL Standard ModeNetwork Address Translation NAT Enabled NAT with PPPoE ClientSelect Standard from the Network Addressing Mode menu NAT with Dhcp ClientNAT with L2TP Client NAT with Pptp ClientConfiguring the SonicWALL in NAT Enabled Mode Accessing the WizardSetting the Password Connecting to the Internet Selecting Your Internet ConnectionConfirming Network Address Translation NAT Mode Selecting NAT Enabled ModeConfiguring WAN Network Settings Configuring LAN Network SettingsConfiguration Summary CongratulationsConfiguring NAT with PPPoE Client RestartingSetting the Password Connecting to the Internet Setting the User Name and Password for PPPoE Configuring the SonicWALL Dhcp Server Congratulations Configuring NAT with Dhcp Client Accessing the Installation WizardSetting the Time and Date Selecting Your Internet Connection Configuring LAN Network Settings Configuration Summary Configuring NAT with L2TP Client Configuring NAT with Pptp Client Setting the Time and Date Connecting to the Internet Setting the User Name and Password for Pptp Configuring the SonicWALL Dhcp Server Congratulations Logging into the SonicWALL Management Interface Configuring the Network Mode on the SonicWALL Registering at mySonicWALL.com Creating a New User AccountAccount Information Personal Information Registering at mySonicWALL.com Page Click Here Registration Quick Registration Status and Options Managing Your SonicWALL Renaming Your SonicWALLTransferring a SonicWALL Product Delete Product Managing Services for SonicWALL Internet Security Appliances Activating Services Using mySonicWALL.com Registering at mySonicWALL.com Configuring the TELE3 SP Modem Connection Configuring the TELE3 SP WAN Failover FeatureConfiguring Modem Profiles Dial-Up ConfigurationISP Settings Location SettingsConfiguring the TELE3 SP Modem Connection TELE3 SP Modem Configuration Modem SettingsFailover Settings Preempt ModeSelect Enable WAN Failover Select Enable Probing Primary InterfaceConfiguring a Modem Profile for Manual Dial-Up Configure Modem Settings Select None as the Secondary ProfileConfiguring the Modem Settings Tested Internet Service ProvidersStatus Modem StatusChat Scripts Custom Chat Scripts Managing Your SonicWALL Internet Security Appliance Https ManagementManaging Your SonicWALL Internet Security Appliance 74 SonicWALL Internet Security Appliance User’s Guide CLI Support and Remote Management 9600 bps Bits No parity No hand-shakingGeneral and Network Settings Network SettingsNetwork Addressing Mode Network Time AdministratorLAN Settings Multiple LAN Subnet Mask SupportSonicWALL LAN IP Address LAN Subnet MaskWAN Settings DNS SettingsWAN Gateway Router Address WAN/LAN Subnet MaskStandard Configuration NAT Enabled ConfigurationSonicWALL WAN Gateway Router Address is NAT with Dhcp Client Configuration NAT with PPPoE Configuration Select NAT with PPPoE from the Network Addressing Mode menuRestarting the SonicWALL NAT with L2TP Client Configuration Restarting the SonicWALL NAT with Pptp Client Configuration Restarting the SonicWALL Setting the Time and Date NTP SettingsChange the Administrator Password Configuring the Administrator SettingsAdministrator Name Setting the Administrator Inactivity Timeout Login Failure HandlingView Log View Log Log Settings ReportsLogging and Alerts SonicWALL Log Messages TCP, UDP, or Icmp packets droppedWeb, FTP, Gopher, or Newsgroup blocked ActiveX, Java, Cookie or Code Archive blockedLog Settings Configure the following settingsPage Log Categories VPN Tunnel Status Alerts/SNMP TrapsReports Bandwidth Usage by IP Address Bandwidth Usage by ServiceWeb Site Hits SonicWALL ViewPoint Content Filtering and Blocking Configure URL List Customize ConsentBlock Configuring SonicWALL Content FilteringRestrict Web Features Message to display when a site is blocked List UpdatesURL List Trusted DomainsSelect Categories to Block SettingsDownload Automatically every Customizing the Content Filtering List Custom FilterTime of Day Filter Block ActionUser Idle Timeout is 5 minutes configure here ConsentMaximum Web usage Consent page URL Optional FilteringMandatory Filtered IP Addresses Consent Accepted URL Filtering OffConsent Accepted URL Filtering On Consent page URL Mandatory FilteringConfiguring N2H2 Internet Filtering Trusted Domains Settings Server Host Name or IP Address N2H2 Server StatusListen Port Reply PortConfiguring the Websense Enterprise Content Filter Trusted Domains Configuring the Websense Content Filter List SettingsWebsense Server Status Server PortURL Cache Restart Preferences Firmware Diagnostic Web Management ToolsExporting the Settings File PreferencesClick Import in the Preferences tab Importing the Settings FileRestoring Factory Default Settings Updating Firmware Updating Firmware Manually Upgrade Features Diagnostic Tools DNS Name LookupFind Network Path Select Ping from the Choose a diagnostic tool menu PingPacket Trace Select Packet Trace from the Choose a diagnostic tool menu Tech Support ReportGenerating a Tech Support Report Trace Route Network Access Rules Viewing Network Access RulesServices LAN OutWindows Networking NetBIOS Broadcast Pass Through Network Connection Inactivity TimeoutPublic LAN Server Windows Messenger SupportAdd a Custom Service Add ServiceAdd a Known Service Rules Enable LoggingDelete a Service Maximum Number of Rules by Product Product Maximum RulesNetwork Access Rule Logic List Bandwidth ManagementAdd a New Rule Select always from the Apply this rule menu Blocking LAN Access for Specific Services Add New Rule ExamplesEnabling Ping Select WAN from the Destination Ethernet menuCurrent Network Access Rules Table Enable/Disable a RuleRestore the Default Network Access Rules Edit a RuleUnderstanding the Access Rule Hierarchy Global User Settings UsersAdding and Removing a User Highlight -Add New User- in the Current User list boxUsers Currently Locked Out After Login Failures Current UsersUser Login Radius Radius ServersRadius Users Radius Client TestManagement SonicWALL Snmp Support Configuration of the Log/Log Settings for Snmp Configuration of the Service and Rules PagesSonicWALL Management Protocol Additional ManagementNetwork Access Rules Advanced Features Proxy Relay Web Proxy ForwardingConfiguring Web Proxy Relay Bypass Proxy Servers Upon Proxy FailureInstallation IntranetIntranet Configuration Intranet SettingsVPN Single-Armed Mode stand-alone VPN gateway Remote SonicWALL Corporate SonicWALL Configuring a SonicWALL for VPN Single Armed ModeVPN Single Armed Mode SonicWALL Routes LAN Route Advertisement Tip There is no route advertisement on the WANDMZ Addresses RIPv2 AuthenticationDMZ Route Advertisement DMZ in Standard Mode DMZ in NAT ModeDelete a DMZ Address Range HomePort ConfigurationHomePort in Standard Mode HomePort in NAT Mode Delete a HomePort Address RangeSelect the Enable One-to-One NAT check box One-to-One NATOne-to-One NAT Configuration Example Select Enable One-to-One NAT and click UpdateEthernet WAN Link SettingsEnable Bandwidth Management DMZ/WorkPort Link Settings LAN/HomePort Link SettingsMTU Settings Proxy Management workstation ethernet address on WANSonicWALL Bandwidth Management How SonicWALL Bandwidth Management WorksRule Service Priority Guaranteed Maximum Examples of Bandwidth Management RulesSetup Allow Dhcp Pass Through in Standard ModeSetup Dhcp over VPN Status Dhcp ServerConfiguring the SonicWALL Dhcp Server Select the Enable Dhcp ServerDhcp over VPN Dhcp Relay ModeDeleting Dynamic Ranges and Static Entries Select Central Gateway from the Dhcp Relay Mode menu Configuring the Central Gateway for VPN over DhcpConfiguring the Remote Gateway for VPN over Dhcp Select Remote Gateway from the Dhcp Relay Mode menu LAN IP AddressesLAN Device Configuration Dhcp Status Dhcp Server on the SonicWALL TELE3 TZ and TZX Configuring the SonicWALL Dhcp Server Deleting Dynamic Ranges and Static Entries Dhcp Status SonicWALL VPN Global VPN Settings VPN Management Interface Summary TabCurrently Active VPN Tunnels VPN Bandwidth ManagementVPN Policies SonicWALL NAT Traversal Support AES Advanced Encryption Standard SupportConfigure Tab Add/Modify IPSec Security Associations Disabling Security AssociationsSecurity Policy Settings Security Policy Settings for Group VPNSecurity Policy Settings for IKE using Pre-shared Secret AES support is available only on the PRO 230 and PRO Security Policy Settings using Manual Key Accessing Remote Resources across a Virtual Private Network Destination NetworksAdding Destination Networks Modifying and Deleting Existing Security AssociationsTry to bring up all possible SAs Advanced SettingsEnable Keep Alive Require authentication of local users Require authentication of remote usersEnable Windows Networking NetBIOS broadcast Apply NAT and firewall rulesEnable Perfect Forward Secrecy Phase 2 DH GroupDefault LAN Gateway Route all internet traffic through this SAVPN Terminated at the LAN, DMZ, or LAN/DMZ Advanced Settings for VPN Configurations IKE usingConfiguring SonicWALL VPN SonicWALL VPN Page Group VPN Client Configuration Group VPN Client SetupInstalling the VPN Client Software Page SonicWALL VPN Verifying the VPN Tunnel as Active SonicWALL VPN Configuring the VPN Client Launching the SonicWALL VPN Client Configuring VPN Security and Remote IdentitySelect the Connect using Secure Gateway Tunnel check box Select None from the Select Certificate menu Configuring VPN Client IdentityConfiguring VPN Client Security Policy Configuring VPN Client Key Exchange Proposal Select the Encapsulation Protocol ESP check boxConfiguring Inbound VPN Client Keys Configuring Outbound VPN Client KeysSaving SonicWALL VPN Client Settings Click Inbound Keys. The Inbound Keying Material box appearsVerifying the VPN Client Icon in the System Tray IKE and Manual Key Configuration for Two SonicWALLs Manual Key for Two SonicWALLsSonicWALL VPN Select Strong Encrypt ESP 3DES as the Encryption Method Configuring the Second SonicWALL ApplianceExample of Manual Key Configuration for Two SonicWALLs Configuring the Remote SonicWALL Enter the Encryption Key from the Main Office configurationPage IKE Configuration for Two SonicWALLs Select Group 1 from the Phase 1 DH Group menuPage Select 3DES & SHA1 from the Phase 1 DH Group menu Example of IKE Configuration for Two SonicWALLsConfiguring a SonicWALL PRO 200 in Chicago Configuring a SonicWALL TELE3 in San Francisco Select Group 2 from the Phase 1 DH Group menu SonicWALL Third Party Digital Certificate Support VeriSign EntrustOverview of Third Party Digital Certificate Support Version 3 Certificate StandardImporting CA Certificates into the SonicWALL Certificate DetailsImporting Certificate with private key Certificate Revocation List CRLCreating a Certificate Signing Request Importing a Signed Local CertificateClick VPN, then Local Certificates Click Import CertificateSonicWALL Enhanced VPN Logging Testing a VPN Tunnel Connection Using Ping Configuring Windows Networking SonicWALL VPN Page High Availability Before Configuring High AvailabilityNetwork Configuration for High Availability Pair Configuring High Availability on the Primary SonicWALL High Availability Configuration Changes High Availability Status High Availability Status Window Mail Alerts Indicating Status Change Forcing Transitions Configuration Notes SonicWALL Network Anti-Virus SonicWALL Options and UpgradesSonicWALL VPN Client SonicWALL Authentication Service Content Filter List SubscriptionVulnerability Scanning Service Contact Your Reseller or SonicWALL SonicWALL ViewPoint ReportingSonicWALL Global Management System SonicWALL PRO 230 and PRO 330 Front Panel Description Hardware DescriptionsSonicWALL PRO 230 and PRO 330 Front Panel Reset Switch Power SwitchesPower Inputs SonicWALL PRO 230 and PRO 330 Rear Panel DescriptionSonicWALL PRO 200 and PRO 300 Front Panel SonicWALL PRO 200 and PRO 300 Front Panel DescriptionPower Input Power SwitchSonicWALL PRO 200 and PRO 300 Back Panel SonicWALL PRO 200 and PRO 300 Back Panel Description100 SonicWALL PRO 100 Front PanelSonicWALL PRO 100 Front Panel Description SonicWALL PRO 100 Back Panel SonicWALL PRO 100 Back Panel DescriptionModem SonicWALL TELE3 SP Front PanelSonicWALL TELE3 SP Front Panel Description CLI Command Line Interface Port SonicWALL TELE3 SP Back PanelSonicWALL TELE3 SP Back Panel Description TELE3 SP Modem PortSonicWALL TELE3 TZ Front Panel SonicWALL TELE3 TZ Front Panel DescriptionSonicWALL TELE3 TZ Back Panel SonicWALL TELE3 TZ Back Panel DescriptionSonicWALL TELE3 TZX Front Panel SonicWALL TELE3 TZX Front Panel DescriptionSonicWALL TELE3 TZX Back Panel l SonicWALL TELE3 TZX Back Panel DescriptionSonicWALL SOHO3 and TELE3 Front Panel SonicWALL SOHO3 and TELE3 Front Panel DescriptionSonicWALL SOHO3 and TELE3 Back Panel SonicWALL SOHO3 and TELE3 Back Panel DescriptionSonicWALL GX 250 and GX 650 Front Panel SonicWALL GX250 and GX 650 Front Panel DescriptionSonicWALL GX250 Front Panel SonicWALL GX 650 Front PanelAlarm Reset Button SonicWALL GX 250 and GX 650 Back Panel DescriptionTroubleshooting Guide Computer on the LAN cannot access the InternetSonicWALL does not establish authenticated sessions Link LED is offDuplicate IP address errors VPN tunnel problemsSonicWALL does not save changes that you have made Machines on the WAN are not reachableAppendix a Technical Specifications AppendicesAppendix B SonicWALL Support Solutions Knowledge BaseInternet Security Expertise SonicWALL SupportSonicWALL Support Services Features and Benefits SonicWALL Super SonicWALL Warranty SupportWarranty Support North America Warranty Support International SonicWALL Support SonicWALL Support Appendix C Introduction to Networking Network Hardware ComponentsNetwork Types FirewallsNetwork Protocols IP Address IP address Subnet mask Default gatewayIP Addressing Default Gateway Network Address Translation NATNodes Subnet MaskAppendices Registered Port Numbers Appendix D IP Port NumbersWell Known Port Numbers Windows Appendix E Configuring TCP/IP SettingsClick DNS Configuration Windows NT Windows Windows XP Open the Local Area Connection Properties windowMacintosh OS Appendix F Basic VPN Terms and Concepts Authentication Header AH Internet Key Exchange IKEManual Key Shared SecretPage Data Encryption Standard DES ARCFourStrong Encryption Triple DES Security Parameter Index SPIErasing the Firmware for all Models Locating the Reset button on your SonicWALLAppendix G- Erasing the Firmware Appendix H- Mounting the SonicWALL PRO 200 and PRO Appendix I Configuring Radius and ACE Servers Steel Belted Radius Funk SoftwareACE Server RSA Configuring User PrivilegesOpen the ACE Server Database Administrator program ACS Server Cisco Internet Authentication Service Windows NT/2000 ServerOpen IAS, and select Remote Access Policies Radius Attributes Dictionary Page Appendices Page Appendices Page Appendices Index Dynamic Host Configuration Protocol Dhcp Dynamic Ranges 167 Page Index 232- 000291 Rev a 11