ADMINISTRATOR’S Guide
Contents
Status CLI Support and Remote Management
NAT with PPPoE Configuration Restarting the SonicWALL
100
Restrict Web Features 100
101
103
Add a Known Service 130 Add a Custom Service
Viewing Network Access Rules 127 Services 128
Delete a Service 131 Rules
Network Access Rule Logic List 133
Proxy Relay 148 Web Proxy Forwarding
Intranet Settings 151
149
Bypass Proxy Servers Upon Proxy Failure 149 Intranet 150
Allow Dhcp Pass Through in Standard Mode 173
Allow Dhcp Pass Through in Standard Mode 166
Configure Tab 181 Add/Modify IPSec Security Associations
166
Configuration Changes 228
Advanced Settings for VPN Configurations 191
Configuration Notes 233
190
234
SonicWALL Authentication Service 235
235
236
Limited Warranty
Organization of this Guide
About this Guide
Icons Used in this Manual
SonicWALL Technical Support Firmware Version
Your SonicWALL Internet Security Appliance
Introduction
Internet Security
Logging and Reporting
Content Filtering
Dynamic Host Configuration Protocol Dhcp
Easy Installation and Configuration
IPSec VPN
Standard Mode
Configuring the Network Mode on the SonicWALL
Network Address Translation NAT Enabled
NAT with PPPoE Client
NAT with Dhcp Client
Select Standard from the Network Addressing Mode menu
NAT with L2TP Client
NAT with Pptp Client
Accessing the Wizard
Configuring the SonicWALL in NAT Enabled Mode
Setting the Password
Selecting Your Internet Connection
Connecting to the Internet
Selecting NAT Enabled Mode
Confirming Network Address Translation NAT Mode
Configuring LAN Network Settings
Configuring WAN Network Settings
Congratulations
Configuration Summary
Restarting
Configuring NAT with PPPoE Client
Setting the Password
Connecting to the Internet
Setting the User Name and Password for PPPoE
Configuring the SonicWALL Dhcp Server
Congratulations
Accessing the Installation Wizard
Configuring NAT with Dhcp Client
Setting the Time and Date
Selecting Your Internet Connection
Configuring LAN Network Settings
Configuration Summary
Configuring NAT with L2TP Client
Configuring NAT with Pptp Client
Setting the Time and Date
Connecting to the Internet
Setting the User Name and Password for Pptp
Configuring the SonicWALL Dhcp Server
Congratulations
Logging into the SonicWALL Management Interface
Configuring the Network Mode on the SonicWALL
Creating a New User Account
Registering at mySonicWALL.com
Account Information
Personal Information
Registering at mySonicWALL.com
Page
Click Here Registration
Quick Registration
Status and Options
Renaming Your SonicWALL
Managing Your SonicWALL
Transferring a SonicWALL Product
Delete Product
Managing Services for SonicWALL Internet Security Appliances
Activating Services Using mySonicWALL.com
Registering at mySonicWALL.com
Configuring the TELE3 SP WAN Failover Feature
Configuring the TELE3 SP Modem Connection
Dial-Up Configuration
Configuring Modem Profiles
Location Settings
ISP Settings
Configuring the TELE3 SP Modem Connection
Modem Settings
TELE3 SP Modem Configuration
Preempt Mode
Failover Settings
Select Enable WAN Failover Select Enable Probing
Primary Interface
Configuring a Modem Profile for Manual Dial-Up
Select None as the Secondary Profile
Configure Modem Settings
Tested Internet Service Providers
Configuring the Modem Settings
Modem Status
Status
Chat Scripts
Custom Chat Scripts
Https Management
Managing Your SonicWALL Internet Security Appliance
Managing Your SonicWALL Internet Security Appliance
74 SonicWALL Internet Security Appliance User’s Guide
9600 bps Bits No parity No hand-shaking
CLI Support and Remote Management
Network Settings
General and Network Settings
Network Addressing Mode
Network Time Administrator
Multiple LAN Subnet Mask Support
LAN Settings
SonicWALL LAN IP Address
LAN Subnet Mask
DNS Settings
WAN Settings
WAN Gateway Router Address
WAN/LAN Subnet Mask
NAT Enabled Configuration
Standard Configuration
SonicWALL WAN Gateway Router Address is
NAT with Dhcp Client Configuration
Select NAT with PPPoE from the Network Addressing Mode menu
NAT with PPPoE Configuration
Restarting the SonicWALL
NAT with L2TP Client Configuration
Restarting the SonicWALL
NAT with Pptp Client Configuration
Restarting the SonicWALL
NTP Settings
Setting the Time and Date
Configuring the Administrator Settings
Administrator Name
Change the Administrator Password
Login Failure Handling
Setting the Administrator Inactivity Timeout
View Log Log Settings Reports
Logging and Alerts
View Log
TCP, UDP, or Icmp packets dropped
SonicWALL Log Messages
Web, FTP, Gopher, or Newsgroup blocked
ActiveX, Java, Cookie or Code Archive blocked
Configure the following settings
Log Settings
Page
Log Categories
Alerts/SNMP Traps
Reports
VPN Tunnel Status
Bandwidth Usage by Service
Web Site Hits
Bandwidth Usage by IP Address
SonicWALL ViewPoint
Configure URL List Customize Consent
Content Filtering and Blocking
Configuring SonicWALL Content Filtering
Restrict Web Features
Block
List Updates
Message to display when a site is blocked
URL List
Trusted Domains
Settings
Download Automatically every
Select Categories to Block
Custom Filter
Customizing the Content Filtering List
Filter Block Action
Time of Day
Consent
User Idle Timeout is 5 minutes configure here
Maximum Web usage
Consent page URL Optional Filtering
Consent Accepted URL Filtering Off
Mandatory Filtered IP Addresses
Consent Accepted URL Filtering On
Consent page URL Mandatory Filtering
Configuring N2H2 Internet Filtering
Trusted Domains
N2H2 Server Status
Settings Server Host Name or IP Address
Listen Port
Reply Port
Configuring the Websense Enterprise Content Filter
Trusted Domains
Settings
Configuring the Websense Content Filter List
Websense Server Status
Server Port
URL Cache
Web Management Tools
Restart Preferences Firmware Diagnostic
Preferences
Exporting the Settings File
Importing the Settings File
Restoring Factory Default Settings
Click Import in the Preferences tab
Updating Firmware
Updating Firmware Manually
Upgrade Features
DNS Name Lookup
Diagnostic Tools
Find Network Path
Ping
Select Ping from the Choose a diagnostic tool menu
Packet Trace
Tech Support Report
Select Packet Trace from the Choose a diagnostic tool menu
Generating a Tech Support Report
Trace Route
Viewing Network Access Rules
Network Access Rules
LAN Out
Services
Network Connection Inactivity Timeout
Windows Networking NetBIOS Broadcast Pass Through
Public LAN Server
Windows Messenger Support
Add Service
Add a Known Service
Add a Custom Service
Enable Logging
Delete a Service
Rules
Product Maximum Rules
Maximum Number of Rules by Product
Bandwidth Management
Network Access Rule Logic List
Add a New Rule
Select always from the Apply this rule menu
Add New Rule Examples
Blocking LAN Access for Specific Services
Enabling Ping
Select WAN from the Destination Ethernet menu
Enable/Disable a Rule
Current Network Access Rules Table
Restore the Default Network Access Rules
Edit a Rule
Understanding the Access Rule Hierarchy
Users
Global User Settings
Highlight -Add New User- in the Current User list box
Adding and Removing a User
Current Users
Users Currently Locked Out After Login Failures
User Login
Radius Servers
Radius
Radius Client Test
Radius Users
Management SonicWALL Snmp Support
Configuration of the Service and Rules Pages
Configuration of the Log/Log Settings for Snmp
SonicWALL Management Protocol
Additional Management
Network Access Rules
Proxy Relay Web Proxy Forwarding
Advanced Features
Bypass Proxy Servers Upon Proxy Failure
Configuring Web Proxy Relay
Intranet
Installation
Intranet Settings
Intranet Configuration
VPN Single-Armed Mode stand-alone VPN gateway
Configuring a SonicWALL for VPN Single Armed Mode
VPN Single Armed Mode SonicWALL
Remote SonicWALL Corporate SonicWALL
Routes
Tip There is no route advertisement on the WAN
LAN Route Advertisement
RIPv2 Authentication
DMZ Route Advertisement
DMZ Addresses
DMZ in NAT Mode
DMZ in Standard Mode
HomePort Configuration
HomePort in Standard Mode
Delete a DMZ Address Range
Delete a HomePort Address Range
HomePort in NAT Mode
One-to-One NAT
Select the Enable One-to-One NAT check box
Select Enable One-to-One NAT and click Update
One-to-One NAT Configuration Example
WAN Link Settings
Enable Bandwidth Management
Ethernet
LAN/HomePort Link Settings
DMZ/WorkPort Link Settings
MTU Settings
Proxy Management workstation ethernet address on WAN
How SonicWALL Bandwidth Management Works
SonicWALL Bandwidth Management
Examples of Bandwidth Management Rules
Rule Service Priority Guaranteed Maximum
Allow Dhcp Pass Through in Standard Mode
Setup
Setup Dhcp over VPN Status
Dhcp Server
Select the Enable Dhcp Server
Configuring the SonicWALL Dhcp Server
Dhcp Relay Mode
Deleting Dynamic Ranges and Static Entries
Dhcp over VPN
Configuring the Central Gateway for VPN over Dhcp
Configuring the Remote Gateway for VPN over Dhcp
Select Central Gateway from the Dhcp Relay Mode menu
LAN IP Addresses
Select Remote Gateway from the Dhcp Relay Mode menu
LAN Device Configuration
Dhcp Status
Dhcp Server on the SonicWALL TELE3 TZ and TZX
Configuring the SonicWALL Dhcp Server
Deleting Dynamic Ranges and Static Entries
Dhcp Status
SonicWALL VPN
VPN Management Interface Summary Tab
Global VPN Settings
VPN Bandwidth Management
VPN Policies
Currently Active VPN Tunnels
AES Advanced Encryption Standard Support
SonicWALL NAT Traversal Support
Disabling Security Associations
Configure Tab Add/Modify IPSec Security Associations
Security Policy Settings for Group VPN
Security Policy Settings
Security Policy Settings for IKE using Pre-shared Secret
AES support is available only on the PRO 230 and PRO
Security Policy Settings using Manual Key
Destination Networks
Accessing Remote Resources across a Virtual Private Network
Adding Destination Networks
Modifying and Deleting Existing Security Associations
Advanced Settings
Enable Keep Alive
Try to bring up all possible SAs
Require authentication of remote users
Require authentication of local users
Enable Windows Networking NetBIOS broadcast
Apply NAT and firewall rules
Phase 2 DH Group
Enable Perfect Forward Secrecy
Default LAN Gateway
Route all internet traffic through this SA
VPN Terminated at the LAN, DMZ, or LAN/DMZ
IKE using
Advanced Settings for VPN Configurations
Configuring SonicWALL VPN
SonicWALL VPN
Page
Group VPN Client Setup
Installing the VPN Client Software
Group VPN Client Configuration
Page
SonicWALL VPN
Verifying the VPN Tunnel as Active
SonicWALL VPN
Configuring the VPN Client
Configuring VPN Security and Remote Identity
Select the Connect using Secure Gateway Tunnel check box
Launching the SonicWALL VPN Client
Configuring VPN Client Identity
Configuring VPN Client Security Policy
Select None from the Select Certificate menu
Select the Encapsulation Protocol ESP check box
Configuring VPN Client Key Exchange Proposal
Configuring Outbound VPN Client Keys
Configuring Inbound VPN Client Keys
Saving SonicWALL VPN Client Settings
Click Inbound Keys. The Inbound Keying Material box appears
Verifying the VPN Client Icon in the System Tray
Manual Key for Two SonicWALLs
IKE and Manual Key Configuration for Two SonicWALLs
SonicWALL VPN
Configuring the Second SonicWALL Appliance
Example of Manual Key Configuration for Two SonicWALLs
Select Strong Encrypt ESP 3DES as the Encryption Method
Enter the Encryption Key from the Main Office configuration
Configuring the Remote SonicWALL
Page
Select Group 1 from the Phase 1 DH Group menu
IKE Configuration for Two SonicWALLs
Page
Example of IKE Configuration for Two SonicWALLs
Configuring a SonicWALL PRO 200 in Chicago
Select 3DES & SHA1 from the Phase 1 DH Group menu
Configuring a SonicWALL TELE3 in San Francisco
Select Group 2 from the Phase 1 DH Group menu
VeriSign Entrust
SonicWALL Third Party Digital Certificate Support
Version 3 Certificate Standard
Overview of Third Party Digital Certificate Support
Importing CA Certificates into the SonicWALL
Certificate Details
Certificate Revocation List CRL
Importing Certificate with private key
Importing a Signed Local Certificate
Creating a Certificate Signing Request
Click VPN, then Local Certificates
Click Import Certificate
SonicWALL Enhanced VPN Logging
Testing a VPN Tunnel Connection Using Ping
Configuring Windows Networking
SonicWALL VPN
Page
Before Configuring High Availability
Network Configuration for High Availability Pair
High Availability
Configuring High Availability on the Primary SonicWALL
High Availability
Configuration Changes
High Availability Status
High Availability Status Window
Mail Alerts Indicating Status Change
Forcing Transitions
Configuration Notes
SonicWALL Options and Upgrades
SonicWALL VPN Client
SonicWALL Network Anti-Virus
Content Filter List Subscription
Vulnerability Scanning Service
SonicWALL Authentication Service
SonicWALL ViewPoint Reporting
SonicWALL Global Management System
Contact Your Reseller or SonicWALL
Hardware Descriptions
SonicWALL PRO 230 and PRO 330 Front Panel
SonicWALL PRO 230 and PRO 330 Front Panel Description
Power Switches
Reset Switch
Power Inputs
SonicWALL PRO 230 and PRO 330 Rear Panel Description
SonicWALL PRO 200 and PRO 300 Front Panel Description
SonicWALL PRO 200 and PRO 300 Front Panel
Power Switch
Power Input
SonicWALL PRO 200 and PRO 300 Back Panel
SonicWALL PRO 200 and PRO 300 Back Panel Description
SonicWALL PRO 100 Front Panel
SonicWALL PRO 100 Front Panel Description
100
SonicWALL PRO 100 Back Panel Description
SonicWALL PRO 100 Back Panel
SonicWALL TELE3 SP Front Panel
SonicWALL TELE3 SP Front Panel Description
Modem
SonicWALL TELE3 SP Back Panel
CLI Command Line Interface Port
SonicWALL TELE3 SP Back Panel Description
TELE3 SP Modem Port
SonicWALL TELE3 TZ Front Panel Description
SonicWALL TELE3 TZ Front Panel
SonicWALL TELE3 TZ Back Panel Description
SonicWALL TELE3 TZ Back Panel
SonicWALL TELE3 TZX Front Panel Description
SonicWALL TELE3 TZX Front Panel
SonicWALL TELE3 TZX Back Panel Description
SonicWALL TELE3 TZX Back Panel l
SonicWALL SOHO3 and TELE3 Front Panel Description
SonicWALL SOHO3 and TELE3 Front Panel
SonicWALL SOHO3 and TELE3 Back Panel Description
SonicWALL SOHO3 and TELE3 Back Panel
SonicWALL GX250 and GX 650 Front Panel Description
SonicWALL GX 250 and GX 650 Front Panel
SonicWALL GX 650 Front Panel
SonicWALL GX250 Front Panel
SonicWALL GX 250 and GX 650 Back Panel Description
Alarm Reset Button
Computer on the LAN cannot access the Internet
Troubleshooting Guide
SonicWALL does not establish authenticated sessions
Link LED is off
VPN tunnel problems
Duplicate IP address errors
SonicWALL does not save changes that you have made
Machines on the WAN are not reachable
Appendices
Appendix a Technical Specifications
Knowledge Base
Appendix B SonicWALL Support Solutions
Internet Security Expertise
SonicWALL Support
SonicWALL Super SonicWALL Warranty Support
SonicWALL Support Services Features and Benefits
Warranty Support North America
Warranty Support International
SonicWALL Support
SonicWALL Support
Network Hardware Components
Appendix C Introduction to Networking
Network Types
Firewalls
Network Protocols
IP address Subnet mask Default gateway
IP Addressing
IP Address
Network Address Translation NAT
Default Gateway
Nodes
Subnet Mask
Appendices
Appendix D IP Port Numbers
Well Known Port Numbers
Registered Port Numbers
Appendix E Configuring TCP/IP Settings
Click DNS Configuration
Windows
Windows NT
Windows
Open the Local Area Connection Properties window
Windows XP
Macintosh OS
Appendix F Basic VPN Terms and Concepts
Internet Key Exchange IKE
Authentication Header AH
Manual Key
Shared Secret
Page
ARCFour
Data Encryption Standard DES
Strong Encryption Triple DES
Security Parameter Index SPI
Locating the Reset button on your SonicWALL
Appendix G- Erasing the Firmware
Erasing the Firmware for all Models
Appendix H- Mounting the SonicWALL PRO 200 and PRO
Steel Belted Radius Funk Software
Appendix I Configuring Radius and ACE Servers
Configuring User Privileges
Open the ACE Server Database Administrator program
ACE Server RSA
Internet Authentication Service Windows NT/2000 Server
Open IAS, and select Remote Access Policies
ACS Server Cisco
Radius Attributes Dictionary
Page
Appendices
Page
Appendices
Page
Appendices
Index
Dynamic Host Configuration Protocol Dhcp Dynamic Ranges 167
Page
Index
232- 000291 Rev a 11
