ADMINISTRATOR’S Guide
Contents
Status CLI Support and Remote Management
NAT with PPPoE Configuration Restarting the SonicWALL
103
Restrict Web Features 100
100
101
Network Access Rule Logic List 133
Viewing Network Access Rules 127 Services 128
Add a Known Service 130 Add a Custom Service
Delete a Service 131 Rules
Bypass Proxy Servers Upon Proxy Failure 149 Intranet 150
Intranet Settings 151
Proxy Relay 148 Web Proxy Forwarding
149
166
Allow Dhcp Pass Through in Standard Mode 166
Allow Dhcp Pass Through in Standard Mode 173
Configure Tab 181 Add/Modify IPSec Security Associations
190
Advanced Settings for VPN Configurations 191
Configuration Changes 228
Configuration Notes 233
236
SonicWALL Authentication Service 235
234
235
Limited Warranty
Organization of this Guide
About this Guide
Icons Used in this Manual
SonicWALL Technical Support Firmware Version
Your SonicWALL Internet Security Appliance
Introduction
Internet Security
Logging and Reporting
Content Filtering
Easy Installation and Configuration
Dynamic Host Configuration Protocol Dhcp
IPSec VPN
NAT with PPPoE Client
Configuring the Network Mode on the SonicWALL
Standard Mode
Network Address Translation NAT Enabled
NAT with Pptp Client
Select Standard from the Network Addressing Mode menu
NAT with Dhcp Client
NAT with L2TP Client
Accessing the Wizard
Configuring the SonicWALL in NAT Enabled Mode
Setting the Password
Selecting Your Internet Connection
Connecting to the Internet
Selecting NAT Enabled Mode
Confirming Network Address Translation NAT Mode
Configuring LAN Network Settings
Configuring WAN Network Settings
Congratulations
Configuration Summary
Restarting
Configuring NAT with PPPoE Client
Setting the Password
Connecting to the Internet
Setting the User Name and Password for PPPoE
Configuring the SonicWALL Dhcp Server
Congratulations
Accessing the Installation Wizard
Configuring NAT with Dhcp Client
Setting the Time and Date
Selecting Your Internet Connection
Configuring LAN Network Settings
Configuration Summary
Configuring NAT with L2TP Client
Configuring NAT with Pptp Client
Setting the Time and Date
Connecting to the Internet
Setting the User Name and Password for Pptp
Configuring the SonicWALL Dhcp Server
Congratulations
Logging into the SonicWALL Management Interface
Configuring the Network Mode on the SonicWALL
Creating a New User Account
Registering at mySonicWALL.com
Account Information
Personal Information
Registering at mySonicWALL.com
Page
Click Here Registration
Quick Registration
Status and Options
Renaming Your SonicWALL
Managing Your SonicWALL
Transferring a SonicWALL Product
Delete Product
Managing Services for SonicWALL Internet Security Appliances
Activating Services Using mySonicWALL.com
Registering at mySonicWALL.com
Configuring the TELE3 SP WAN Failover Feature
Configuring the TELE3 SP Modem Connection
Dial-Up Configuration
Configuring Modem Profiles
Location Settings
ISP Settings
Configuring the TELE3 SP Modem Connection
Modem Settings
TELE3 SP Modem Configuration
Primary Interface
Failover Settings
Preempt Mode
Select Enable WAN Failover Select Enable Probing
Configuring a Modem Profile for Manual Dial-Up
Select None as the Secondary Profile
Configure Modem Settings
Tested Internet Service Providers
Configuring the Modem Settings
Modem Status
Status
Chat Scripts
Custom Chat Scripts
Https Management
Managing Your SonicWALL Internet Security Appliance
Managing Your SonicWALL Internet Security Appliance
74 SonicWALL Internet Security Appliance User’s Guide
9600 bps Bits No parity No hand-shaking
CLI Support and Remote Management
Network Time Administrator
General and Network Settings
Network Settings
Network Addressing Mode
LAN Subnet Mask
LAN Settings
Multiple LAN Subnet Mask Support
SonicWALL LAN IP Address
WAN/LAN Subnet Mask
WAN Settings
DNS Settings
WAN Gateway Router Address
NAT Enabled Configuration
Standard Configuration
SonicWALL WAN Gateway Router Address is
NAT with Dhcp Client Configuration
Select NAT with PPPoE from the Network Addressing Mode menu
NAT with PPPoE Configuration
Restarting the SonicWALL
NAT with L2TP Client Configuration
Restarting the SonicWALL
NAT with Pptp Client Configuration
Restarting the SonicWALL
NTP Settings
Setting the Time and Date
Administrator Name
Configuring the Administrator Settings
Change the Administrator Password
Login Failure Handling
Setting the Administrator Inactivity Timeout
Logging and Alerts
View Log Log Settings Reports
View Log
ActiveX, Java, Cookie or Code Archive blocked
SonicWALL Log Messages
TCP, UDP, or Icmp packets dropped
Web, FTP, Gopher, or Newsgroup blocked
Configure the following settings
Log Settings
Page
Log Categories
Reports
Alerts/SNMP Traps
VPN Tunnel Status
Web Site Hits
Bandwidth Usage by Service
Bandwidth Usage by IP Address
SonicWALL ViewPoint
Configure URL List Customize Consent
Content Filtering and Blocking
Restrict Web Features
Configuring SonicWALL Content Filtering
Block
Trusted Domains
Message to display when a site is blocked
List Updates
URL List
Download Automatically every
Settings
Select Categories to Block
Custom Filter
Customizing the Content Filtering List
Filter Block Action
Time of Day
Consent page URL Optional Filtering
User Idle Timeout is 5 minutes configure here
Consent
Maximum Web usage
Consent page URL Mandatory Filtering
Mandatory Filtered IP Addresses
Consent Accepted URL Filtering Off
Consent Accepted URL Filtering On
Configuring N2H2 Internet Filtering
Trusted Domains
Reply Port
Settings Server Host Name or IP Address
N2H2 Server Status
Listen Port
Configuring the Websense Enterprise Content Filter
Trusted Domains
Server Port
Configuring the Websense Content Filter List
Settings
Websense Server Status
URL Cache
Web Management Tools
Restart Preferences Firmware Diagnostic
Preferences
Exporting the Settings File
Restoring Factory Default Settings
Importing the Settings File
Click Import in the Preferences tab
Updating Firmware
Updating Firmware Manually
Upgrade Features
DNS Name Lookup
Diagnostic Tools
Find Network Path
Ping
Select Ping from the Choose a diagnostic tool menu
Packet Trace
Tech Support Report
Select Packet Trace from the Choose a diagnostic tool menu
Generating a Tech Support Report
Trace Route
Viewing Network Access Rules
Network Access Rules
LAN Out
Services
Windows Messenger Support
Windows Networking NetBIOS Broadcast Pass Through
Network Connection Inactivity Timeout
Public LAN Server
Add a Known Service
Add Service
Add a Custom Service
Delete a Service
Enable Logging
Rules
Product Maximum Rules
Maximum Number of Rules by Product
Bandwidth Management
Network Access Rule Logic List
Add a New Rule
Select always from the Apply this rule menu
Select WAN from the Destination Ethernet menu
Blocking LAN Access for Specific Services
Add New Rule Examples
Enabling Ping
Edit a Rule
Current Network Access Rules Table
Enable/Disable a Rule
Restore the Default Network Access Rules
Understanding the Access Rule Hierarchy
Users
Global User Settings
Highlight -Add New User- in the Current User list box
Adding and Removing a User
Current Users
Users Currently Locked Out After Login Failures
User Login
Radius Servers
Radius
Radius Client Test
Radius Users
Management SonicWALL Snmp Support
Additional Management
Configuration of the Log/Log Settings for Snmp
Configuration of the Service and Rules Pages
SonicWALL Management Protocol
Network Access Rules
Proxy Relay Web Proxy Forwarding
Advanced Features
Bypass Proxy Servers Upon Proxy Failure
Configuring Web Proxy Relay
Intranet
Installation
Intranet Settings
Intranet Configuration
VPN Single-Armed Mode stand-alone VPN gateway
VPN Single Armed Mode SonicWALL
Configuring a SonicWALL for VPN Single Armed Mode
Remote SonicWALL Corporate SonicWALL
Routes
Tip There is no route advertisement on the WAN
LAN Route Advertisement
DMZ Route Advertisement
RIPv2 Authentication
DMZ Addresses
DMZ in NAT Mode
DMZ in Standard Mode
HomePort in Standard Mode
HomePort Configuration
Delete a DMZ Address Range
Delete a HomePort Address Range
HomePort in NAT Mode
One-to-One NAT
Select the Enable One-to-One NAT check box
Select Enable One-to-One NAT and click Update
One-to-One NAT Configuration Example
Enable Bandwidth Management
WAN Link Settings
Ethernet
Proxy Management workstation ethernet address on WAN
DMZ/WorkPort Link Settings
LAN/HomePort Link Settings
MTU Settings
How SonicWALL Bandwidth Management Works
SonicWALL Bandwidth Management
Examples of Bandwidth Management Rules
Rule Service Priority Guaranteed Maximum
Dhcp Server
Setup
Allow Dhcp Pass Through in Standard Mode
Setup Dhcp over VPN Status
Select the Enable Dhcp Server
Configuring the SonicWALL Dhcp Server
Deleting Dynamic Ranges and Static Entries
Dhcp Relay Mode
Dhcp over VPN
Configuring the Remote Gateway for VPN over Dhcp
Configuring the Central Gateway for VPN over Dhcp
Select Central Gateway from the Dhcp Relay Mode menu
LAN IP Addresses
Select Remote Gateway from the Dhcp Relay Mode menu
LAN Device Configuration
Dhcp Status
Dhcp Server on the SonicWALL TELE3 TZ and TZX
Configuring the SonicWALL Dhcp Server
Deleting Dynamic Ranges and Static Entries
Dhcp Status
SonicWALL VPN
VPN Management Interface Summary Tab
Global VPN Settings
VPN Policies
VPN Bandwidth Management
Currently Active VPN Tunnels
AES Advanced Encryption Standard Support
SonicWALL NAT Traversal Support
Disabling Security Associations
Configure Tab Add/Modify IPSec Security Associations
Security Policy Settings for Group VPN
Security Policy Settings
Security Policy Settings for IKE using Pre-shared Secret
AES support is available only on the PRO 230 and PRO
Security Policy Settings using Manual Key
Modifying and Deleting Existing Security Associations
Accessing Remote Resources across a Virtual Private Network
Destination Networks
Adding Destination Networks
Enable Keep Alive
Advanced Settings
Try to bring up all possible SAs
Apply NAT and firewall rules
Require authentication of local users
Require authentication of remote users
Enable Windows Networking NetBIOS broadcast
Route all internet traffic through this SA
Enable Perfect Forward Secrecy
Phase 2 DH Group
Default LAN Gateway
VPN Terminated at the LAN, DMZ, or LAN/DMZ
IKE using
Advanced Settings for VPN Configurations
Configuring SonicWALL VPN
SonicWALL VPN
Page
Installing the VPN Client Software
Group VPN Client Setup
Group VPN Client Configuration
Page
SonicWALL VPN
Verifying the VPN Tunnel as Active
SonicWALL VPN
Configuring the VPN Client
Select the Connect using Secure Gateway Tunnel check box
Configuring VPN Security and Remote Identity
Launching the SonicWALL VPN Client
Configuring VPN Client Security Policy
Configuring VPN Client Identity
Select None from the Select Certificate menu
Select the Encapsulation Protocol ESP check box
Configuring VPN Client Key Exchange Proposal
Click Inbound Keys. The Inbound Keying Material box appears
Configuring Inbound VPN Client Keys
Configuring Outbound VPN Client Keys
Saving SonicWALL VPN Client Settings
Verifying the VPN Client Icon in the System Tray
Manual Key for Two SonicWALLs
IKE and Manual Key Configuration for Two SonicWALLs
SonicWALL VPN
Example of Manual Key Configuration for Two SonicWALLs
Configuring the Second SonicWALL Appliance
Select Strong Encrypt ESP 3DES as the Encryption Method
Enter the Encryption Key from the Main Office configuration
Configuring the Remote SonicWALL
Page
Select Group 1 from the Phase 1 DH Group menu
IKE Configuration for Two SonicWALLs
Page
Configuring a SonicWALL PRO 200 in Chicago
Example of IKE Configuration for Two SonicWALLs
Select 3DES & SHA1 from the Phase 1 DH Group menu
Configuring a SonicWALL TELE3 in San Francisco
Select Group 2 from the Phase 1 DH Group menu
VeriSign Entrust
SonicWALL Third Party Digital Certificate Support
Certificate Details
Overview of Third Party Digital Certificate Support
Version 3 Certificate Standard
Importing CA Certificates into the SonicWALL
Certificate Revocation List CRL
Importing Certificate with private key
Click Import Certificate
Creating a Certificate Signing Request
Importing a Signed Local Certificate
Click VPN, then Local Certificates
SonicWALL Enhanced VPN Logging
Testing a VPN Tunnel Connection Using Ping
Configuring Windows Networking
SonicWALL VPN
Page
Network Configuration for High Availability Pair
Before Configuring High Availability
High Availability
Configuring High Availability on the Primary SonicWALL
High Availability
Configuration Changes
High Availability Status
High Availability Status Window
Mail Alerts Indicating Status Change
Forcing Transitions
Configuration Notes
SonicWALL VPN Client
SonicWALL Options and Upgrades
SonicWALL Network Anti-Virus
Vulnerability Scanning Service
Content Filter List Subscription
SonicWALL Authentication Service
SonicWALL Global Management System
SonicWALL ViewPoint Reporting
Contact Your Reseller or SonicWALL
SonicWALL PRO 230 and PRO 330 Front Panel
Hardware Descriptions
SonicWALL PRO 230 and PRO 330 Front Panel Description
SonicWALL PRO 230 and PRO 330 Rear Panel Description
Reset Switch
Power Switches
Power Inputs
SonicWALL PRO 200 and PRO 300 Front Panel Description
SonicWALL PRO 200 and PRO 300 Front Panel
SonicWALL PRO 200 and PRO 300 Back Panel Description
Power Input
Power Switch
SonicWALL PRO 200 and PRO 300 Back Panel
SonicWALL PRO 100 Front Panel Description
SonicWALL PRO 100 Front Panel
100
SonicWALL PRO 100 Back Panel Description
SonicWALL PRO 100 Back Panel
SonicWALL TELE3 SP Front Panel Description
SonicWALL TELE3 SP Front Panel
Modem
TELE3 SP Modem Port
CLI Command Line Interface Port
SonicWALL TELE3 SP Back Panel
SonicWALL TELE3 SP Back Panel Description
SonicWALL TELE3 TZ Front Panel Description
SonicWALL TELE3 TZ Front Panel
SonicWALL TELE3 TZ Back Panel Description
SonicWALL TELE3 TZ Back Panel
SonicWALL TELE3 TZX Front Panel Description
SonicWALL TELE3 TZX Front Panel
SonicWALL TELE3 TZX Back Panel Description
SonicWALL TELE3 TZX Back Panel l
SonicWALL SOHO3 and TELE3 Front Panel Description
SonicWALL SOHO3 and TELE3 Front Panel
SonicWALL SOHO3 and TELE3 Back Panel Description
SonicWALL SOHO3 and TELE3 Back Panel
SonicWALL GX250 and GX 650 Front Panel Description
SonicWALL GX 250 and GX 650 Front Panel
SonicWALL GX 650 Front Panel
SonicWALL GX250 Front Panel
SonicWALL GX 250 and GX 650 Back Panel Description
Alarm Reset Button
Link LED is off
Troubleshooting Guide
Computer on the LAN cannot access the Internet
SonicWALL does not establish authenticated sessions
Machines on the WAN are not reachable
Duplicate IP address errors
VPN tunnel problems
SonicWALL does not save changes that you have made
Appendices
Appendix a Technical Specifications
SonicWALL Support
Appendix B SonicWALL Support Solutions
Knowledge Base
Internet Security Expertise
SonicWALL Super SonicWALL Warranty Support
SonicWALL Support Services Features and Benefits
Warranty Support North America
Warranty Support International
SonicWALL Support
SonicWALL Support
Firewalls
Appendix C Introduction to Networking
Network Hardware Components
Network Types
Network Protocols
IP Addressing
IP address Subnet mask Default gateway
IP Address
Subnet Mask
Default Gateway
Network Address Translation NAT
Nodes
Appendices
Well Known Port Numbers
Appendix D IP Port Numbers
Registered Port Numbers
Click DNS Configuration
Appendix E Configuring TCP/IP Settings
Windows
Windows NT
Windows
Open the Local Area Connection Properties window
Windows XP
Macintosh OS
Appendix F Basic VPN Terms and Concepts
Shared Secret
Authentication Header AH
Internet Key Exchange IKE
Manual Key
Page
Security Parameter Index SPI
Data Encryption Standard DES
ARCFour
Strong Encryption Triple DES
Appendix G- Erasing the Firmware
Locating the Reset button on your SonicWALL
Erasing the Firmware for all Models
Appendix H- Mounting the SonicWALL PRO 200 and PRO
Steel Belted Radius Funk Software
Appendix I Configuring Radius and ACE Servers
Open the ACE Server Database Administrator program
Configuring User Privileges
ACE Server RSA
Open IAS, and select Remote Access Policies
Internet Authentication Service Windows NT/2000 Server
ACS Server Cisco
Radius Attributes Dictionary
Page
Appendices
Page
Appendices
Page
Appendices
Index
Dynamic Host Configuration Protocol Dhcp Dynamic Ranges 167
Page
Index
232- 000291 Rev a 11