SonicWALL TZ170SP manual Vpn

Is there an easy way to erase the config file on the TZ 170 SP?

This is done from the ‘System > Settings’ menu by booting the box with the ‘Current Firmware with Factory Default’ settings button. All stored settings (including username, password, and LAN IP address) will be discarded and the device will reboot with factory settings (username: admin, password: password, LAN IP Address: 192.168.168.168).

Is there an easy way to erase the firmware on the TZ 170 SP?

Simply load a new version and boot that one instead – the previous one will be erased and replaced with the new version. If the process fails, the device will boot into the SafeMode menu.

Is User-Level Authentication (ULA) supported in SonicOS 2.6 Standard?

Yes – there’s a check box on the ‘Users > Settings’ page that, when checked, will force all systems on the LAN and OPT interface to log into the TZ 170 SP and authenticate with a username and password before any traffic is allowed to pass across the device. ULA is also supported in SonicOS 2.6 Enhanced, but is configured in a different manner (instead of an all-or-nothing mechanism, ULA is enforced on a fully granular, per-rule basis between security zones).

What is SafeMode?

SafeMode is a feature of the SonicOS Standard and Enhanced firmware that allows firewall administrators to switch between firmware builds and revert to known-good versions in case a new firmware image turns out to cause issues. In cases of firmware corruption, the device will boot into a special GUI mode that allows the administrator to choose which version to boot, and also allows the administrator to run hardware diagnostics, view the bootlog, or export the bootlog to a file.

How do I access the SafeMode menu?

In emergency situations, you can access the SafeMode menu by holding in the Reset button on the back of the TZ 170 SP (it’s the small pinhole button located to the left of the Console port) for 12-14 seconds until the ‘Test’ light begins flashing yellow. When the SonicWALL is booted into the SafeMode menu, assign a workstation a temporary IP address of ‘192.168.168.200’ and attach it to a LAN interface on the TZ 170 SP. Then, using a modern web browser (Microsoft IE6.x, Mozilla 1.4+), access the special SafeMode GUI using the device’s default IP address of ‘192.168.168.168’. You will be able to boot the device using a previously saved image, or you can upload a new version of firmware with the ‘Upload New Firmware’ button.

Is there still a ‘diag.html’ page?

Yes. This page is kept to store configuration settings that are rarely used, and for extremely specific environments. Do not modify values on this page unless SonicWALL requests you do so.

VPN

What is the “VPN” zone?

The VPN zone is a special type of zone in SonicOS Enhanced, used to enforce security policy to/from all VPN connections, including GroupVPN connections. For example, if you had a single site-to-site VPN tunnel to a remote office, when you created the tunnel, the firewall automatically created default ‘allow all’ firewall rules for the networks you specified when creating the tunnel. If you wished to add more granular control over the traffic flowing to/from that remote site, you can go into the intersection of the internal zones and the VPN zone and adjust the rules as needed. To override firewall rules going to the remote site, you’d adjust the policy for ‘LAN > VPN’, and to override rules coming from the remote site, you’d adjust the policy for ‘VPN > LAN’.

Can I set up VPN tunnels to older SonicWALL devices?

Yes – all versions of SonicOS are backwards compatible with all previous VPN-capable versions of SonicWALL firmware.

Can I set up site-to-site VPN tunnels from the TZ 170 SP to third-party VPN devices?

Yes, as long as the other device supports manual IPSec or IKE IPSec. This would include all other IPSec-capable SonicWALL models, and devices from other manufacturers.

7