Manuals / SonicWALL / Computer Equipment / Network Router

SonicWALL Internet Security Appliances manual Select always from the Apply this rule menu

Models: Internet Security Appliances

1 293

Download 293 pages 54.59 Kb

Page 134

9.Do not select the Allow Fragmented Packets check box. Large IP packets are often divided into fragments before they are routed over the Internet and then reassembled at a destination host. Because hackers exploit IP fragmentation in Denial of Service attacks, the SonicWALL blocks fragmented packets by default. You can override the default configuration to allow fragmented packets over PPTP or IPSec.

10.Enable Bandwidth Management, and enter the Guaranteed Bandwidth in Kbps.

11.Enter the maximum amount of bandwidth available to the Rule at any time in the Maximum Bandwidth field. Assign a priority from 0 (highest) to 7 (lowest).

12.Click Update. Once the SonicWALL has been updated, the new rule appears in the list of Current Network Access Rules.

Tip Although custom rules can be created that allow inbound IP traffic, the SonicWALL does not disable protection from Denial of Service attacks, such as the SYN Flood and Ping of Death attacks.

For example, to configure the SonicWALL to allow Internet traffic to your Web server with an IP address of 208.5.5.5 (Standard mode), create the following rule:

1.Verify that HTTP has been added as a Service as outlined previously.

2.Click the Rules tab, and click Add New Rule....

3.Select Allow, then Web (HTTP) from the Service menu.

4.Select WAN from the Ethernet Source menu, and leave the Addr Range Begin and Addr Range End as they appear.

5.Select LAN from the Ethernet Destination menu, and enter in the IP address of the Web server, 208.5.5.5 in the Addr Range Begin field. No IP address is added in the Addr Range End since the destination is not a range of IP addresses.

6.Select always from the Apply this rule menu.

7.Enter a value (in minutes) in the Activity Timeout in Minutes field.

8.Do not select the Allow Fragmented Packets check box.

Network Access Rules Page 135

Image 134

SonicWALL Internet Security Appliances manual Select always from the Apply this rule menu

Contents

ADMINISTRATOR’S Guide Contents NAT with PPPoE Configuration Restarting the SonicWALL Status CLI Support and Remote Management101 Restrict Web Features 100100 103Delete a Service 131 Rules Viewing Network Access Rules 127 Services 128Add a Known Service 130 Add a Custom Service Network Access Rule Logic List 133149 Intranet Settings 151Proxy Relay 148 Web Proxy Forwarding Bypass Proxy Servers Upon Proxy Failure 149 Intranet 150Configure Tab 181 Add/Modify IPSec Security Associations Allow Dhcp Pass Through in Standard Mode 166Allow Dhcp Pass Through in Standard Mode 173 166Configuration Notes 233 Advanced Settings for VPN Configurations 191Configuration Changes 228 190235 SonicWALL Authentication Service 235234 236Limited Warranty About this Guide Organization of this GuideSonicWALL Technical Support Firmware Version Icons Used in this ManualIntroduction Your SonicWALL Internet Security ApplianceInternet Security Content Filtering Logging and ReportingIPSec VPN Dynamic Host Configuration Protocol DhcpEasy Installation and Configuration Network Address Translation NAT Enabled Configuring the Network Mode on the SonicWALLStandard Mode NAT with PPPoE ClientNAT with L2TP Client Select Standard from the Network Addressing Mode menuNAT with Dhcp Client NAT with Pptp ClientConfiguring the SonicWALL in NAT Enabled Mode Accessing the WizardSetting the Password Connecting to the Internet Selecting Your Internet ConnectionConfirming Network Address Translation NAT Mode Selecting NAT Enabled ModeConfiguring WAN Network Settings Configuring LAN Network SettingsConfiguration Summary CongratulationsConfiguring NAT with PPPoE Client RestartingSetting the Password Connecting to the Internet Setting the User Name and Password for PPPoE Configuring the SonicWALL Dhcp Server Congratulations Configuring NAT with Dhcp Client Accessing the Installation WizardSetting the Time and Date Selecting Your Internet Connection Configuring LAN Network Settings Configuration Summary Configuring NAT with L2TP Client Configuring NAT with Pptp Client Setting the Time and Date Connecting to the Internet Setting the User Name and Password for Pptp Configuring the SonicWALL Dhcp Server Congratulations Logging into the SonicWALL Management Interface Configuring the Network Mode on the SonicWALL Registering at mySonicWALL.com Creating a New User AccountAccount Information Personal Information Registering at mySonicWALL.com Page Click Here Registration Quick Registration Status and Options Managing Your SonicWALL Renaming Your SonicWALLTransferring a SonicWALL Product Delete Product Managing Services for SonicWALL Internet Security Appliances Activating Services Using mySonicWALL.com Registering at mySonicWALL.com Configuring the TELE3 SP Modem Connection Configuring the TELE3 SP WAN Failover FeatureConfiguring Modem Profiles Dial-Up ConfigurationISP Settings Location SettingsConfiguring the TELE3 SP Modem Connection TELE3 SP Modem Configuration Modem SettingsSelect Enable WAN Failover Select Enable Probing Failover SettingsPreempt Mode Primary InterfaceConfiguring a Modem Profile for Manual Dial-Up Configure Modem Settings Select None as the Secondary ProfileConfiguring the Modem Settings Tested Internet Service ProvidersStatus Modem StatusChat Scripts Custom Chat Scripts Managing Your SonicWALL Internet Security Appliance Https ManagementManaging Your SonicWALL Internet Security Appliance 74 SonicWALL Internet Security Appliance User’s Guide CLI Support and Remote Management 9600 bps Bits No parity No hand-shakingNetwork Addressing Mode General and Network SettingsNetwork Settings Network Time AdministratorSonicWALL LAN IP Address LAN SettingsMultiple LAN Subnet Mask Support LAN Subnet MaskWAN Gateway Router Address WAN SettingsDNS Settings WAN/LAN Subnet MaskStandard Configuration NAT Enabled ConfigurationSonicWALL WAN Gateway Router Address is NAT with Dhcp Client Configuration NAT with PPPoE Configuration Select NAT with PPPoE from the Network Addressing Mode menuRestarting the SonicWALL NAT with L2TP Client Configuration Restarting the SonicWALL NAT with Pptp Client Configuration Restarting the SonicWALL Setting the Time and Date NTP SettingsChange the Administrator Password Configuring the Administrator SettingsAdministrator Name Setting the Administrator Inactivity Timeout Login Failure HandlingView Log View Log Log Settings ReportsLogging and Alerts Web, FTP, Gopher, or Newsgroup blocked SonicWALL Log MessagesTCP, UDP, or Icmp packets dropped ActiveX, Java, Cookie or Code Archive blockedLog Settings Configure the following settingsPage Log Categories VPN Tunnel Status Alerts/SNMP TrapsReports Bandwidth Usage by IP Address Bandwidth Usage by ServiceWeb Site Hits SonicWALL ViewPoint Content Filtering and Blocking Configure URL List Customize ConsentBlock Configuring SonicWALL Content FilteringRestrict Web Features URL List Message to display when a site is blockedList Updates Trusted DomainsSelect Categories to Block SettingsDownload Automatically every Customizing the Content Filtering List Custom FilterTime of Day Filter Block ActionMaximum Web usage User Idle Timeout is 5 minutes configure hereConsent Consent page URL Optional FilteringConsent Accepted URL Filtering On Mandatory Filtered IP AddressesConsent Accepted URL Filtering Off Consent page URL Mandatory FilteringConfiguring N2H2 Internet Filtering Trusted Domains Listen Port Settings Server Host Name or IP AddressN2H2 Server Status Reply PortConfiguring the Websense Enterprise Content Filter Trusted Domains Websense Server Status Configuring the Websense Content Filter ListSettings Server PortURL Cache Restart Preferences Firmware Diagnostic Web Management ToolsExporting the Settings File PreferencesClick Import in the Preferences tab Importing the Settings FileRestoring Factory Default Settings Updating Firmware Updating Firmware Manually Upgrade Features Diagnostic Tools DNS Name LookupFind Network Path Select Ping from the Choose a diagnostic tool menu PingPacket Trace Select Packet Trace from the Choose a diagnostic tool menu Tech Support ReportGenerating a Tech Support Report Trace Route Network Access Rules Viewing Network Access RulesServices LAN OutPublic LAN Server Windows Networking NetBIOS Broadcast Pass ThroughNetwork Connection Inactivity Timeout Windows Messenger SupportAdd a Custom Service Add ServiceAdd a Known Service Rules Enable LoggingDelete a Service Maximum Number of Rules by Product Product Maximum RulesNetwork Access Rule Logic List Bandwidth ManagementAdd a New Rule Select always from the Apply this rule menu Enabling Ping Blocking LAN Access for Specific ServicesAdd New Rule Examples Select WAN from the Destination Ethernet menuRestore the Default Network Access Rules Current Network Access Rules TableEnable/Disable a Rule Edit a RuleUnderstanding the Access Rule Hierarchy Global User Settings UsersAdding and Removing a User Highlight -Add New User- in the Current User list boxUsers Currently Locked Out After Login Failures Current UsersUser Login Radius Radius ServersRadius Users Radius Client TestManagement SonicWALL Snmp Support SonicWALL Management Protocol Configuration of the Log/Log Settings for SnmpConfiguration of the Service and Rules Pages Additional ManagementNetwork Access Rules Advanced Features Proxy Relay Web Proxy ForwardingConfiguring Web Proxy Relay Bypass Proxy Servers Upon Proxy FailureInstallation IntranetIntranet Configuration Intranet SettingsVPN Single-Armed Mode stand-alone VPN gateway Remote SonicWALL Corporate SonicWALL Configuring a SonicWALL for VPN Single Armed ModeVPN Single Armed Mode SonicWALL Routes LAN Route Advertisement Tip There is no route advertisement on the WANDMZ Addresses RIPv2 AuthenticationDMZ Route Advertisement DMZ in Standard Mode DMZ in NAT ModeDelete a DMZ Address Range HomePort ConfigurationHomePort in Standard Mode HomePort in NAT Mode Delete a HomePort Address RangeSelect the Enable One-to-One NAT check box One-to-One NATOne-to-One NAT Configuration Example Select Enable One-to-One NAT and click UpdateEthernet WAN Link SettingsEnable Bandwidth Management MTU Settings DMZ/WorkPort Link SettingsLAN/HomePort Link Settings Proxy Management workstation ethernet address on WANSonicWALL Bandwidth Management How SonicWALL Bandwidth Management WorksRule Service Priority Guaranteed Maximum Examples of Bandwidth Management RulesSetup Dhcp over VPN Status SetupAllow Dhcp Pass Through in Standard Mode Dhcp ServerConfiguring the SonicWALL Dhcp Server Select the Enable Dhcp ServerDhcp over VPN Dhcp Relay ModeDeleting Dynamic Ranges and Static Entries Select Central Gateway from the Dhcp Relay Mode menu Configuring the Central Gateway for VPN over DhcpConfiguring the Remote Gateway for VPN over Dhcp Select Remote Gateway from the Dhcp Relay Mode menu LAN IP AddressesLAN Device Configuration Dhcp Status Dhcp Server on the SonicWALL TELE3 TZ and TZX Configuring the SonicWALL Dhcp Server Deleting Dynamic Ranges and Static Entries Dhcp Status SonicWALL VPN Global VPN Settings VPN Management Interface Summary TabCurrently Active VPN Tunnels VPN Bandwidth ManagementVPN Policies SonicWALL NAT Traversal Support AES Advanced Encryption Standard SupportConfigure Tab Add/Modify IPSec Security Associations Disabling Security AssociationsSecurity Policy Settings Security Policy Settings for Group VPNSecurity Policy Settings for IKE using Pre-shared Secret AES support is available only on the PRO 230 and PRO Security Policy Settings using Manual Key Adding Destination Networks Accessing Remote Resources across a Virtual Private NetworkDestination Networks Modifying and Deleting Existing Security AssociationsTry to bring up all possible SAs Advanced SettingsEnable Keep Alive Enable Windows Networking NetBIOS broadcast Require authentication of local usersRequire authentication of remote users Apply NAT and firewall rulesDefault LAN Gateway Enable Perfect Forward SecrecyPhase 2 DH Group Route all internet traffic through this SAVPN Terminated at the LAN, DMZ, or LAN/DMZ Advanced Settings for VPN Configurations IKE usingConfiguring SonicWALL VPN SonicWALL VPN Page Group VPN Client Configuration Group VPN Client SetupInstalling the VPN Client Software Page SonicWALL VPN Verifying the VPN Tunnel as Active SonicWALL VPN Configuring the VPN Client Launching the SonicWALL VPN Client Configuring VPN Security and Remote IdentitySelect the Connect using Secure Gateway Tunnel check box Select None from the Select Certificate menu Configuring VPN Client IdentityConfiguring VPN Client Security Policy Configuring VPN Client Key Exchange Proposal Select the Encapsulation Protocol ESP check boxSaving SonicWALL VPN Client Settings Configuring Inbound VPN Client KeysConfiguring Outbound VPN Client Keys Click Inbound Keys. The Inbound Keying Material box appearsVerifying the VPN Client Icon in the System Tray IKE and Manual Key Configuration for Two SonicWALLs Manual Key for Two SonicWALLsSonicWALL VPN Select Strong Encrypt ESP 3DES as the Encryption Method Configuring the Second SonicWALL ApplianceExample of Manual Key Configuration for Two SonicWALLs Configuring the Remote SonicWALL Enter the Encryption Key from the Main Office configurationPage IKE Configuration for Two SonicWALLs Select Group 1 from the Phase 1 DH Group menuPage Select 3DES & SHA1 from the Phase 1 DH Group menu Example of IKE Configuration for Two SonicWALLsConfiguring a SonicWALL PRO 200 in Chicago Configuring a SonicWALL TELE3 in San Francisco Select Group 2 from the Phase 1 DH Group menu SonicWALL Third Party Digital Certificate Support VeriSign EntrustImporting CA Certificates into the SonicWALL Overview of Third Party Digital Certificate SupportVersion 3 Certificate Standard Certificate DetailsImporting Certificate with private key Certificate Revocation List CRLClick VPN, then Local Certificates Creating a Certificate Signing RequestImporting a Signed Local Certificate Click Import CertificateSonicWALL Enhanced VPN Logging Testing a VPN Tunnel Connection Using Ping Configuring Windows Networking SonicWALL VPN Page High Availability Before Configuring High AvailabilityNetwork Configuration for High Availability Pair Configuring High Availability on the Primary SonicWALL High Availability Configuration Changes High Availability Status High Availability Status Window Mail Alerts Indicating Status Change Forcing Transitions Configuration Notes SonicWALL Network Anti-Virus SonicWALL Options and UpgradesSonicWALL VPN Client SonicWALL Authentication Service Content Filter List SubscriptionVulnerability Scanning Service Contact Your Reseller or SonicWALL SonicWALL ViewPoint ReportingSonicWALL Global Management System SonicWALL PRO 230 and PRO 330 Front Panel Description Hardware DescriptionsSonicWALL PRO 230 and PRO 330 Front Panel Power Inputs Reset SwitchPower Switches SonicWALL PRO 230 and PRO 330 Rear Panel DescriptionSonicWALL PRO 200 and PRO 300 Front Panel SonicWALL PRO 200 and PRO 300 Front Panel DescriptionSonicWALL PRO 200 and PRO 300 Back Panel Power InputPower Switch SonicWALL PRO 200 and PRO 300 Back Panel Description100 SonicWALL PRO 100 Front PanelSonicWALL PRO 100 Front Panel Description SonicWALL PRO 100 Back Panel SonicWALL PRO 100 Back Panel DescriptionModem SonicWALL TELE3 SP Front PanelSonicWALL TELE3 SP Front Panel Description SonicWALL TELE3 SP Back Panel Description CLI Command Line Interface PortSonicWALL TELE3 SP Back Panel TELE3 SP Modem PortSonicWALL TELE3 TZ Front Panel SonicWALL TELE3 TZ Front Panel DescriptionSonicWALL TELE3 TZ Back Panel SonicWALL TELE3 TZ Back Panel DescriptionSonicWALL TELE3 TZX Front Panel SonicWALL TELE3 TZX Front Panel DescriptionSonicWALL TELE3 TZX Back Panel l SonicWALL TELE3 TZX Back Panel DescriptionSonicWALL SOHO3 and TELE3 Front Panel SonicWALL SOHO3 and TELE3 Front Panel DescriptionSonicWALL SOHO3 and TELE3 Back Panel SonicWALL SOHO3 and TELE3 Back Panel DescriptionSonicWALL GX 250 and GX 650 Front Panel SonicWALL GX250 and GX 650 Front Panel DescriptionSonicWALL GX250 Front Panel SonicWALL GX 650 Front PanelAlarm Reset Button SonicWALL GX 250 and GX 650 Back Panel DescriptionSonicWALL does not establish authenticated sessions Troubleshooting GuideComputer on the LAN cannot access the Internet Link LED is offSonicWALL does not save changes that you have made Duplicate IP address errorsVPN tunnel problems Machines on the WAN are not reachableAppendix a Technical Specifications AppendicesInternet Security Expertise Appendix B SonicWALL Support SolutionsKnowledge Base SonicWALL SupportSonicWALL Support Services Features and Benefits SonicWALL Super SonicWALL Warranty SupportWarranty Support North America Warranty Support International SonicWALL Support SonicWALL Support Network Types Appendix C Introduction to NetworkingNetwork Hardware Components FirewallsNetwork Protocols IP Address IP address Subnet mask Default gatewayIP Addressing Nodes Default GatewayNetwork Address Translation NAT Subnet MaskAppendices Registered Port Numbers Appendix D IP Port NumbersWell Known Port Numbers Windows Appendix E Configuring TCP/IP SettingsClick DNS Configuration Windows NT Windows Windows XP Open the Local Area Connection Properties windowMacintosh OS Appendix F Basic VPN Terms and Concepts Manual Key Authentication Header AHInternet Key Exchange IKE Shared SecretPage Strong Encryption Triple DES Data Encryption Standard DESARCFour Security Parameter Index SPIErasing the Firmware for all Models Locating the Reset button on your SonicWALLAppendix G- Erasing the Firmware Appendix H- Mounting the SonicWALL PRO 200 and PRO Appendix I Configuring Radius and ACE Servers Steel Belted Radius Funk SoftwareACE Server RSA Configuring User PrivilegesOpen the ACE Server Database Administrator program ACS Server Cisco Internet Authentication Service Windows NT/2000 ServerOpen IAS, and select Remote Access Policies Radius Attributes Dictionary Page Appendices Page Appendices Page Appendices Index Dynamic Host Configuration Protocol Dhcp Dynamic Ranges 167 Page Index 232- 000291 Rev a 11