SonicWALL TZ 180 Bedienungsanleitung

COMPREHENSIVE INTERNET SECURITYSonicOS 4.0 EnhancedAdministrator’s GuideSonicWALL Internet Security AppliancesFor the SonicWALL TZ 180 and TZ 190

xSonicOS Enhanced 4.0 Administrator GuideChapter 25: Setting Up Web Proxy Forwarding . . . . . . . . . . . . . . . . . . 305Network > Web Proxy

System > Settings100SonicOS Enhanced 4.0 Administrator GuideSettingsImport Settings To import a previously saved preferences file into the SonicWAL

System > Settings101SonicOS Enhanced 4.0 Administrator Guide • Boot to your choice of firmware and system settings. • Manage system backups. • E

System > Settings102SonicOS Enhanced 4.0 Administrator Guide –Uploaded Firmware - the latest uploaded version from mySonicWALL.com. –Uploaded Fir

System > Settings103SonicOS Enhanced 4.0 Administrator GuideSafeMode - Rebooting the SonicWALL Security Appliance SafeMode allows easy firmware and

System > Settings104SonicOS Enhanced 4.0 Administrator GuideNote Clicking Boot next to any firmware image overwrites the existing current firmware

105SonicOS Enhanced 4.0 Administrator GuideCHAPTER 12 Chapter 12: Using SonicWALL Packet CaptureSystem > Packet CaptureThis chapter contains the fo

System > Packet Capture106SonicOS Enhanced 4.0 Administrator Guide • PPP negotiations detailsYou can configure the packet capture feature in the S

System > Packet Capture107SonicOS Enhanced 4.0 Administrator GuideRefer to the figure below to see a high level view of the packet capture subsyste

System > Packet Capture108SonicOS Enhanced 4.0 Administrator GuideAccessing Packet Capture in the UIThis section describes how to access the packet

System > Packet Capture109SonicOS Enhanced 4.0 Administrator GuideStarting packet captureStep 1 Navigate to the Packet Capture page in the UI. See

xiSonicOS Enhanced 4.0 Administrator GuideChapter 30: Configuring Advanced Wireless Settings . . . . . . . . . . . . .339Wireless > Advanced . .

System > Packet Capture110SonicOS Enhanced 4.0 Administrator Guide • Egress - The SonicWALL appliance interface on which the packet was captured w

System > Packet Capture111SonicOS Enhanced 4.0 Administrator GuideAbout the Packet Detail WindowWhen you click on a packet in the Captured Packets

System > Packet Capture112SonicOS Enhanced 4.0 Administrator Guide • “Configuring Advanced Settings” on page 119 • “Restarting FTP logging” on pa

System > Packet Capture113SonicOS Enhanced 4.0 Administrator GuideYou can specify up to ten Ethernet types separated by commas. Currently, the foll

System > Packet Capture114SonicOS Enhanced 4.0 Administrator GuideTo configure Packet Capture complete the following steps:Step 1 Navigate to the P

System > Packet Capture115SonicOS Enhanced 4.0 Administrator GuideConfiguring Display Filter SettingsThis section describes how to configure packet

System > Packet Capture116SonicOS Enhanced 4.0 Administrator GuideSonicOS Enhanced adds one of four possible packet status values to each captured

System > Packet Capture117SonicOS Enhanced 4.0 Administrator GuideStep 4 In the Interface Name(s) box, type the SonicWALL appliance interfaces for

System > Packet Capture118SonicOS Enhanced 4.0 Administrator GuideIf you configure automatic logging, this supersedes the setting for wrapping the

System > Packet Capture119SonicOS Enhanced 4.0 Administrator Guidemonth, day, and year. For example, packet-log--3-22-08292006.cap. For HTML format

xiiSonicOS Enhanced 4.0 Administrator GuidePart 5: WWANChapter 34: Configuring Wireless WAN (TZ 190 only) . . . . . . . . . . . . . 371WWAN . . . .

System > Packet Capture120SonicOS Enhanced 4.0 Administrator GuideEven when interfaces specified in the capture filters do not match, this option e

System > Packet Capture121SonicOS Enhanced 4.0 Administrator Guide • Red: Capture is stopped • Green: Capture is running and the buffer is not fu

System > Packet Capture122SonicOS Enhanced 4.0 Administrator GuideResetting the Status InformationYou can reset the displayed statistics for the ca

System > Packet Capture123SonicOS Enhanced 4.0 Administrator GuideHTML FormatYou can view the HTML format in a browser. The following is an example

System > Packet Capture124SonicOS Enhanced 4.0 Administrator GuideText File FormatYou can view the text format output in a text editor. The followi

125SonicOS Enhanced 4.0 Administrator GuideCHAPTER 13 Chapter 13: Using Diagnostic Tools & Restarting the ApplianceSystem > DiagnosticsThe Syst

System > Diagnostics126SonicOS Enhanced 4.0 Administrator GuideTech Support ReportThe Tech Support Report generates a detailed report of the SonicW

System > Diagnostics127SonicOS Enhanced 4.0 Administrator Guide • “Active Connections Monitor” on page 127 • “CPU Monitor” on page 128 • “DNS Na

System > Diagnostics128SonicOS Enhanced 4.0 Administrator GuideThe fields you enter values into are combined into a search string with a logical AN

System > Diagnostics129SonicOS Enhanced 4.0 Administrator GuideDNS Name LookupThe SonicWALL security appliance has a DNS lookup tool that returns t

xiiiSonicOS Enhanced 4.0 Administrator GuideChapter 40: Configuring Advanced Access Rule Settings . . . . . . . . . .433Firewall > Advanced . .

System > Diagnostics130SonicOS Enhanced 4.0 Administrator GuidePacket CaptureThe Packet Capture tool tracks the status of a communications stream a

System > Diagnostics131SonicOS Enhanced 4.0 Administrator GuideClient sends a final ACK, and waits for start of data transfer.Step 6 TCP sent on WA

System > Diagnostics132SonicOS Enhanced 4.0 Administrator GuideProcess MonitorProcess Monitor shows individual system processes, their CPU utilizat

System > Diagnostics133SonicOS Enhanced 4.0 Administrator GuideTrace RouteTrace Route is a diagnostic utility to assist in diagnosing and troublesh

System > Restart134SonicOS Enhanced 4.0 Administrator GuideSystem > RestartThe SonicWALL security appliance can be restarted from the Web Manage

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 135PART 3 Network

136 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

137SonicOS Enhanced 4.0 Administrator GuideCHAPTER 14 Chapter 14: Configuring InterfacesNetwork > InterfacesThe Network > Interfaces page includ

Network > Interfaces138SonicOS Enhanced 4.0 Administrator GuideSetup WizardThe Setup Wizard button accesses the Setup Wizard. The Setup Wizard walk

Network > Interfaces139SonicOS Enhanced 4.0 Administrator GuideCaution You cannot change the Zones in the Edit Interface window for the LAN, WAN, M

xivSonicOS Enhanced 4.0 Administrator GuideChapter 45: Managing Quality of Service . . . . . . . . . . . . . . . . . . . . . . . 467Firewall > Qo

Network > Interfaces140SonicOS Enhanced 4.0 Administrator GuidePhysical InterfacesPhysical interfaces must be assigned to a Zone to allow for confi

Configuring Interfaces141SonicOS Enhanced 4.0 Administrator GuideTransparent ModeTransparent Mode in SonicOS Enhanced uses interfaces as the top level

Configuring Interfaces142SonicOS Enhanced 4.0 Administrator GuideNote The administrator password is required to regenerate encryption keys after chang

Configuring Interfaces143SonicOS Enhanced 4.0 Administrator GuideConfiguring Interfaces in Transparent ModeTransparent Mode enables the SonicWALL secu

Configuring Interfaces144SonicOS Enhanced 4.0 Administrator Guide • Range to specify a range of IP addresses by entering beginning and ending value of

Configuring Interfaces145SonicOS Enhanced 4.0 Administrator GuideConfiguring Wireless InterfacesA Wireless interface is an interface that has been ass

Configuring Interfaces146SonicOS Enhanced 4.0 Administrator GuideNote The above table depicts the maximum subnet mask sizes allowed. You can still use

Configuring Interfaces147SonicOS Enhanced 4.0 Administrator GuideCaution If you select a specific Ethernet speed and duplex, you must force the connec

Configuring Interfaces148SonicOS Enhanced 4.0 Administrator Guide • DHCP - configures the SonicWALL to request IP settings from a DHCP server on the

Configuring Interfaces149SonicOS Enhanced 4.0 Administrator GuideEthernet SettingsIf you need to force an Ethernet speed, duplex and/or MAC address, c

xvSonicOS Enhanced 4.0 Administrator GuideChapter 50: Configuring DHCP Over VPN . . . . . . . . . . . . . . . . . . . . . . .587VPN > DHCP over V

Configuring Interfaces150SonicOS Enhanced 4.0 Administrator GuideUse the Bandwidth Management section of the Edit Interface screen to enable or disabl

Configuring Interfaces151SonicOS Enhanced 4.0 Administrator Guide • Subnet Mask: 255.255.255.0 is the defaultStep 3 In the Switch Ports tab, chose wh

Configuring Interfaces152SonicOS Enhanced 4.0 Administrator GuideConfiguring the Wireless WAN InterfaceThe SonicWALL TZ 190 security appliance introdu

Configuring Interfaces153SonicOS Enhanced 4.0 Administrator GuideManaging WWAN ConnectionsTo initiate a WWAN connection, on the Network > Interface

Configuring Interfaces154SonicOS Enhanced 4.0 Administrator GuideFor a detailed explanation of the behavior of the Ethernet with WWAN Failover setting

Configuring Interfaces155SonicOS Enhanced 4.0 Administrator GuideNote To configure the SonicWALL TZ 190 for Connect on Data operation, you must select

Configuring Interfaces156SonicOS Enhanced 4.0 Administrator GuideConfiguring Remotely Triggered Dial-Out on the WWANBefore configuring the Remotely Tr

Configuring Interfaces157SonicOS Enhanced 4.0 Administrator GuideConfiguring the Maximum Allowed WWAN ConnectionsTo configure the maximum number of no

Configuring Interfaces158SonicOS Enhanced 4.0 Administrator Guide • SonicPoint Limit: The maximum number of allowed SonicPoints is configured automat

159SonicOS Enhanced 4.0 Administrator GuideCHAPTER 15 Chapter 15: Configuring PortShield InterfacesSonicWALL PortShield Interfaces SonicWALL PortShiel

xviSonicOS Enhanced 4.0 Administrator GuidePart 11: Security ServicesChapter 54: Managing SonicWALL Security Services . . . . . . . . . . . . . 687So

SonicWALL PortShield Interfaces160SonicOS Enhanced 4.0 Administrator GuideNetwork > SwitchPortsThe Network > SwitchPorts page allows you to mana

SonicWALL PortShield Interfaces161SonicOS Enhanced 4.0 Administrator GuideWhen you create a PortShield interface in Transparent Mode, you create a ran

SonicWALL PortShield Interfaces162SonicOS Enhanced 4.0 Administrator GuideCreating a PortShield Interface from the Interfaces AreaBefore creating and

SonicWALL PortShield Interfaces163SonicOS Enhanced 4.0 Administrator Guide6. Click the Add PortShield Interface button. The Add Port Shield dialog bo

SonicWALL PortShield Interfaces164SonicOS Enhanced 4.0 Administrator Guide8. After you select a zone option, the management software displays a more e

SonicWALL PortShield Interfaces165SonicOS Enhanced 4.0 Administrator GuideNote This option only appears when creating a PortShield interface, not when

SonicWALL PortShield Interfaces166SonicOS Enhanced 4.0 Administrator GuideCreating a New Zone for the PortShield InterfaceYou may want to create a zon

SonicWALL PortShield Interfaces167SonicOS Enhanced 4.0 Administrator Guide4. After selecting the security level for the PortShield interface, click on

SonicWALL PortShield Interfaces168SonicOS Enhanced 4.0 Administrator Guide4. Click the Configure button. The management software displays the Edit Mul

SonicWALL PortShield Interfaces169SonicOS Enhanced 4.0 Administrator GuideCreating Transparent Mode PortShield InterfacesYou may find it useful to cre

xviiSonicOS Enhanced 4.0 Administrator GuideChapter 57: Managing SonicWALL Gateway Anti-Virus Service . . . . .715Security Services > Gateway Anti

SonicWALL PortShield Interfaces170SonicOS Enhanced 4.0 Administrator Guide7. Click on the Transparent Range list box and click on the Create new addre

SonicWALL PortShield Interfaces171SonicOS Enhanced 4.0 Administrator GuideCreating a PortShield Using an Address Object Containing an Address RangeTo

SonicWALL PortShield Interfaces172SonicOS Enhanced 4.0 Administrator Guide2. Click on the Add button in the Address Objects list in the window. SonicO

SonicWALL PortShield Interfaces173SonicOS Enhanced 4.0 Administrator GuideTo select ports and apply them to a previously configured interface, perform

PortShield Deployment Scenario174SonicOS Enhanced 4.0 Administrator Guide6. Click on the PortShield Interface list box as shown in the following figur

PortShield Deployment Scenario175SonicOS Enhanced 4.0 Administrator GuideNote The easiest way to configure this example is to use the PortShield Wizar

PortShield Deployment Scenario176SonicOS Enhanced 4.0 Administrator GuidePortShield InterfacesThe small business example uses two PortShield interface

PortShield Deployment Scenario177SonicOS Enhanced 4.0 Administrator Guide –Name: Residents –Security Type: Wireless. Select Wireless so you can use

PortShield Deployment Scenario178SonicOS Enhanced 4.0 Administrator Guide –SonicPoint Provisioning Profile: Select the SonicPoint profile you configu

PortShield Deployment Scenario179SonicOS Enhanced 4.0 Administrator GuideConfigure the PortShield Interfaces with the PortShield WizardIn this example

xviiiSonicOS Enhanced 4.0 Administrator GuideChapter 59: Activating Anti-Spyware Service . . . . . . . . . . . . . . . . . . . . 745Security Services

PortShield Deployment Scenario180SonicOS Enhanced 4.0 Administrator Guide4. Uncheck the Enable Interface Trust for new PortShield Interface segments c

181SonicOS Enhanced 4.0 Administrator GuideCHAPTER 16 Chapter 16: Setting Up WAN Failover and Load BalancingNetwork > WAN Failover & Load Balan

Network > WAN Failover & Load Balancing182SonicOS Enhanced 4.0 Administrator GuideAbout Source and Destination IP Address BindingWhen you estab

Network > WAN Failover & Load Balancing183SonicOS Enhanced 4.0 Administrator GuideCreating a NAT Policy for the Secondary WAN PortYou need to c

Network > WAN Failover & Load Balancing184SonicOS Enhanced 4.0 Administrator GuideActivating WAN Failover and Selecting the Load Balancing Meth

Network > WAN Failover & Load Balancing185SonicOS Enhanced 4.0 Administrator Guide –Basic Active/Passive Failover: When this setting is select

Network > WAN Failover & Load Balancing186SonicOS Enhanced 4.0 Administrator Guideentry box is required (percentage for Primary WAN) The manage

Network > WAN Failover & Load Balancing187SonicOS Enhanced 4.0 Administrator Guideupstream. If your ISP is experiencing problems in its routing

Network > WAN Failover & Load Balancing188SonicOS Enhanced 4.0 Administrator GuideNote If there is a NAT device between the two devices sending

Network > WAN Failover & Load Balancing189SonicOS Enhanced 4.0 Administrator GuideCaution Before you begin, be sure you have configured a user-

xixSonicOS Enhanced 4.0 Administrator GuideChapter 64: Configuring Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . .775Log > Syslog

Network > WAN Failover & Load Balancing190SonicOS Enhanced 4.0 Administrator Guide

191SonicOS Enhanced 4.0 Administrator GuideCHAPTER 17 Chapter 17: Configuring ZonesNetwork > ZonesA Zone is a logical grouping of one or more inter

Network > Zones192SonicOS Enhanced 4.0 Administrator Guidetunnels, which is a feature that users have long requested. SonicWALL security appliances

Network > Zones193SonicOS Enhanced 4.0 Administrator GuidePredefined ZonesThe predefined zones on your the SonicWALL security appliance depend on t

Network > Zones194SonicOS Enhanced 4.0 Administrator Guide • Trusted: Trusted is a security type that provides the highest level of trust—meaning

Network > Zones195SonicOS Enhanced 4.0 Administrator Guide • Enable Anti-Spyware Service - Enforces anti-spyware detection and prevention on multi

Network > Zones196SonicOS Enhanced 4.0 Administrator Guide • Configure: Clicking the Notepad icon displays the Edit Zone window. Clicking the Tra

Network > Zones197SonicOS Enhanced 4.0 Administrator Guide –Enable Gateway Anti-Virus Service - Enforces gateway anti-virus protection on your Son

Network > Zones198SonicOS Enhanced 4.0 Administrator Guide –Enforce Global Security Clients - Enforces security policies for Global Security Clien

Network > Zones199SonicOS Enhanced 4.0 Administrator Guide –X5 IP Step 8 In the SSL-VPN Service list, select the service or group of services you

xxSonicOS Enhanced 4.0 Administrator GuideChapter 72: Configuring VPN Policies with the VPN Policy Wizard . . 827Wizards > VPN Wizard . . . . . .

Network > Zones200SonicOS Enhanced 4.0 Administrator Guide –Enable Dynamic Address Translation (DAT) - Wireless Guest Services (WGS) provides spur

201SonicOS Enhanced 4.0 Administrator GuideCHAPTER 18 Chapter 18: Configuring DNS SettingsNetwork > DNSThe Domain Name System (DNS) is a distribute

Network > DNS202SonicOS Enhanced 4.0 Administrator GuideTo use the DNS Settings configured for the WAN zone, select Inherit DNS Settings Dynamicall

203SonicOS Enhanced 4.0 Administrator GuideCHAPTER 19 Chapter 19: Configuring Address ObjectsNetwork > Address ObjectsAddress Objects are one of fo

Network > Address Objects204SonicOS Enhanced 4.0 Administrator Guide • MAC Address – MAC Address Objects allow for the identification of a host by

Network > Address Objects205SonicOS Enhanced 4.0 Administrator Guide • All Address Objects - displays all configured Address Objects. • Custom Ad

Network > Address Objects206SonicOS Enhanced 4.0 Administrator GuideDefault Address Objects and GroupsThe Default Address Objects view displays the

Network > Address Objects207SonicOS Enhanced 4.0 Administrator GuideDefault Address Groups • LAN Subnets • Firewalled Subnets • LAN Interface IP

Network > Address Objects208SonicOS Enhanced 4.0 Administrator Guide • X4 Subnet • X5 IP • X5 Subnet • Default Gateway • Secondary Default Gat

Network > Address Objects209SonicOS Enhanced 4.0 Administrator GuideAdding an Address ObjectTo add an Address Object, click Add button under the Ad

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 21PART 1 Introduction

Network > Address Objects210SonicOS Enhanced 4.0 Administrator Guide –If you selected MAC, enter the MAC address and netmask in the Network and MA

Network > Address Objects211SonicOS Enhanced 4.0 Administrator GuideCreating Group Address ObjectsAs more and more Address Objects are added to the

Network > Address Objects212SonicOS Enhanced 4.0 Administrator GuidePublic Server WizardSonicOS Enhanced includes the Public Server Wizard to autom

Network > Address Objects213SonicOS Enhanced 4.0 Administrator GuideSonicOS Enhanced 3.5 redefined the operation of MAC AOs, and introduces Fully Q

Network > Address Objects214SonicOS Enhanced 4.0 Administrator GuideFeature BenefitFQDN wildcard supportFQDN Address Objects support wildcard entri

Network > Address Objects215SonicOS Enhanced 4.0 Administrator GuideEnforcing the use of sanctioned servers on the networkAlthough not a requiremen

Network > Address Objects216SonicOS Enhanced 4.0 Administrator Guide • Create Address Object Groups of sanctioned servers (e.g. SMTP, DNS, etc.)

Network > Address Objects217SonicOS Enhanced 4.0 Administrator GuideBlocking All Protocol Access to a Domain using FQDN DAOsThere might be instance

Network > Address Objects218SonicOS Enhanced 4.0 Administrator GuideStep 2 – Create the Firewall Access Rule • From the Firewall > Access Rules

Network > Address Objects219SonicOS Enhanced 4.0 Administrator GuideThe following illustrates a packet dissection of a typical DNS dynamic update p

22 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

Network > Address Objects220SonicOS Enhanced 4.0 Administrator GuideStep 1 – Create the MAC Address Objects • From Network > Address Objects, s

Network > Address Objects221SonicOS Enhanced 4.0 Administrator GuideBandwidth Managing Access to an Entire DomainStreaming media is one of the most

Network > Address Objects222SonicOS Enhanced 4.0 Administrator GuideStep 2 – Create the Firewall Access Rule • From the Firewall > Access Rules

Network > Address Objects223SonicOS Enhanced 4.0 Administrator Guide • The BWM icon will appear within the Access Rule table indicating that BWM i

Network > Address Objects224SonicOS Enhanced 4.0 Administrator Guide

225SonicOS Enhanced 4.0 Administrator GuideCHAPTER 20 Chapter 20: Configuring RoutesNetwork > RoutingIf you have routers on your interfaces, you ca

Network > Routing226SonicOS Enhanced 4.0 Administrator GuideRoute AdvertisementThe SonicWALL security appliance uses RIPv1 or RIPv2 to advertise it

Network > Routing227SonicOS Enhanced 4.0 Administrator Guide • RIPv2 Enabled (broadcast) - To send route advertisements using broadcasting (a sing

Network > Routing228SonicOS Enhanced 4.0 Administrator GuideA metric is a weighted cost assigned to static and dynamic routes. Metrics have a value

Network > Routing229SonicOS Enhanced 4.0 Administrator GuideYou can enter the policy number (the number listed before the policy name in the # Name

23SonicOS Enhanced 4.0 Administrator GuideCHAPTER 1 Chapter 1: PrefacePrefaceCopyright Notice© 2007 SonicWALL, Inc.All rights reserved.Under the copyr

Network > Routing230SonicOS Enhanced 4.0 Administrator GuideTo test the Telnet policy-based route, telnet to route-server.exodus.net and when logge

Network > Routing231SonicOS Enhanced 4.0 Administrator Guide • Protocol Type – Distance Vector protocols such as RIP base routing metrics exclusiv

Network > Routing232SonicOS Enhanced 4.0 Administrator GuideOSPF does not have to impose a hop count limit because it does not advertise entire rou

Network > Routing233SonicOS Enhanced 4.0 Administrator GuideFor example, if you had 8 class C networks: 192.168.0.0/24 through 192.168.7.0/24, rath

Network > Routing234SonicOS Enhanced 4.0 Administrator Guideused, which is generally discouraged). Area assignment is interface specific on an OSPF

Network > Routing235SonicOS Enhanced 4.0 Administrator GuideLSA’s are then exchanged within LSU’s across these adjacencies rather than between each

Network > Routing236SonicOS Enhanced 4.0 Administrator Guide –Type 4 (AS Summary Link Advertisements) – Sent across areas by ABR’s to describe net

Network > Routing237SonicOS Enhanced 4.0 Administrator Guide • Router Types – OSPF recognizes 4 types of routers, based on their roles: • IR (Int

Network > Routing238SonicOS Enhanced 4.0 Administrator GuideBy default, Advanced Routing Services are disabled, and must be enabled to be made avai

Network > Routing239SonicOS Enhanced 4.0 Administrator GuideRIP Modes • Disabled – RIP is disabled on this interface • Send and Receive – The RIP

About this Guide24SonicOS Enhanced 4.0 Administrator GuideLimited WarrantySonicWALL, Inc. warrants that commencing from the delivery date to Customer

Network > Routing240SonicOS Enhanced 4.0 Administrator GuideRedistribute Connected Networks - Enables or disables the advertising of locally connec

Network > Routing241SonicOS Enhanced 4.0 Administrator GuideThe diagram illustrates an OSPF network where the backbone (area 0.0.0.0) comprises the

Network > Routing242SonicOS Enhanced 4.0 Administrator Guide • Message Digest – An MD5 hash is used to securely identify the OSPF router on this i

Network > Routing243SonicOS Enhanced 4.0 Administrator GuideRedistribute Static Routes – Enables or disables the advertising of static (Policy Base

Network > Routing244SonicOS Enhanced 4.0 Administrator Guide

245SonicOS Enhanced 4.0 Administrator GuideCHAPTER 21 Chapter 21: Configuring NAT PoliciesNetwork > NAT Policies • “NAT Policies Table” on page 24

Network > NAT Policies246SonicOS Enhanced 4.0 Administrator GuideNAT Policies TableThe NAT Policies table allows you to view your NAT Policies by C

Network > NAT Policies247SonicOS Enhanced 4.0 Administrator GuideTip Before configuring NAT Policies, be sure to create all Address Objects associa

Network > NAT Policies248SonicOS Enhanced 4.0 Administrator GuideNAT Policy Settings ExplainedThe following explains the settings used to create a

Network > NAT Policies249SonicOS Enhanced 4.0 Administrator Guide • Translated Service: This drop-down menu setting is what the SonicWALL security

About this Guide25SonicOS Enhanced 4.0 Administrator GuideNote Always check <http//:www.sonicwall.com/services/documentation.html> for the lates

Network > NAT Policies250SonicOS Enhanced 4.0 Administrator Guideto translate all LAN systems to the WAN IP Address, then create a policy saying th

Network > NAT Policies251SonicOS Enhanced 4.0 Administrator GuideThis document details how to configure the necessary NAT, load balancing, health c

Network > NAT Policies252SonicOS Enhanced 4.0 Administrator Guide • Round Robin – Source IP cycles through each live load-balanced resource for ea

Network > NAT Policies253SonicOS Enhanced 4.0 Administrator GuideDetails of Load Balancing AlgorithmsThis appendix describes how the SonicWALL secu

Network > NAT Policies254SonicOS Enhanced 4.0 Administrator GuideCreating NAT PoliciesNAT policies allow you the flexibility to control Network Add

Network > NAT Policies255SonicOS Enhanced 4.0 Administrator Guide • Original Service: Any • Translated Service: Original • Inbound Interface: Op

Network > NAT Policies256SonicOS Enhanced 4.0 Administrator GuideYou can test the dynamic mapping by installing several systems on the LAN interfac

Network > NAT Policies257SonicOS Enhanced 4.0 Administrator GuideCreating a One-to-One NAT Policy for Inbound Traffic (Reflective)This is the mirro

Network > NAT Policies258SonicOS Enhanced 4.0 Administrator GuideFigure 21:1 One-to-Many NAT Load Balancing Topology and ConfigurationTo configure

Network > NAT Policies259SonicOS Enhanced 4.0 Administrator Guide –IP Address: The network IP address for the devices to be load balanced (in the

About this Guide26SonicOS Enhanced 4.0 Administrator Guide • Dynamic DNS - configure the SonicWALL to dynamically register its WAN IP address with a

Network > NAT Policies260SonicOS Enhanced 4.0 Administrator GuideNote Make sure you chose Any as the destination interface, and not the interface t

Network > NAT Policies261SonicOS Enhanced 4.0 Administrator Guide3. Create two NAT entries to allow the two servers to initiate traffic to the publ

Network > NAT Policies262SonicOS Enhanced 4.0 Administrator GuideWhen finished, click on the OK button to add and activate the NAT policies. With t

Network > NAT Policies263SonicOS Enhanced 4.0 Administrator GuideNote With previous versions of firmware, it was necessary to write rules to the pr

Network > NAT Policies264SonicOS Enhanced 4.0 Administrator GuideFigure 1 NAT Load Balancing TopologyPrerequisitesThe examples shown in the Tasklis

Network > NAT Policies265SonicOS Enhanced 4.0 Administrator Guideand activate the changes. For an example, see the screenshot below. Debug logs sho

Network > NAT Policies266SonicOS Enhanced 4.0 Administrator GuideStep 2 Create Address Group -- Now create an address group named www_group and add

Network > NAT Policies267SonicOS Enhanced 4.0 Administrator GuideStep 3 Create Inbound NAT Rule for Group -- Now create a NAT rule to allow anyone

Network > NAT Policies268SonicOS Enhanced 4.0 Administrator GuideNote Before you go any further, check the logs and the status page to see if the r

Network > NAT Policies269SonicOS Enhanced 4.0 Administrator GuideStep 6 Create Firewall Rule for VIP -- Write a firewall rule to allow traffic from

About this Guide27SonicOS Enhanced 4.0 Administrator GuidePart 12 LogThis part covers managing the SonicWALL security appliance’s enhanced logging, al

Network > NAT Policies270SonicOS Enhanced 4.0 Administrator GuideYou can also check the Firewall > NAT Policies page and mouse-over the Statisti

271SonicOS Enhanced 4.0 Administrator GuideCHAPTER 22 Chapter 22: Managing ARP TrafficNetwork > ARP

Network > ARP272SonicOS Enhanced 4.0 Administrator GuideARP (Address Resolution Protocol) maps layer 3 (IP addresses) to layer 2 (physical or MAC a

Network > ARP273SonicOS Enhanced 4.0 Administrator Guideaddress on any other interface. It will also remove any dynamically cached references to th

Network > ARP274SonicOS Enhanced 4.0 Administrator GuideTo support the above configuration, first create a published static ARP entry for 192.168.5

Network > ARP275SonicOS Enhanced 4.0 Administrator GuideTo allow the traffic to reach the 192.168.50.0/24 subnet, and to allow the 192.168.50.0/24

Network > ARP276SonicOS Enhanced 4.0 Administrator GuideNavigating and Sorting the ARP Cache Table EntriesThe ARP Cache table provides easy paginat

277SonicOS Enhanced 4.0 Administrator GuideCHAPTER 23 Chapter 23: Setting Up the DHCP ServerNetwork > DHCP ServerThis chapter contains the followin

Network > DHCP Server278SonicOS Enhanced 4.0 Administrator GuideThe SonicWALL security appliance includes a DHCP (Dynamic Host Configuration Protoc

Network > DHCP Server279SonicOS Enhanced 4.0 Administrator Guideclients on the network, it provides vendor-specific configuration and service infor

About this Guide28SonicOS Enhanced 4.0 Administrator GuideTip Useful information about security features and configurations on your SonicWALL. Note Im

Network > DHCP Server280SonicOS Enhanced 4.0 Administrator GuideHow Does DHCP Server Persistence Work?DHCP server persistence works by storing DHCP

Network > DHCP Server281SonicOS Enhanced 4.0 Administrator GuideConfiguring DHCP Server for Dynamic RangesTo configure DHCP server for dynamic IP a

Network > DHCP Server282SonicOS Enhanced 4.0 Administrator GuideDNS/WINS SettingsStep 9 Click the DNS/WINS tab to continue configuring the DHCP Ser

Network > DHCP Server283SonicOS Enhanced 4.0 Administrator GuideVoIP SettingsStep 14 Click on the VoIP Settings tab. The VoIP Settings tab allows y

Network > DHCP Server284SonicOS Enhanced 4.0 Administrator GuideGeneral SettingsStep 2 In the General tab, make sure the Enable this DHCP Entry is

Network > DHCP Server285SonicOS Enhanced 4.0 Administrator GuideVoIP SettingsStep 15 Click on the VoIP Settings tab. The VoIP Settings tab allows y

Network > DHCP Server286SonicOS Enhanced 4.0 Administrator GuideConfiguring DHCP Option ObjectsTo configure DHCP option objects, perform the follow

Network > DHCP Server287SonicOS Enhanced 4.0 Administrator GuideStep 4 Type a name for the option in the Option Name field.Step 5 From the Option N

Network > DHCP Server288SonicOS Enhanced 4.0 Administrator GuideStep 6 Optionally check the Option Array box to allow entry of multiple option valu

Network > DHCP Server289SonicOS Enhanced 4.0 Administrator GuideStep 7 The option type displays in the Option Type drop-down menu. If only one opti

About this Guide29SonicOS Enhanced 4.0 Administrator GuideCurrent DocumentationCheck the SonicWALL documentation Web site for that latest versions of

Network > DHCP Server290SonicOS Enhanced 4.0 Administrator GuideConfiguring DHCP Option GroupsTo configure DHCP option groups, perform the followin

Network > DHCP Server291SonicOS Enhanced 4.0 Administrator GuideStep 4 Enter a name for the group in the Name field.Step 5 Select an option object

Network > DHCP Server292SonicOS Enhanced 4.0 Administrator GuideConfiguring DHCP Generic Options for DHCP Lease ScopesNote Before generic options f

Network > DHCP Server293SonicOS Enhanced 4.0 Administrator GuideStep 2 Select a DHCP option or option group in the DHCP Generic Option Group drop-d

Network > DHCP Server294SonicOS Enhanced 4.0 Administrator GuideCurrent DHCP LeasesThe current DHCP lease information is displayed in the Current D

Network > DHCP Server295SonicOS Enhanced 4.0 Administrator Guide23 Default IP TTL Default IP time-to-live24 Path MTU Aging TimeoutPath MTU aging ti

Network > DHCP Server296SonicOS Enhanced 4.0 Administrator Guide55 Parameter Request List Parameter request list56 Message DHCP error message57 DHC

Network > DHCP Server297SonicOS Enhanced 4.0 Administrator Guide84 Undefined N/A85 Novell Directory Servers Novell Directory Services servers86 Nov

Network > DHCP Server298SonicOS Enhanced 4.0 Administrator Guide115 Undefined N/A116 Auto Configure DHCP auto-configuration117 Name Service Search

Network > DHCP Server299SonicOS Enhanced 4.0 Administrator Guide147 Undefined N/A148 Undefined N/A149 Undefined N/A150 TFTP Server Address, Etherbo

iiiSonicOS Enhanced 4.0 Administrator GuideTable of ContentsTable of Contents ...

About this Guide30SonicOS Enhanced 4.0 Administrator Guide

Network > DHCP Server300SonicOS Enhanced 4.0 Administrator Guide183 Undefined N/A184 Undefined N/A185 Undefined N/A186 Undefined N/A187 Undefined N

Network > DHCP Server301SonicOS Enhanced 4.0 Administrator Guide220 Subnet Allocation Subnet allocation221 Virtual Subnet AllocationVirtual subnet

Network > DHCP Server302SonicOS Enhanced 4.0 Administrator Guide

303SonicOS Enhanced 4.0 Administrator GuideCHAPTER 24 Chapter 24: Using IP HelperNetwork > IP HelperThe IP Helper allows the SonicWALL security app

Network > IP Helper304SonicOS Enhanced 4.0 Administrator Guide • Enable NetBIOS Support - enables NetBIOS broadcast forwarding with the DHCP reque

305SonicOS Enhanced 4.0 Administrator GuideCHAPTER 25 Chapter 25: Setting Up Web Proxy ForwardingNetwork > Web ProxyA Web proxy server intercepts H

Network > Web Proxy306SonicOS Enhanced 4.0 Administrator GuideTo configure a Proxy Web sever, select the Network > Web Proxy page. Step 1 Connec

307SonicOS Enhanced 4.0 Administrator GuideCHAPTER 26 Chapter 26: Configuring Dynamic DNSNetwork > Dynamic DNSDynamic DNS (DDNS) is a service provi

Network > Dynamic DNS308SonicOS Enhanced 4.0 Administrator Guide • Dyndns.org http://www.dyndns.org - SonicOS requires a username, password, Mail

Network > Dynamic DNS309SonicOS Enhanced 4.0 Administrator GuideTo configure Dynamic DNS on the SonicWALL security appliance, perform these steps:S

31SonicOS Enhanced 4.0 Administrator GuideCHAPTER 2 Chapter 2: Common Criteria GuideCommon CriteriaThe purpose of this chapter is to define the Common

Network > Dynamic DNS310SonicOS Enhanced 4.0 Administrator Guide –Static - A free DNS service for static IP addresses.Step 9 When using DynDNS.org

Network > Dynamic DNS311SonicOS Enhanced 4.0 Administrator GuideDynamic DNS Settings TableThe Dynamic DNS Settings table provides a table view of c

Network > Dynamic DNS312SonicOS Enhanced 4.0 Administrator Guide • Online - When selected, this profile is administratively online. The setting ca

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 313PART 4 Wireless •

314 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

315SonicOS Enhanced 4.0 Administrator GuideCHAPTER 27 Chapter 27: Viewing WLAN Settings, Statistics, and Station StatusWireless OverviewThe SonicWALL

Wireless Overview316SonicOS Enhanced 4.0 Administrator Guide • VPN tunnelConsiderations for Using Wireless Connections • Mobility - if the majority

Wireless Overview317SonicOS Enhanced 4.0 Administrator Guide • Try to place the wireless security appliance in a direct line with other wireless comp

Wireless > Status318SonicOS Enhanced 4.0 Administrator GuideWiFiSec uses the easy provisioning capabilities of the SonicWALL Global VPN client maki

Wireless > Status319SonicOS Enhanced 4.0 Administrator GuideWLAN SettingsThe WLAN Settings table lists the configuration information for the built-

Common Criteria32SonicOS Enhanced 4.0 Administrator Guide • GMS Remote Management • Syslog Logging • SonicPoint • Hardware FailoverBefore installi

Wireless > Status320SonicOS Enhanced 4.0 Administrator GuideWLAN StatisticsThe WLAN Statistics table lists all of the traffic sent and received thr

Wireless > Status321SonicOS Enhanced 4.0 Administrator GuideStation StatusThe Station Status table displays information about wireless connections

Wireless > Status322SonicOS Enhanced 4.0 Administrator Guide

323SonicOS Enhanced 4.0 Administrator GuideCHAPTER 28 Chapter 28: Configuring Wireless SettingsWireless > SettingsThe Wireless > Settings page a

Wireless > Settings324SonicOS Enhanced 4.0 Administrator GuideWireless SettingsEnable WLAN Radio: Check this checkbox to turn the radio on, and ena

Wireless > Settings325SonicOS Enhanced 4.0 Administrator Guidemode. Operating in Wireless Bridge mode, the wireless security appliance connects to

Wireless > Settings326SonicOS Enhanced 4.0 Administrator GuideConfiguring a Secure Wireless BridgeWhen switching from Access Point mode to Wireless

Wireless > Settings327SonicOS Enhanced 4.0 Administrator GuideFor example, in the previous network diagram, the wireless security appliance are con

Wireless > Settings328SonicOS Enhanced 4.0 Administrator Guide • Static routes must be entered on the Access Point TZ 170 Wireless to route back t

Wireless > Settings329SonicOS Enhanced 4.0 Administrator Guide • One policy to the Site_B address object at 10.30.30.0:

Common Criteria33SonicOS Enhanced 4.0 Administrator GuideRelated DocumentsSeveral other SonicWALL documents provide information relating to the Common

Wireless > Settings330SonicOS Enhanced 4.0 Administrator GuideConfiguration for VPN Policies Step 1 Click Network.Step 2 Under Local Networks, sele

Wireless > Settings331SonicOS Enhanced 4.0 Administrator GuideWireless Bridge VPN Policy ConfigurationThe Wireless Bridge VPN Policy is configured

Wireless > Settings332SonicOS Enhanced 4.0 Administrator Guide

333SonicOS Enhanced 4.0 Administrator GuideCHAPTER 29 Chapter 29: Configuring WEP and WPA SecurityWireless > WEP/WPA SecurityNote When the SonicWAL

Wireless > WEP/WPA Security334SonicOS Enhanced 4.0 Administrator GuideAuthentication OverviewBelow is a list of available authentication types with

Wireless > WEP/WPA Security335SonicOS Enhanced 4.0 Administrator GuideWEP Encryption KeysStep 1 Select the key number, 1,2,3, or 4, from the Defaul

Wireless > WEP/WPA Security336SonicOS Enhanced 4.0 Administrator GuideWPA Settings • Cypher Type: select TKIP. Temporal Key Integrity Protocol (TK

Wireless > WEP/WPA Security337SonicOS Enhanced 4.0 Administrator Guide • Radius Server 2 IP and Port: Enter the IP address and port number for you

Wireless > WEP/WPA Security338SonicOS Enhanced 4.0 Administrator GuidePreshared Key Settings (PSK) • Passphrase: Enter the passphrase from which

339SonicOS Enhanced 4.0 Administrator GuideCHAPTER 30 Chapter 30: Configuring Advanced Wireless SettingsWireless > AdvancedTo access Advanced confi

Common Criteria34SonicOS Enhanced 4.0 Administrator Guide

Wireless > Advanced340SonicOS Enhanced 4.0 Administrator GuideBeaconing & SSID Controls1. Select Hide SSID in Beacon. Suppresses broadcasting o

Wireless > Advanced341SonicOS Enhanced 4.0 Administrator Guide • 2: Select 2 to restrict the wireless security appliance to use antenna 2 only. Fa

Wireless > Advanced342SonicOS Enhanced 4.0 Administrator GuideAdvanced Radio SettingsThe following other advanced settings can be configured.Step 1

Wireless > Advanced343SonicOS Enhanced 4.0 Administrator Guideoverlapping SonicPoints. However, it can slow down performance. Auto is probably the

Wireless > Advanced344SonicOS Enhanced 4.0 Administrator Guide

345SonicOS Enhanced 4.0 Administrator GuideCHAPTER 31 Chapter 31: Configuring MAC Filter ListWireless > MAC Filter ListWireless networking provides

Wireless > MAC Filter List346SonicOS Enhanced 4.0 Administrator GuideThe items in the list are address object groups, defined groups of objects tha

347SonicOS Enhanced 4.0 Administrator GuideCHAPTER 32 Chapter 32: Configuring Wireless IDSWireless > IDSWireless Intrusion Detection Services (IDS)

Wireless > IDS348SonicOS Enhanced 4.0 Administrator GuideAccess Point IDSWhen the Radio Role of the wireless security appliance is set to Access Po

Wireless > IDS349SonicOS Enhanced 4.0 Administrator GuideEnable Association Flood Detection is selected by default. The Association Flood Threshold

35SonicOS Enhanced 4.0 Administrator GuideCHAPTER 3 Chapter 3: IntroductionIntroductionSonicOS Enhanced 4.0 is the most powerful SonicOS operating sys

Wireless > IDS350SonicOS Enhanced 4.0 Administrator GuideScanning for Access PointsActive scanning occurs when the wireless security appliance star

351SonicOS Enhanced 4.0 Administrator GuideCHAPTER 33 Chapter 33: Configuring Virtual Access PointsWireless > Virtual Access PointThis chapter desc

Wireless > Virtual Access Point352SonicOS Enhanced 4.0 Administrator GuideSonicPoint VAP OverviewThis section provides an introduction to the Virtu

Wireless > Virtual Access Point353SonicOS Enhanced 4.0 Administrator GuideWireless Roaming with ESSIDAn ESSID (Extended Service Set IDentifier) is

Wireless > Virtual Access Point354SonicOS Enhanced 4.0 Administrator Guide • “Virtual Access Points” section on page 363 • “Virtual Access Point

Wireless > Virtual Access Point355SonicOS Enhanced 4.0 Administrator GuideA network security zone is a logical method of grouping one or more inter

Wireless > Virtual Access Point356SonicOS Enhanced 4.0 Administrator GuideGeneralFeature DescriptionName Create a name for your custom ZoneSecurity

Wireless > Virtual Access Point357SonicOS Enhanced 4.0 Administrator GuideWirelessFeature DescriptionOnly allow traffic generated by a SonicPointRe

Wireless > Virtual Access Point358SonicOS Enhanced 4.0 Administrator GuideGuest ServicesThe Enable Wireless Guest Services option allows the follow

Wireless > Virtual Access Point359SonicOS Enhanced 4.0 Administrator GuideWLAN SubnetsWLAN subnets are used to segment IP address space for use by

Introduction36SonicOS Enhanced 4.0 Administrator Guideappliances have been associated as a hardware failover pair on mysonicwall.com, you can enable t

Wireless > Virtual Access Point360SonicOS Enhanced 4.0 Administrator Guide • Subnet Name: The name of the interface. • IP Address: The first IP a

Wireless > Virtual Access Point361SonicOS Enhanced 4.0 Administrator GuideVirtual Access Points ProfilesA Virtual Access Point Profile allows the a

Wireless > Virtual Access Point362SonicOS Enhanced 4.0 Administrator GuideWPA-PSK / WPA2-PSK Encryption SettingsPre-Shared Key (PSK) is available w

Wireless > Virtual Access Point363SonicOS Enhanced 4.0 Administrator GuideVirtual Access PointsVirtual Access Points are configured from the Wirele

Wireless > Virtual Access Point364SonicOS Enhanced 4.0 Administrator GuideVirtual Access Point GroupsThe VAP Group feature allows for grouping of m

Thinking Critically About VAPs365SonicOS Enhanced 4.0 Administrator GuideThinking Critically About VAPsThis section provides content to help determine

Thinking Critically About VAPs366SonicOS Enhanced 4.0 Administrator GuideDetermining Security ConfigurationsUnderstanding these requirements, you can

Thinking Critically About VAPs367SonicOS Enhanced 4.0 Administrator GuideQuestions Examples SolutionsHow many different types of users will I need to

Thinking Critically About VAPs368SonicOS Enhanced 4.0 Administrator GuideWhat security services to I wish to apply to my users?Corporate users who you

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 369PART 5 WWAN

Introduction37SonicOS Enhanced 4.0 Administrator GuideCLI (SSH or serial console). For instance, if a CLI session goes to the config level, it will as

370 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

371SonicOS Enhanced 4.0 Administrator GuideCHAPTER 34 Chapter 34: Configuring Wireless WAN (TZ 190 only) WWANThis chapter describes how to configure t

WWAN372SonicOS Enhanced 4.0 Administrator Guide • Primary WAN connection where wire-based connections are not available and 3G Cellular is.Wireless W

WWAN373SonicOS Enhanced 4.0 Administrator GuideUnderstanding WWAN FailoverWhen the WAN Connection Model is set to Ethernet with WWAN Failover, the WAN

WWAN374SonicOS Enhanced 4.0 Administrator GuideIf a secondary Ethernet WAN (the OPT port) is configured, the TZ190 will first failover to the secondar

WWAN375SonicOS Enhanced 4.0 Administrator GuideCaution It is not recommended to configure a policy-based route that uses the WWAN connection when the

WWAN376SonicOS Enhanced 4.0 Administrator GuideWireless WAN PC Card SupportTo use the wireless WAN interface you must have a wireless WAN PC card and

WWAN377SonicOS Enhanced 4.0 Administrator GuideViewing the WWAN Status The WWAN > Status page displays the current status of WWAN on the SonicWALL

WWAN378SonicOS Enhanced 4.0 Administrator Guide • “Management/User Login” on page 379 • “WWAN Probe Settings” on page 379Connect on DataThe Connect

WWAN379SonicOS Enhanced 4.0 Administrator GuideManagement/User LoginThe Management/User Login section must be configure to enable remote management of

Introduction38SonicOS Enhanced 4.0 Administrator Guide –Ad-Hoc station –Unassociated station –Wellenreiter attack –NetStumbler attack –EAPOL pack

WWAN380SonicOS Enhanced 4.0 Administrator GuideConfiguring WWAN Advanced SettingsThe WWAN > Advanced page is used to configure the Remotely Trigger

WWAN381SonicOS Enhanced 4.0 Administrator GuideConfiguring WWAN Connection ProfilesUse the WWAN > Connection Profiles to configure WWAN connection

WWAN382SonicOS Enhanced 4.0 Administrator Guide3. Select the Service Provider that you have created an account with. Note that only service providers

WWAN383SonicOS Enhanced 4.0 Administrator Guide13. Select the Enable Inactivity Disconnect (minutes) checkbox and enter a number in the field to have

WWAN384SonicOS Enhanced 4.0 Administrator Guide19. Click on the Data Limiting tab.Tip If your WWAN account has a monthly data or time limit, it is str

WWAN385SonicOS Enhanced 4.0 Administrator GuideTo disconnect a WWAN connection, click on the Manage button. The WWAN Connection window displays. Click

WWAN386SonicOS Enhanced 4.0 Administrator GuideNote The Data Usage table is only estimate of the current usage and should not be used to calculate act

WWAN387SonicOS Enhanced 4.0 Administrator GuideGPRS has an additional advantage over GSM in that it is a packet-switched technology, meaning that stat

WWAN388SonicOS Enhanced 4.0 Administrator Guide • W-CDMA - Wideband Code Division Multiple Access - The technology underlying UMTS, W-CDMA is an evol

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 389PART 6 SonicPoint

Introduction39SonicOS Enhanced 4.0 Administrator GuideIn SonicOS Enhanced 4.0, VAPs allow the network administrator to control wireless user access an

390 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

391SonicOS Enhanced 4.0 Administrator GuideCHAPTER 35 Chapter 35: Managing SonicPointsSonicPoint > SonicPointsSonicWALL SonicPoints are wireless ac

SonicPoint > SonicPoints392SonicOS Enhanced 4.0 Administrator Guide • Attach the SonicPoints to the interfaces in the Wireless zone. • Test Sonic

SonicPoint > SonicPoints393SonicOS Enhanced 4.0 Administrator GuideConfiguring a SonicPoint ProfileYou can add any number of SonicPoint profiles. T

SonicPoint > SonicPoints394SonicOS Enhanced 4.0 Administrator Guide –Country Code: Select the country where you are operating the SonicPoints. The

SonicPoint > SonicPoints395SonicOS Enhanced 4.0 Administrator Guide –Default Key: Select which key in the list below is the default key, which wil

SonicPoint > SonicPoints396SonicOS Enhanced 4.0 Administrator Guide –DTIM Interval: Enter the interval in milliseconds. –Fragmentation Threshold

SonicPoint > SonicPoints397SonicOS Enhanced 4.0 Administrator Guidethat the SonicPoint can communicate with an authentication server for WPA-EAP su

SonicPoint > SonicPoints398SonicOS Enhanced 4.0 Administrator GuideThe options on these tabs are the same as the Add SonicPoint Profile screen. Se

SonicPoint > SonicPoints399SonicOS Enhanced 4.0 Administrator GuideStep 6 Click Apply.Caution It is imperative that you download the corresponding

ivSonicOS Enhanced 4.0 Administrator GuidePart 2: SystemChapter 4: Viewing the SonicWALL Security Dashboard . . . . . . . . . . . 47System > Secu

Introduction40SonicOS Enhanced 4.0 Administrator Guide • BWM Rate Limiting - SonicOS Enhanced 4.0 enhances the Bandwidth Management feature to provid

SonicPoint > SonicPoints400SonicOS Enhanced 4.0 Administrator Guide • Operational – Once the SonicPoint has peered with a SonicOS device and has i

401SonicOS Enhanced 4.0 Administrator GuideCHAPTER 36 Chapter 36: Viewing Station StatusSonicPoint > Station StatusThe SonicPoint > Station Stat

SonicPoint > Station Status402SonicOS Enhanced 4.0 Administrator GuideClick on the Statistics icon to see a detailed report for an individual sta

SonicPoint > Station Status403SonicOS Enhanced 4.0 Administrator Guide –Re-association request –Re-association response –Probe request –Probe r

SonicPoint > Station Status404SonicOS Enhanced 4.0 Administrator Guide

405SonicOS Enhanced 4.0 Administrator GuideCHAPTER 37 Chapter 37: Using and Configuring IDSSonicPoint > IDSYou can have many wireless access points

SonicPoint > IDS406SonicOS Enhanced 4.0 Administrator GuideIntrusion Detection SettingsRogue Access Points have emerged as one of the most serious

SonicPoint > IDS407SonicOS Enhanced 4.0 Administrator GuideDiscovered Access PointsThe Discovered Access points displays information on every acces

SonicPoint > IDS408SonicOS Enhanced 4.0 Administrator Guide

409SonicOS Enhanced 4.0 Administrator GuideCHAPTER 38 Chapter 38: Configuring RF MonitoringSonicPoint > RF MonitoringThis chapter describes how to

Introduction41SonicOS Enhanced 4.0 Administrator GuideNavigating the Management InterfaceNavigating the SonicWALL management interface includes a hier

SonicPoint > RF Monitoring410SonicOS Enhanced 4.0 Administrator GuideWhy RF Monitoring?Radio Frequency (RF) technology used in today’s 802.11-based

SonicPoint > RF Monitoring411SonicOS Enhanced 4.0 Administrator GuideEnabling RF Monitoring on SonicPoint(s)In order for RF Monitoring to be enforc

SonicPoint > RF Monitoring412SonicOS Enhanced 4.0 Administrator GuideRF Monitoring Interface OverviewThe top portion of the RF Monitoring interface

SonicPoint > RF Monitoring413SonicOS Enhanced 4.0 Administrator GuideTip For a complete list of RF Threat types and their descriptions, see the “Ty

SonicPoint > RF Monitoring414SonicOS Enhanced 4.0 Administrator GuideTo add a station to the watch list:Step 1 In the SonicPoint > RF Monitoring

SonicPoint > RF Monitoring415SonicOS Enhanced 4.0 Administrator Guide • Ad-Hoc Station Detection - Ad-Hoc stations are nodes which provide access

SonicPoint > RF Monitoring416SonicOS Enhanced 4.0 Administrator GuideTimesaver For this section in particular (and as a good habit in general), you

SonicPoint > RF Monitoring417SonicOS Enhanced 4.0 Administrator GuideUsing RSSI to Determine RF Threat ProximityThis section builds on what was lea

SonicPoint > RF Monitoring418SonicOS Enhanced 4.0 Administrator GuideA high Rssi usually indicates an RF threat that is closer to the SonicPoint. A

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 419PART 7 Firewall

Introduction42SonicOS Enhanced 4.0 Administrator GuideIf the settings are contained in a secondary window within the management interface, when you cl

420 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

421SonicOS Enhanced 4.0 Administrator GuideCHAPTER 39 Chapter 39: Configuring Access RulesFirewall > Access RulesThis chapter provides an overview

Firewall > Access Rules422SonicOS Enhanced 4.0 Administrator GuideStateful Packet Inspection Default Access Rules OverviewBy default, the SonicWALL

Firewall > Access Rules423SonicOS Enhanced 4.0 Administrator GuideThe outbound SMTP traffic is guaranteed 20 percent of available bandwidth availab

Firewall > Access Rules424SonicOS Enhanced 4.0 Administrator GuideTip You can also view access rules by Zones. Use the Option checkboxes in the Fro

Firewall > Access Rules425SonicOS Enhanced 4.0 Administrator GuideYou can change the priority ranking of an access rule by clicking the Arrows icon

Firewall > Access Rules426SonicOS Enhanced 4.0 Administrator GuideAdding Access RulesTo add access rules to the SonicWALL security appliance, perfo

Firewall > Access Rules427SonicOS Enhanced 4.0 Administrator GuideStep 13 If you would like for the access rule to timeout after a period of TCP in

Firewall > Access Rules428SonicOS Enhanced 4.0 Administrator Guide –None: DSCP values in packets are reset to 0. –Preserve: DSCP values in packe

Firewall > Access Rules429SonicOS Enhanced 4.0 Administrator Guide • 6 - Voice (<10ms latency) • 7 - Network control –Map: The QoS mapping sett

Introduction43SonicOS Enhanced 4.0 Administrator Guide • Clicking on the edit icon displays a window for editing the settings. • Clicking on the d

Firewall > Access Rules430SonicOS Enhanced 4.0 Administrator GuideCoupled with IPS, this can be used to mitigate the spread of a certain class of m

Firewall > Access Rules431SonicOS Enhanced 4.0 Administrator GuideEnabling PingThis sections provides a configuration example for an access rule to

Firewall > Access Rules432SonicOS Enhanced 4.0 Administrator Guide

433SonicOS Enhanced 4.0 Administrator GuideCHAPTER 40 Chapter 40: Configuring Advanced Access Rule SettingsFirewall > Advanced To configure advance

Firewall > Advanced434SonicOS Enhanced 4.0 Administrator Guide • UDPDetection Prevention • Enable Stealth Mode - By default, the security applian

Firewall > Advanced435SonicOS Enhanced 4.0 Administrator GuideAccess Rule Service OptionsForce inbound and outbound FTP data connections to use def

Firewall > Advanced436SonicOS Enhanced 4.0 Administrator Guide

437SonicOS Enhanced 4.0 Administrator GuideCHAPTER 41 Chapter 41: Configuring TCP SettingsFirewall > TCP SettingsThe TCP Settings lets you view sta

Firewall > TCP Settings438SonicOS Enhanced 4.0 Administrator Guide –When the TCP SACK Permitted (Selective Acknowledgement, see RFC1072) option is

Firewall > TCP Settings439SonicOS Enhanced 4.0 Administrator GuideThe TCP Settings section allows you to: • Enable TCP Stateful Inspection – Enabl

Introduction44SonicOS Enhanced 4.0 Administrator Guide

Firewall > TCP Settings440SonicOS Enhanced 4.0 Administrator GuideA SYN Flood attack is considered to be in progress if the number of unanswered SY

Firewall > TCP Settings441SonicOS Enhanced 4.0 Administrator Guide • SYN Blacklisting (Layer 2) – This mechanism blocks specific devices from gene

Firewall > TCP Settings442SonicOS Enhanced 4.0 Administrator GuideEach contains various types of SYN Flood Protection. The following sections descr

Firewall > TCP Settings443SonicOS Enhanced 4.0 Administrator GuideTo provide more control over the options sent to WAN clients when in SYN Proxy mo

Firewall > TCP Settings444SonicOS Enhanced 4.0 Administrator GuideNever blacklist WAN machines – This checkbox ensures that systems on the WAN are

Firewall > TCP Settings445SonicOS Enhanced 4.0 Administrator GuideThe following are SYN Flood statistics. Column DescriptionMax Incomplete WAN Conn

Firewall > TCP Settings446SonicOS Enhanced 4.0 Administrator GuideTotal FIN Blacklist Packets RejectedThe total number of packets dropped because o

447SonicOS Enhanced 4.0 Administrator GuideCHAPTER 42 Chapter 42: Configuring Firewall ServicesFirewall > ServicesSonicOS Enhanced supports an expa

Firewall > Services448SonicOS Enhanced 4.0 Administrator GuideSelecting All Services from View Style displays both Custom Services and Default Serv

Firewall > Services449SonicOS Enhanced 4.0 Administrator GuideSupported ProtocolsThe following IP protocols are available for custom services: • I

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 45PART 2 System

Firewall > Services450SonicOS Enhanced 4.0 Administrator GuideAll custom services you create are listed in the Custom Services table. You can group

Firewall > Services451SonicOS Enhanced 4.0 Administrator GuideClick the Enable Logging checkbox to disable or enable the logging of the service act

Firewall > Services452SonicOS Enhanced 4.0 Administrator GuideNote Attempts to define a Custom IP Type Service Object for a pre-defined IP type wil

Firewall > Services453SonicOS Enhanced 4.0 Administrator GuideNote Select your Zones, Services and Address Objects accordingly. It may be necessary

Firewall > Services454SonicOS Enhanced 4.0 Administrator GuideAdding a Custom Services GroupYou can add custom services and then create groups of s

Firewall > Services455SonicOS Enhanced 4.0 Administrator GuideDeleting Custom Services GroupsClick the Trashcan icon to delete the individual cus

Firewall > Services456SonicOS Enhanced 4.0 Administrator Guide

457SonicOS Enhanced 4.0 Administrator GuideCHAPTER 43 Chapter 43: Configuring Multicast SettingsFirewall > MulticastMulticasting, also called IP mu

Firewall > Multicast458SonicOS Enhanced 4.0 Administrator GuideMulticast SnoopingThis section provides configuration tasks for Multicast Snooping.

Firewall > Multicast459SonicOS Enhanced 4.0 Administrator GuideTo create a multicast address object:Step 1 In the Enable reception for the followin

46 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

Firewall > Multicast460SonicOS Enhanced 4.0 Administrator GuideEnabling Multicast on LAN-Dedicated InterfacesPerform the following steps to enable

Firewall > Multicast461SonicOS Enhanced 4.0 Administrator GuideEnabling Multicast Through a VPNTo enable multicast across the WAN through a VPN, fo

Firewall > Multicast462SonicOS Enhanced 4.0 Administrator GuideNote Notice that the default WLAN'MULTICAST access rule for IGMP traffic is set

463SonicOS Enhanced 4.0 Administrator GuideCHAPTER 44 Chapter 44: Monitoring Active ConnectionsFirewall > Connections MonitorThe Firewall > Conn

Firewall > Connections Monitor464SonicOS Enhanced 4.0 Administrator GuideViewing ConnectionsThe connections are listed in the Active Connections Mo

Firewall > Connections Monitor465SonicOS Enhanced 4.0 Administrator GuideCheck the Group box next to any two or more criteria to combine them with

Firewall > Connections Monitor466SonicOS Enhanced 4.0 Administrator Guide

467SonicOS Enhanced 4.0 Administrator GuideCHAPTER 45 Chapter 45: Managing Quality of ServiceFirewall > QoS MappingQuality of Service (QoS) refers

Firewall > QoS Mapping468SonicOS Enhanced 4.0 Administrator GuideBut all is not lost. Once SonicOS Enhanced classifies the traffic, it can tag the

Firewall > QoS Mapping469SonicOS Enhanced 4.0 Administrator Guidesection on page 479. SonicOS’s BWM is a perfectly effective solution for fully aut

47SonicOS Enhanced 4.0 Administrator GuideCHAPTER 4 Chapter 4: Viewing the SonicWALL Security DashboardSystem > Security DashboardThis chapter desc

Firewall > QoS Mapping470SonicOS Enhanced 4.0 Administrator GuideEnabling 802.1pSonicOS Enhanced supports layer 2 and layer 3 CoS methods for broad

Firewall > QoS Mapping471SonicOS Enhanced 4.0 Administrator GuideAlthough Enable 802.1p tagging does not appear as an option on VLAN sub-interfaces

Firewall > QoS Mapping472SonicOS Enhanced 4.0 Administrator GuideExample ScenarioIn the scenario above, we have Remote Site 1 connected to ‘Main Si

Firewall > QoS Mapping473SonicOS Enhanced 4.0 Administrator GuideQoS Mapping is a feature which converts layer 2 802.1p tags to layer 3 DSCP tags s

Firewall > QoS Mapping474SonicOS Enhanced 4.0 Administrator GuideDSCP marking can be performed on traffic to/from any interface and to/from any zon

Firewall > QoS Mapping475SonicOS Enhanced 4.0 Administrator GuideConfigure for 802.1p CoS 4 – Controlled loadIf you want to change the inbound mapp

Firewall > QoS Mapping476SonicOS Enhanced 4.0 Administrator GuideEach of these mappings can be reconfigured. If you wanted to change the outbound m

Firewall > QoS Mapping477SonicOS Enhanced 4.0 Administrator GuideFor example, refer to the following figure which provides a bi-directional DSCP ta

Firewall > QoS Mapping478SonicOS Enhanced 4.0 Administrator GuideOne practical application for this behavior would be configuring an 802.1p marking

Firewall > QoS Mapping479SonicOS Enhanced 4.0 Administrator GuideTo examine the effects of the second Access Rule (VPN>LAN), we’ll look at the A

System > Security Dashboard48SonicOS Enhanced 4.0 Administrator GuideWhat is the Security Dashboard?The SonicWALL Security Dashboard provides repor

Firewall > QoS Mapping480SonicOS Enhanced 4.0 Administrator Guideconfigure BWM and QoS (i.e. layer 2 and/or layer 3 marking) settings on a single A

Firewall > QoS Mapping481SonicOS Enhanced 4.0 Administrator GuideOnce one or both BWM settings are enabled on the WAN interface and the available b

Firewall > QoS Mapping482SonicOS Enhanced 4.0 Administrator GuideOutbound Bandwidth ManagementBandwidth Management as employed by SonicOS Enhanced

Firewall > QoS Mapping483SonicOS Enhanced 4.0 Administrator Guideto be processed. When Guaranteed queue credits are depleted, the next queue in tha

Firewall > QoS Mapping484SonicOS Enhanced 4.0 Administrator GuideOutbound BWM Packet Processing Patha. Determine that the packet is bound for the W

Firewall > QoS Mapping485SonicOS Enhanced 4.0 Administrator GuideExample of Outbound BWMThe above diagram shows 4 policies are configured for OBWM

Firewall > QoS Mapping486SonicOS Enhanced 4.0 Administrator Guidef. Start off with the highest priority ring 0 and process all queues in this prior

Firewall > QoS Mapping487SonicOS Enhanced 4.0 Administrator GuideAlgorithm for Inbound Bandwidth ManagementIBWM maintains eight priority rings, whe

Firewall > QoS Mapping488SonicOS Enhanced 4.0 Administrator Guidee. Record class credit as remaining credit.f. If remaining credit is greater than

Firewall > QoS Mapping489SonicOS Enhanced 4.0 Administrator GuideGlossary • 802.1p – IEEE 802.1p is a Layer 2 (MAC layer) Class of Service mechani

System > Security Dashboard49SonicOS Enhanced 4.0 Administrator GuideBenefitsThe Security Dashboard provides the latest threat protection informati

Firewall > QoS Mapping490SonicOS Enhanced 4.0 Administrator Guide –Weighted Random Early Detection (WRED) – An implementation of RED that factors

Firewall > QoS Mapping491SonicOS Enhanced 4.0 Administrator Guide • Marking – Also known as tagging or coloring – The act of applying layer 2 (802

Firewall > QoS Mapping492SonicOS Enhanced 4.0 Administrator Guide • Shaping – An attempt by a QoS system to modify the rate of traffic flow, usual

493SonicOS Enhanced 4.0 Administrator GuideCHAPTER 46 Chapter 46: Configuring SSL ControlFirewall > SSL ControlThis chapter describes how to plan,

Firewall > SSL Control494SonicOS Enhanced 4.0 Administrator Guideof TCP based network communications, with its most common and well-known applicati

Firewall > SSL Control495SonicOS Enhanced 4.0 Administrator GuideKey Features of SSL ControlFeature BenefitCommon-Name based White and Black ListsT

Firewall > SSL Control496SonicOS Enhanced 4.0 Administrator GuideKey Concepts to SSL Control • SSL- Secure Sockets Layer (SSL) is a network securi

Firewall > SSL Control497SonicOS Enhanced 4.0 Administrator GuideSSL is not limited to securing HTTP, but can also be used to secure other TCP prot

Firewall > SSL Control498SonicOS Enhanced 4.0 Administrator Guide –TLS – Transport Layer Security (version 1.0), also known as SSLv3.1, is very si

Firewall > SSL Control499SonicOS Enhanced 4.0 Administrator Guidemismatch elicits a browser alert, it is not always a sure sign of deception. For e

vSonicOS Enhanced 4.0 Administrator GuideChapter 8: Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85System >

System > Security Dashboard50SonicOS Enhanced 4.0 Administrator GuideHow Does the Security Dashboard Work?The SonicWALL Security Dashboard provides

Firewall > SSL Control500SonicOS Enhanced 4.0 Administrator GuideCaveats and Advisories1. Self-signed and Untrusted CA enforcement – If enforcing e

Firewall > SSL Control501SonicOS Enhanced 4.0 Administrator GuideSSL Control ConfigurationSSL Control is located on Firewall panel, under the SSL C

Firewall > SSL Control502SonicOS Enhanced 4.0 Administrator Guide • Detect Self-signed certificates – Controls the detection of certificates where

Firewall > SSL Control503SonicOS Enhanced 4.0 Administrator GuideTo configure the Whitelist and Blacklist, click the Configure button to bring up t

Firewall > SSL Control504SonicOS Enhanced 4.0 Administrator Guidesent in response for evaluation against the configured policy. Enabling SSL Contro

Firewall > SSL Control505SonicOS Enhanced 4.0 Administrator GuideLog events will include the client’s username in the notes section (not shown) if

Firewall > SSL Control506SonicOS Enhanced 4.0 Administrator Guide

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 507PART 8 VoIP

508 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

509SonicOS Enhanced 4.0 Administrator GuideCHAPTER 47 Chapter 47: Configuring VoIP SupportVoIPThis chapter contains the following sections: • “VoIP O

System > Security Dashboard51SonicOS Enhanced 4.0 Administrator GuideSonicWALL Security Dashboard Configuration OverviewThe SonicWALL Security Dash

VoIP510SonicOS Enhanced 4.0 Administrator GuideVoIP SecurityCompanies implementing VoIP technologies in an effort to cut communication costs and exten

VoIP511SonicOS Enhanced 4.0 Administrator GuideVoIP ProtocolsVoIP technologies are built on two primary protocols, H.323 and SIP.H.323H.323 is a stand

VoIP512SonicOS Enhanced 4.0 Administrator Guide • Redirect Server - Responds to request but does not forward requests. • Registration Server - Handl

VoIP513SonicOS Enhanced 4.0 Administrator Guidealso provides proactive defense against newly discovered application and protocol vulnerabilities. Sign

VoIP514SonicOS Enhanced 4.0 Administrator Guide • Validation of headers for all media packets - SonicOS examines and monitors the headers within medi

VoIP515SonicOS Enhanced 4.0 Administrator GuideSIPSonicOS provides the following support for SIP: –Base SIP standard (both RFC 2543 and RFC 3261) –S

VoIP516SonicOS Enhanced 4.0 Administrator GuideSonicWALL VoIP Vendor InteroperabilityThe following is a partial list of devices from leading manufactu

VoIP517SonicOS Enhanced 4.0 Administrator Guide • H.264, H.263, and H.261 for video • MPEG4, G.711, G.722, G.723, G.728, G.729 for audioVoIP Protoco

VoIP518SonicOS Enhanced 4.0 Administrator Guide1. Phone B registers with VoIP server - The SonicWALL security appliance builds a database of the acces

VoIP519SonicOS Enhanced 4.0 Administrator GuideFigure 47:2 Local VoIP Call FlowThe following describes the sequence of events shown in Figure 42.2:1.

System > Security Dashboard52SonicOS Enhanced 4.0 Administrator GuideSelecting Custom Time IntervalThe SonicWALL Security Dashboard reports default

VoIP520SonicOS Enhanced 4.0 Administrator GuideConfiguring SonicWALL VoIP FeaturesConfiguring the SonicWALL security appliance for VoIP deployments bu

VoIP521SonicOS Enhanced 4.0 Administrator GuideGeneral VoIP ConfigurationSonicOS includes the VoIP configuration settings on the VoIP > Settings pa

VoIP522SonicOS Enhanced 4.0 Administrator GuideConfiguring SIP SettingsBy default, SIP clients use their private IP address in the SIP Session Definit

VoIP523SonicOS Enhanced 4.0 Administrator GuideThe Additional SIP signaling port (UDP) for transformations setting allows you to specify a non-standar

VoIP524SonicOS Enhanced 4.0 Administrator GuideBandwidth ManagementSonicOS offers an integrated traffic shaping mechanism through its Egress (outbound

VoIP525SonicOS Enhanced 4.0 Administrator GuideConfiguring Bandwidth on the WAN InterfaceBWM configurations begin by enabling BWM on the relevant WAN

VoIP526SonicOS Enhanced 4.0 Administrator GuideIf you are defining VoIP access for client to use a VoIP service provider from the WAN, you configure n

VoIP527SonicOS Enhanced 4.0 Administrator Guide • For SIP, select SIPStep 6 Select the source of the traffic affected by the access rule from the Sou

VoIP528SonicOS Enhanced 4.0 Administrator GuideTip Rules using Bandwidth Management take priority over rules without bandwidth management. Using the P

VoIP529SonicOS Enhanced 4.0 Administrator GuideNote SonicWALL recommends NOT selecting VoIP from the Services menu. Selecting this option opens up mor

System > Security Dashboard53SonicOS Enhanced 4.0 Administrator GuideNote Your SonicWALL security appliance must be configured for Internet connect

VoIP530SonicOS Enhanced 4.0 Administrator GuideStep 10 The Summary page displays a summary of all the configuration you have performed in the wizard.

VoIP531SonicOS Enhanced 4.0 Administrator GuideConfiguring VoIP LoggingYou can enable the logging of VoIP events in the SonicWALL security appliance l

VoIP532SonicOS Enhanced 4.0 Administrator GuideFigure 47:3 Point-to-Point VoIP Service TopologyThis deployment does not require a VoIP server. The Pub

VoIP533SonicOS Enhanced 4.0 Administrator GuideFigure 47:4 Public VoIP Service TopologyFor VoIP clients that register with a server from the WAN, the

VoIP534SonicOS Enhanced 4.0 Administrator GuideFigure 47:5 Trusted VoIP Service TopologyFor VoIP clients that register with a server on the DMZ or LAN

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 535PART 9 VPN

536 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

537SonicOS Enhanced 4.0 Administrator GuideCHAPTER 48 Chapter 48: Configuring VPN PoliciesVPN > SettingsThe VPN > Settings page provides the Son

VPN > Settings538SonicOS Enhanced 4.0 Administrator GuidePrior to the invention of Internet Protocol Security (IPsec) and Secure Socket Layer (SSL)

VPN > Settings539SonicOS Enhanced 4.0 Administrator GuideOne advantage of SSL VPN is that SSL is built into most Web Browsers. No special VPN clien

System > Security Dashboard54SonicOS Enhanced 4.0 Administrator GuideTo purchase SonicWALL security services using the SonicWALL Registration &

VPN > Settings540SonicOS Enhanced 4.0 Administrator GuideAggressive Mode: To reduce the number of messages exchanged during authentication by half,

VPN > Settings541SonicOS Enhanced 4.0 Administrator GuideNote There is no restriction on nesting IKE v1 tunnels within an IKE v2 tunnel and visa-ve

VPN > Settings542SonicOS Enhanced 4.0 Administrator Guide • “VPN Auto-Added Access Rule Control” section on page 578Configuring VPNs in SonicOS En

VPN > Settings543SonicOS Enhanced 4.0 Administrator GuideE-Mail IDDomain name. • Peer ID Filter if using 3rd party certificates. • IKE (Phase 1)

VPN > Settings544SonicOS Enhanced 4.0 Administrator GuideNote The Windows 2000 L2TP client and Windows XP L2TP client can only work with DH Group 2

VPN > Settings545SonicOS Enhanced 4.0 Administrator GuideGSC only (Require Global Security Client checked on security appliance) • Shared secret,

VPN > Settings546SonicOS Enhanced 4.0 Administrator GuideChoose local network from list (select an address object): Local network obtains IP addres

VPN > Settings547SonicOS Enhanced 4.0 Administrator Guide –AES-192 –AES-256 –Authentication: –MD5 –SHA1 –Enable Perfect Forward Secrecy

VPN > Settings548SonicOS Enhanced 4.0 Administrator GuideOn the ResponderThe settings on the responder must be the same as on the initiator except:

VPN > Settings549SonicOS Enhanced 4.0 Administrator GuideVPN Policy WizardThe VPN Policy Wizard walks you step-by-step through the configuration of

System > Security Dashboard55SonicOS Enhanced 4.0 Administrator GuideStep 5 If you have a mysonicwall.com account, enter your username and password

VPN > Settings550SonicOS Enhanced 4.0 Administrator GuideVPN PoliciesAll existing VPN policies are displayed in the VPN Policies table. Each entry

VPN > Settings551SonicOS Enhanced 4.0 Administrator GuideYou can enter the policy number (the number listed before the policy name in the # Name co

VPN > Settings552SonicOS Enhanced 4.0 Administrator Guide • “Creating Site-to-Site VPN Policies” section on page 562 • “VPN Auto-Added Access Rul

VPN > Settings553SonicOS Enhanced 4.0 Administrator GuideConfiguring GroupVPN with IKE using Preshared Secret on the WAN ZoneTo configure the WAN G

VPN > Settings554SonicOS Enhanced 4.0 Administrator Guide –Select the DH Group from the DH Group menu.Note The Windows 2000 L2TP client and Window

VPN > Settings555SonicOS Enhanced 4.0 Administrator Guide –Management via this SA: - If using the VPN policy to manage the SonicWALL security appl

VPN > Settings556SonicOS Enhanced 4.0 Administrator Guide • Always - Global VPN Client user prompted for username and password only once when conn

VPN > Settings557SonicOS Enhanced 4.0 Administrator GuideConfiguring GroupVPN with IKE using 3rd Party CertificatesTo configure GroupVPN with IKE u

VPN > Settings558SonicOS Enhanced 4.0 Administrator Guide –Distinguished Name - based on the certificates Subject Distinguished Name field, which

VPN > Settings559SonicOS Enhanced 4.0 Administrator Guidetraffic. For packets received via an IPsec tunnel, the SonicWALL looks up a route for the

System > Security Dashboard56SonicOS Enhanced 4.0 Administrator GuideNote If you used an existing mysonicwall.com account by providing your usernam

VPN > Settings560SonicOS Enhanced 4.0 Administrator Guide • This Gateway Only - Allows a single connection to be enabled at a time. Traffic that m

VPN > Settings561SonicOS Enhanced 4.0 Administrator GuideCaution The GroupVPN SA must be enabled on the SonicWALL to export a configuration file.St

VPN > Settings562SonicOS Enhanced 4.0 Administrator Guide • Hub and Spoke Design - All SonicWALL VPN gateways are configured to connect to a centr

VPN > Settings563SonicOS Enhanced 4.0 Administrator GuideConfiguring a VPN Policy with IKE using Preshared SecretTo configure a VPN Policy using In

VPN > Settings564SonicOS Enhanced 4.0 Administrator GuideOptionally, specify a Local IKE ID (optional) and Peer IKE ID (optional) for this Policy.

VPN > Settings565SonicOS Enhanced 4.0 Administrator GuideDestination network obtains IP addresses using DHCP server through this tunnel. Alternativ

VPN > Settings566SonicOS Enhanced 4.0 Administrator Guide –If you selected Main Mode or Aggressive Mode in the Proposals tab: • Select Enable Kee

VPN > Settings567SonicOS Enhanced 4.0 Administrator Guide –If you selected IKEv2 in the Proposals tab: • Select Enable Keep Alive to use heartbea

VPN > Settings568SonicOS Enhanced 4.0 Administrator GuideThe term Trigger Packet refers to the use of initial Traffic Selector payloads populated w

VPN > Settings569SonicOS Enhanced 4.0 Administrator GuideConfiguring the Local SonicWALL Security ApplianceStep 1 Click Add on the VPN > Setting

System > Security Dashboard57SonicOS Enhanced 4.0 Administrator GuideStep 9 The mysonicwall.com page is launched in a separate browser window. Foll

VPN > Settings570SonicOS Enhanced 4.0 Administrator GuideDestination network from list, and select the address object or group.Step 7 Click on the

VPN > Settings571SonicOS Enhanced 4.0 Administrator GuideTip Valid hexadecimal characters include 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, and

VPN > Settings572SonicOS Enhanced 4.0 Administrator GuideConfiguring the Remote SonicWALL Security ApplianceStep 1 Click Add on the VPN > Settin

VPN > Settings573SonicOS Enhanced 4.0 Administrator Guide –Select Apply NAT Policies if you want the SonicWALL to translate the Local, Remote or b

VPN > Settings574SonicOS Enhanced 4.0 Administrator GuideTo create a VPN SA using IKE and third party certificates, follow these steps:Step 1 In th

VPN > Settings575SonicOS Enhanced 4.0 Administrator GuideUp to three organizational units can be specified. The usage is c=*;o=*;ou=*;ou=*;ou=*;cn=

VPN > Settings576SonicOS Enhanced 4.0 Administrator GuideDestination network obtains IP addresses using DHCP server through this tunnel. Alternativ

VPN > Settings577SonicOS Enhanced 4.0 Administrator Guide –Enter a value in the Life Time (seconds) field. The default setting of 28800 forces the

VPN > Settings578SonicOS Enhanced 4.0 Administrator Guide –If you wish to use a router on the LAN for traffic entering this tunnel destined for an

VPN > Settings579SonicOS Enhanced 4.0 Administrator Guide

System > Security Dashboard58SonicOS Enhanced 4.0 Administrator GuideStep 11 The Congratulations page displays. You have successfully purchased and

VPN > Settings580SonicOS Enhanced 4.0 Administrator Guide

581SonicOS Enhanced 4.0 Administrator GuideCHAPTER 49 Chapter 49: Configuring Advanced VPN SettingsVPN > AdvancedThe VPN > Advanced page include

VPN > Advanced582SonicOS Enhanced 4.0 Administrator Guide –Dead Peer Detection Interval - Enter the number of seconds between “heartbeats.” The de

VPN > Advanced583SonicOS Enhanced 4.0 Administrator Guide • IKEv2 Dynamic Client Proposal - SonicOS Enhanced 4.0 introduces IKEv2 Dynamic Client S

VPN > Advanced584SonicOS Enhanced 4.0 Administrator GuideOnline Certificate Status Protocol determines the current status of a digital certificate

VPN > Advanced585SonicOS Enhanced 4.0 Administrator GuideUsing OCSP with VPN PoliciesThe SonicWALL OCSP settings can be configured on a policy leve

VPN > Advanced586SonicOS Enhanced 4.0 Administrator Guide

587SonicOS Enhanced 4.0 Administrator GuideCHAPTER 50 Chapter 50: Configuring DHCP Over VPNVPN > DHCP over VPNThe VPN > DHCP over VPN page allow

VPN > DHCP over VPN588SonicOS Enhanced 4.0 Administrator GuideConfiguring the Central Gateway for DHCP Over VPNTo configure DHCP over VPN for the C

VPN > DHCP over VPN589SonicOS Enhanced 4.0 Administrator Guide2. Click Configure. The DHCP over VPN Configuration window is displayed.3. In the Gen

System > Security Dashboard59SonicOS Enhanced 4.0 Administrator GuideRelated FeaturesSonicWALL Registration & License Wizard - Use the SonicWAL

VPN > DHCP over VPN590SonicOS Enhanced 4.0 Administrator GuideDevices9. To configure devices on your LAN, click the Devices tab.10. To configure St

VPN > DHCP over VPN591SonicOS Enhanced 4.0 Administrator GuideNote You must configure the local DHCP server on the remote SonicWALL security applia

VPN > DHCP over VPN592SonicOS Enhanced 4.0 Administrator Guide

593SonicOS Enhanced 4.0 Administrator GuideCHAPTER 51 Chapter 51: Configuring L2TP ServerVPN > L2TP ServerThe SonicWALL security appliance can term

VPN > L2TP Server594SonicOS Enhanced 4.0 Administrator GuideConfiguring the L2TP ServerThe VPN > L2TP Server page provides the settings for conf

VPN > L2TP Server595SonicOS Enhanced 4.0 Administrator Guide6. If the L2TP Server provides IP addresses, select Use the Local L2TP IP pool. Enter t

VPN > L2TP Server596SonicOS Enhanced 4.0 Administrator Guide

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 597PART 10 User Management

598 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

599SonicOS Enhanced 4.0 Administrator GuideCHAPTER 52 Chapter 52: Managing Users and Authentication SettingsUser ManagementThis chapter describes the

viSonicOS Enhanced 4.0 Administrator GuideChapter 13: Using Diagnostic Tools & Restarting the Appliance . . . . 125System > Diagnostics . . .

System > Security Dashboard60SonicOS Enhanced 4.0 Administrator Guide

User Management600SonicOS Enhanced 4.0 Administrator Guideencrypted connection. The SonicWALL authenticates all users as soon as they attempt to acces

User Management601SonicOS Enhanced 4.0 Administrator GuideFigure 52:2 Local Groups Authentication Flow DiagramTo apply Content Filtering Service (CFS)

User Management602SonicOS Enhanced 4.0 Administrator GuideUsing RADIUS for AuthenticationRemote Authentication Dial In User Service (RADIUS) is a prot

User Management603SonicOS Enhanced 4.0 Administrator GuideFigure 52:4 LDAP User Group Authentication Flow DiagramIn addition to RADIUS and the local u

User Management604SonicOS Enhanced 4.0 Administrator GuideLDAP TermsThe following terms are useful when working with LDAP and its variants: • Schema

User Management605SonicOS Enhanced 4.0 Administrator Guide • Samba SMB: Development information is available at http://us5.samba.org/samba/ • Novell

User Management606SonicOS Enhanced 4.0 Administrator GuideUsers that are identified but lack the group memberships required by the configured policy r

User Management607SonicOS Enhanced 4.0 Administrator Guide • Net API or WMIHow Does Single Sign-On Work?SonicWALL SSO requires minimal administrator

User Management608SonicOS Enhanced 4.0 Administrator GuideUser names are returned from the authorization agent running the SSO Agent in the format <

User Management609SonicOS Enhanced 4.0 Administrator GuideFigure 52:6 SonicWALL SSO Agent ProcessThe SonicWALL security appliance queries the SonicWAL

61SonicOS Enhanced 4.0 Administrator GuideCHAPTER 5 Chapter 5: Viewing Status InformationSystem > StatusThe System > Status page provides a comp

User Management610SonicOS Enhanced 4.0 Administrator Guide • User login denied - SSO Agent agent name resolution failed: The SonicWALL SSO Agent is u

User Management611SonicOS Enhanced 4.0 Administrator Guide • “User Groups” section on page 612 • “Priority for Preempting Administrators” section on

User Management612SonicOS Enhanced 4.0 Administrator GuideUser GroupsThe Multiple Administrators Support feature introduces two new default user group

User Management613SonicOS Enhanced 4.0 Administrator GuideGMS and Multiple Administrator SupportWhen using SonicWALL GMS to manage a SonicWALL securit

User Management614SonicOS Enhanced 4.0 Administrator GuideConfiguring Settings on Users > SettingsOn this page, you can configure the authenticatio

User Management615SonicOS Enhanced 4.0 Administrator GuideUser Login Settings In the Authentication method for login drop-down list, select the type o

User Management616SonicOS Enhanced 4.0 Administrator GuideSelect Enforce login uniqueness to prevent the same user name from being used to log into th

User Management617SonicOS Enhanced 4.0 Administrator Guide • Enable disconnected user detection: Causes the SonicWALL to detect when a user’s connect

User Management618SonicOS Enhanced 4.0 Administrator GuideAcceptable use policy page content - Enter your Acceptable Use Policy text in the text box.

User Management619SonicOS Enhanced 4.0 Administrator GuideSee the following sections for configuration instructions: • “Viewing, Editing and Deleting

System > Status62SonicOS Enhanced 4.0 Administrator Guide • Setup Wizard - This wizard helps you quickly configure the SonicWALL security applianc

User Management620SonicOS Enhanced 4.0 Administrator GuideAdding Local UsersYou can add local users to the internal database on the SonicWALL security

User Management621SonicOS Enhanced 4.0 Administrator GuideStep 9 Click OK to complete the user configuration. Editing Local UsersYou can edit local us

User Management622SonicOS Enhanced 4.0 Administrator GuideA default group, Everyone, is listed in the first row of the table. Click the Notepad icon i

User Management623SonicOS Enhanced 4.0 Administrator GuideCreating a Local GroupStep 1 Click the Add Group button to display the Add Group window.Step

User Management624SonicOS Enhanced 4.0 Administrator GuideNote You can create custom Content Filtering Service policies in the Security Services >

User Management625SonicOS Enhanced 4.0 Administrator GuideConfiguring RADIUS AuthenticationIf you selected RADIUS or RADIUS + Local Users from the Aut

User Management626SonicOS Enhanced 4.0 Administrator GuideRADIUS ServersIn the RADIUS Servers section, you can designate the primary and optionally, t

User Management627SonicOS Enhanced 4.0 Administrator GuideRADIUS Users SettingsTo configure the RADIUS user settings:Step 10 On the RADIUS Users tab,

User Management628SonicOS Enhanced 4.0 Administrator GuideCreating a New User Group for RADIUS UsersIn the RADIUS User Settings screen, you can create

User Management629SonicOS Enhanced 4.0 Administrator GuideNote You can add any group as a member of another group except Everybody and All RADIUS User

System > Status63SonicOS Enhanced 4.0 Administrator GuideLatest AlertsAny messages relating to system errors or attacks are displayed in this secti

User Management630SonicOS Enhanced 4.0 Administrator GuideWhen Use LDAP to retrieve user group information is selected, after authenticating a user vi

User Management631SonicOS Enhanced 4.0 Administrator Guide • MSCHAPv2: Select this to use the Microsoft version 2 implementation of CHAP. MSCHAPv2 wo

User Management632SonicOS Enhanced 4.0 Administrator Guidehttp://support.microsoft.com/kb/931125.Step 6 Launch the Domain Security Policy application:

User Management633SonicOS Enhanced 4.0 Administrator GuideConfiguring the SonicWALL Appliance for LDAPThe Users > Settings page in the administrati

User Management634SonicOS Enhanced 4.0 Administrator Guide • Port Number – The default LDAP over TLS port number is TCP 636. The default LDAP (unencr

User Management635SonicOS Enhanced 4.0 Administrator Guideand location in the directory) as the login to the primary server. This may entail creating

User Management636SonicOS Enhanced 4.0 Administrator Guide • User group membership attribute – Select the attribute that contains information about t

User Management637SonicOS Enhanced 4.0 Administrator GuideNote AD has some built-in containers that do not conform (e.g. the DN for the top level User

User Management638SonicOS Enhanced 4.0 Administrator GuideIf using multiple LDAP/AD servers with referrals, this process can be repeated for each, rep

User Management639SonicOS Enhanced 4.0 Administrator Guide • Import user groups – You can click this button to configure user groups on the SonicWALL

System > Status64SonicOS Enhanced 4.0 Administrator GuideRegistering Your SonicWALL Security ApplianceOnce you have established your Internet conne

User Management640SonicOS Enhanced 4.0 Administrator GuideThe SonicWALL appliance can retrieve group memberships efficiently in the case of Active Dir

User Management641SonicOS Enhanced 4.0 Administrator GuideNote The ‘Bypass filters’ and ‘Limited management capabilities’ privileges are returned base

User Management642SonicOS Enhanced 4.0 Administrator Guide –“Configuring User Settings” section on page 669

User Management643SonicOS Enhanced 4.0 Administrator GuideInstalling the SonicWALL SSO AgentThe SonicWALL SSO Agent is part of the SonicWALL Directory

User Management644SonicOS Enhanced 4.0 Administrator GuideStep 4 On the Customer Information page, enter your name in the User Name field and your org

User Management645SonicOS Enhanced 4.0 Administrator GuideSonicWALL SSO Agent feature. Click Next. Step 7 Click Install to install SSO Agent.Step 8 To

User Management646SonicOS Enhanced 4.0 Administrator GuideNote This section can be configured at a later time. To skip this step and configure it late

User Management647SonicOS Enhanced 4.0 Administrator GuideThe SonicWALL SSO Agent installs. The status bar displays.Step 10 When installation is compl

User Management648SonicOS Enhanced 4.0 Administrator GuideIf you checked the Launch SonicWALL Directory Connector box, the SonicWALL Directory Connect

User Management649SonicOS Enhanced 4.0 Administrator GuideTo configure the communication properties of the SonicWALL SSO Agent, perform the following

System > Status65SonicOS Enhanced 4.0 Administrator GuideTo create a mySonicWALL.com account from the SonicWALL management interface:Step 1 In the

User Management650SonicOS Enhanced 4.0 Administrator GuideIf the message SonicWALL SSO Agent service is not running. Please check the configuration an

User Management651SonicOS Enhanced 4.0 Administrator GuideNote When Logging Level 2 is selected, the SSO Agent service will terminate if the Windows e

User Management652SonicOS Enhanced 4.0 Administrator GuideNote NetAPI will provide faster, though possibly slightly less accurate, performance. WMI wi

User Management653SonicOS Enhanced 4.0 Administrator GuideAdding a SonicWALL Security ApplianceUse these instructions to manually add a SonicWALL secu

User Management654SonicOS Enhanced 4.0 Administrator GuideYour appliance will display in the left-hand navigation panel under the SonicWALL Appliances

User Management655SonicOS Enhanced 4.0 Administrator GuideModifying Services in SonicWALL SSO AgentYou can start, stop, and pause SonicWALL SSO Agent

User Management656SonicOS Enhanced 4.0 Administrator GuideStep 4 Click Configure.The Authentication Agent Settings page displays.Step 5 In the Name or

User Management657SonicOS Enhanced 4.0 Administrator GuideStep 11 Check the box next to Allow only users listed locally to allow only users listed loc

User Management658SonicOS Enhanced 4.0 Administrator GuideNote The Content Filter tab is only displayed if Premium CFS is enabled on the SonicWALL sec

User Management659SonicOS Enhanced 4.0 Administrator GuideThis setting should be used where traffic that would be subject to content filtering can ema

System > Status66SonicOS Enhanced 4.0 Administrator GuideRegistering Your SonicWALL Security ApplianceIf you already have a mySonicWALL.com account

User Management660SonicOS Enhanced 4.0 Administrator GuideStep 22 Select the Check user radio button, enter the IP address of a workstation in the Wor

User Management661SonicOS Enhanced 4.0 Administrator GuideAdvanced LDAP ConfigurationIf you selected Use LDAP to retrieve user group information in st

User Management662SonicOS Enhanced 4.0 Administrator GuideNote Use the user’s name in the Login user name field, not a username or login ID. For examp

User Management663SonicOS Enhanced 4.0 Administrator GuideNote Only check the Send LDAP ‘Start TLS’ request box if your LDAP server uses the same port

User Management664SonicOS Enhanced 4.0 Administrator GuideStep 14 The Object class field defines which attribute represents the individual user accoun

User Management665SonicOS Enhanced 4.0 Administrator GuideStep 23 In the User tree for login to server field, specify the tree in which the user speci

User Management666SonicOS Enhanced 4.0 Administrator GuideIf using multiple LDAP/AD servers with referrals, this process can be repeated for each, rep

User Management667SonicOS Enhanced 4.0 Administrator GuideThe SonicWALL security appliance can retrieve group memberships more efficiently in the case

User Management668SonicOS Enhanced 4.0 Administrator Guide –VPN ZoneStep 35 In the RADIUS shared secret field, enter a shared secret common to all re

User Management669SonicOS Enhanced 4.0 Administrator GuideConfiguring Firewall Access RulesFirewall access rules provide the administrator with the ab

67SonicOS Enhanced 4.0 Administrator GuideCHAPTER 6 Chapter 6: Managing SonicWALL LicensesSystem > LicensesThe System > Licenses page provides l

User Management670SonicOS Enhanced 4.0 Administrator GuideThe Enable login session limit and corresponding Login session limit (minutes) settings unde

User Management671SonicOS Enhanced 4.0 Administrator GuideConfiguring Additional Administrator User ProfilesTo configure additional administrator user

User Management672SonicOS Enhanced 4.0 Administrator GuideWhen using RADIUS or LDAP authentication, if you want to keep the configuration of administr

User Management673SonicOS Enhanced 4.0 Administrator GuideActivating Configuration ModeWhen logging in as a user with full administrator rights (that

User Management674SonicOS Enhanced 4.0 Administrator GuideTo switch from non-config mode to full configuration mode, perform the following steps:Step

User Management675SonicOS Enhanced 4.0 Administrator GuideVerifying Multiple Administrators Support ConfigurationUser accounts with administrator and

User Management676SonicOS Enhanced 4.0 Administrator GuideWhen the administrator is in read-only mode, the top right corner of the interface displays

677SonicOS Enhanced 4.0 Administrator GuideCHAPTER 53 Chapter 53: Managing Guest Services and Guest AccountsUsers > Guest ServicesGuest accounts ar

Users > Guest Services678SonicOS Enhanced 4.0 Administrator GuideGlobal Guest Settings Check Show guest login status window with logout button to d

Users > Guest Accounts679SonicOS Enhanced 4.0 Administrator Guide –Auto-Prune Account: Check this to have the account removed from the database af

System > Licenses68SonicOS Enhanced 4.0 Administrator GuideExcluding a NodeWhen you exclude a node, you block it from connecting to your network th

Users > Guest Accounts680SonicOS Enhanced 4.0 Administrator GuideViewing Guest Account StatisticsTo view statistics on a guest account, hover your

Users > Guest Accounts681SonicOS Enhanced 4.0 Administrator Guide –Enable Guest Services Privilege: Check this for the account to be enabled upon

Users > Guest Accounts682SonicOS Enhanced 4.0 Administrator Guide –Comment: Enter a descriptive comment.Step 3 In the Guest Services tab, configur

Users > Guest Status683SonicOS Enhanced 4.0 Administrator GuidePrinting Account Details.You can print a summary of a guest account. Click the print

Users > Guest Status684SonicOS Enhanced 4.0 Administrator Guide • Session Expiration: The time when the current session expires. • Statistics: h

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 685PART 11 Security Services

686 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

687SonicOS Enhanced 4.0 Administrator GuideCHAPTER 54 Chapter 54: Managing SonicWALL Security ServicesSonicWALL Security ServicesSonicWALL, Inc. offer

SonicWALL Security Services688SonicOS Enhanced 4.0 Administrator GuideNote For more information on SonicWALL security services, please visit http://ww

SonicWALL Security Services689SonicOS Enhanced 4.0 Administrator GuideIf your SonicWALL security appliance is not registered, the Security Services &g

System > Licenses69SonicOS Enhanced 4.0 Administrator GuideManage Security Services OnlineTo activate, upgrade, or renew services, click the link i

SonicWALL Security Services690SonicOS Enhanced 4.0 Administrator GuideManaging Security Services OnlineClicking the Manage Licenses button displays th

SonicWALL Security Services691SonicOS Enhanced 4.0 Administrator GuideSecurity Services InformationThis section includes a brief overview of services

SonicWALL Security Services692SonicOS Enhanced 4.0 Administrator GuideTo manually update signature files, complete the following steps:Step 1 On the S

SonicWALL Security Services693SonicOS Enhanced 4.0 Administrator GuideNote The signature file can only be used on SonicWALL security appliances that a

SonicWALL Security Services694SonicOS Enhanced 4.0 Administrator Guide

695SonicOS Enhanced 4.0 Administrator GuideCHAPTER 55 Chapter 55: Configuring SonicWALL Content Filtering ServiceSecurity Services > Content Filter

Security Services > Content Filter696SonicOS Enhanced 4.0 Administrator GuideSonicWALL Content Filtering ServiceSonicWALL Content Filtering Service

Security Services > Content Filter697SonicOS Enhanced 4.0 Administrator GuideYou can also access the SonicWALL CFS URL Rating Review Request form b

Security Services > Content Filter698SonicOS Enhanced 4.0 Administrator Guide • SonicWALL CFS - Selecting SonicWALL CFS as the Content Filter Type

Security Services > Content Filter699SonicOS Enhanced 4.0 Administrator GuideTrusted DomainsTrusted Domains can be added to enable content from spe

viiSonicOS Enhanced 4.0 Administrator GuideConfiguring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141Confi

System > Licenses70SonicOS Enhanced 4.0 Administrator GuideManual UpgradeManual Upgrade allows you to activate your services by typing the service

Security Services > Content Filter700SonicOS Enhanced 4.0 Administrator GuideMessage to Display when BlockingYou can enter your customized text to

Security Services > Content Filter701SonicOS Enhanced 4.0 Administrator GuideWarningDo not include the prefix “http://” in either the Allowed Domai

Security Services > Content Filter702SonicOS Enhanced 4.0 Administrator Guidethe page defined in the Consent page URL field. Enter the time limit,

Security Services > Content Filter703SonicOS Enhanced 4.0 Administrator GuideConfiguring N2H2 Internet Filtering N2H2 is a third party Internet fil

Security Services > Content Filter704SonicOS Enhanced 4.0 Administrator GuideURL Cache • Cache Size (KB) - Configure the size of the URL Cache in

Security Services > Content Filter705SonicOS Enhanced 4.0 Administrator GuideMessage to Display when BlockingYou can enter your customized text in

Security Services > Content Filter706SonicOS Enhanced 4.0 Administrator Guide –Block traffic to all Web sites - Selecting this option blocks traff

Security Services > Content Filter707SonicOS Enhanced 4.0 Administrator GuideTrusted DomainsTrusted Domains can be added in the Restrict Web Featur

Security Services > Content Filter708SonicOS Enhanced 4.0 Administrator Guide

709SonicOS Enhanced 4.0 Administrator GuideCHAPTER 56 Chapter 56: Activating SonicWALL Client Anti-VirusSecurity Services > Anti-VirusBy their natu

System > Licenses71SonicOS Enhanced 4.0 Administrator GuideFrom the Management Interface of your SonicWALL Security ApplianceStep 1 Make sure your

Security Services > Anti-Virus710SonicOS Enhanced 4.0 Administrator GuideActivating SonicWALL Client Anti-VirusIf Sonic WALL Client Anti-Virus is n

Security Services > Anti-Virus711SonicOS Enhanced 4.0 Administrator GuideNote You must have a mySonicWALL.com account and your SonicWALL must be re

Security Services > Anti-Virus712SonicOS Enhanced 4.0 Administrator GuideActivating a SonicWALL Client Anti-Virus FREE TRIALYou can try a FREE TRIA

Security Services > Anti-Virus713SonicOS Enhanced 4.0 Administrator Guide –Low Risk - A virus that is not reported in the field and is considered

Security Services > E-mail Filter714SonicOS Enhanced 4.0 Administrator GuideSecurity Services > E-mail FilterThe E-Mail Filter allows the admini

715SonicOS Enhanced 4.0 Administrator GuideCHAPTER 57 Chapter 57: Managing SonicWALL Gateway Anti-Virus ServiceSecurity Services > Gateway Anti-Vir

Security Services > Gateway Anti-Virus716SonicOS Enhanced 4.0 Administrator GuideSonicWALL GAV delivers threat protection directly on the SonicWALL

Security Services > Gateway Anti-Virus717SonicOS Enhanced 4.0 Administrator GuideRemote Site ProtectionStep 1 Users send typical e-mail and files b

Security Services > Gateway Anti-Virus718SonicOS Enhanced 4.0 Administrator GuideHTTP File DownloadsStep 1 Client makes a request to download a fil

Security Services > Gateway Anti-Virus719SonicOS Enhanced 4.0 Administrator Guidesingle-pass, per-packet basis. Reassembly free virus scanning func

System > Licenses72SonicOS Enhanced 4.0 Administrator Guide

Security Services > Gateway Anti-Virus720SonicOS Enhanced 4.0 Administrator GuideNote If you already have a mysonicWALL.com account, go to “Registe

Security Services > Gateway Anti-Virus721SonicOS Enhanced 4.0 Administrator GuideRegistering Your SonicWALL Security ApplianceStep 1 Log into the S

Security Services > Gateway Anti-Virus722SonicOS Enhanced 4.0 Administrator GuideIf you have an Activation Key for SonicWALL Gateway Anti-Virus, An

Security Services > Gateway Anti-Virus723SonicOS Enhanced 4.0 Administrator GuideActivating FREE TRIALsYou can try FREE TRIAL versions of SonicWALL

Security Services > Gateway Anti-Virus724SonicOS Enhanced 4.0 Administrator GuideThe Security Services > Gateway Anti-Virus page provides the se

Security Services > Gateway Anti-Virus725SonicOS Enhanced 4.0 Administrator GuideApplying SonicWALL GAV Protection on Zones You can enforce SonicWA

Security Services > Gateway Anti-Virus726SonicOS Enhanced 4.0 Administrator GuideNote You also enable SonicWALL GAV protection for new zones you cr

Security Services > Gateway Anti-Virus727SonicOS Enhanced 4.0 Administrator GuideUpdating SonicWALL GAV SignaturesBy default, the SonicWALL securit

Security Services > Gateway Anti-Virus728SonicOS Enhanced 4.0 Administrator GuideThe Enable Inbound Inspection protocol traffic handling represente

Security Services > Gateway Anti-Virus729SonicOS Enhanced 4.0 Administrator Guide • Restrict Transfer of password-protected Zip files - Disables t

73SonicOS Enhanced 4.0 Administrator GuideCHAPTER 7 Chapter 7: Configuring Administration SettingsSystem > AdministrationThe System Administration

Security Services > Gateway Anti-Virus730SonicOS Enhanced 4.0 Administrator GuideIf you want to suppress the sending of e-mail messages (SMTP) to c

Security Services > Gateway Anti-Virus731SonicOS Enhanced 4.0 Administrator GuideOptionally, you can configure the timeout for the HTTP Clientless

Security Services > Gateway Anti-Virus732SonicOS Enhanced 4.0 Administrator GuideViewing SonicWALL GAV SignaturesThe Gateway Anti-Virus Signatures

Security Services > Gateway Anti-Virus733SonicOS Enhanced 4.0 Administrator GuideSearching the Gateway Anti-Virus Signature DatabaseYou can search

Security Services > Gateway Anti-Virus734SonicOS Enhanced 4.0 Administrator Guide

735SonicOS Enhanced 4.0 Administrator GuideCHAPTER 58 Chapter 58: Activating Intrusion Prevention ServiceSecurity Services > Intrusion Prevention S

Security Services > Intrusion Prevention Service736SonicOS Enhanced 4.0 Administrator GuideHow SonicWALL’s Deep Packet Inspection WorksDeep Packet

Security Services > Intrusion Prevention Service737SonicOS Enhanced 4.0 Administrator Guide • Deep Packet Inspection - looking at the data portion

Security Services > Intrusion Prevention Service738SonicOS Enhanced 4.0 Administrator GuideTip If your SonicWALL security appliance is connected to

Security Services > Intrusion Prevention Service739SonicOS Enhanced 4.0 Administrator GuideNote Remember your username and password to access your

System > Administration74SonicOS Enhanced 4.0 Administrator GuideChanging the Administrator PasswordTo set a new password for SonicWALL Management

Security Services > Intrusion Prevention Service740SonicOS Enhanced 4.0 Administrator GuideNote Clicking on the Continue button does not activate t

Security Services > Intrusion Prevention Service741SonicOS Enhanced 4.0 Administrator GuideIf you have an Activation Key for SonicWALL Gateway Anti

Security Services > Intrusion Prevention Service742SonicOS Enhanced 4.0 Administrator GuideSetting Up SonicWALL Intrusion Prevention Service Protec

Security Services > Intrusion Prevention Service743SonicOS Enhanced 4.0 Administrator Guideinformation on configuring global signature groups, refe

Security Services > Intrusion Prevention Service744SonicOS Enhanced 4.0 Administrator Guide

745SonicOS Enhanced 4.0 Administrator GuideCHAPTER 59 Chapter 59: Activating Anti-Spyware ServiceSecurity Services > Anti-Spyware ServiceSonicWALL

Security Services > Anti-Spyware Service746SonicOS Enhanced 4.0 Administrator GuideNote Refer to the SonicWALL Anti-Spyware Administrator’s Guide o

Security Services > Anti-Spyware Service747SonicOS Enhanced 4.0 Administrator GuideCreating a mySonicWALL.com AccountCreating a mySonicWALL.com acc

Security Services > Anti-Spyware Service748SonicOS Enhanced 4.0 Administrator GuideRegistering Your SonicWALL Security ApplianceStep 1 Log into the

Security Services > Anti-Spyware Service749SonicOS Enhanced 4.0 Administrator GuideTo try a FREE TRIAL of SonicWALL Gateway Anti-Virus, SonicWALL A

System > Administration75SonicOS Enhanced 4.0 Administrator GuideThe Password must be changed every (days) setting requires users to change their p

Security Services > Anti-Spyware Service750SonicOS Enhanced 4.0 Administrator GuideIf you have an Activation Key for SonicWALL Gateway Anti-Virus,

Security Services > Anti-Spyware Service751SonicOS Enhanced 4.0 Administrator GuideRefer to the SonicWALL Anti-Spyware Administrator’s Guide on the

Security Services > Anti-Spyware Service752SonicOS Enhanced 4.0 Administrator Guide

753SonicOS Enhanced 4.0 Administrator GuideCHAPTER 60 Chapter 60: Configuring SonicWALL Real-Time BlacklistSMTP Real-Time Black List FilteringSMTP Rea

Security Services > RBL Filter754SonicOS Enhanced 4.0 Administrator GuideNote Most spam today is known to be sent from hijacked or zombie machines

Security Services > RBL Filter755SonicOS Enhanced 4.0 Administrator GuideTo add an RBL services, click the Add button. In the Add RBL Domain window

Security Services > RBL Filter756SonicOS Enhanced 4.0 Administrator Guide

757SonicOS Enhanced 4.0 Administrator GuideCHAPTER 61 Chapter 61: Configuring SonicWALL Global Security ClientSecurity Services > Global Security C

Security Services > Global Security Client758SonicOS Enhanced 4.0 Administrator Guidegateway administrator automatically updates the Global Securit

Security Services > Global Security Client759SonicOS Enhanced 4.0 Administrator Guide • Policy Management - enables network administrator’s to cre

System > Administration76SonicOS Enhanced 4.0 Administrator GuideMultiple AdministratorsSonicOS Enhanced provides the ability for multiple administ

Security Services > Global Security Client760SonicOS Enhanced 4.0 Administrator GuideSonicWALL’s Distributed Enforcement Architecture (DEA) technol

Security Services > Global Security Client761SonicOS Enhanced 4.0 Administrator GuideConfiguring Security Policies for Global Security ClientsThe S

Security Services > Global Security Client762SonicOS Enhanced 4.0 Administrator Guide

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 763PART 12 Log

764 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

765SonicOS Enhanced 4.0 Administrator GuideCHAPTER 62 Chapter 62: Managing Log EventsLog > ViewThe SonicWALL security appliance maintains an Event

Log > View766SonicOS Enhanced 4.0 Administrator GuideLog View TableThe log is displayed in a table and is sortable by column. The log table columns

Log > View767SonicOS Enhanced 4.0 Administrator GuideClear LogTo delete the contents of the log, click the Clear Log button near the top right corn

Log > View768SonicOS Enhanced 4.0 Administrator GuideSource interface AND Destination interfaceStep 3 Check the Group box next to any two or more c

769SonicOS Enhanced 4.0 Administrator GuideCHAPTER 63 Chapter 63: Configuring Log CategoriesLog > CategoriesThis chapter provides configuration tas

System > Administration77SonicOS Enhanced 4.0 Administrator GuideWeb Management SettingsThe SonicWALL security appliance can be managed using HTTP

Log > Categories770SonicOS Enhanced 4.0 Administrator GuideLog PriorityThis section provides information on configuring the level of priority log m

Log > Categories771SonicOS Enhanced 4.0 Administrator GuideLog CategoriesSonicWALL security appliances provide automatic attack protection against

Log > Categories772SonicOS Enhanced 4.0 Administrator GuideFirewall Logging Extended Logs general events and errorsFirewall Rule Extended Logs fire

Log > Categories773SonicOS Enhanced 4.0 Administrator GuideManaging Log CategoriesThe Log Categories table displays log category information organi

Log > Categories774SonicOS Enhanced 4.0 Administrator Guide

775SonicOS Enhanced 4.0 Administrator GuideCHAPTER 64 Chapter 64: Configuring Syslog SettingsLog > SyslogIn addition to the standard event log, the

Log > Syslog776SonicOS Enhanced 4.0 Administrator GuideSyslog SettingsSyslog Facility • Syslog Facility - Allows you to select the facilities and

Log > Syslog777SonicOS Enhanced 4.0 Administrator GuideSyslog ServersAdding a Syslog ServerTo add syslog servers to the SonicWALL security applianc

Log > Syslog778SonicOS Enhanced 4.0 Administrator Guide

779SonicOS Enhanced 4.0 Administrator GuideCHAPTER 65 Chapter 65: Configuring Log AutomationLog > AutomationThe Log > Automation page includes s

System > Administration78SonicOS Enhanced 4.0 Administrator GuideSSH Management SettingsIf you use SSH to manage the SonicWALL appliance, you can c

Log > Automation780SonicOS Enhanced 4.0 Administrator GuideE-mail Log Automation • Send Log to E-mail address - Enter your e-mail address (usernam

781SonicOS Enhanced 4.0 Administrator GuideCHAPTER 66 Chapter 66: Configuring Name ResolutionLog > Name ResolutionThe Log > Name Resolution page

Log > Name Resolution782SonicOS Enhanced 4.0 Administrator Guide • None: The security appliance will not attempt to resolve IP addresses and Names

783SonicOS Enhanced 4.0 Administrator GuideCHAPTER 67 Chapter 67: Generating Log ReportsLog > ReportsThe SonicWALL security appliance can perform a

Log > Reports784SonicOS Enhanced 4.0 Administrator GuideData CollectionThe Reports window includes the following functions and commands: • Start D

Log > Reports785SonicOS Enhanced 4.0 Administrator GuideBandwidth Usage by IP AddressSelecting Bandwidth Usage by IP Address from the Report to vie

Log > Reports786SonicOS Enhanced 4.0 Administrator Guide

787SonicOS Enhanced 4.0 Administrator GuideCHAPTER 68 Chapter 68: Activating SonicWALL ViewPointLog > ViewPointSonicWALL ViewPoint is a Web-based g

Log > ViewPoint788SonicOS Enhanced 4.0 Administrator GuideActivating ViewPointThe Log > ViewPoint page allows you to activate the ViewPoint lice

Log > ViewPoint789SonicOS Enhanced 4.0 Administrator Guide3. Click Activate or Renew in the Manage Service column in the Manage Services Online tab

System > Administration79SonicOS Enhanced 4.0 Administrator GuideTo enable SNMP on the SonicWALL security appliance, log into the Management interf

Log > ViewPoint790SonicOS Enhanced 4.0 Administrator Guide

SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE 791PART 13 Wizards

792 SONICWALL SONICOS ENHANCED 4.0 ADMINISTRATOR’S GUIDE

793SonicOS Enhanced 4.0 Administrator GuideCHAPTER 69 Chapter 69: Configuring Internet Connectivity Using the Setup WizardWizards > Setup WizardThe

Wizards > Setup Wizard794SonicOS Enhanced 4.0 Administrator GuideThe Setup Wizard screens change depending on the choices you make. For example, if

Wizards > Setup Wizard795SonicOS Enhanced 4.0 Administrator GuideConfiguring a Static IP Address with NAT EnabledUsing NAT to set up your SonicWALL

Wizards > Setup Wizard796SonicOS Enhanced 4.0 Administrator GuideNote Your Web browser must be Java-enabled and support HTTP uploads in order to fu

Wizards > Setup Wizard797SonicOS Enhanced 4.0 Administrator GuideChange Time Zone3. Select the appropriate Time Zone from the Time Zone menu. The S

Wizards > Setup Wizard798SonicOS Enhanced 4.0 Administrator GuideWAN Network Mode: NAT Enabled6. Enter the public IP address provided by your ISP i

Wizards > Setup Wizard799SonicOS Enhanced 4.0 Administrator GuideLAN DHCP Settings 8. The Optional-SonicWALL DHCP Server window configures the Soni

viiiSonicOS Enhanced 4.0 Administrator GuideChapter 17: Configuring Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Network &

System > Administration80SonicOS Enhanced 4.0 Administrator GuideEnable GMS ManagementYou can configure the SonicWALL security appliance to be mana

Wizards > Setup Wizard800SonicOS Enhanced 4.0 Administrator GuideSetup Wizard Complete10. The SonicWALL stores the network settings. 11. Click Clos

Wizards > Setup Wizard801SonicOS Enhanced 4.0 Administrator GuideChange Password3. To set the password, enter a new password in the New Password an

Wizards > Setup Wizard802SonicOS Enhanced 4.0 Administrator Guide WAN Network Mode5. Select DHCP, the Obtain an IP address automatically window is

Wizards > Setup Wizard803SonicOS Enhanced 4.0 Administrator Guide LAN Settings7. The Fill in information about your LAN page allows the configurati

Wizards > Setup Wizard804SonicOS Enhanced 4.0 Administrator GuideSonicWALL Configuration Summary9. The Configuration Summary window displays the co

Wizards > Setup Wizard805SonicOS Enhanced 4.0 Administrator GuideConfiguring NAT Enabled with PPPoENAT with PPPoE Client is a network protocol that

Wizards > Setup Wizard806SonicOS Enhanced 4.0 Administrator GuideChange Password3. To set the password, enter a new password in the New Password an

Wizards > Setup Wizard807SonicOS Enhanced 4.0 Administrator GuideWAN Network Mode5. The SonicWALL automatically detects the presence of a PPPoE ser

Wizards > Setup Wizard808SonicOS Enhanced 4.0 Administrator GuideLAN Settings7. The LAN Settings page allows the configuration of SonicWALL LAN IP

Wizards > Setup Wizard809SonicOS Enhanced 4.0 Administrator GuideSonicWALL Configuration Summary9. The Configuration Summary window displays the co

System > Administration81SonicOS Enhanced 4.0 Administrator Guidethe GMS installation, and enter the IP address in the NAT Device IP Address field.

Wizards > Setup Wizard810SonicOS Enhanced 4.0 Administrator GuideConfiguring PPTP Network ModeNAT with PPTP Client mode uses Point to Point Tunneli

Wizards > Setup Wizard811SonicOS Enhanced 4.0 Administrator GuideChange Password3. To set the password, enter a new password in the New Password an

Wizards > Setup Wizard812SonicOS Enhanced 4.0 Administrator GuideWAN Network Mode4. Select PPTP: Provided you with a server IP address, a user name

Wizards > Setup Wizard813SonicOS Enhanced 4.0 Administrator GuideLAN Settings6. The LAN Settings page allows the configuration of SonicWALL LAN IP

Wizards > Setup Wizard814SonicOS Enhanced 4.0 Administrator GuideSonicWALL Configuration Summary8. The Configuration Summary window displays the co

815SonicOS Enhanced 4.0 Administrator GuideCHAPTER 70 Chapter 70: Using the Registration & License WizardWizards > Registration & License W

Wizards > Registration & License Wizard816SonicOS Enhanced 4.0 Administrator GuideStep 2 Select Registration and License Wizard and click Next.

Wizards > Registration & License Wizard817SonicOS Enhanced 4.0 Administrator GuideStep 5 On the Choose security services page, select the secur

Wizards > Registration & License Wizard818SonicOS Enhanced 4.0 Administrator GuideStep 7 Verify that the services you want to purchase are list

Wizards > Registration & License Wizard819SonicOS Enhanced 4.0 Administrator GuideStep 9 The Confirm page displays. Verify that your order is c

System > Administration82SonicOS Enhanced 4.0 Administrator Guide • HTTPS - If this option is selected, HTTPS management is allowed from two IP ad

Wizards > Registration & License Wizard820SonicOS Enhanced 4.0 Administrator GuideStep 12 Your new security services are now available on the S

821SonicOS Enhanced 4.0 Administrator GuideCHAPTER 71 Chapter 71: Configuring a Public Server with the WizardWizards > Public Server Wizard1. Start

Wizards > Public Server Wizard822SonicOS Enhanced 4.0 Administrator Guide2. Select Public Server Wizard and click Next.3. Select the type of server

Wizards > Public Server Wizard823SonicOS Enhanced 4.0 Administrator Guide6. Click Next. 7. Enter the public IP address of the server. The default i

Wizards > Public Server Wizard824SonicOS Enhanced 4.0 Administrator Guide9. The Summary page displays a summary of all the configuration you have p

Wizards > Public Server Wizard825SonicOS Enhanced 4.0 Administrator Guide10. Click Apply in the Public Server Configuration Summary page to complet

Wizards > Public Server Wizard826SonicOS Enhanced 4.0 Administrator Guide

827SonicOS Enhanced 4.0 Administrator GuideCHAPTER 72 Chapter 72: Configuring VPN Policies with the VPN Policy WizardWizards > VPN WizardThe VPN Po

Wizards > VPN Wizard828SonicOS Enhanced 4.0 Administrator GuideUsing the VPN Policy WizardStep 1 In the top right corner of the VPN > Settings p

Wizards > VPN Wizard829SonicOS Enhanced 4.0 Administrator Guide –Default Key: If you choose the default key, all your Global VPN Clients and Globa

System > Administration83SonicOS Enhanced 4.0 Administrator GuideThe default URL http://help.mysonicwall.com/applications/vpnclient displays the So

Wizards > VPN Wizard830SonicOS Enhanced 4.0 Administrator Guide –Encryption: This is the method for encrypting data through the VPN Tunnel. The me

Wizards > VPN Wizard831SonicOS Enhanced 4.0 Administrator GuideNote If you enable user authentication, the users must be entered in the SonicWALL d

Wizards > VPN Wizard832SonicOS Enhanced 4.0 Administrator Guide • The shared secret if you selected a custom preshared secret in the VPN Wizard.

Wizards > VPN Wizard833SonicOS Enhanced 4.0 Administrator GuideUsing the VPN Wizard to Configure Preshared SecretStep 1 On the System > Status p

Wizards > VPN Wizard834SonicOS Enhanced 4.0 Administrator Guide –Policy Name: Enter a name you can use to refer to the policy. For example, Boston

Wizards > VPN Wizard835SonicOS Enhanced 4.0 Administrator GuideIf the object or group you want has not been created yet, select Create Object or Cr

Wizards > VPN Wizard836SonicOS Enhanced 4.0 Administrator Guide –Encryption: This is the method for encrypting data through the VPN Tunnel. The me

837SonicOS Enhanced 4.0 Administrator GuideIndexSymbols 401, 793, 796–797, 800–803, 805–808, 811–813, 815, 821, 827–828Numerics802.11a 394802.11g 315,

838SonicOS Enhanced 4.0 Administrator GuideDdeep packet inspection 718DF bit 582DH group 829VPN policy wizard 835DHCPrelay mode 587setup wizard 797VPN

839SonicOS Enhanced 4.0 Administrator GuideIIDS 405authorizing access points 407rogue access points 406IEEE 802.11b 315IEEE 802.11g 315IKEDH group 829

System > Administration84SonicOS Enhanced 4.0 Administrator Guide

840SonicOS Enhanced 4.0 Administrator Guidesettings 248translated destination 248translated service 249translated source 248NAT policyloopback policy

841SonicOS Enhanced 4.0 Administrator GuideLAN settings 798–799, 803–804, 808, 813–814NAT with DHCP client 802NAT with PPPoE 805NAT with PPPoE client

842SonicOS Enhanced 4.0 Administrator Guideauthentication 830, 836configuration summary 836connecting Global VPN Clients 831destination networks 835DH

©2008SonicWALL,Inc.isaregisteredtrademarkofSonicWALL,Inc.Otherproductnamesmentionedhereinmaybetrademarksand/orregisteredtrademarksoftheirrespectivecom

85SonicOS Enhanced 4.0 Administrator GuideCHAPTER 8 Chapter 8: Managing CertificatesSystem > CertificatesTo implement the use of certificates for V

System > Certificates86SonicOS Enhanced 4.0 Administrator Guide • OpenSSL • VeriSignCertificates and Certificate RequestsThe Certificate and Cert

System > Certificates87SonicOS Enhanced 4.0 Administrator GuideCertificate DetailsClicking on the icon in the Details column of the Certificates an

System > Certificates88SonicOS Enhanced 4.0 Administrator GuideImporting a Certificate Authority CertificateTo import a certificate from a certific

System > Certificates89SonicOS Enhanced 4.0 Administrator GuideImporting a Local CertificateTo import a local certificate, perform these steps:Step

ixSonicOS Enhanced 4.0 Administrator GuideChapter 21: Configuring NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . .245Network > NA

System > Certificates90SonicOS Enhanced 4.0 Administrator GuideImporting a CRLYou can import the CRL by manually downloading the CRL and then impor

System > Certificates91SonicOS Enhanced 4.0 Administrator GuideTo generate a local certificate, follow these steps:Step 1 Click the New Signing Req

System > Certificates92SonicOS Enhanced 4.0 Administrator Guide

93SonicOS Enhanced 4.0 Administrator GuideCHAPTER 9 Chapter 9: Configuring Time SettingsSystem > TimeThe System > Time page defines the time and

System > Time94SonicOS Enhanced 4.0 Administrator GuideIf you want to set your time manually, uncheck Set time automatically using NTP. Select the

95SonicOS Enhanced 4.0 Administrator GuideCHAPTER 10 Chapter 10: Setting SchedulesSystem > SchedulesThe System > Schedules page allows you to cr

System > Schedules96SonicOS Enhanced 4.0 Administrator GuideThe Schedules table displays all your predefined and custom schedules. In the Schedules

System > Schedules97SonicOS Enhanced 4.0 Administrator GuideAdding a Schedule To create schedules, click Add. The Add Schedule window is displayed.

System > Schedules98SonicOS Enhanced 4.0 Administrator Guide

99SonicOS Enhanced 4.0 Administrator GuideCHAPTER 11 Chapter 11: Managing SonicWALL Security Appliance FirmwareSystem > SettingsThis System > Se