Manuals / SonicWALL / Computer Equipment / Network Card

SonicWALL OS 2.x quick start Basic WAN & LAN Configuration, Security Zones and Objects

Models: OS 2.x

1 20
Download 20 pages 49.83 Kb
Page 3
Image 3
Basic WAN & LAN Configuration

Sonic OS 2.x Quick Start Guide

Basic WAN & LAN Configuration

Refer to the Sonicwall Quick Start Guide included on the product CD.

Security Zones and Objects

There are several new concepts introduced with SonicOS 2.x Enhanced firmware. In this section, we’ll discuss the Security Zones and Objects. When configuring the new products, you will need to define your Security Zones early in the setup process so that your rules, NAT entries, and objects will be easier to work with.

Security Zones - Overview

Sonicwall’s fourth generation appliances extend the previous architecture beyond the LAN, WAN, and DMZ. The new products, when loaded with the Enhanced firmware, have six user-definable interfaces. The first two interfaces (X0 and X1) are fixed interfaces, permanently bound to the LAN and WAN zones, respectively. The remaining four interfaces, X2-X5, can be configured and bound to any Zone.

The multiple interfaces allow the user to segment their network into a more manageable, secure infrastructure. It also allows the user to have multiple physical segments grouped together. This concept of multiple segments, or interfaces, logically grouped together is called Security Zones. The Security Zone permits the user to name the Zone in a user-friendly way and to write security rules that apply to all the segments in a Zone, without needing to address each physical interface individually. In our example, we have two interfaces (X1 and X2), used for WAN load- balancing and failover. If we group the two interfaces in the WAN Zone, we will only need to write one set of firewall rules that will apply regardless of which interface is active. This greatly simplifies the firewall rule base. The pre-defined Security Zones are not modifiable and are defined as follows:

WAN – This Zone can consist of either one or two interfaces. If using the WAN-WAN capability, you need to add the second Internet interface to the WAN Zone.

LAN – This Zone can consist of one to five interfaces, depending on your network design. Even though each interface will have a different network subnet attached to it, when grouped together they can be managed as a single entity.

DMZ – This is the Demilitarized Zone you are probably familiar with from the existing Sonicwall product line. This Zone is normally used for publicly accessible servers. This Zone can consist of one to four interfaces, depending on you network design.

VPN - This predefined Zone is used for simplifying secure, remote connectivity. It is the only Zone that does not have an assigned physical interface.

NOTE – Even though you may group interfaces together into one Security Zone, this does not preclude you from addressing a single interface within the Zone.

2

Page 2 Page 4
Page 3
Image 3
SonicWALL OS 2.x quick start Basic WAN & LAN Configuration, Security Zones and Objects, Security Zones - Overview
Page 2 Page 4