Sonicwall Internet Security Appliances Bedienungsanleitung

COMPREHENSIVE INTERNET SECURITY™S o n i c WALL Internet Security Ap p l i a n c e sA D M I N I S T RATOR’S GUIDE

Page 11 Copyright Notice© 2002 SonicWALL, Inc. All rights reserved.Under the copyright laws, this manual or the software described within, can not b

Content Filtering and Blocking Page 101Trusted DomainsTrusted Domains can be added in the Restrict Web Features section of the Configure tab. If you

Page 102 SonicWALL Internet Security Appliance Administrator’s GuideDownload Automatically every Selecting Download Automatically every allows you to

Content Filtering and Blocking Page 103Customizing the Content Filtering ListThe Customize tab allows you to customize your URL List by manually ente

Page 104 SonicWALL Internet Security Appliance Administrator’s GuideTip Customized domains do not have to be re-entered when the Content Filter List i

Content Filtering and Blocking Page 105ConsentThe Consent tab allows you to enforce content filtering on designated computers and provideoptional fil

Page 106 SonicWALL Internet Security Appliance Administrator’s Guide• “Consent Accepted” URL (Filtering Off) When a user accepts the terms outlined in

Content Filtering and Blocking Page 107Configuring N2H2 Internet Filtering N2H2 is a third party Internet filtering package that allows you to use In

Page 108 SonicWALL Internet Security Appliance Administrator’s Guidewarranted by these fraudulent certificates. If digital certificates are proven fra

Content Filtering and Blocking Page 109N2H2 Server StatusThis section displays the status of the N2H2 Internet Filtering Protocol (IFP) server you ar

Page 110 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring the Websense Enterprise Content Filter Websense is a third party softw

Page 12 SonicWALL Internet Security Appliance User’s GuideAbout this GuideThank you for purchasing the SonicWALL Internet Security appliance. The Soni

Content Filtering and Blocking Page 111• Known Fraudulent Certificates Digital certificates help verify that Web content and files originated from an

Page 112 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring the Websense Content Filter ListConfigure the Websense Enterprise sett

Content Filtering and Blocking Page 113If Server is unavailable for 5 secs:If the Websense Enterprise server becomes unavailable, select from the fol

Page 114 SonicWALL Internet Security Appliance Administrator’s Guide9 Web Management ToolsThis chapter describes the SonicWALL Management Tools, avai

Web Management Tools Page 115PreferencesClick Tools on the left side of the browser window, and then click the Preferences tab.You can save the Sonic

Page 116 SonicWALL Internet Security Appliance Administrator’s GuideImporting the Settings FileAfter exporting a settings file, you can import it back

Web Management Tools Page 117Alert The SonicWALL LAN IP Address, LAN Subnet Mask, and the Administrator Password are notreset.Updating FirmwareThe So

Page 118 SonicWALL Internet Security Appliance Administrator’s GuideFirmware Update Wizard simplifies and automates the upgrade process. Follow the in

Web Management Tools Page 119Upgrade FeaturesSonicWALL Internet Security Appliances can be upgraded to support new or optional features.Chapter 15, S

Page 120 SonicWALL Internet Security Appliance Administrator’s GuideDiagnostic ToolsThe SonicWALL has several built-in tools which help troubleshoot n

Page 13 Chapter 16, Hardware Descriptions - provides a description of the front and back of SonicWALLInternet security appliances, including LED lig

Web Management Tools Page 121Find Network PathThe Find Network Path tool shows whether an IP host is located on the LAN or the WAN. This ishelpful in

Page 122 SonicWALL Internet Security Appliance Administrator’s GuidePingThe Ping test bounces a packet off a machine on the Internet and returns it to

Web Management Tools Page 123Packet TraceThe Packet Trace tool tracks the status of a communications stream as it moves from source todestination. Th

Page 124 SonicWALL Internet Security Appliance Administrator’s Guide1. Select Packet Trace from the Choose a diagnostic tool menu. Tip Packet Trace re

Web Management Tools Page 125Generating a Tech Support Report1. Select Tech Support Report from the Choose a diagnostic tool menu. 2. Select the Repo

Page 126 SonicWALL Internet Security Appliance Administrator’s GuideTrace RouteTrace Route is a diagnostic utility to assist in diagnosing and trouble

Network Access Rules Page 12710 Network Access RulesNetwork Access Rules are management tools that allow you to define inbound and outbound accesspol

Page 128 SonicWALL Internet Security Appliance Administrator’s GuideServicesClick Access on the left side of the browser window, and then click the Se

Network Access Rules Page 129Public LAN ServerA Public LAN Server is a LAN server designated to receive inbound traffic for a specific service, sucha

Page 130 SonicWALL Internet Security Appliance Administrator’s GuideAdd ServiceTo add a service not listed in the Services window, click Access on the

Page 14 SonicWALL Internet Security Appliance Administrator’s Guide 1 IntroductionYour SonicWALL Internet Security ApplianceThe SonicWALL Internet Sec

Network Access Rules Page 1314. Select the IP protocol type, TCP, UDP or ICMP, from the Protocol list.5. Click Add. The new service appears in the li

Page 132 SonicWALL Internet Security Appliance Administrator’s GuideMaximum Number of Rules by ProductTo create custom Network Access Rules, click Acc

Network Access Rules Page 133Network Access Rule Logic ListIt is important to fully consider the logic behind the new rule before it is added to the

Page 134 SonicWALL Internet Security Appliance Administrator’s GuideAdd A New Rule1. Click Add New Rule... in the Rules window to open the Add Rule wi

Network Access Rules Page 1359. Do not select the Allow Fragmented Packets check box. Large IP packets are often divided intofragments before they ar

Page 136 SonicWALL Internet Security Appliance Administrator’s Guide9. If you want the Rule to have guaranteed bandwidth, select Enable Outbound Bandw

Network Access Rules Page 1377. Since the intent is to allow a ping only to the SonicWALL, enter the SonicWALL LAN IP Addressin the Destination Addr

Page 138 SonicWALL Internet Security Appliance Administrator’s GuideUnderstanding the Access Rule HierarchyThe rule hierarchy has two basic concepts:1

Network Access Rules Page 139Users Extensive features are available on the Users tab in the Access section of the Managementinterface. User level acc

Page 140 SonicWALL Internet Security Appliance Administrator’s GuideUsers• Use RADIUS - Select Use Radius if you have configured RADIUS to authenticat

Introduction Page 15SonicWALL Internet Security Appliance FeaturesInternet Security• ICSA-Certified Firewall After undergoing a rigorous suite of tes

Network Access Rules Page 141Current UsersA list of all current users is displayed in a table at the bottom of the page. The Current Users tablelists

Page 142 SonicWALL Internet Security Appliance Administrator’s GuideUser LoginWhen a user other than the administrator logs into the SonicWALL Managem

Network Access Rules Page 143RADIUSRADIUS can provide control over user access and VPN access. RADIUS configuration is located inthe Access window.To

Page 144 SonicWALL Internet Security Appliance Administrator’s GuideRADIUS UsersYou can select the default privileges for all RADIUS users in this sec

Network Access Rules Page 145Management SonicWALL SNMP SupportSNMP (Simple Network Management Protocol) is a network protocol used over User Datagram

Page 146 SonicWALL Internet Security Appliance Administrator’s Guide5. Create a name for a group or community of administrators who can view SNMP data

Network Access Rules Page 147To enable secure remote management, click Access on the left side of the browser window, andclick the Management tab. Th

Page 148 SonicWALL Internet Security Appliance Administrator’s Guide 11 Advanced FeaturesThis chapter describes the SonicWALL Advanced Features, such

Advanced Features Page 149Configuring Web Proxy Relay1. Connect your Web proxy server to a hub, and connect the hub to the SonicWALL WAN port. Alert

Page 150 SonicWALL Internet Security Appliance Administrator’s GuideIntranetThe SonicWALL can be configured as an Intranet firewall to prevent network

Page 16 SonicWALL Internet Security Appliance Administrator’s GuideContent Filtering • SonicWALL Content FilteringYou can use the SonicWALL Web conten

Advanced Features Page 151Intranet ConfigurationClick Advanced on the left side of the browser window, and then click the Intranet tab.To enable an I

Page 152 SonicWALL Internet Security Appliance Administrator’s GuideVPN Single-Armed Mode (stand-alone VPN gateway)Note: This feature is available onl

Advanced Features Page 153Configuring a SonicWALL for VPN Single Armed ModeYou can use the following example information to configure the IP addresse

Page 154 SonicWALL Internet Security Appliance Administrator’s GuideRoutesIf you have routers on your Local Area Network (LAN), Demilitarized Zone (DM

Advanced Features Page 155LAN Route AdvertisementNote: This feature is only available on the PRO 100, PRO 200, PRO 230, PRO 300, and PRO 330.The Soni

Page 156 SonicWALL Internet Security Appliance Administrator’s GuideChange Damp Time (seconds) field. The default value is 30 seconds. A lower value c

Advanced Features Page 157Click Advanced on the left side of the browser window, and then click DMZ Addresses. Servers on the DMZ must have unique, v

Page 158 SonicWALL Internet Security Appliance Administrator’s Guide3. If you choose to use DMZ NAT Many to One Public Address (Optional), enter the D

Advanced Features Page 1593. Click Update. Once the SonicWALL has been updated, a message confirming the update isdisplayed at the bottom of the brow

Page 160 SonicWALL Internet Security Appliance Administrator’s GuideOne-to-One NATOne-to-One NAT maps valid, external addresses to private addresses h

Introduction Page 17Dynamic Host Configuration Protocol (DHCP)• DHCP Server The DHCP Server offers centralized management of TCP/IP client configurat

Advanced Features Page 161One-to-One NAT Configuration ExampleThis example assumes that you have a SonicWALL running in the NAT-enabled mode, with IP

Page 162 SonicWALL Internet Security Appliance Administrator’s GuideEthernetThe Ethernet tab allows the management of Ethernet settings using the Soni

Advanced Features Page 163Update to apply the changes to the SonicWALL. Now that you have enabled BandwidthManagement, you can begin configuring Rule

Page 164 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL Bandwidth ManagementBandwidth management is a means of allocating bandwi

Advanced Features Page 165.Examples of Bandwidth Management RulesBandwidth Management SchemaRule Service Priority Guaranteed MaximumAllow SMTP 0 300

Page 166 SonicWALL Internet Security Appliance Administrator’s Guide12 DHCP ServerThis chapter describes the configuration of the SonicWALL DHCP Serv

DHCP Server Page 167Configuring the SonicWALL DHCP ServerTo configure the SonicWALL DHCP server for the LAN, complete the following instructions.1. S

Page 168 SonicWALL Internet Security Appliance Administrator’s GuideDeleting Dynamic Ranges and Static Entries• To remove a range of addresses from th

DHCP Server Page 169Configuring the Central Gateway for VPN over DHCPTo configure DHCP over VPN for the Central Gateway, use the following steps:1. L

Page 170 SonicWALL Internet Security Appliance Administrator’s Guide2. Select Remote Gateway from the DHCP Relay Mode menu.LAN IP Addresses3. Select t

Page 18 SonicWALL Internet Security Appliance Administrator’s Guide2 Configuring the Network Mode on the SonicWALL The SonicWALL Internet security app

DHCP Server Page 171LAN Device Configuration 7. To configure Static Devices on the LAN, enter the IP address of the device in the IP Address fieldand

Page 172 SonicWALL Internet Security Appliance Administrator’s GuideDHCP StatusA Status page is now available to review DHCP Server Status and DHCP ov

DHCP Server Page 173DHCP Server on the SonicWALL TELE3 TZ and TZXThis section explains the configuration of the SonicWALL DHCP Server on the SonicWAL

Page 174 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring the SonicWALL DHCP ServerTo configure the SonicWALL DHCP server for th

DHCP Server Page 175Tip The DHCP Server does not assign an IP address from the dynamic range if the address is alreadybeing used by a computer on you

Page 176 SonicWALL Internet Security Appliance Administrator’s GuideDHCP StatusA Status page is available to review DHCP Server Status and DHCP over V

SonicWALL VPN Page 17713 SonicWALL VPNSonicWALL VPN provides secure, encrypted communication to business partners and remoteoffices at a fraction of

Page 178 SonicWALL Internet Security Appliance Administrator’s GuideVPN Management InterfaceSummary TabThe Summary tab has four sections: Global VPN

SonicWALL VPN Page 179in the Failure Trigger Level (missed heartbeats) field. The default value is 3. If the trigger levelis reached, the VPN connect

Page 180 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL NAT Traversal Support VPN NAT Traversal is an Internet Draft proposed to

Configuring the Network Mode on the SonicWALL Page 19NAT with DHCP ClientNAT with DHCP Client is a networking mode that allows you to obtain an IP ad

SonicWALL VPN Page 181Configure TabAdd/Modify IPSec Security AssociationsThe Configure tab settings change depending on the Security Association (SA)

Page 182 SonicWALL Internet Security Appliance Administrator’s GuideSecurity Policy SettingsThe following sections describe the Security Policy settin

SonicWALL VPN Page 183- Strong Encrypt and Authenticate (ESP 3DES HMAC SHA1) - uses 168-bit 3DES encryption andHMAC SHA1 authentication. 3DES is an e

Page 184 SonicWALL Internet Security Appliance Administrator’s Guide• Phase 1 Encryption/Authentication - select an encryption method from the Encrypt

SonicWALL VPN Page 185- Encrypt and Authenticate (ESP DES HMAC MD5) - uses 56-bit DES encryption and HMAC MD5authentication. This method impacts the

Page 186 SonicWALL Internet Security Appliance Administrator’s GuideDestination NetworksIn this section, enter the network settings for the remote VPN

SonicWALL VPN Page 187Advanced SettingsAll of the Advanced Settings for VPN connections are accessed by clicking the Advanced Settingsbutton located

Page 188 SonicWALL Internet Security Appliance Administrator’s GuideRequire authentication of local usersSelecting this check box requires that all ou

SonicWALL VPN Page 189Security Association in your SonicWALL. Traffic can travel from a branch office to a branch office viathe corporate office.Rout

Page 190 SonicWALL Internet Security Appliance Administrator’s Guidea route for the LAN. If no route is found, the SonicWALL checks for a Default LAN

Page 20 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring the SonicWALL in NAT Enabled Mode This section describes configuring th

SonicWALL VPN Page 191Advanced Settings for VPN ConfigurationsThe following table lists the available settings for each VPN configuration. The boxes

Page 192 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring SonicWALL VPNThis section covers the configuration of SonicWALL VPN fo

SonicWALL VPN Page 193Group VPN Configuration for the SonicWALL and VPN ClientConfiguring Group VPN on the SonicWALLClick VPN on the left side of the

Page 194 SonicWALL Internet Security Appliance Administrator’s Guide8. Create and enter a Shared Secret in the Shared Secret field or use the Shared S

SonicWALL VPN Page 195Group VPN Client SetupInstalling the VPN Client Software1. When you register your SonicWALL or SonicWALL VPN Upgrade, a unique

Page 196 SonicWALL Internet Security Appliance Administrator’s Guide3. A dialogue box confirming the request to import the security file appears. Clic

SonicWALL VPN Page 1976. Click File, then Save Changes to save the settings to the security policy. Group VPN can also be configured using digital ce

Page 198 SonicWALL Internet Security Appliance Administrator’s GuideVerifying the VPN Tunnel as ActiveAfter the Group VPN Policy is active on the VPN

SonicWALL VPN Page 199Manual Key Configuration for the SonicWALL and VPN ClientConfiguring the SonicWALLTo configure the SonicWALL appliance, click V

Page 200 SonicWALL Internet Security Appliance Administrator’s Guide7. Enter a 16 character hexadecimal encryption key in the Encryption Key field or

Contents Page 1ContentsCopyright Notice ...11About this

Configuring the Network Mode on the SonicWALL Page 21 Setting the Password2. To set the password, enter a new password in the New Password and Confir

SonicWALL VPN Page 201Launching the SonicWALL VPN Client To launch the VPN client, select SonicWALL VPN Client Security Policy Editor from the Window

Page 202 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring VPN Client IdentityTo configure the VPN Client Identity, click My Iden

SonicWALL VPN Page 203Configuring VPN Client Key Exchange Proposal1. Select Key Exchange (Phase 2) in the Network Security Policy box. Then select Pr

Page 204 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring Inbound VPN Client Keys1. Click Inbound Keys. The Inbound Keying Mater

SonicWALL VPN Page 205Verifying the VPN Tunnel as ActiveAfter configuring the VPN Client, you can verify that a secure tunnel is active and sending d

Page 206 SonicWALL Internet Security Appliance Administrator’s GuideIKE and Manual Key Configuration for Two SonicWALLs VPN between two SonicWALLs all

SonicWALL VPN Page 2076. Define an SPI that the local SonicWALL uses to identify the Security Association in the OutgoingSPI field.SPIs should range

Page 208 SonicWALL Internet Security Appliance Administrator’s GuideDefault LAN Gateway if specifying the IP address of the default LAN route for inco

SonicWALL VPN Page 20910. Click Add New Network. Enter the IP address, “192.168.22.1” in the Range Start field. Enterthe IP address, “192.168.22.254”

Page 210 SonicWALL Internet Security Appliance Administrator’s GuideRoute all internet traffic through this SA - if forcing internet traffic from the

Page 22 SonicWALL Internet Security Appliance Administrator’s Guide4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL internal

SonicWALL VPN Page 211IKE Configuration for Two SonicWALLsAn alternative to Manual Key configuration is Internet Key Exchange (IKE). IKE transparentl

Page 212 SonicWALL Internet Security Appliance Administrator’s Guide7. Define the length of time before an IKE Security Association automatically rene

SonicWALL VPN Page 213Example of IKE Configuration for Two SonicWALLsThe following example illustrates the steps necessary to create an IKE VPN tunne

Page 214 SonicWALL Internet Security Appliance Administrator’s Guide10. Select a VPN encryption method from the Phase 2 Encryption/Authentication menu

SonicWALL VPN Page 2156. Select Group 2 from the Phase 1 DH Group menu. 7. Enter 28800 in the SA Life time (secs) field to renegotiate keys daily.8.

Page 216 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL Third Party Digital Certificate SupportTip This section assumes that yo

SonicWALL VPN Page 217Overview of Third Party Digital Certificate SupportX.509 Version 3 Certificate StandardX.509 v3 certificate standard is a speci

Page 218 SonicWALL Internet Security Appliance Administrator’s GuideImporting Certificate with private keyAfter a certificate is signed by the CA and

SonicWALL VPN Page 219Creating a Certificate Signing RequestTo create a certificate for use with a VPN SA, follow these steps:Tip! You should create

Page 220 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring a VPN Security Association using IKE and a Third Party CertificateTo c

Configuring the Network Mode on the SonicWALL Page 23Confirming Network Address Translation (NAT) ModeIf you select Assigned you a single static IP a

SonicWALL VPN Page 2213. Select the Network Debug check box, and then click Update to enable the Network Debugsetting.Testing a VPN Tunnel Connection

Page 222 SonicWALL Internet Security Appliance Administrator’s GuideIf you are unable to ping the remote network, wait a few minutes for the VPN tunne

SonicWALL VPN Page 2233. Select the Logon to Windows NT Domain check box, and enter the domain name provided byyour administrator into the Windows NT

Page 224 SonicWALL Internet Security Appliance Administrator’s Guide5. Click on TCP/IP or Dial-Up Adapter, and then Properties. Click the WINS Configu

High Availability Page 225 14 High AvailabilityGiven the critical nature of Internet connections, SonicWALL High Availability is standard on theSo

Page 226 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring High Availability on the Primary SonicWALLClick High Availability on t

High Availability Page 227 4. In the Web Management interface for the primary SonicWALL, configure the backup SonicWALLsettings as follows:•Serial Nu

Page 228 SonicWALL Internet Security Appliance Administrator’s GuideAlert It is important during initial configuration that the backup SonicWALL has n

High Availability Page 229 Alert If you change the IP address of either SonicWALL, synchronization cannot occur between thetwo SonicWALLs without upd

Page 230 SonicWALL Internet Security Appliance Administrator’s GuideHigh Availability Status WindowOne method to determine which SonicWALL is active i

Page 24 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring WAN Network SettingsIf you selected either NAT or Standard mode, the Ge

High Availability Page 231 The first line in the status window indicates that the backup SonicWALL is currently Active. It is alsopossible to check t

Page 232 SonicWALL Internet Security Appliance Administrator’s GuideView LogThe SonicWALL also maintains an event log that displays these High Availab

High Availability Page 233 To restart the active SonicWALL, log into the primary SonicWALL LAN IP Address and click Tools onthe left side of the brow

Page 234 SonicWALL Internet Security Appliance Administrator’s Guide15 SonicWALL Options and UpgradesSonicWALL, Inc. offers a variety of options and u

SonicWALL Options and Upgrades Page 235Content Filter List SubscriptionInappropriate online content can create an uncomfortable work environment, lea

Page 236 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL ViewPoint ReportingSonicWALL ViewPoint, a Web-based graphical reporting

Hardware Descriptions Page 23716 Hardware DescriptionsThis chapter provides detailed illustrations and descriptions of the SonicWALL Internet Securit

Page 238 SonicWALL Internet Security Appliance Administrator’s Guide• Reset Switch Resets the SonicWALL PRO 200 or the SonicWALL PRO 300 to its factor

Hardware Descriptions Page 239SonicWALL PRO 200 and PRO 300 Front Panel The SonicWALL PRO 200 front panel is shown below, followed by a description o

Page 240 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL PRO 200 and PRO 300 Back PanelThe SonicWALL PRO 200 back panel is shown

Configuring the Network Mode on the SonicWALL Page 25Configuration Summary10. The Configuration Summary page displays the configuration defined usin

Hardware Descriptions Page 241SonicWALL PRO 100 Front Panel The SonicWALL PRO 100 front panel is shown below, followed by a description of each item.

Page 242 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL PRO 100 Back PanelThe SonicWALL PRO 100 back panel is shown below, follo

Hardware Descriptions Page 243SonicWALL TELE3 SP Front Panel The SonicWALL TELE3 SP front panel is shown below, followed by a description of each ite

Page 244 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL TELE3 SP Back PanelThe SonicWALL TELE3 SP back panel is shown below, fol

Hardware Descriptions Page 245SonicWALL TELE3 TZ Front PanelThe SonicWALL TELE3 TZ front panel is shown below, followed by a description of each item

Page 246 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL TELE3 TZ Back PanelSonicWALL TELE3 TZ Back Panel Description• Reset Swit

Hardware Descriptions Page 247SonicWALL TELE3 TZX Front PanelThe SonicWALL TELE3 TZX front panel is shown below, followed by a description of each it

Page 248 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL TELE3 TZX Back Panel lSonicWALL TELE3 TZX Back Panel Description• Reset

Hardware Descriptions Page 249SonicWALL SOHO3 and TELE3 Front PanelThe SonicWALL SOHO3 front panel is shown below, followed by a description of each

Page 250 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL SOHO3 and TELE3 Back PanelThe SonicWALL SOHO3 back panel is shown below,

Page 26 SonicWALL Internet Security Appliance Administrator’s GuideRestartingAlert The final page provides important information to help configure the

Hardware Descriptions Page 251SonicWALL GX 250 and GX 650 Front PanelThe SonicWALL GX 250 front panel is shown below, followed by a description of ea

Page 252 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL GX250 Front Panel Three Fast Ethernet interfaces provide connectivity fo

Hardware Descriptions Page 253SonicWALL GX 250 and GX 650 Back Panel Description • Power Inputs There are two power input receptacles to connect the

Page 254 SonicWALL Internet Security Appliance Administrator’s Guide17 Troubleshooting GuideThis chapter provides solutions for problems that you migh

Troubleshooting Guide Page 255• If you are using an Internet Explorer browser, you can want to click the Refresh button severaltimes to fully load th

Page 256 SonicWALL Internet Security Appliance Administrator’s Guide18 AppendicesAppendix A - Technical SpecificationsNote: Specifications for the Son

Appendices Page 257Appendix B - SonicWALL Support SolutionsSonicWALL’s powerful security solutions give unprecedented protection from the risks of In

Page 258 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL Support 24X7For customers with mission-critical network requirements who

Appendices Page 259Warranty Support - North AmericaIncluded with all SonicWALL products, SonicWALL warranty support includes return-to-factoryhardwar

Page 260 SonicWALL Internet Security Appliance Administrator’s GuideWarranty Support - InternationalIncluded with all SonicWALL products, SonicWALL wa

Configuring the Network Mode on the SonicWALL Page 27 Setting the PasswordAlert It is very important to choose a password which cannot be easily gues

Appendices Page 261SonicWALL Support 24X7Available for all SonicWALL products, SonicWALL Support 24X7 includes software/firmwaretechnical support, a

Page 262 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL Support 8X5Available for all products, SonicWALL Support 8X5 includes so

Appendices Page 263Appendix C - Introduction to NetworkingThis appendix provides a non-technical overview of the network protocols supported by theSo

Page 264 SonicWALL Internet Security Appliance Administrator’s GuideNetwork ProtocolsThe method that used to regulate a workstation’s access to a comp

Appendices Page 265IP AddressingTo become part of an IP network, a network device must have an IP address. An IP address is aunique number that diffe

Page 266 SonicWALL Internet Security Appliance Administrator’s GuideSubnet MaskThe IP addressing system allows subnetworks or “interchanges” to be cre

Appendices Page 267begins to count IP addresses against the license, and continues to count new LAN IP addressesaccessing the Internet until the appl

Page 268 SonicWALL Internet Security Appliance Administrator’s GuideAppendix D - IP Port Numbers The port numbers are divided into three ranges: Well

Appendices Page 269Appendix E - Configuring TCP/IP SettingsThe following steps describe how to configure the Management Station TCP/IP settings in or

Page 270 SonicWALL Internet Security Appliance Administrator’s GuideWindows NT1. From the Start list, highlight Settings and then select Control Panel

Page 28 SonicWALL Internet Security Appliance Administrator’s GuideConnecting to the InternetThe Connecting to the Internet page lists the information

Appendices Page 271Windows 20001. In Windows 2000, click Start, then Settings. 2. Click Network and Dial-up Connections. Double-click the network con

Page 272 SonicWALL Internet Security Appliance Administrator’s GuideWindows XP1. Open the Local Area Connection Properties window. 2.Double-click Int

Appendices Page 273Macintosh OS 10From a Macintosh computer, do the following:1. From the Apple list, choose Control Panel, and then choose TCP/IP to

Page 274 SonicWALL Internet Security Appliance Administrator’s GuideAppendix F - Basic VPN Terms and Concepts• VPN Tunnel A VPN Tunnel is a term that

Appendices Page 275• Internet Key Exchange (IKE) IKE is a negotiation and key exchange protocol specified by the Internet Engineering Task Force(IETF

Page 276 SonicWALL Internet Security Appliance Administrator’s GuideUsing AH increases the processing requirements of VPN and also increases thecommun

Appendices Page 277• Data Encryption Standard (DES) When DES is used for data communications, both sender and receiver must know the samesecret key,

Page 278 SonicWALL Internet Security Appliance Administrator’s GuideAppendix G- Erasing the FirmwareThere can be instances when it is necessary to res

Appendices Page 279Appendix H- Mounting the SonicWALL PRO 200 and PRO 300The SonicWALL PRO 200 and SonicWALL PRO 300 are designed to be mounted in a

Page 280 SonicWALL Internet Security Appliance Administrator’s GuideAppendix I - Configuring RADIUS and ACE ServersIndividual users must have their pr

Configuring the Network Mode on the SonicWALL Page 29Setting the User Name and Password for PPPoE6. If you selected Provided you with desktop softwar

Appendices Page 281Configuring User PrivilegesTo configure user privileges, follow these steps:1. With Steel Belted RADIUS Administrator open, click

Page 282 SonicWALL Internet Security Appliance Administrator’s GuideACS Server (Cisco)The ACS server, version 2.6, from Cisco does not support the con

Appendices Page 283RADIUS Attributes DictionaryThe following is the RADIUS dictionary in the format used with Funk Software’s Steel Belted RADIUSserv

Page 284 SonicWALL Internet Security Appliance Administrator’s GuideNotes

Appendices Page 285Notes

Page 286 SonicWALL Internet Security Appliance Administrator’s GuideNotes

Appendices Page 287Notes

Page 288 SonicWALL Internet Security Appliance Administrator’s GuideNotes

Appendices Page 289Notes

Page 290 SonicWALL Internet Security Appliance Administrator’s GuideIndexAActivation Key 119ActiveX 100, 107, 110Add New Network... 200Add Service 13

Page 30 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring the SonicWALL DHCP Server9. The Optional-SonicWALL DHCP Server page con

Index Page 291Dynamic Host Configuration Protocol (DHCP) 17Dynamic Ranges 167, 174EEdit a Rule 137E-mail Alerts 16, 231E-mail Log Now 94Enable Allowed

Page 292 SonicWALL Internet Security Appliance Administrator’s GuideLog and Block Access 104Log Categories 16Log Only 104Log Settings 93Logout 74MMan

Index Page 293Syslog Individual Event Rate 94Syslog Server 94Syslog Server 1 94Syslog Server Support 16System Errors 95, 96System Maintenance 95TTech

© 2002 SonicWALL, I n c . SonicWALL is a registered trademark of SonicWALL, I n c . Other product and company names mentioned herein may bet r ademark

Page 2 SonicWALL Internet Security Appliance Administrator’s Guide Primary Interface ...

Configuring the Network Mode on the SonicWALL Page 31CongratulationsAlert The new SonicWALL LAN IP address, displayed in the URL field of the Congrat

Page 32 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring NAT with DHCP Client Accessing the Installation WizardThe SonicWALL Ins

Configuring the Network Mode on the SonicWALL Page 33Setting the Time and Date4. Select the appropriate Time Zone from the Time Zone menu. The SonicW

Page 34 SonicWALL Internet Security Appliance Administrator’s GuideSelecting Your Internet Connection 6. Select the option, Automatically assigns you

Configuring the Network Mode on the SonicWALL Page 35Configuring LAN Network Settings8. The Fill in information about your LAN page allows the config

Page 36 SonicWALL Internet Security Appliance Administrator’s GuideConfiguration Summary10. The Configuration Summary page displays the configuration

Configuring the Network Mode on the SonicWALL Page 37RestartingTip The final window provides important information to help configure the computers on

Page 38 SonicWALL Internet Security Appliance Administrator’s Guide13. Enter the host name in the L2TP Host Name field. 14. Enter the server IP addres

Configuring the Network Mode on the SonicWALL Page 39Alert It is very important to choose a password which cannot be easily guessed by others.1. To s

Page 40 SonicWALL Internet Security Appliance Administrator’s GuideConnecting to the InternetThe Connecting to the Internet page lists the information

Contents Page 37 Logging and Alerts ...91View Log ...

Configuring the Network Mode on the SonicWALL Page 41Setting the User Name and Password for PPTP.6. The SonicWALL ISP Settings (PPTP) page is display

Page 42 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring the SonicWALL DHCP Server8. The Optional-SonicWALL DHCP Server page con

Configuring the Network Mode on the SonicWALL Page 43CongratulationsAlert The new SonicWALL LAN IP address, displayed in the URL field of the Congrat

Page 44 SonicWALL Internet Security Appliance Administrator’s GuideLogging into the SonicWALL Management InterfaceOnce the SonicWALL restarts, contact

Configuring the Network Mode on the SonicWALL Page 45Other SonicWALL general status information is displayed in this section relating to other featur

Page 46 SonicWALL Internet Security Appliance Administrator’s Guide 3 Registering at mySonicWALL.comAfter you complete the initial installation and

Registering at mySonicWALL.com Page 47Account Information3. All field marked with an * are required fields. Be sure to fill out the form completely b

Page 48 SonicWALL Internet Security Appliance Administrator’s GuidePersonal Information5. Complete the Personal Information section of the Registratio

Registering at mySonicWALL.com Page 499. If all the information is correct, click OK. A confirmation message appears notifying you that youraccount m

Page 50 SonicWALL Internet Security Appliance Administrator’s Guide_11. Enter the subscription code you received via e-mail into the Subscription Code

Page 4 SonicWALL Internet Security Appliance Administrator’s Guide Ping ...

Registering at mySonicWALL.com Page 51Problems Creating a MysonicWALL.com User Account?If you’re having trouble creating a user account on the mySoni

Page 52 SonicWALL Internet Security Appliance Administrator’s GuideQuick RegistrationTo quickly register a SonicWALL Internet Security Appliance, ente

Registering at mySonicWALL.com Page 53Status and OptionsClick Status and Options underneath the login information to search for the status and option

Page 54 SonicWALL Internet Security Appliance Administrator’s GuideManaging Your SonicWALLYou can rename your SonicWALL, transfer your SonicWALL, or d

Registering at mySonicWALL.com Page 55Transferring a SonicWALL ProductYou can transfer a SonicWALL to another mySonicWALL.com user at any time. Trans

Page 56 SonicWALL Internet Security Appliance Administrator’s GuideAlso, an e-mail message is sent to both the old and new user as a notification that

Registering at mySonicWALL.com Page 57Managing Services for SonicWALL Internet Security AppliancesIn the Applicable Services section of mySonicWALL.c

Page 58 SonicWALL Internet Security Appliance Administrator’s GuideActivating Services Using mySonicWALL.comTo activate a service such as Content Filt

Registering at mySonicWALL.com Page 59

Page 60 SonicWALL Internet Security Appliance Administrator’s Guide 4 Configuring the TELE3 SP Modem ConnectionTo improve the operational availability

Contents Page 511 Advanced Features ...148Proxy Relay ...

Configuring the TELE3 SP Modem Connection Page 61Configuring Modem ProfilesYou can configure modem profiles on the SonicWALL using your dial-up ISP i

Page 62 SonicWALL Internet Security Appliance Administrator’s GuideISP SettingsTo configure your ISP settings, you must obtain your Internet informati

Configuring the TELE3 SP Modem Connection Page 63•Manual Dial - Selecting Manual Dial for a Primary Profile means that WAN Failover does notautomatic

Page 64 SonicWALL Internet Security Appliance Administrator’s GuideTELE3 SP Modem ConfigurationThe Configure tab allows you to enable the modem to pro

Configuring the TELE3 SP Modem Connection Page 65Primary InterfaceThe SonicWALL TELE3 SP automatically detects if a WAN Ethernet connection exists wh

Page 66 SonicWALL Internet Security Appliance Administrator’s Guide6. Enter a value for the number of successful probes required to reactivate the pri

Configuring the TELE3 SP Modem Connection Page 67Location Settings1. Select Manual Dial to have the modem dial only when you click Connect on the Con

Page 68 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring Your TELE3 SP in Modem Only ModeConfiguring the Network SettingsFollow

Configuring the TELE3 SP Modem Connection Page 69StatusThe Status tab displays dial-up connection information when the modem is active.Modem StatusIn

Page 70 SonicWALL Internet Security Appliance Administrator’s GuideChat ScriptsSome legacy servers can require company-specific chat scripts for loggi

Page 6 SonicWALL Internet Security Appliance Administrator’s Guide 12 DHCP Server ...

Configuring the TELE3 SP Modem Connection Page 71Custom Chat ScriptsCustom chat scripts can be used when the ISP dial-up server does not use PAP or C

Page 72 SonicWALL Internet Security Appliance User’s Guide 5 Managing Your SonicWALL Internet Security ApplianceThis chapter contains a brief overvie

Managing Your SonicWALL Internet Security Appliance Page 73 The first time you access the SonicWALL Management interface using HTTPS, you may see the

Page 74 SonicWALL Internet Security Appliance User’s GuideNote: The Status window displays the unique characteristics of the SonicWALL Internet Securi

Managing Your SonicWALL Internet Security Appliance Page 75 CLI Support and Remote ManagementOut-of-band management is available on SonicWALL Interne

Page 76 SonicWALL Internet Security Appliance Administrator’s Guide 6 General and Network SettingsThis chapter describes the tabs in the General secti

General and Network Settings Page 77• NAT with L2TP Client mode uses IPSec to connect a L2TP server and encrypts all datatransmitted from the client

Page 78 SonicWALL Internet Security Appliance Administrator’s GuideWAN Settings• WAN Gateway (Router) AddressThe WAN Gateway (Router) Address is the I

General and Network Settings Page 79Standard ConfigurationIf your ISP provided you with enough IP addresses for all the computers and network devices

Page 80 SonicWALL Internet Security Appliance Administrator’s GuideWhen NAT is enabled, users on the Internet cannot access machines on the LAN unless

Contents Page 7Enable Perfect Forward Secrecy ...189Phase 2 DH Group ...

General and Network Settings Page 81•The SonicWALL WAN IP (NAT Public) Address is "10.1.1.25". •The private SonicWALL LAN IP Address is &qu

Page 82 SonicWALL Internet Security Appliance Administrator’s GuideWhen your SonicWALL has successfully received a DHCP lease, the Network window disp

General and Network Settings Page 833. Enter your network subnet mask in the LAN Subnet Mask field. The LAN Subnet Mask tells yourSonicWALL which IP

Page 84 SonicWALL Internet Security Appliance Administrator’s GuideNAT with L2TP Client ConfigurationThe SonicWALL can use L2TP over Ethernet to conne

General and Network Settings Page 859. Select the Disconnect after __ Minutes of Inactivity check box to automatically disconnect theL2TP connection

Page 86 SonicWALL Internet Security Appliance Administrator’s GuideNAT with PPTP Client ConfigurationThe SonicWALL can use Point-to-Point Tunneling Pr

General and Network Settings Page 877. Enter the IP address of the PPTP server in the PPTP Server IP Address field. 8. Enter your user name and passw

Page 88 SonicWALL Internet Security Appliance Administrator’s GuideSetting the Time and DateThe SonicWALL uses the time and date settings to time stam

General and Network Settings Page 89Configuring the Administrator SettingsThe Password tab is now the Administrator tab. In this section, you can co

Page 90 SonicWALL Internet Security Appliance Administrator’s GuideSetting the Administrator Inactivity TimeoutThe Administrator Inactivity Timeout se

Page 8 SonicWALL Internet Security Appliance Administrator’s Guide 15 SonicWALL Options and Upgrades ...2

Logging and Alerts Page 917 Logging and AlertsThis chapter describes the SonicWALL Internet security appliance logging, alerting, and reportingfeatu

Page 92 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL Log MessagesEach log entry contains the date and time of the event and a

Logging and Alerts Page 93Log SettingsClick Log on the left side of the browser window, and then click the Log Settings tab.Configure the following s

Page 94 SonicWALL Internet Security Appliance Administrator’s Guide5. Syslog Server - In addition to the standard event log, the SonicWALL can send a

Logging and Alerts Page 95Log CategoriesYou can define which log messages appear in the SonicWALL Event Log. All Log Categories areenabled by default

Page 96 SonicWALL Internet Security Appliance Administrator’s GuideAlerts/SNMP Traps Alerts are events, such as attacks, which warrant immediate atten

Logging and Alerts Page 97The Reports window includes the following functions and commands:• Start Data Collection Click Start Data Collection to beg

Page 98 SonicWALL Internet Security Appliance Administrator’s GuideSonicWALL ViewPointSonicWALL ViewPoint is a software solution that creates dynamic,

Content Filtering and Blocking Page 99 8 Content Filtering and BlockingInternet content filtering allows you to create and enforce Internet access po

Page 100 SonicWALL Internet Security Appliance Administrator’s GuideConfiguring SonicWALL Content FilteringThe Configure tab is common between the thr