SonicWALL SonicOS Enhanced 2.2 Administrator's Manual

COMPREHENSIVE INTERNET SECURITY

™

S o n i c WALL Internet Security Ap p l i a n c e s

SonicOS Enhanced 2.2

Administrator's Guide

Page 1

Table of Contents

Preface..................................................................................................1

Copyright Notice ..............................................................................1

Limited Warranty..............................................................................1

Introduction......................................................... 1

SonicOS Enhanced Overview...............................................................1

SonicWALL Management Interface.......................................................1

Accessing the Management Interface..............................................1

Navigating the Management Interface.............................................2

Applying Changes............................................................................2

Getting Help.....................................................................................2

Logging Out .....................................................................................2

About this Guide....................................................................................2

Organization of this Guide ...............................................................3

Guide Conventions ..........................................................................3

Icons Used in this Manual................................................................4

SonicWALL Technical Support..............................................................4

North America Telephone Support.............................................4

International Telephone Support................................................4

More Information on SonicWALL Products and Services .....................5

Initial Configuration Using the Wizards............... 7

Internet Connectivity Using the Setup Wizard.......................................7

Configuring a Static IP Address with NAT Enabled .........................7

Setup Wizard..............................................................................8

Step 1: Change Password..........................................................8

Step 2: Change Time Zone ........................................................9

Step 3: WAN Network Mode.......................................................9

Step 4: WAN Network Mode: NAT Enabled .............................10

Step 5: LAN Settings ................................................................10

Step 6: LAN DHCP Settings ....................................................11

Step 7: SonicWALL Configuration Summary............................11

Storing SonicWALL Configuration............................................12

Setup Wizard Complete............................................................12

Configuring DHCP Networking Mode ............................................13

Step 1: Change Password........................................................13

Step 3: WAN Network Mode.....................................................14

Step 4: WAN Network Mode: NAT with DHCP Client...............15

Step 5: LAN Settings ................................................................15

Step 6: DHCP Settings.............................................................16

Configuration Summary............................................................16

Storing SonicWALL Configuration............................................17

Page 2 SonicWALL SonicOS Standard Administrator’s Guide

Setup Wizard Complete............................................................17

Configuring NAT Enabled with PPPoE...........................................18

Step 1: Change Password........................................................18

Step 2: Change Time Zone ......................................................19

Step 3: WAN Network Mode.....................................................19

Step 4: WAN Network Mode: NAT with PPPoE Client..............20

Step 5: LAN Settings.................................................................20

Step 6: DHCP Server................................................................21

Step 7: SonicWALL Configuration Summary............................21

Storing SonicWALL Configuration ...........................................22

Setup Wizard Complete............................................................22

Configuring PPTP Network Mode ..................................................22

Step 1: Change Password........................................................23

Step 2: Change Time Zone ......................................................24

Step 3: WAN Network Mode.....................................................24

Step 4: WAN Network Mode: NAT with PPTP Client................25

Step 5: LAN Settings.................................................................25

Step 6: DHCP Server................................................................26

Step 7: SonicWALL Configuration Summary............................26

Storing SonicWALL Configuration ...........................................27

Setup Wizard Complete............................................................27

Configuring a Public Server with the Wizard .......................................27

Create the Server with the Public Server Wizard...........................28

System..............................................................33

System>Status.....................................................................................33

System Messages..........................................................................33

System Information ........................................................................33

Security Services............................................................................34

Registering Your SonicWALL.........................................................34

mySonicWALL.com...................................................................35

Latest Alerts ...................................................................................35

Network Interfaces .........................................................................35

SonicWALL PRO 2040 .............................................................35

SonicWALL PRO 3060/PRO 4060............................................35

SonicWALL TZ 170...................................................................35

System>Licenses.................................................................................36

Security Services Summary...........................................................36

Manage Security Services Online ..................................................36

Manual Upgrade.............................................................................37

System>Administration........................................................................38

Firewall Name ................................................................................38

Administrator Name & Password ...................................................38

Changing the Administrator Password......................................38

Page 3

Login Security................................................................................38

Enable Administrator/User Lockout..........................................39

Web Management Server..............................................................39

Advanced Management.................................................................39

Enable SNMP...........................................................................39

Configuring Log/Log Settings for SNMP...................................40

Configuring SNMP as a Service and Adding Rules..................40

Enable Management Using SonicWALL GMS...............................41

System>Time ......................................................................................42

System Time..................................................................................42

NTP Settings..................................................................................43

System>Settings .................................................................................43

Settings..........................................................................................43

Import Settings .........................................................................43

Export Settings.........................................................................44

Firmware Management..................................................................44

Automatic Notification of New Firmware...................................44

Firmware Management Table...................................................44

Updating Firmware Manually....................................................45

Creating a Backup Firmware Image.........................................45

SafeMode - Rebooting the SonicWALL.........................................45

System Information...................................................................46

Firmware Management.............................................................46

FIPS (PRO 3060/PRO 4060).........................................................47

System>Diagnostics............................................................................47

Select Diagnostic Tool ...................................................................48

DNS Name Lookup...................................................................48

Find Network Path....................................................................48

Ping ..........................................................................................48

Packet Trace ............................................................................48

Captured Packets.....................................................................49

Packet Detail ............................................................................49

Tech Support Report................................................................50

Generating a Tech Support Report ..........................................50

Trace Route..............................................................................50

System>Restart...................................................................................51

Network............................................................. 53

Network>Interfaces .............................................................................53

Physical Interfaces.........................................................................54

Interface Settings...........................................................................54

Inteface Traffic Statistics................................................................54

Configuring the DMZ/OPT or LAN Interface.................................55

Configuring Advanced Settings for the Interface......................55

Page 4 SonicWALL SonicOS Standard Administrator’s Guide

Configuring the WAN Interface......................................................56

Static.........................................................................................56

DHCP........................................................................................57

PPPoE ......................................................................................57

PPTP.........................................................................................57

L2TP .........................................................................................58

Configuring the Advanced Tab for the WAN Interface..................58

Ethernet Settings ......................................................................58

Bandwidth Management...........................................................59

NAT Policy Settings..................................................................59

Network >WAN Failover and Load Balancing......................................59

WAN Failover and Load Balancing Settings ..................................60

Configuring WAN Probe Monitoring ...............................................60

Configuring WAN Probe Settings..............................................61

WAN Load Balancing Statistics......................................................61

Outbound Load Balancing Method.................................................61

Creating a NAT Policy for WAN Failover........................................62

Network > Zones..................................................................................63

Adding a New Zone........................................................................64

Modifying a Zone............................................................................64

Network > DNS....................................................................................65

Network > Address Objects.................................................................65

Default Address Objects and Groups.............................................66

SonicWALL TZ 170 ........................................................................66

Default Address Objects...........................................................66

Default Address Groups............................................................66

SonicWALL PRO 2040...................................................................66

Default Address Objects...........................................................66

Default Address Groups............................................................67

SonicWALL PRO 3060/4060..........................................................67

Default Address Objects...........................................................67

Default Address Groups............................................................67

Adding an Address Object..............................................................68

Creating Group Address Objects ...................................................68

Network>Routing.................................................................................69

Static Routes..................................................................................69

Route Advertisement......................................................................70

Route Advertisement Configuration..........................................70

Routing Table.................................................................................71

Network > NAT Policies.......................................................................72

The Default Many-to-One Outbound NAT Policy ...........................73

Configuring an Inbound Many-to-One NAT Policy .........................74

Configuring a One-to-One NAT Policy...........................................75

Page 5

Creating an Outbound Traffic Policy.........................................75

Creating an Inbound Traffic Policy ...........................................75

Network>ARP......................................................................................76

Network>DHCP Server .......................................................................77

Enabling DHCP Server..................................................................77

Configuring DHCP Server for Dynamic Ranges ............................78

General.....................................................................................78

DNS/WINS................................................................................79

VoIP Settings............................................................................79

Configuring Static DHCP Entries...................................................80

General.....................................................................................80

DNS/WINS................................................................................81

VoIP Settings............................................................................81

Current DHCP Leases ...................................................................82

Network > IP Helper............................................................................82

IP Helper Settings..........................................................................82

IP Helper Policies...........................................................................82

Adding an IP Helper Policy............................................................83

Editing an IP Helper Policy ............................................................83

Deleting IP Helper Policies ............................................................83

Network > Web Proxy..........................................................................83

Configuring Automatic Proxy Forwarding (Web Only) ...................84

Bypass Proxy Servers Upon Proxy Failure....................................84

Firewall ............................................................. 85

Using Bandwidth Management with Access Rules.............................85

Firewall>Access Rules........................................................................86

View Styles ....................................................................................86

Zone Rules.....................................................................................87

Adding Rules..................................................................................88

Adding New Rule Examples ..........................................................89

Blocking LAN Access for Specific Services..............................89

Enabling Ping ...........................................................................90

Editing a Rule.................................................................................90

Deleting Rules................................................................................90

Enabling and Disabling Rules........................................................90

Default Rules .................................................................................90

Rules Using Bandwidth Management............................................90

Displaying Rule Traffic Statistics....................................................90

Firewall > Advanced............................................................................91

Detection Prevention......................................................................91

Dynamic Ports ..........................................................................91

Page 6 SonicWALL SonicOS Standard Administrator’s Guide

Source Routed Packets..................................................................92

TCP Connection Inactivity Timeout...........................................92

Access Rule Service Options.........................................................92

Firewall > Schedules............................................................................93

Schedules.......................................................................................93

Adding a Schedule .........................................................................93

Deleting Schedules ........................................................................94

Firewall>Services.................................................................................94

Default Services.............................................................................94

Custom Services ............................................................................95

Adding Custom Services...........................................................95

Editing Custom Services...........................................................95

Deleting Custom Services.........................................................95

Custom Services Groups ...............................................................95

Editing Custom Services Groups..............................................96

Deleting Custom Services Groups............................................96

VPN...................................................................97

VPN>Settings......................................................................................97

VPN Global Settings.......................................................................97

VPN Policies...................................................................................98

Currently Active VPN Tunnels........................................................98

Configuring Group VPN on the SonicWALL........................................98

Configuring GroupVPN with IKE using Preshared Secret..............98

General.....................................................................................99

Proposals..................................................................................99

Advanced ...............................................................................100

Client ......................................................................................101

Configuring GroupVPN with IKE using 3rd Party Certificates ......101

General...................................................................................101

Proposals................................................................................102

Advanced................................................................................102

Client.......................................................................................103

Export VPN Client Policy..............................................................103

Site to Site VPN Configurations.........................................................104

VPN Planning Sheet for Site-to-Site VPN Policies.......................105

Site A ......................................................................................105

Router.....................................................................................105

Additional Information.............................................................105

Creating VPN Policies Using the VPN Policy Window ......................106

Configuring a VPN Policy with IKE using Preshared Secret........106

Configuring a VPN Policy using Manual Key ...............................109

Local SonicWALL....................................................................109

Page 7

Remote SonicWALL...............................................................112

Configuring a VPN Policy with IKE using a Third Party Certificate115

VPN>Advanced.................................................................................117

Advanced VPN Settings...............................................................117

VPN>DHCP over VPN ......................................................................118

DHCP Relay Mode.......................................................................118

Configuring the Central Gateway for DHCP Over VPN...............119

Configuring DHCP over VPN Remote Gateway ..........................120

Device Configuration..............................................................120

Current DHCP over VPN Leases.................................................121

VPN>L2TP Server.............................................................................122

General........................................................................................122

L2TP Server Settings .............................................................122

IP Address Settings................................................................123

L2TP Users.............................................................................123

Adding L2TP Clients to the SonicWALL.................................123

Currently Active L2TP Sessions.............................................123

Digital Certificates .............................................................................123

Overview of X.509 v3 Certificates................................................123

SonicWALL Third Party Digital Certificate Support......................124

VPN>Local Certificates .....................................................................124

Importing Certificate with Private Key..........................................124

Certificate Details.........................................................................125

Delete This Certificate ............................................................125

Generating a Certificate Signing Request....................................125

VPN>CA Certificates.........................................................................126

Importing CA Certificates into the SonicWALL ............................126

Certificate Details.........................................................................126

Delete This Certificate ............................................................126

Certificate Revocation List (CRL).................................................127

Importing a CRL List...............................................................127

Automatic CRL Update...........................................................127

Users .............................................................. 129

Users>Status.....................................................................................129

User>Settings....................................................................................130

Authentication Method.................................................................130

Configuring RADIUS Authentication............................................130

RADIUS Servers.....................................................................131

RADIUS Users........................................................................132

RADIUS Users Settings..........................................................132

RADIUS Client Test................................................................133

Global User Settings....................................................................133

Page 8 SonicWALL SonicOS Standard Administrator’s Guide

Acceptable Use Policy..................................................................133

User>Local Users..............................................................................134

Settings ........................................................................................134

Groups....................................................................................135

VPN Access............................................................................135

Users>Local Groups..........................................................................136

Creating a Local Group................................................................136

Hardware Failover...........................................137

Before Configuring Hardware Failover ..............................................137

Configuring Hardware Failover on the Primary

SonicWALL........................................................................................138

Hardware Failover Settings..........................................................138

SonicWALL Address Settings ......................................................139

Configuration Changes.................................................................140

Synchronizing Changes between the Primary and Backup SonicWALLs140

Hardware Failover Status.............................................................140

Forcing Transitions .................................................................141

Configuration Notes......................................................................141

Monitoring Links.................................................................................142

Security Services.............................................143

Security Services>Summary..............................................................144

Security Services Summary.........................................................144

Manage Services Online..............................................................144

If Your SonicWALL is Not Registered ..........................................145

Security Services Settings............................................................145

SonicWALL Content Filtering Service................................................145

Security Services>Content Filter .......................................................146

Content Filter Status.....................................................................146

Activating SonicWALL CFS ....................................................147

Activating a SonicWALL CFS FREE TRIAL............................147

Content Filter Type.......................................................................147

Restrict Web Features..................................................................148

Trusted Domains..........................................................................148

Message to Display when Blocking..............................................149

Configuring SonicWALL Filter Properties..........................................149

..................................................................................Custom List149

Enable Keyword Blocking.......................................................150

Disable all Web traffic except for Allowed Domains................150

Settings ........................................................................................150

Consent........................................................................................151

Page 9

Mandatory Filtered IP Addresses.................................................152

Consent Page URL (mandatory filtering)................................152

Adding a New Address...........................................................152

SonicWALL Network Anti-Virus.........................................................152

Security Services>Anti-Virus.............................................................153

Activating SonicWALL Network Anti-Virus...................................153

Activating a SonicWALL Network Anti-Virus FREE TRIAL..........153

Network Anti-Virus E-Mail Filter ........................................................153

Intrusion Prevention Service .............................................................154

SonicWALL IPS Features............................................................154

SonicWALL Deep Packet Inspection ...........................................155

How SonicWALL’s Deep Packet Inspection Architecture Works.155

SonicWALL IPS Terminology.......................................................156

SonicWALL IPS Activation................................................................157

mySonicWALL.com......................................................................157

Activating SonicWALL IPS...........................................................157

Activating the SonicWALL IPS FREE TRIAL...............................158

Log.................................................................. 159

Log>View...........................................................................................159

SonicWALL Log Messages..........................................................159

Log Table.....................................................................................160

Refresh ........................................................................................160

Clear Log .....................................................................................160

E-mail Log....................................................................................160

Log>Categories.................................................................................161

Log Categories.............................................................................161

Alerts & SNMP Traps...................................................................162

Log>Automation................................................................................163

E-mail...........................................................................................163

Syslog Servers.............................................................................163

Adding a Syslog Server..........................................................164

Log>Reports......................................................................................164

Data Collection.............................................................................165

Web Site Hits..........................................................................165

Bandwidth Usage by IP Address............................................165

Bandwidth Usage by Service..................................................165

Log>ViewPoint ..................................................................................166

SonicWALL ViewPoint.................................................................166

Appendices..................................................... 167

Appendix A - SonicWALL Support Solutions.....................................167

Page 10 SonicWALL SonicOS Standard Administrator’s Guide

Knowledge Base ..........................................................................167

Internet Security Expertise...........................................................167

SonicWALL Support Programs ....................................................167

Warranty Support - North America and International...................167

Appendix B- Configuring the Management Station

TCP/IP Settings .................................................................................168

Windows 98..................................................................................168

Windows NT.................................................................................169

Windows 2000..............................................................................170

Windows XP.................................................................................171

Macintosh OS 10..........................................................................171

Page 1

Preface

Copyright Notice

©

Under the copyright laws, this manual or the software described within, can not be copied, in whole or

part, without the written consent of the manufacturer, except in the normal use of the software to make a

backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were

affixed to the original. This exception does not allow copies to be made for others, whether or not sold,

but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person.

Under the law, copying includes translating into another language or format.

SonicWALL is a registered trademark of SonicWALL, Inc.

Other product and company names mentioned herein can be trademarks and/or registered trademarks of

their respective companies.

Specifications and descriptions subject to change without notice.

Limited Warranty

SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case

commencing not more than ninety (90) days after the original shipment by SonicWALL), and continuing

for a period of twelve (12) months, that the product will be free from defects in materials and workmanship

under normal use. This Limited Warranty is not transferable and applies only to the original end user of

the product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under

this limited warranty will be shipment of a replacement product. At SonicWALL's discretion the

replacement product may be of equal or greater functionality and may be of either new or like-new quality.

SonicWALL's obligations under this warranty are contingent upon the return of the defective product

according to the terms of SonicWALL's then-current Support Services policies.

This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by

accident, abuse, misuse or misapplication, or has been modified without the written permission of

SonicWALL.

Page 2 SonicWALL SonicOS Standard Administrator’s Guide

DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR

IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT

LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A

PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A

COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE

MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY

CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY

PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW

LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS

WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS

WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply

even if the express warranty set forth above fails of its essential purpose.

DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A

REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT

SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,

INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS

INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE

USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,

INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY

OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE

EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH

DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort

(including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall

apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR

JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR

INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

Introduction Page 1

1 Introduction

Thank you for purchasing the SonicWALL Internet Security Appliance. Organizations of all kinds face an

array of security threats -- and must react quickly with limited IT resources. That means that SonicWALL

offers security solutions for specific business applications such as networking, site-to-site

communications, telecommuting, POS transactions, or secure web-sites. SonicWALL offers solutions that

are specifically designed to meet the objectives of today's Internet connected business.

SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver

powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall

technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled

applications. With integrated support for firewall, VPN, Anti Virus, content filtering, and an award-winning

Global Management System (GMS), IT administrators can trust SonicWALL to protect their network while

securely and reliably connecting their remote businesses or personnel.

SonicOS Enhanced Overview

SonicOS Enhanced is the most powerful SonicOS operating system, designed for the latest generation

of SonicWALL firewall/AVPN appliances. Built on the SonicOS architecture, this operating system

features multiple network interfaces and zones, WAN ISP failover and load balancing, policy-based

BNAT, object-based management, a multi-level administrator GUI, and enhanced VPN functionality.

SonicOS Enhanced is standard on the SonicWALL PRO 4060 and available as an upgrade on the

SonicWALL TZ 170, PRO 2040, and PRO 3060.

SonicWALL Management Interface

The SonicWALL’s Web Management Interface provides a easy-to-use graphical interface for configuring

your SonicWALL. SonicWALL management functions are performed through a Web browser.

Tip!

Microsoft Internet Explorer 5.0 or higher, or, Netscape Navigator 4.5 or higher are two recommended

Web browsers.

Accessing the Management Interface

To access the SonicWALL Management Interface, you need to configure the Management Station TCP/

IP settings in order to initially contact the SonicWALL. A computer used to manage the SonicWALL is

referred to as the “Management Station.” Any computer on the same network as the SonicWALL can be

used to access the management interface.

MD5 authentication is used to secure communications between your Management Station and the

SonicWALL Web Management Interface. MD5 Authentication prevents unauthorized users from

detecting and stealing the SonicWALL password as it is sent over your network.

The Web browser used to access the management interface must be Java-enabled and support HTTP

uploads in order to fully manage the SonicWALL. If your Web browser does not support these functions,

certain features such as uploading firmware and saved preferences files are not available.

Note:

For instructions on setting up your Management Station for accessing the SonicWALL Management

Interface, see Appendix B.

Page 2 SonicWALL SonicOS Standard Administrator’s Guide

Navigating the Management Interface

Navigating the SonicWALL Management Interface includes a hierarchy of menu buttons on the navigation

bar (left side of window). The SonicOS Enhanced menu buttons on the navigation bar include:

• System

•Network

•Firewall

• VPN

•Users

• Hardware Failover

• Security Services

•Log

•Help

• Logout

When you click a menu button, related management functions are displayed as submenu items in the

navigation bar. To navigate to a submenu page, click the link. When you click a menu button, the first

submenu item page is displayed.

Applying Changes

Click the Apply button at the top right corner of the SonicWALL Management Interface to save any

configuration changes you made on the page.

If the settings are contained in a secondary window within the Management Interface, when you click OK,

the settings are automatically applied to the SonicWALL.

Getting Help

Each SonicWALL includes Web-based online help available from the Management Interface.

Clicking the question mark ? button on the top right corner of every page accesses the

context-sensitive help for the page.

Alert!

SonicWALL online help requires Internet connectivity.

Logging Out

The Logout button at the bottom of the menu bar terminates the Management Interface session and

displays the Authentication page.

About this Guide

Welcome to the SonicWALL SonicOS Enhanced Administrator’s Guide. This manual provides the

information you need to successfully activate, configure, and administer SonicOS Enhanced 2.2 for the

SonicWALL TZ170, PRO 2040, PRO 3060, and PRO 4060 Internet Security Appliances.

This manual is updated and released with SonicOS Enhanced 2.2. Always check

<http//:www.sonicwall.com/services/documentation.html> for the latest version of this manual as well as

other SonicWALL Security Service and upgrade manuals.

Introduction Page 3

Organization of this Guide

The SonicOS Enhanced Administrator’s Guide organization follows the SonicWALL Web Management

Interface structure.

Chapter 1, Introduction - overview of the SonicWALL SonicOS Enhanced, the SonicWALL Web-based

Management Interface, and this manual’s conventions.

Chapter 2, Initial Configuration Using the Wizards - describes initial configuration and public server

configuration using the Setup Wizard and the Public Server Wizard.

Chapter 3, System Settings - describes the configuration of the SonicWALL IP settings, time, and

password as well as providing instructions to restart the SonicWALL, import and export settings, upload

new firmware, and perform diagnostic tests.

Chapter 4, Network - outlines configuring network settings manually for the SonicWALL as well as static

routes and RIPv2 advertising on the network. Setting up the SonicWALL to act as the DHCP server on

your network is also covered in this chapter.

Chapter 5, Firewall - explains how to permit and block traffic through the SonicWALL, set up One-to-One

NAT, and configuring automatic proxy forwarding.

Chapter 6, VPN - explains how to create a VPN tunnel between two SonicWALLs and creating a VPN

tunnel from the VPN client to the SonicWALL.

Chapter 7, Users - describes the configuration of user level authentication as well as the setup of RADIUS

servers for user authentication.

Chapter 8, Hardware Failover - provides configuration instructions for backing up your SonicWALL with

another SonicWALL for mission-critical connectivity.

Chapter 9, Security Services - provides configuration instructions for SonicWALL Content Filtering

Service and Anti-Virus features.

Chapter 10, Logging and Alerts - illustrates the SonicWALL logging, alerting, and reporting features.

Chapter 11, Appendices

Appendix A, SonicWALL Support Solutions - describes available support packages from

SonicWALL.

Appendix B, Configuring Management Station TCP/IP Settings - provides instructions for

configuring your Management Station's IP address.

Guide Conventions

The following Conventions used in this guide are as follows:

Convention Use

Bold Highlights items you can select on the SonicWALL

Management Interface.

Italic Highlights a value to enter into a field. For example, “type

192.168.168.168 in the IP Address field.”

Menu Item>Menu Item Indicates a multiple step Management Interface menu

choice. For example, “Security Services>Content Filter

means select Security Services, then select Content Filter.

Page 4 SonicWALL SonicOS Standard Administrator’s Guide

Icons Used in this Manual

These special messages refer to noteworthy information, and include a symbol for quick identification:

Alert!

Important information that cautions about features affecting firewall performance, security features, or

causing potential problems with your SonicWALL.

Tip!

Useful information about security features and configurations on your SonicWALL.

Note:

Important information on a feature that requires callout for special attention.

SonicWALL Technical Support

For timely resolution of technical support questions, visit SonicWALL on the Internet at

<http://www.sonicwall.com/services/support.html>. Web-based resources are available to help you

resolve most technical issues or contact SonicWALL Technical Support.

To contact SonicWALL telephone support, see the telephone numbers listed below:

North America Telephone Support

U.S./Canada - 888.777.1476 or +1 408.752.7819

International Telephone Support

Australia - + 1800.35.1642

Austria - + 43(0)820.400.105

EMEA - +31(0)411.617.810

France - + 33(0)1.4933.7414

Germany - + 49(0)1805.0800.22

Hong Kong - + 1.800.93.0997

India - + 8026556828

Italy - +39.02.7541.9803

Japan - + 81(0)3.5460.5356

New Zealand - + 0800.446489

Singapore - + 800.110.1441

Spain - + 34(0)9137.53035

Switzerland - +41.1.308.3.977

UK - +44(0)1344.668.484

Introduction Page 5

Note:

Please visit <http://www.sonicwall.com/services/contact.html> for the latest technical support telephone

numbers.

More Information on SonicWALL Products and Services

Contact SonicWALL, Inc. for information about SonicWALL products and services at:

Web: http://www.sonicwall.com

E-mail: sales@sonicwall.com

Phone: (408) 745-9600

Fax:(408) 745-9300

Page 6 SonicWALL SonicOS Standard Administrator’s Guide

Page 7 SonicWALL SonicOS Standard Administrator’s Guide

2 Initial Configuration Using the Wizards

SonicOS 2.2 Enhanced provides you with two wizards to help set up your firewall and network.

• The Setup Wizard takes you step by step through network configuration for Internet connectivity.

There are four types of network connectivity available: Static IP, DHCP, PPPoE, and PPTP.

• The Public Server Wizard takes you step by step through adding a server to your network, such as a

mail server or a web server. The wizard automates much of the configuration you need to establish

security and access for the server.

Internet Connectivity Using the Setup Wizard

The first time you log into the SonicWALL, the Setup Wizard is launched automatically. To launch the

Setup Wizard at any from the Management Interface, log into the SonicWALL. Click Wizards and select

Setup Wizard.

Tip!

You can also configure all your WAN and network settings on the Network>Settings page of the

SonicWALL Management Interface

Configuring a Static IP Address with NAT Enabled

Using NAT to set up your SonicWALL eliminates the need for public IP addresses for all computers on

your LAN. It is a way to conserve IP addresses available from the pool of IPv4 addresses for the Internet.

NAT also allows you to conceal the addressing scheme of your network. If you do not have enough

individual IP addresses for all computers on your network, you can use NAT for your network

configuration.

Essentially, NAT translates the IP addresses in one network into those for a different network. As a form

of packet filtering for firewalls, it protects a network from outside intrusion from hackers by replacing the

internal (LAN) IP address on packets passing through a SonicWALL with a “fake” one from a fixed pool of

addresses. The actual IP addresses of computers on the LAN are hidden from outside view.

This section describes configuring the SonicWALL appliance in the NAT mode. If you are assigned a

single IP address by your ISP, follow the instructions below.

Tip!

: Be sure to have your network information including your WAN IP address, subnet mask, and DNS

settings ready. This information is obtained from your ISP.

SonicWALL SonicOS Enhanced 2.2 Administrator's Manual

Related papers

Other documents