Manuals / SonicWALL / Computer Equipment / Network Router

SonicWALL Internet Security Appliances manual Radius Servers

Models: Internet Security Appliances

1 293

Download 293 pages 54.59 Kb

Page 142

RADIUS

RADIUS can provide control over user access and VPN access. RADIUS configuration is located in the Access window.

To configure RADIUS settings, complete the following instructions.

Click the RADIUS tab.

1.Define the number of times the SonicWALL attempts to contact the RADIUS server in the RADIUS Server Retries field. If the RADIUS server does not respond within the specified number of retries, the connection is dropped. This field can range between 1 and 10, however 3 RADIUS server retries is recommended.

2.Define the RADIUS Server Timeout in Seconds. The allowable range is 1-60 seconds with a default value of 5.

RADIUS Servers

3.Specify the settings of the primary RADIUS server in the RADIUS servers section. An optional secondary RADIUS server can be defined if a backup RADIUS server exists on the network.

4.Enter the IP address of the RADIUS server in the IP Address field.

5.Enter the Port Number for the RADIUS server.

6.If there is a secondary RADIUS server, enter the appropriate information in the Secondary Server section.

7.Enter the RADIUS server administrative password or "shared secret" in the Shared Secret field. The alphanumeric Shared Secret can range from 1 to 31 characters in length. The is case sensitive.

Network Access Rules Page 143

Image 142

SonicWALL Internet Security Appliances manual Radius Servers

Contents

ADMINISTRATOR’S Guide Contents NAT with PPPoE Configuration Restarting the SonicWALL Status CLI Support and Remote Management101 Restrict Web Features 100100 103Delete a Service 131 Rules Viewing Network Access Rules 127 Services 128Add a Known Service 130 Add a Custom Service Network Access Rule Logic List 133149 Intranet Settings 151Proxy Relay 148 Web Proxy Forwarding Bypass Proxy Servers Upon Proxy Failure 149 Intranet 150Configure Tab 181 Add/Modify IPSec Security Associations Allow Dhcp Pass Through in Standard Mode 166Allow Dhcp Pass Through in Standard Mode 173 166Configuration Notes 233 Advanced Settings for VPN Configurations 191Configuration Changes 228 190235 SonicWALL Authentication Service 235234 236Limited Warranty About this Guide Organization of this GuideSonicWALL Technical Support Firmware Version Icons Used in this ManualIntroduction Your SonicWALL Internet Security ApplianceInternet Security Content Filtering Logging and ReportingEasy Installation and Configuration Dynamic Host Configuration Protocol DhcpIPSec VPN Network Address Translation NAT Enabled Configuring the Network Mode on the SonicWALLStandard Mode NAT with PPPoE ClientNAT with L2TP Client Select Standard from the Network Addressing Mode menuNAT with Dhcp Client NAT with Pptp ClientConfiguring the SonicWALL in NAT Enabled Mode Accessing the WizardSetting the Password Connecting to the Internet Selecting Your Internet ConnectionConfirming Network Address Translation NAT Mode Selecting NAT Enabled ModeConfiguring WAN Network Settings Configuring LAN Network SettingsConfiguration Summary CongratulationsConfiguring NAT with PPPoE Client RestartingSetting the Password Connecting to the Internet Setting the User Name and Password for PPPoE Configuring the SonicWALL Dhcp Server Congratulations Configuring NAT with Dhcp Client Accessing the Installation WizardSetting the Time and Date Selecting Your Internet Connection Configuring LAN Network Settings Configuration Summary Configuring NAT with L2TP Client Configuring NAT with Pptp Client Setting the Time and Date Connecting to the Internet Setting the User Name and Password for Pptp Configuring the SonicWALL Dhcp Server Congratulations Logging into the SonicWALL Management Interface Configuring the Network Mode on the SonicWALL Registering at mySonicWALL.com Creating a New User AccountAccount Information Personal Information Registering at mySonicWALL.com Page Click Here Registration Quick Registration Status and Options Managing Your SonicWALL Renaming Your SonicWALLTransferring a SonicWALL Product Delete Product Managing Services for SonicWALL Internet Security Appliances Activating Services Using mySonicWALL.com Registering at mySonicWALL.com Configuring the TELE3 SP Modem Connection Configuring the TELE3 SP WAN Failover FeatureConfiguring Modem Profiles Dial-Up ConfigurationISP Settings Location SettingsConfiguring the TELE3 SP Modem Connection TELE3 SP Modem Configuration Modem SettingsSelect Enable WAN Failover Select Enable Probing Failover SettingsPreempt Mode Primary InterfaceConfiguring a Modem Profile for Manual Dial-Up Configure Modem Settings Select None as the Secondary ProfileConfiguring the Modem Settings Tested Internet Service ProvidersStatus Modem StatusChat Scripts Custom Chat Scripts Managing Your SonicWALL Internet Security Appliance Https ManagementManaging Your SonicWALL Internet Security Appliance 74 SonicWALL Internet Security Appliance User’s Guide CLI Support and Remote Management 9600 bps Bits No parity No hand-shakingNetwork Addressing Mode General and Network SettingsNetwork Settings Network Time AdministratorSonicWALL LAN IP Address LAN SettingsMultiple LAN Subnet Mask Support LAN Subnet MaskWAN Gateway Router Address WAN SettingsDNS Settings WAN/LAN Subnet MaskStandard Configuration NAT Enabled ConfigurationSonicWALL WAN Gateway Router Address is NAT with Dhcp Client Configuration NAT with PPPoE Configuration Select NAT with PPPoE from the Network Addressing Mode menuRestarting the SonicWALL NAT with L2TP Client Configuration Restarting the SonicWALL NAT with Pptp Client Configuration Restarting the SonicWALL Setting the Time and Date NTP SettingsAdministrator Name Configuring the Administrator SettingsChange the Administrator Password Setting the Administrator Inactivity Timeout Login Failure HandlingLogging and Alerts View Log Log Settings ReportsView Log Web, FTP, Gopher, or Newsgroup blocked SonicWALL Log MessagesTCP, UDP, or Icmp packets dropped ActiveX, Java, Cookie or Code Archive blockedLog Settings Configure the following settingsPage Log Categories Reports Alerts/SNMP TrapsVPN Tunnel Status Web Site Hits Bandwidth Usage by ServiceBandwidth Usage by IP Address SonicWALL ViewPoint Content Filtering and Blocking Configure URL List Customize ConsentRestrict Web Features Configuring SonicWALL Content FilteringBlock URL List Message to display when a site is blockedList Updates Trusted DomainsDownload Automatically every SettingsSelect Categories to Block Customizing the Content Filtering List Custom FilterTime of Day Filter Block ActionMaximum Web usage User Idle Timeout is 5 minutes configure hereConsent Consent page URL Optional FilteringConsent Accepted URL Filtering On Mandatory Filtered IP AddressesConsent Accepted URL Filtering Off Consent page URL Mandatory FilteringConfiguring N2H2 Internet Filtering Trusted Domains Listen Port Settings Server Host Name or IP AddressN2H2 Server Status Reply PortConfiguring the Websense Enterprise Content Filter Trusted Domains Websense Server Status Configuring the Websense Content Filter ListSettings Server PortURL Cache Restart Preferences Firmware Diagnostic Web Management ToolsExporting the Settings File PreferencesRestoring Factory Default Settings Importing the Settings FileClick Import in the Preferences tab Updating Firmware Updating Firmware Manually Upgrade Features Diagnostic Tools DNS Name LookupFind Network Path Select Ping from the Choose a diagnostic tool menu PingPacket Trace Select Packet Trace from the Choose a diagnostic tool menu Tech Support ReportGenerating a Tech Support Report Trace Route Network Access Rules Viewing Network Access RulesServices LAN OutPublic LAN Server Windows Networking NetBIOS Broadcast Pass ThroughNetwork Connection Inactivity Timeout Windows Messenger SupportAdd a Known Service Add ServiceAdd a Custom Service Delete a Service Enable LoggingRules Maximum Number of Rules by Product Product Maximum RulesNetwork Access Rule Logic List Bandwidth ManagementAdd a New Rule Select always from the Apply this rule menu Enabling Ping Blocking LAN Access for Specific ServicesAdd New Rule Examples Select WAN from the Destination Ethernet menuRestore the Default Network Access Rules Current Network Access Rules TableEnable/Disable a Rule Edit a RuleUnderstanding the Access Rule Hierarchy Global User Settings UsersAdding and Removing a User Highlight -Add New User- in the Current User list boxUsers Currently Locked Out After Login Failures Current UsersUser Login Radius Radius ServersRadius Users Radius Client TestManagement SonicWALL Snmp Support SonicWALL Management Protocol Configuration of the Log/Log Settings for SnmpConfiguration of the Service and Rules Pages Additional ManagementNetwork Access Rules Advanced Features Proxy Relay Web Proxy ForwardingConfiguring Web Proxy Relay Bypass Proxy Servers Upon Proxy FailureInstallation IntranetIntranet Configuration Intranet SettingsVPN Single-Armed Mode stand-alone VPN gateway VPN Single Armed Mode SonicWALL Configuring a SonicWALL for VPN Single Armed ModeRemote SonicWALL Corporate SonicWALL Routes LAN Route Advertisement Tip There is no route advertisement on the WANDMZ Route Advertisement RIPv2 AuthenticationDMZ Addresses DMZ in Standard Mode DMZ in NAT ModeHomePort in Standard Mode HomePort ConfigurationDelete a DMZ Address Range HomePort in NAT Mode Delete a HomePort Address RangeSelect the Enable One-to-One NAT check box One-to-One NATOne-to-One NAT Configuration Example Select Enable One-to-One NAT and click UpdateEnable Bandwidth Management WAN Link SettingsEthernet MTU Settings DMZ/WorkPort Link SettingsLAN/HomePort Link Settings Proxy Management workstation ethernet address on WANSonicWALL Bandwidth Management How SonicWALL Bandwidth Management WorksRule Service Priority Guaranteed Maximum Examples of Bandwidth Management RulesSetup Dhcp over VPN Status SetupAllow Dhcp Pass Through in Standard Mode Dhcp ServerConfiguring the SonicWALL Dhcp Server Select the Enable Dhcp ServerDeleting Dynamic Ranges and Static Entries Dhcp Relay ModeDhcp over VPN Configuring the Remote Gateway for VPN over Dhcp Configuring the Central Gateway for VPN over DhcpSelect Central Gateway from the Dhcp Relay Mode menu Select Remote Gateway from the Dhcp Relay Mode menu LAN IP AddressesLAN Device Configuration Dhcp Status Dhcp Server on the SonicWALL TELE3 TZ and TZX Configuring the SonicWALL Dhcp Server Deleting Dynamic Ranges and Static Entries Dhcp Status SonicWALL VPN Global VPN Settings VPN Management Interface Summary TabVPN Policies VPN Bandwidth ManagementCurrently Active VPN Tunnels SonicWALL NAT Traversal Support AES Advanced Encryption Standard SupportConfigure Tab Add/Modify IPSec Security Associations Disabling Security AssociationsSecurity Policy Settings Security Policy Settings for Group VPNSecurity Policy Settings for IKE using Pre-shared Secret AES support is available only on the PRO 230 and PRO Security Policy Settings using Manual Key Adding Destination Networks Accessing Remote Resources across a Virtual Private NetworkDestination Networks Modifying and Deleting Existing Security AssociationsEnable Keep Alive Advanced SettingsTry to bring up all possible SAs Enable Windows Networking NetBIOS broadcast Require authentication of local usersRequire authentication of remote users Apply NAT and firewall rulesDefault LAN Gateway Enable Perfect Forward SecrecyPhase 2 DH Group Route all internet traffic through this SAVPN Terminated at the LAN, DMZ, or LAN/DMZ Advanced Settings for VPN Configurations IKE usingConfiguring SonicWALL VPN SonicWALL VPN Page Installing the VPN Client Software Group VPN Client SetupGroup VPN Client Configuration Page SonicWALL VPN Verifying the VPN Tunnel as Active SonicWALL VPN Configuring the VPN Client Select the Connect using Secure Gateway Tunnel check box Configuring VPN Security and Remote IdentityLaunching the SonicWALL VPN Client Configuring VPN Client Security Policy Configuring VPN Client IdentitySelect None from the Select Certificate menu Configuring VPN Client Key Exchange Proposal Select the Encapsulation Protocol ESP check boxSaving SonicWALL VPN Client Settings Configuring Inbound VPN Client KeysConfiguring Outbound VPN Client Keys Click Inbound Keys. The Inbound Keying Material box appearsVerifying the VPN Client Icon in the System Tray IKE and Manual Key Configuration for Two SonicWALLs Manual Key for Two SonicWALLsSonicWALL VPN Example of Manual Key Configuration for Two SonicWALLs Configuring the Second SonicWALL ApplianceSelect Strong Encrypt ESP 3DES as the Encryption Method Configuring the Remote SonicWALL Enter the Encryption Key from the Main Office configurationPage IKE Configuration for Two SonicWALLs Select Group 1 from the Phase 1 DH Group menuPage Configuring a SonicWALL PRO 200 in Chicago Example of IKE Configuration for Two SonicWALLsSelect 3DES & SHA1 from the Phase 1 DH Group menu Configuring a SonicWALL TELE3 in San Francisco Select Group 2 from the Phase 1 DH Group menu SonicWALL Third Party Digital Certificate Support VeriSign EntrustImporting CA Certificates into the SonicWALL Overview of Third Party Digital Certificate SupportVersion 3 Certificate Standard Certificate DetailsImporting Certificate with private key Certificate Revocation List CRLClick VPN, then Local Certificates Creating a Certificate Signing RequestImporting a Signed Local Certificate Click Import CertificateSonicWALL Enhanced VPN Logging Testing a VPN Tunnel Connection Using Ping Configuring Windows Networking SonicWALL VPN Page Network Configuration for High Availability Pair Before Configuring High AvailabilityHigh Availability Configuring High Availability on the Primary SonicWALL High Availability Configuration Changes High Availability Status High Availability Status Window Mail Alerts Indicating Status Change Forcing Transitions Configuration Notes SonicWALL VPN Client SonicWALL Options and UpgradesSonicWALL Network Anti-Virus Vulnerability Scanning Service Content Filter List SubscriptionSonicWALL Authentication Service SonicWALL Global Management System SonicWALL ViewPoint ReportingContact Your Reseller or SonicWALL SonicWALL PRO 230 and PRO 330 Front Panel Hardware DescriptionsSonicWALL PRO 230 and PRO 330 Front Panel Description Power Inputs Reset SwitchPower Switches SonicWALL PRO 230 and PRO 330 Rear Panel DescriptionSonicWALL PRO 200 and PRO 300 Front Panel SonicWALL PRO 200 and PRO 300 Front Panel DescriptionSonicWALL PRO 200 and PRO 300 Back Panel Power InputPower Switch SonicWALL PRO 200 and PRO 300 Back Panel DescriptionSonicWALL PRO 100 Front Panel Description SonicWALL PRO 100 Front Panel100 SonicWALL PRO 100 Back Panel SonicWALL PRO 100 Back Panel DescriptionSonicWALL TELE3 SP Front Panel Description SonicWALL TELE3 SP Front PanelModem SonicWALL TELE3 SP Back Panel Description CLI Command Line Interface PortSonicWALL TELE3 SP Back Panel TELE3 SP Modem PortSonicWALL TELE3 TZ Front Panel SonicWALL TELE3 TZ Front Panel DescriptionSonicWALL TELE3 TZ Back Panel SonicWALL TELE3 TZ Back Panel DescriptionSonicWALL TELE3 TZX Front Panel SonicWALL TELE3 TZX Front Panel DescriptionSonicWALL TELE3 TZX Back Panel l SonicWALL TELE3 TZX Back Panel DescriptionSonicWALL SOHO3 and TELE3 Front Panel SonicWALL SOHO3 and TELE3 Front Panel DescriptionSonicWALL SOHO3 and TELE3 Back Panel SonicWALL SOHO3 and TELE3 Back Panel DescriptionSonicWALL GX 250 and GX 650 Front Panel SonicWALL GX250 and GX 650 Front Panel DescriptionSonicWALL GX250 Front Panel SonicWALL GX 650 Front PanelAlarm Reset Button SonicWALL GX 250 and GX 650 Back Panel DescriptionSonicWALL does not establish authenticated sessions Troubleshooting GuideComputer on the LAN cannot access the Internet Link LED is offSonicWALL does not save changes that you have made Duplicate IP address errorsVPN tunnel problems Machines on the WAN are not reachableAppendix a Technical Specifications AppendicesInternet Security Expertise Appendix B SonicWALL Support SolutionsKnowledge Base SonicWALL SupportSonicWALL Support Services Features and Benefits SonicWALL Super SonicWALL Warranty SupportWarranty Support North America Warranty Support International SonicWALL Support SonicWALL Support Network Types Appendix C Introduction to NetworkingNetwork Hardware Components FirewallsNetwork Protocols IP Addressing IP address Subnet mask Default gatewayIP Address Nodes Default GatewayNetwork Address Translation NAT Subnet MaskAppendices Well Known Port Numbers Appendix D IP Port NumbersRegistered Port Numbers Click DNS Configuration Appendix E Configuring TCP/IP SettingsWindows Windows NT Windows Windows XP Open the Local Area Connection Properties windowMacintosh OS Appendix F Basic VPN Terms and Concepts Manual Key Authentication Header AHInternet Key Exchange IKE Shared SecretPage Strong Encryption Triple DES Data Encryption Standard DESARCFour Security Parameter Index SPIAppendix G- Erasing the Firmware Locating the Reset button on your SonicWALLErasing the Firmware for all Models Appendix H- Mounting the SonicWALL PRO 200 and PRO Appendix I Configuring Radius and ACE Servers Steel Belted Radius Funk SoftwareOpen the ACE Server Database Administrator program Configuring User PrivilegesACE Server RSA Open IAS, and select Remote Access Policies Internet Authentication Service Windows NT/2000 ServerACS Server Cisco Radius Attributes Dictionary Page Appendices Page Appendices Page Appendices Index Dynamic Host Configuration Protocol Dhcp Dynamic Ranges 167 Page Index 232- 000291 Rev a 11