Manuel d'utilisation / d'entretien du produit 2.5 du fabricant SonicWALL
Aller à la page of 364
C OM P REHENSIVE INTERN ET S ECURI TY ™ SSSS S o n i c W A L L S e c u r i t y A p p l i a n c e s S onicOS Enhanced 2. 5 Administrator's Guid e.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE i P ART 1: Introduction to S onicOS Enhanced 2.5 Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 SonicOS Enhanced 2.
ii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 7: Managing SonicW ALL Se curity Appliance Firmware . . . . . . . . . . . . . 37 System > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE iii Chapter 13: Configuri ng Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Network > Address Objects . . . . . . . . . . . . . . . . . . . .
iv S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : P ART 4: Wireless Chapter 20: Managing SonicPoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 9 Wireless > SonicPoints . . . . . . . .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE v Chapter 26: Configuring Firewall Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Firewall > Services . . . . . . . . . . . . . . . . . . . . . . . .
vi S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 33: Configuri ng VPN Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 VPN>CA Certificates . . . . . . . . . . . . . . . . . . . . . .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE vii P ART 9: Security Servic es Chapter 38: Managing Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Security Services>Summary . . . . . .
viii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE : Chapter 44: Configur ing Syslog Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE ix Chapter : Chapter : Preface Copyright Notice © 2004 SonicWAL L, Inc. All righ ts reserved .
x S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE Preface EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED , SUCH WARRANTY IS LIMITED IN DU RATION TO THE WARRANTY PERIOD.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE xi Current Document ation Check the So nicWALL docu mentation Web site fo r that lates t versions of this manual and all other SonicWALL product d ocumentation. http://www.sonicwall.com/services/documenta tion.
xii S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE Preface.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 1 P ART 1 Part 1 Introduction to SonicOS Enhanced 2.5.
2 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 1 SonicOS Enhanced 2.5 C HAPTER 1 Chapter 1: Introduction SonicOS Enhanced 2.5 SonicOS Enhanced is the most power ful Soni cOS op erating system designed for the latest generation of So nicWALL security applian ces.
2 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction • Multiple GroupVPN Policies : SonicOS Enhanced 2.5 allows yo u to create separate, customized GroupVPN policies for each Zone, an d SonicWALL Global VPN Client connections can termin ate on any interface.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 3 About this Guide Organization of this Guide The SonicOS En hanced 2 .5 Administra tor’s Guide organizat ion is structu red into th e following pa rts that follow th e SonicWALL W eb Mana gement In terface s tructure.
4 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction Part 6 VPN This part covers how to create VPN policies on the SonicWALL security app liance to support SonicWALL Global VPN Clients as well as creating site-to-site VPN policies for connecting offices running SonicWALL secu rity appliances.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 5 About this Guide Guide Conventions The following Conventions used in this guide are as follows: Icons Used in this Manual These speci.
6 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction SonicW ALL T echnical Support For timely resolution of tech nical support q uestions, visit SonicWAL L on the Intern et at <http://www.sonicwall.com/services/ support.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 7 More Information on SonicWALL Products Knowledge Base All SonicWALL customers have imm ediate, 24X7 a ccess to our state-of-the-art e lectronic support tools.
8 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 1: Introduction.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 9 C HAPTER 2 Chapter 2: Getting S t arted Configuring Y our Management St ation Your SonicWALL secu rity appliance is configured with the default IP ad dr ess of 192.168.1 68.168. This IP address is used to initially access the Management Interface of the SonicWALL security appliance.
10 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started 9 Enter 255.255.255.0 in the Subnet field. 10 If you have a DNS Server IP addres s from your ISP, enter it in the Preferred DNS Server field. 11 Click OK .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 11 S Alert: Because you are tempor arily disconnected from the Internet, yo u may receive an error message when your Web br owser first opens. This does no t affect your installation process.
12 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started Using the Management Interface The SonicWALL’s Web Manageme nt Interface prov ides a easy-to-use graphical interface for configuring your SonicWAL L. SonicWALL manag ement functions are per formed through a Web browser.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 13 If the settings are containe d in a secondary win dow within the M anagemen t Interfac e, when you click OK , the settings are automatically applied to the SonicWALL. Getting Help Each SonicWALL includes Web-based online help av ailable from the Managem ent Interface.
14 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 2: Getting Started.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 15 P ART 2 Part 2 System.
16 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 17 System > Status C HAPTER 3 Chapter 3: V iewing S t atus Information System > S t atus The System>Statu s page provides a comprehen sive collection of information and links to help you manage your SonicWALL security ap pliance and Soni cWALL Security Ser vices licenses.
18 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Wizards The Wizards button on the Syst em>Status page provides acce ss to the SonicWALL Co.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 19 System > Status Registration and Security Services Once you’ve established your Intern et connectio n, you can register you r security appliance at mySonicWALL.com as well as activate SonicWALL Se curity Services.
20 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Creating Y our mySonicW ALL.com Account If you already have a mySonicWALL.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 21 System > Status Registering the SonicW ALL Security Ap pliance from the Management Interface If you have a mySonicWALL.
22 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 3: Viewing Status Information Network Interfaces Network Int erfaces displays information about the interfaces for your SonicWALL se curity appliance. Clicking the blue arrow displays the Network>Settings page for configuring your Network settings.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 23 System > Licenses C HAPTER 4 Chapter 4: Managing SonicW ALL Security Services Licenses System > Licenses The System>Licenses pa ge provides links to activate, upgra de, or renew SonicWALL Security Services licens es.
24 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 4: Managing SonicWALL Security Services Licenses longer active ( Expired ). The number of no des/users allowed for the license is displaye d in the Count column. Th e Expiration column displays the expir ation dat e for any Licensed Security Service.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 25 System > Licenses Enter your mySonicWALL.com accoun t username and password in the User Name and Passwor d fields and click Submit. The Manage Services Online page is displayed with licensing information from your mySonicWALL.
26 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 4: Managing SonicWALL Security Services Licenses 3. Click the View License Keyset link. The scrambled text displaye d in the text box is the License Keyset for the selected Sonic WALL security applia nce and activated Security Services.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 27 System > Administration C HAPTERW 5 Chapter 5: Configuring SonicW ALL Security Appliance Administration Settings System > Administration The System Administration page pr ovides settings for the configuration of SonicWALL security appliance for secure and remote ma nagement.
28 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings Administrator Name & Password The Administrator Name can be changed from the default se tting of admin to any word using alphanumeric characters up to 32 character s in le ngth.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 29 System > Administration when you u se the IP ad dress to log into the Soni cWALL security applaince. For example, if you configure the port to be 76, then you must type <LAN IP Address>:76 into the Web browser, i.
30 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings  Cross Reference: For more information on Soni cWALL Global Management System , go to http://www.sonicwall.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 31 System > Administration Enable GMS Management You can configure the SonicWAL L security appliance to be manage d by SonicWALL Global Management System (SonicWALL GMS).
32 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings enter the IP a ddress in the NAT Device IP Address field. The default VPN policy settings are displayed at the bottom of the Config ure GMS Settings window.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 33 System > Administration VPN Client Download URL The VPN Client Download URL provid es a field for entering the URL address of a site for downloading the SonicWALL Global VPN Client app lication, when a user is prompted to use the Global VPN Client for access to the network.
34 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 5: Configuring SonicWALL Security Appliance Administration Settings.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 35 System > Time C HAPTER 6 Chapter 6: Configuring T ime Settings System > T ime The Syst em>Time page defines the time and date settings to time stamp log events, to automatically update SonicWALL Security Ser vices, and for other internal purposes.
36 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 6: Configuring Time Settings System T ime To select your time zone and automatically up date the time, choose th e time zone from the Time Zone menu.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 37 System > Settings C HAPTER 7 Chapter 7: Managing SonicW ALL Security Appliance Firmware System > Settings This System>Setting s page allows you to manage your SonicWAL L security appliance’s SonicOS versions and preferences.
38 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware 3 Select the preferences file. 4 Click Import , and restart the firewall. Export Settings To export configuration settings from the SonicWAL L security app liance, us e the instructio ns below: 1 Click Export Settings .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 39 System > Settings Firmware Management T able The Firmware Managemen t table di splays the followin g information: • Firmware Ima.
40 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware Up dating Firmware Manually Click Upload New Firmware to upload new firmware to the SonicWALL secur ity appliance. The Upload Firmware window is displayed.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 41 System > Settings Firmware Management The Firmware Manage ment table has the following columns: • Firmware Image - In this colum.
42 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 7: Managing SonicWALL Security Appliance Firmware.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 43 System > Diagnostics C HAPTER 8 Chapter 8: Using Diagnostic T ools & Rest arting the SonicW ALL Security Appliance System >.
44 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance Diagnostic T ools You can choose any of the following diagnostic tools from the Dia gnostic Tool menu.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 45 System > Diagnostics Packet T race The Packet Trace tool tracks the status of a communications stream as it move s from source to destination.
46 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance To 204.71.200.74 / 80 (02:00:cf:58:d3:6a) The SonicWALL security appliance forwards the client ACK to the remote host and wa its for the data transfer to begin.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 47 System > Diagnostics Generating a T ech Support Report 1 Select Tech Support Report from the Choose a diagnostic t ool menu. 2 Select the Report Options to be included with your e-ma il.
48 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 8: Using Diagnostic Tools & Restarting the SonicWALL Security Appliance System > Rest art Click Restart to display the Syst em>Restart page. The SonicWALL se curity appliance can be restarted from the Web Ma nagement interface.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 49 P ART 3 Part 3 Network.
50 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 51 Network > Interfaces C HAPTERW 9 Chapter 9: Configuring Interfaces Network > Interfaces The Network>Interfac es page includes interface objects that are directly linked to physical interfaces.
52 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces SonicOS Enhanced Secure Object s The SonicOS Enhanced sch eme of interface addre ssing works in conjunction with network zones and address objects.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 53 Network > Interfaces •N a m e - listed as X0, X1 , X2 , X3 , X4 , and X5 or LAN , WAN , WLAN , Custom , or OPT/DMZ depending on your SonicWALL security appliance mo del. •Z o n e - LAN, DMZ/OPT and WAN are listed by def ault.
54 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 1 Click on the Notepad icon in the Configure column for Unassigned Interface you want to configure. The Edit Interface window is displayed. 2 Select the LAN interface.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 55 Network > Interfaces Configuring Advanced Sett ings for the Interface If you need to force an Ethernet speed, duplex and/or MAC address, click th e Advan ced tab. The Ethernet Settings section allows you to mana ge the Ethern et settings of links connected to the SonicWALL.
56 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 3 Select Transparent Mode from the IP Assignment menu. 4 Select the address object from th e Transparent Ra nge menu. See Chapter 13 for more information.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 57 Network > Interfaces Configuring the WLAN Interface Static means you assign a fixe d IP address to the interface. 1 Click on the Notepad icon in the Configure column for Unass igned Interfac e you want to configure.
58 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces 2 If you’re configuring an Un assigned Inte rface, select WAN from the Zone menu. If you selected the Default WAN Interface, WAN is already selected in the Zone menu.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 59 Network > Interfaces Comment Management User Login Renew Release Refresh PPPoE User Name User Password Comment Management User Log.
60 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces Management User Login Inactivity Disconnect (minutes) L2TP IP Assignment DHCP Renew Relea se Refr.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 61 Network > Interfaces Check Enable Multicast Supp ort to allow multicast rece ption on this interface. S Alert: If you select a specific Ethernet speed and duplex, you must force th e connection speed and duplex from the Ethernet card to the SonicWALL as well.
62 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 9: Configuring Interfaces.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 63 Network > WAN Failover & LB C HAPTER 10 Chapter 10: Setting Up W AN Failover and Load Balancing Network > W AN Failover & LB WAN Failover and Load Balancing allows y ou to des ignate one of the user-ass igned interfaces as a Secondary or backup WAN port.
64 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing Setting Up W AN Failover and Load Balancing The following are the steps to c.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 65 Network > WAN Failover & LB Activating W AN Failover and Load Balancing To configure the SonicWALL fo r WAN failover and load balancing, follow th e steps below: 1 On Network > WAN Failover & LB page, select Enable Load Balancing .
66 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing • Per Destination Round- Robin : When this setting is selected, th e SonicWALL security appliance load-balances outgoing traffic on a pe r-destination ba sis.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 67 Network > WAN Failover & LB Configuring W AN Probe Monitoring To configure WAN probe monitorin g, follow these steps: 1 On the Network > WAN Failover & LB page, check the Enable Probe Monitoring box, and click on the Configure button.
68 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 10: Setting Up WAN Failover and Load Balancing W AN Load Balancing S t atistics The WAN Load Balancing Statistics table dis.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 69 Network > Zones C HAPTER 11 Chapter 11: Configuring Zones Network > Zones A Zone is a logical grouping of one or more inter fac.
70 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones doorperson is the inter-zone/intra-zon e security po licy, and the doorperson’s job to consult a list and make sure that the person is allowed to go to the other room, or to leave the building.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 71 Network > Zones •D M Z : This zone is normally used for publicly acce ssible serve rs. This zon e can cons ist of on e to four interfaces, dependin g on you network design. • VPN : This virtual zone is used for simplifying se cure, remote connectivity.
72 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones • SonicWALL Content Filtering Servic e - Enforces content filtering on multiple interfaces in the same Trusted, Public and WLAN zon es.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 73 Network > Zones Adding a New Zone To add a new Zone, click Add under the Zone Sett ings table. The Add Zone window is displayed. 1 Type a name for the new zone in the Name field. 2 Select a security type Trusted , Public or Wireless from the Security Type menu.
74 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones 4 Click th e Wireless tab. 5 In the Wirele ss Setting s section, select WiFiSec Enforcement to require that all traffic that enters into the WLAN Zone interface b e either IPSec traffic, WPA traffic, or both.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 75 Network > Zones Post Auth enticatio n Page - directs users to the page you sp ecify immediately after successful authentication. Enter a URL for the post - authentication page in the filed.
76 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 11: Configuring Zones.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 77 Network > DNS C HAPTERW 12 Chapter 12: Configuring DNS Settings Network > DNS The Domain Name System (DNS) is a distributed , h.
78 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 12: Configuring DNS Settings.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 79 Network > Address Objects C HAPTER 13 Chapter 13: Configuring Address Object s Network > Address Object s Address Objects are one of four object classes (Address, User , Service, and Schedule) in SonicOS Enhanced.
80 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects example “My Access Point” with a MAC address of “00:06:01:AB:02 :CD”. MAC Address objects are used by various components o f Wire less configurations throughout SonicOS.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 81 Network > Address Objects You can enter the po licy number (the number listed before the po licy name in the # Name column) in the Items field to move to a specific entry. The def ault table configuration disp lays 50 entries per page.
82 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • LAN Interface IP • WAN.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 83 Network > Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL W.
84 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subn.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 85 Network > Address Objects Default Address Group s • LAN Subnets • Firewalled Subnets • WAN Subnets • DMZ Subnets • ALL W.
86 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 13: Configuring Address Objects To add a Group of Address Objects, click Ad d Group to display the Add Address Object Gr oup window. 1 Create a name fo r the group in the Name field.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 87 Network > Routing C HAPTER 14 Chapter 14: Configuring Routes Network > Routing If you have routers on your interfaces, you ca n c onfigure static routes on the SonicWALL security appliance on the Network>Routing page.
88 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes Route Advertisement Configuration To enable Route Advertise m ent for an Interface, follow these steps: 1 Click th e Notepad icon in the Configure column for the inter face.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 89 Route Policies MD5 Digest - Enter a numerical value from 0-255 in the Authentication Key-Id (0-2 55) field. Enter a 32 hex digit value for the Authen tication Key (32 hex digits) field, or use the generated key.
90 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes Route Policies T able You can change the view your route po licies in the Route Policies table by selecting one of the view settings in the View Style menu .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 91 Route Policies 1 Click the Add button under the Route Policies table. The Add Route Policy window is displayed.
92 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 14: Configuring Routes.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 93 Network > NAT Policies C HAPTER 15 Chapter 15: Configuring NA T Policies Network > NA T Policies The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT polices for their incoming and outgoing tra ffic.
94 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies NA T Policies T able The NA T Policies table allows you to view your NAT Policies by Custom Policies , Default Policies , or All Policies .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 95 Network > NAT Policies NA T Policy Settings Explained The following explains the settings used to create a NAT policy entry in the Add NAT Policy or Edit NAT Policy windows.
96 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies security appliance, or you ca n create your own entri es. For many NAT Policies, this field is set to Original , as the policy is only altering source or destination IP addresses.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 97 Network > NAT Policies appliance to operate pro perly, and cannot be delete d. For this reas on, they are listed in th eir own section, in order to make the user-created NAT policies easier to browse.
98 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies • Translated Source : WAN Primary IP • Original Destination : Any • Translated Destinati.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 99 Network > NAT Policies You can test the dynamic mapping by installing several systems on the LAN (X 0) interface at a spread-out range of addr esses (for example, 19 2.168.10.10, 192.
100 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies translation betwe en the private and public address.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 101 Network > NAT Policies • Outbound Interface : Any • Comment : Enter a short descr iption • Enable NAT Policy : Checked • .
102 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies 2 Create two address objects for the servers’ private IP addresses. 3 Create two NAT entries to allow the two servers to initia te traffic to the public Internet.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 103 Network > NAT Policies When done, click on the OK button to add and activate the NAT policies.
104 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 15: Configuring NAT Policies •A c t i o n : Allow • Service : servone_public_port ( o r whatever you n a med it above).
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 105 Network > ARP C HAPTER 16 Chapter 16: Managing ARP T raf fic Network > ARP ARP (Address Resolution Protocol) maps layer 3 (IP addresses) to layer 2 (physica l or MAC addresses) to enable communications between hosts residing on the same subn et.
106 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 16: Managing ARP Traffic You can sort the entrie s in the table by clicking on the column heade r. The entries are sorted by ascending or descending or der. The arrow to the right of the column en try indicates the sorting status.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 107 Network > DHCP Server C HAPTER 17 Chapter 17: Setting Up the DHCP Server Network > DHCP Server The SonicWALL security applianc.
108 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server The DHCP Server Configuration window is displayed. In the Dynamic Ranges table, the Range Start , Range End , an d Interface information is displayed.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 109 Network > DHCP Server 6 If you select the interfa ce IP address fro m the Gateway Preferenc es menu, the Default Gateway and Subnet Mask fields are unavaila ble.
110 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server 2 Enter the IP address or FQDN of your Vo IP Call Manager in the Call Manager 1 field. You ca n add two additional VoIP Call Manager add resses.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 111 Network > DHCP Server 3 Click OK to add the settings to the SonicWALL. 4 Click Apply for the settings to t ake effect on the SonicWALL. 9 Ti p: The SonicWALL DHCP server can assign a total of 64 address ranges with 64 IP addresses each or a total of 4096 IP ad dresses.
112 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 17: Setting Up the DHCP Server.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 113 Network > IP Helper C HAPTER 18 Chapter 18: Using IP Helper Network > IP Helper The IP Helper allows the SonicW ALL security a.
114 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 18: Using IP Helper IP Helper Policies IP Helper Poli cies allow you to forward DHCP and NetBIOS br oadcasts from one in terface to another interface. Adding an IP Helper Policy 1 Click th e Add button under the IP Helper Policies table.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 115 Network > Web Proxy C HAPTER 19 Chapter 19: Setting Up W eb Proxy Forwarding Network > W eb Proxy A Web proxy server inter c epts HTTP requests and dete rmines if it has stored copies of the r e quested Web pages.
116 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 19: Setting Up Web Proxy Forwarding 2 Type the name or IP address of the proxy server in the Proxy We b Server (name or IP address) field. 3 Type the proxy IP port in the Proxy Web Server Port field.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 117 P ART 4 Part 4 W i reless.
118 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 117 Wireless > SonicPoints C HAPTER 20 Chapter 20: Managing SonicPoint s Wireless > SonicPoint s SonicWALL SonicPoints are wireless access points specially en gineered to wor k with SonicW ALL security appliances running Soni cOS Enhanced 2.
118 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints • Assign one or more interfaces to the Wireless zone.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 119 SonicPoint Provisioning Profiles Country Code : Select the country where you are operating the SonicPoints. The country code determines which regulatory domain the radio operation falls under .
120 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints Key 1 - Ke y 4 : Enter the encryptions keys for WEP encr ypt ion. Enter the most likely to be used in the field you selected as the default key.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 121 SonicPoint Provisioning Profiles If the SonicPoint does loca te, or is located by a peer SonicOS device, via the SonicWALL Discovery.
122 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints 802.11a Radio 802.11a Advanced 802.11g Radio 802.11g Advanced The options on these ta bs are the same as the Add SonicPoint Profile screen.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 123 SonicPoint Provisioning Profiles If via the SDP exchange the SonicOS device ascer t ains that the SonicPoint requir es provisioning or a configuration update (e.
124 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 20: Managing SonicPoints • Updating Firmware – If the SonicOS device detects that it has a firmware update available for a SonicPoint, it will use SSPP to up date the SonicPoint’s firmware.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 127 Wireless > Station Status C HAPTER 21 Chapter 21: V iewing S t ation S t atus Wireless > S t ation St atus Event and S t atistics Reporting The Wireless > Station Status page reports on the statis tics of each SonicPoint.
128 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 21: Viewing Station Status None – No state information yet exists for the station Authenticated – The station ha s s uccessfully authenticate d. Associated – The station is associated.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 129 Wireless > IDS C HAPTER 22 Chapter 22: Using and Configuring IDS Wireless > IDS Detecting Wireless Access Point s You can have many wireless access points within re ach of the signal of the SonicPoints on your network.
130 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 22: Using and Configuring IDS Access Point IDS When the Radio Role of the SonicWALL PRO 5060 is set to Access Point mode, .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 131 P ART 5 Part 5 Firewall.
132 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 133 Firewall > Access Rules C HAPTER 23 Chapter 23: Configuring Access Rules Firewall > Access Rules This chapter provides an ove.
134 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules S t ateful Packet Inspection Default Access Rules Overview By default, the SonicWALL security appliance’s stateful packet inspe c tion allows all communication from the LAN to the Internet, and blocks all traffic to the LAN from the Internet.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 135 Configuration Task List 9 Ti p: You m ust select Bandwidth M anagement on the WAN > Ethernet page. Click Network , then Configure in the WAN line of the In terfaces table, and type your available bandwidth in the Available WAN Bandwidth ( Kbps ) field.
136 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules Each view displa ys a table of de fined network access rules. F or example, s electing All Rules displays all the network access rules for all zone s.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 137 Configuration Task List Adding Access Rules To add ac cess rules to the SonicW ALL sec urity applian ce, perform the followin g steps: 1. Click Add at the bottom of the Access Rules table.
138 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules 10. Click on the Advanced tab. 11. Do not select the Allow Fragmente d Packets ch eck box. Large IP pa ckets are often divid ed into fragments before they are routed over the Inte rnet and then reassembled at a destination host.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 139 Access Rule Configuration Examples Enabling and Disabling an Access Rule To enable or disable an access rule, click the Enable checkbox. Restoring Access Rules to Default Zone Settings To remove all end-user configured a c cess rules for a zone, click the Defa ult button.
140 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 23: Configuring Access Rules Blocking LAN Access for S pecific Services This section provides a configuration example fo r an access rule blocking LAN access to NNTP servers on the Internet during busine ss hours.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 141 Firewall > Advanced C HAPTER 24 Chapter 24: Configuring Advanced Access Rule Settings Firewall > Advanced To configure ad vanced acce ss rule options, select Firewall > Advanced under Firewall.
142 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 24: Configuring Advanced Access Rule Settings Detection Prevention • Enable Stealth Mode - By defa ult, the security appliance responds to incoming connection requests as either “blocke d” or “open.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 143 Firewall > Schedules C HAPTER 25 Chapter 25: Setting Access Rule Schedules Firewall > Schedules The Firewall>Schedules page allows you to create and manage a c cess rule enforcement schedules.
144 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 25: Setting Access Rule Schedules Adding a Schedule To create schedules, click Add . The Add Schedule window is displayed. 1 Enter a name for the schedule in the Name field.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 145 Firewall > Services C HAPTER 26 Chapter 26: Configuring Firewall Services Firewall > Services SonicOS Enhanced suppor ts an expanded IP protocol support to allow users to create services and access rules based on these protocol s.
146 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services Default Services Overview The Default Services view displays the SonicWALL security appliance default services in the Services table and Service Groups table.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 147 Custom Services Configuration Task List EIGRP ( 88 )—(Enhance d Interior Gateway Routing Protocol) Advanced version of IGRP.
148 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services For ICMP, IGMP, OSPF and PIMS M protocols, select from the Sub Type pull-down menu for sub types. For the remaining protocols, you will not need to specify a Port Range or Sub Type.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 149 Custom Services Configuration Task List Editing Custom Services Gro up s Click the Notepad icon un der Configure to edit the custom service group in the Edit Service Group window, which includes the same configuration settings as the Add Service Gro up w indow.
150 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 26: Configuring Firewall Services.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 151 Firewall > Multicast C HAPTER 27 Chapter 27: Configuring Multicast Settings Firewall > Multicast Multicastin g, also ca lled IP multicas ting, is a me thod for se nding on e Internet Protocol (IP) packet simultaneously to multiple hosts.
152 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 27: Configuring Multicast Settings Multicast Snooping This section provides configurat ion tasks for Multicast Snooping. • Enable Multicast - This checkbox is disabled by de fault.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 153 Firewall > Multicast Configuration Example Perform the following steps to enable multic ast supp ort on LAN-dedicated interfaces. 1 Enable multicast support on your So nicWALL security applia nce.
154 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 27: Configuring Multicast Settings.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 153 Firewall > VoIP C HAPTER 28 Chapter 28: Configuring V oIP Support This chapte r provides o verview information and co nfiguration tasks on enabling Voice over IP (VoIP) protocols.
154 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 28: Configuring VoIP Support • Gatekeepers - Services for call setup an d tear dow n, and registering H.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 155 Firewall > VoIP SIP Settings This section provides confi guration tasks for SIP Settings. • Enable SIP Transformations - This setting transforms SIP me ssages between LAN (trusted) and WAN/DMZ (untru sted).
156 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 28: Configuring VoIP Support • H.323 Signaling/Media inactivity t ime out (seconds) - This field has a default value of 300 seconds (5 minut es). This is a similar setti ng to the “TCP connection inactivity timeout.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 157 P ART 6 Part 6 VPN.
158 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 159 VPN > Settings C HAPTER 29 Chapter 29: Configuring VPN Policies VPN > Settings SonicWALL VPN, based on the industry-standar d .
160 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies The VPN>Settings page prov ides the Son icWALL feat ures for configuring your VPN policie s. You configure site-to-site VPN policies and GroupVPN policies from this page.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 161 VPN > Settings VPN Global Settings The Global VPN Sett ings section displays t h e following information: • Enable VPN must be selected to allow VPN policies through the SonicWALL security policies.
162 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Currently Active VPN T unnels A list of currently ac tive VPN tunnels is displayed in this section.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 163 Configuring GroupVPN Policies Configuring GroupVPN with IKE using Preshared Secret on the W AN Zone To configure the WAN GroupVPN, follow these steps: 1 Click the Edit icon for the WAN GroupVPN entry.
164 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies In the IPSec (Pha se 2) Proposal section, sele ct the following default settings: ESP from th.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 165 Configuring GroupVPN Policies 5 Click the Client tab, select any of the following setting s you want to apply to your GroupVPN policy. Cache XAUTH User Name and Password on Client - allows the Global VPN Client to cache the user name and password.
166 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Require Distributed Securit y Client for this Connection - only allows a VPN connection f.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 167 Configuring GroupVPN Policies SHA1 from the Authentication menu. Leave the default setting, 28800 , in the Life Time (se conds) field. This setting forces the tunne l to renegotiat e and exchan ge keys every 8 hou rs.
168 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Use DHCP to obtain Virtual IP for this Connection - allows the VPN Client to obtain an IP address using DHCP over VPN.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 169 Site-to-Site VPN Configurations Site-to-Site VPN Configurations When design ing VPN conne ctions, be sure to d ocument all pertinent IP Addressing informatio n and create a network dia gram to use as a reference.
170 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Additional Information SA Name:_____________ _______ Manual Key , SPI In___ __ SPI Out_ ____ Enc.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 171 Creating Site-to-Site VPN Policies 9 Ti p: Use the VPN Planning Sheet for Site -to-Site VPN Policies to record your settings. These settings are necessary to configure the r e mote SonicW ALL and cr eate a successful VPN connection.
172 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Configuring a VPN Policy with IKE using Preshared Secret To configure a VPN Policy using Internet Key Exchange (IKE), follow the steps below: 1 Click Add on the VPN>Settings page.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 173 Creating Site-to-Site VPN Policies 8 Under Local Networks , select a local network f rom Choose local network from list if a specific local network can access the VPN tunnel.
174 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 14 Click Advanced . 15 Select Enable Keep Alive to use heartbeat messages between peers on this VPN tunnel.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 175 Creating Site-to-Site VPN Policies Configuring a VPN Policy using Manual Key To manually configu r e a VPN policy between two SonicWALL appliances using Manual Key, follow the steps below: Local SonicW ALL 1 Click Add on the VPN>Settings page.
176 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 7 Click on the Proposals ta b. 8 Define an Incoming SPI and an Outgoing SPI . The SPIs are hexade cimal (0123456789abcedf) and can range from 3 to 8 char acters in length.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 177 Creating Site-to-Site VPN Policies 12 Click the Advanced tab and sele ct any of the followin g option al settings you want to apply to your VPN policy.
178 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 8 Define an Incoming SPI and an Outgoing SPI .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 179 Creating Site-to-Site VPN Policies Configuring a VPN Policy with IKE using a Third Party Certificate S Alert: You must have a valid .
180 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies 8 Click on the Network tab. 9 Under Local Ne tworks , select a local network from Choose local network fr om list if a specific local network can access the VPN tunnel.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 181 Creating Site-to-Site VPN Policies Enter a maxim um time in seconds allo wed befor e forcing th e policy to re negotiate and exch ange keys in the Life Time field. The default settings is 28800 seconds (8 hours) .
182 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 29: Configuring VPN Policies Select an interface or Zone from the VPN Policy b ound to menu. A Zone is the prefer red selection if you are using WAN Load Balancing and you wish to allow the VPN to use either WAN interface.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 183 VPN>Advanced C HAPTER 30 Chapter 30: Configuring Advanced VPN Settings VPN>Advanced The Advanced VPN Settings page includes optional settings that affect all VPN policies.
184 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 30: Configuring Advanced VPN Settings • Enable Fragmented Packet Handling - If the VPN log report shows the log me ssage “Fragmented IPSec packe t dropped”, select this f eature.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 185 VPN > DHCP ov er VPN C HAPTER 31 Chapter 31: Configuring DHCP Over VPN VPN > DHCP over VPN The V PN > DHCP over VPN page al.
186 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN 2 Select Central Gateway from the DHCP Relay Mode menu.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 187 VPN > DHCP ov er VPN Configuring DHCP over VPN Remote Gateway 1 Select Remote Gateway from the DHCP Relay Mode menu. 2 Click Configure . The DHCP over VPN Configuration window is displayed.
188 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN Devices 1 To configure devices on your LAN, click the Devices tab.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 189 VPN > DHCP ov er VPN Current DHCP over VPN Leases The scrolling window shows the det ails on the c urrent bindings: IP and Ethernet address of the bindings, along with the Lease Time, and Tunne l Na me.
190 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 31: Configuring DHCP Over VPN.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 191 VPN > L2TP Server C HAPTER 32 Chapter 32: Configuring L2TP Server VPN > L2TP Server The SonicWALL security applia nce can terminat e L2TP-over-IPSec connections from incom ing Microsoft Windows 2000 and Windows XP clients.
192 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 32: Configuring L2TP Server Configuring the L2TP Server The VPN > L2TP Server page provides the settings for co nfi guring th e SonicWALL secu rity appliance as a LT2P Server.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 193 VPN > L2TP Server 7 If you have configured a specific user grou p defined for using L2TP, select it from the Us er Group for L2TP users menu or use Everyone .
194 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 32: Configuring L2TP Server.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 195 VPN>CA Certificates C HAPTER 33 Chapter 33: Configuring VPN Certificates VPN>CA Certificates A digital certificate is an electron ic means to ve rify identity by a trusted third party known as a Certificate Authority (CA).
196 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates Implementing Certificates for VPN Policies To implement the use of certificates for VPN polic ies, you must locate a source for a valid CA certificate from a thir d party CA se rvice.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 197 VPN>CA Certificates 3 Click Import Certificate to import the certificate i nto the Soni cWALL security appliance.
198 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates You can import the CRL by manually downloading t he CRL an d then importing it into the SonicWALL security ap pliance.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 199 VPN > Local Certificates 5 To view details abou t the certificate, sele ct it from the Certificates menu in the Current Certificates section.
200 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 33: Configuring VPN Certificates You can also attac h an optional Subject Alternative Name to the certificate such as the Doma in Name or E-mail Address . 4 The Sub ject Key type is preset as an RSA algorithm.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 201 P ART 7 Part 7 Users.
202 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 203 Users>Status C HAPTER 34 Chapter 34: Managing User S t atus and Authentication Settings SonicWALL secu rity appliances provide a .
204 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings User>Settings On this page, you can configure th e authentication method required, global user settings, an d an acceptable user policy that is displayed to users when logg ing onto your network.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 205 User>Settings 1 Click Configure to set up your RADIUS server settings on the SonicWALL. The RADIUS Configuration window is displayed. 2 Define the RADIUS Server Timeout in Second s .
206 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings RADIUS Users Click the RADIUS Users tab. RADIUS Users Settings Select Allow only users listed locally if only the users listed in the SonicWALL database are authenticated using RADIUS.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 207 User>Settings 2 In the Settings tab, enter a name for the group. You may ente r a descriptive comment as well. 3 In the Members tab, select the members of the group. Se lect the users or group s you want to add in the left column and click the -> button.
208 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings RADIUS Client T est You can test your RADIUS Client user name and pa ssword by typing in a valid user na me in the User field, and the password in the Passwor d field.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 209 User>Settings Accept able Use Policy An acceptable use policy (AUP) is a policy users must agree to follow in orde r to access a network or the Internet.
210 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 34: Managing User Status and Authentication Settings.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 211 User > Local Users C HAPTER 35 Chapter 35: Managing Local Users and Local Group s User > Local Users Local Users are users stored and managed on the security appliance’s local database.
212 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 35: Managing Local Users and Local Groups V iewing Local Users You can view all the groups a us er belongs to on the Users > Lo cal Users page. Click on the expand icon ne xt to a user to view th e group membersh ips for that user.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 213 Users>Local Groups Group s To add the user to a User Group, select on e or more groups, and click ->. The user then becomes a member of the selected groups. To remove a gr oup, select the group from the Member of column, and click <-.
214 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 35: Managing Local Users and Local Groups the table. Click the No tepad icon in the Configur e column to review or chang e the settings for Everyone . Creating a Local Group 1 Click th e Add Group button to display the Add Group window.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 217 Users > Guest Services C HAPTER 36 Chapter 36: Managing Guest Services and Guest Account s Guest accounts are temporar y accounts set up for users to log into your network. You can create these accounts manually, as n eeded or generate them in batches.
218 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts Global Guest Settings Check Show guest login status window with logout bu tton to display a user login window on the users’s workstation whenever the user is logged in.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 219 Users > Guest Accounts Enforce login uniqu eness : Check this to allow only a single instance of an account to be used at any one time. By default, this feature is enab led when creating a new guest account.
220 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts T o Add an Individual Account: 1 Under the list of accounts, click Add Guest . 2 In the Settings tab of the Add G uest Accoun t window configure: Profile : Select the Guest Pro f ile to generate this account from.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 221 Users > Guest Accounts T o Generate Multiple Account s 1 Under the list of acco unts, click Generate . 2 In the Settings tab of the Genera te Guest Accounts w indow co nfigure: Profile : Select the Guest Profile to generate the accounts from.
222 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts 1 Check the box in the Enable column next to the name of th e account you want to enable. Check the Enable box in the ta ble heading to enable all accounts on the page.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 223 Users > Guest Status Users > Guest S t atus The Guest Status page reports on all th e guest account s currently logged in to the security a ppliance. The page lists: •N a m e : The name of the guest account •I P : The IP address the guest user is connecting to.
224 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 36: Managing Guest Services and Guest Accounts.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 225 8 Part 8 Hardware Failover.
226 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 227 Hardware Failover > Settings C HAPTER 37 Chapter 37: Setting Up Hardware Failover Hardware Failover > Settings Hardware Failov.
228 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover services are affected, physical (or logical) link de tection is detected on monitored interfaces , or when the SonicWALL loses po wer.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 229 Hardware Failover > Settings • Once Hardware Failover ha s been configured and activated, upon first prefe r ences synchronization, the Backup SonicWALL se curity ap pliance automatically reboots in orde r to load the mirrored prefer ences – this is normal behavior.
230 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover Intial Hardware Failover Setup Before you begin the configuration of Hardware Failover on the Primary SonicWALL secur ity appliance, perform th e following intial setup procedu res.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 231 Hardware Failover > Settings Configuring Hardware Failover The first task in setting up hardware failover after intial setup is config uring the Hardware Failover>Settings pag e on the Primary SonicWALL security app liance.
232 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover Log into the Backup SonicWALL’s uniqu e LAN IP ad dress. If this SonicWALL secu rity appliance has not been registered at mySon icWALL.com, register it.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 233 Hardware Failover > Settings Sychronizing Firmware Checking the Sychronize Firmware Up load and Reboot checkbox allows the Prim a.
234 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 37: Setting Up Hardware Failover during config uration. If preempt mode is en abled, the primary Son icWALL becom es the ac tive firewall and the backup fire wall returns to Idle status.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 235 P ART 9 Part 9 Security Services.
236 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 237 Security Services>Summary C HAPTER 38 Chapter 38: Managing Security Services Security Services>Summary SonicWALL, Inc.
238 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 38: Managing Security Services Creating a mySonicWALL . com account is easy and FREE.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 239 Security Services>Summary Manage Licenses Clicking the Manage Licenses button displays the mySonicWALL. com Login page. Enter your mySonicWALL.com userna me and password in the User Name and Pa ssword fields, and then click Submit .
240 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 38: Managing Security Services.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 241 Security Services>Content Filter C HAPTER 39 Chapter 39: Configuring SonicW ALL Content Filter Security Services>Content Filte.
242 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter • SonicWALL CFS Premium blocks 56 categor ies of objectionable, inappro priate or unproductive Web content.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 243 Security Services>Content Filter 3 Click Activate or Renew in the Manage Service column in the Manage Services Online table. Type in the Activation Key in the New License Key field and click Submit .
244 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter Restrict W eb Features Restrict Web Feat ures enhances your network security by blocking poten tially harmful Web applications from entering your network.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 245 Security Services>Content Filter To delete all trus ted domains, click Delete Al l .
246 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter S Alert: Do not include the prefix “http://” in eithe r the Allowed Domains or Forbid den Domains the fields. All subdomains are affected.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 247 Security Services>Content Filter the Internet again. To configur e the value, follow the link to the Users window and enter the desired value in the User Idle Timeout section.
248 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 39: Configuring SonicWALL Content Filter.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 249 Security Services>Anti-Virus C HAPTER 40 Chapter 40: Activating SonicW ALL Network Anti-V irus Security Services>Anti-V irus By their nature, anti-virus products typically require regular, active maintenan c e on every PC.
250 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 40: Activating SonicWALL Network Anti-Virus Activating SonicW ALL Network Anti-V irus If SonicWALL Network Anti-Virus is no t activa ted, you mu st activate it.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 251 Security Services>E-Mail Filter security appliance is alrea dy connected to your mySonicWALL.com account, th e System>Licen ses page appears after you click the FREE TRIAL link.
252 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 40: Activating SonicWALL Network Anti-Virus.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 253 Security Services > Intrusion Prevention C HAPTER 41 Chapter 41: Activating Intrusion Prevention Service Security Services > I.
254 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service Inspection engine can also read signatures wr itten in the popular Snort format, allowing SonicWALL to easily in corporate new signa tur es as they are published by third parties.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 255 Security Services > Intrusion Prevention How SonicW ALL ’ s Deep Packet Inspection Works Deep Packet Inspection t echnology ena.
256 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service • Intrusion Detection - a process of identifying and flagging malicious activity aimed at information technology. • False Positive - a false ly identified attack traffic pattern.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 257 Security Services > Intrusion Prevention Activating SonicW ALL IPS If you have an Activation Key for your SonicW ALL IPS, follow these steps to activate IPS : 1 Click the SonicWALL IDP Subscription link on the Security Services>Intrusion Prevention page.
258 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 41: Activating Intrusion Prevention Service.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 259 P ART 10 Part 10 Log.
260 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 261 Log > View C HAPTER 42 Chapter 42: Managing Log Event s Log > V iew The SonicWALL security appliance main tains an Event log for tracking potential s ecurity threats.
262 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Log V iew T able The log is disp layed in a table and is sor table by column. The log table co lumns include: •T i m e - the date and time of the event.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 263 Log Event Messages Export Log To export the contents of the log to a defined destination, click the Ex port Log button.You can export log content to two formats: • Plain text format --Used in log and alert email.
264 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Alert Log Messages Critical Log Messages Error Log Messages Message ID Priority Description of Log.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 265 Log Event Messages 119 logstrDHCPCVe rifyFailInit Error DHCP Client failed to verify and lease has expired. Go to INIT state. 120 logstrDHCPCVerif yFailBound Error DHC P Client failed to verify and lease is still valid.
266 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 472 logstrDhcpr NoRelayIpAv ailable Err or WARNING: Central Gateway does not have a Relay IP Address.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 267 Log Event Messages W arning Log Messages 572 logStrOlderPrefs Error A prior version of preferences was loaded because th e most rece.
268 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 239 log strVpnNatTravPeerBehindNat Warning NAT Discovery: Peer IPSec Security Gateway behind a NAT.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 269 Log Event Messages 307 lo g strWanModeIs Warning The network connection in use i s %s 326 lo g strWfoProbeFailed Warning Probing failure on %s 342 logstrLogIkeP roposalBadModeForX auth Warning IKE Responder: Mode %d - not transport mode.
270 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 450 logPkeEntityCertLimit Warning PKI Failure: Reached the limit for local certs, cannot load any .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 271 Log Event Messages 470 logPkeCouldNotV alidateCha in Warning PKI Failure: Loade d the certificate but could not verify it's cha.
272 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Notice Log Messages 556 log strWlanPassiveRogueAP Warning Found Rogue Access Point 581 logstrWlbOn.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 273 Log Event Messages 253 logstrLogIkeProposalAddrWithDefG w Notice IKE Responder: Default LAN gateway is set but peer is not proposing.
274 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Info Log Messages Message ID Log Event Priority Description of Log Event 0 logstrL ogHeader1 In fo.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 275 Log Event Messages 43 logstrIpsecInterruptErr Info IPSec connection interrupt 44 logstrNATCouldntRemap Info NAT could not remap inco.
276 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 85 logstrLocalRange Info local range: 86 logstrRemoteRa nge I nfo remote range: 96 logstrLogStatus.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 277 Log Event Messages 147 logstrHaIdleBackup Info Backup firewall has transitioned to Idle 148 logstrHaMissedHeartbeatPrimary In fo Pri.
278 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 169 logstrPpp oeLcpUnacked Info No response from ISP Disconnecting PPPoE.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 279 Log Event Messages 195 logstrTCPStatFIN Info VPN TCP FIN 196 logstrTCPStatPSH Info VPN TCP PSH 197 logstrCflSubscrip tionExpiredE mailS ubject Info Content fi lter subscription expired.
280 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 245 logstrUserL oginRadiusError Info User login denied - RADIUS configuration error 246 logstrUse .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 281 Log Event Messages 298 logstrPppduIpcpFailed Info PPP Dial-Up: Failed to get IP address 299 logstrPppduIpcpUp Info PPP Dia l-Up: Rec.
282 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 321 logstrPppduNeedManualAction Info PPP Dial-Up: Manual intervention needed.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 283 Log Event Messages 377 logstrPptpMaxReTransExceed Info PPTP Max Retransmission Exceeded 378 logstrPptpCtrlConnEstablished Info PPTP .
284 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 402 logstrLogIkePro posalReject Info IKE Responder: IKE proposal does not match (Phas e 1) 403 logstrLogIkeAbo rt Info IKE negotiation abor ted due to timeout 404 logstrDecryptFailedWithPsk Info Failed payload verification after decryption.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 285 Log Event Messages 441 logstrRuleModified Info Access Rule modified 442 logstrRuleDeleted Inf o Access Rule deleted 443 logstrRuleTa.
286 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 526 logstrWebAccessReque stRcvd Info Web management reque st allowed 527 logstrFtpPortBounceAtta ck Info FTP: PORT bounce attack dropped. 528 logstrFtpPasvBou n ceAttack Info FTP: PASV response bounce attack dropped.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 287 Log Event Messages 609 logstrIDPPreventionAlert Info IPS Prevention Alert: %s 614 logstrIDPExpiredMsg Info Received IPS Alert: Your SonicWALL Intrusion Prevention (IDP) subscription has expired.
288 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events Debug Log Messages 652 logstrVoipSpar e31 Info unused/spare 653 logstrVoipSpar e32 Info unused/spa.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 289 Log Event Messages 364 logstrCryptRsaTestFail e d Debug Crypto RSA test failed 365 logstrCryptSha1TestFa iled Debug Crypto Sha1 test.
290 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 42: Managing Log Events 618 logstrBootpCentralAck Debug BOOTP server r esponse relayed to remote device 619 logstrBootpRep.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 291 Log > Categories C HAPTER 43 Chapter 43: Configuring Log Categories Log > Categories This chapter provides configur ation tasks to enable you to categorize and custo mize the logging functions on your SonicWALL security app lian c e for troublesho oting and diagnostics.
292 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 43: Configuring Log Categories Log Priority This section provides information on config uring the level of priority log messages are captured and corresponding alert message s are sent through e-mail for notification.
S ONIC WALL S ONIC OS 2.5 E NHANCED A D MINISTRATOR ’ S G UIDE 293 Log > Categories of attacks evolved, it’s become essential to dig de eper into the traffic, and to develop the sort of adaptability that could keep pace with the new threats.
294 S ONIC WALL S ONIC OS 2.5 E NHANCED A DMINISTRATOR ’ S G UIDE C HAPTER 43: Configuring Log Categories Managing Log Categories The Log Categories table d isplays log category informat ion organized into the following columns : • Categor y - Displays log c ategory name.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 295 Log > Syslog C HAPTER 44 Chapter 44: Configuring Syslog Settings Log > Syslog In addition to the standard event log, the SonicWA LL security appliance can send a detailed log to an external Syslo g server.
296 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 44: Configuring Syslog Settings Syslog Settings Syslog Facility • Syslog Facility - Allows you to select the facilities and severities of the messages based on the syslog protoc ol.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 297 Log > Automation C HAPTER 45 Chapter 45: Configuring Log Automation Log > Automation The Log>Automation pag e includes settings for configuring the SonicWALL to send log files using e-mail and configu ring mail server settings.
298 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 45: Configuring Log Automation standard e-mail address or an e- mail paging service. If this field is left blank, e-mail alert messages are not sent. •S e n d Log - determines the freq uency of sending log files.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 299 Log > Reports C HAPTER 46 Chapter 46: Generating Log Report s Log > Report s The SonicWALL security appliance can perform a ro.
300 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 46: Generating Log Reports Dat a Collection The Reports window includes the followin g functions and commands: •S t a r t D a t a Collection Click Start Data Collection to begin log an alysis.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 301 Log > ViewPoint C HAPTER 47 Chapter 47: Activating and Enabling SonicW ALL V iewPoint Log > V iewPoint SonicWALL ViewPoint is .
302 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 47: Activating and Enabling SonicWALL ViewPoint Activating V iewPoint The Log>ViewPoint page allows you to activate the ViewPo int license directly from the SonicWALL Management Interface using two methods.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 303 Log > ViewPoint Enabling V iewPoint Settings Once you have installed the SonicWAL L ViewPoint software, you can point the SonicWALL security appliance to the server running ViewPoint.
304 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 47: Activating and Enabling SonicWALL ViewPoint.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 305 P ART 11 Part 11 Wi z a r d s.
306 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE :.
307 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE C HAPTER 48 Chapter 48: Configuring Internet Connectivity Using the Setup Wizard Internet Connectivity Using the Setup Wiz a r d The first time you log into the SonicWALL, the Setup Wizard is launched automati cally.
308 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Setup Wizard Note: Your Web browser must b e Java-enabled and su pport HTTP uploads in or der to fully manage SonicWALL.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 309 Internet Connectivity Using the Setup Wizard S t ep 2: Change Time Zone 3 Select the appropriate Time Zone from the Time Zone menu. The SonicWALL inter nal clock is set automatically by a Network Time Server on the Internet.
310 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 4: W AN Network Mode: NA T Enabled 6 Enter the public IP.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 311 Internet Connectivity Using the Setup Wizard S t ep 6: LAN DHCP Settings 8 The Optional-SonicWALL DHCP Serve r window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatica lly configures the IP settings of computers on the LAN.
312 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Storing SonicW ALL Configuration Setup Wizard Complete 10 The SonicWA LL stores the networ k settings. 11 Click Restart to restart the SonicWALL.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 313 Internet Connectivity Using the Setup Wizard 1 Click the Setup Wizard button on the Net work>Settings page. 2 Read the instructions on the Welcome window and click Next to continue.
314 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 3: W AN N etwork Mode 5 Select DHCP , the Obtain an IP address automat ically w indow is displayed. Click Next .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 315 Internet Connectivity Using the Setup Wizard S t ep 5: LAN Settings 7 The Fill in information about your LAN page allows the configuration of SonicWALL LAN IP Addresses and Subnet Masks.
316 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Configuration Su mmary 9 The Configuration Summary windo w displays the configuration defined using the Installation Wizard .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 317 Internet Connectivity Using the Setup Wizard S t oring SonicW ALL Configuration Setup Wizard Complete 10 Click Restart to restart the SonicWALL. The SonicWALL takes 90 se conds to restart .
318 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard 1 Click th e Setup Wizard button on the Network>Setting s page. 2 Read the instructions on the Welcome window and click Next to continue.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 319 Internet Connectivity Using the Setup Wizard S t ep 2: Change Time Zone 4 Select the appropriate Time Zone from the Time Zone menu. The SonicWALL inter nal clock is set automatically by a Network Time Server on the Internet.
320 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 4: W AN N etwork M ode: NA T with PPPoE Client 6 Select whether to use a dynamic o r static IP address, and enter the user name and password provided by your ISP into the User Name and Password fields.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 321 Internet Connectivity Using the Setup Wizard S t ep 6: DHCP Server 8 The Optional-SonicWALL DHCP Serve r window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatica lly assigns IP settings to computers on the LAN.
322 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Storing SonicW ALL Configuration 9 Tip : The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manag e the SonicWALL.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 323 Internet Connectivity Using the Setup Wizard 1 Click the Setup Wizard button on the Net work>Settings page. 2 Read the instructions on the Welcome window and click Next to continue.
324 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 2: Change Time Zone 4 Select the appro priate Time Zone from the Time Zone menu. The So nicWALL internal clock is set automatically by a Network Time Server on the Internet.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 325 Internet Connectivity Using the Setup Wizard S t ep 4: W AN Network Mode: NA T with PPTP Client 6 Enter the user name and passwo rd provided by your ISP into the User Name and Password fields.
326 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard Step 6: DHCP Server 8 The Optional-SonicWALL DHCP Server window configures the SonicWALL DHCP Server. If enabled, the SonicWALL automatically assigns IP settings to compute r s on the LAN.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 327 Internet Connectivity Using the Setup Wizard S t oring SonicW ALL Configuration 9 Ti p: The new SonicWALL LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL.
328 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 48: Configuring Internet Connectivity Using the Setup Wizard.
329 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE C HAPTER 49 Chapter 49: Configuring a Public Server with the Wizard Create a Server with the Public Server Wizard 1 Start wizard: In the navigator, click Wizards .
330 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard 2 Select Public Serve r Wizard and click Next . 3 Select the type of server from the Serv er Type list. Depending on the type you select, the available services change.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 331 6 Click Next . 7 Enter the public IP add ress of the server. The defau lt is the WAN public IP address. If you enter a different IP, the Public Server Wi zard will create an addr ess object for that IP address and bind the address object to the WAN zone.
332 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard The wizard creates the address object for the new se rver. Because the IP address of the server added in the example is in the IP address ra nge assigned to the DMZ, the wizard binds the address object to the DMZ zone.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 333 9 Ti p: The new IP address used to access the new server, internally and externally is displayed in the URL field of the Congratulations window.
334 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 49: Configuring a Public Server with the Wizard.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 335 Configuring GroupVPN using the VPN Policy Wizard C HAPTER 50 Chapter 50: Configuring VPN Policies with the VPN Policy Wizard Configuring GroupVPN using the VPN Policy Wizard The VPN Policy Wizard walks you step-by-step thr ough the configuration of GroupVPN on the SonicWALL.
336 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 3. In the VPN Policy Type page, select WAN GroupVPN and click Next .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 337 Configuring GroupVPN using the VPN Policy Wizard 6. In the IKE Security Settings page, you select the security sett ings for IKE Phase 2 negotiations and for the VPN tunnel. You ca n use the defaults settings.
338 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard Note: If you enable user authenticatio n, the users must be entered in the SonicWALL database for authentication.
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 339 Configuring a Site-to-Site VPN using the VPN Wizard Configuring a Site-to-Site VPN using the VPN Wizard You use the VPN Policy Wizard to create the site-to-site VPN policy. Using the VPN Wizard to Configure Preshared Secret 1.
340 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 4. In the Creat e Site-to-Site Policy page, enter th e following informat ion: • Policy Name : Enter a name you can use to refer to the poli c y .
S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE 341 Configuring a Site-to-Site VPN using the VPN Wizard For this example, select LAN Subnet s . • Destination Networks : Select the network resources on the destination end of the VPN T un- nel.
342 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE C HAPTER 50: Configuring VP N Policies with the VPN Pol icy Wizard 9. The Configuration Summary page details the settings that will be pushed to the security appli- ance when you apply the configu ration.
343 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE Chapter 51: Index Numerics 802.11a 121 802.11g 121 A acceptable us e policy 211 access aules bandwidth man agement 134 access point .
Index 344 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE diagnostics DNS name lookup 44 find network path 44 packet trac e 45 ping 44 tech report 46 trace route 47 Diffie-Hellman, see.
Index S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE 345 info log messages 274 legacy attacks 292 log categories 29 4 mail server settings 297 notice log messag es 272 redundancy fil.
Index 346 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE S SDP 124 , 157 security services licenses 23 manage licenses 239 manual upgrade 25 manual upgrade for close d environments 25.
Index S ONIC WALL S ONIC OS E NHANCED 2.5 A DMIN ISTRATOR ’ S G UIDE 347 VPN 161 , 185 active L2TP sessions 19 5 active tunnels 164 advanced settings 185 CA certificates 197 CRL 200 DF bit 186 DHCP .
Index 348 S ONIC WALL S ONIC OS E NHANCED 2.5 A DMINISTRATOR ’ S G UIDE.
© 200 4 Soni cWALL, I n c . Soni cWALL is a reg istered tradem ark of S onicWAL L, I n c . Other produ ct and c ompany n ame s men tioned h erein ma y be t r ademar ks and/ or re gi stered tr ade m arks of the ir respe cti ve com pan ie s. Speci f icat ions and desc ription s subject to chang e with out n otice.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté SonicWALL 2.5 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du SonicWALL 2.5 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation SonicWALL 2.5, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le SonicWALL 2.5 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le SonicWALL 2.5, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du SonicWALL 2.5.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le SonicWALL 2.5. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei SonicWALL 2.5 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.