Manuel d'utilisation / d'entretien du produit TZ170 du fabricant SonicWALL
Aller à la page of 22
SonicOS Hub and Spoke TZ170 VPNs with Checkpoint NG Introduction This technote will detail all steps to get a Hu b and Spoke setup between the SonicWALL SonicOS Enh anced and the Checkpoint NG. Within this setup the Checkpoint NG will be the HUB an d 2 TZ170 units will be the Spokes .
2 Before You Begin If you have not already done so, set up a mana gement system connecting to the SonicWALL’s intern al LAN interfac e. The SonicWALL should alread y be configured for internet acce ss; if not, do this before completing any further steps.
3 Next create an address object grou p for t he two checkpoint address object s. On the ‘Network > Address Objects’ page in the ‘Address Groups’ section, click on ‘A dd Group…’ to create the address grou p for the o bjects.
4 From the navigation bar on the left, cli ck on ‘VPN’, this will brin g up the ‘VPN > Settings’ pag e. In the ‘VPN Global Settings’ section, make sure the ‘Enable VP N’ radi o button is selected. In the ‘VPN Policies’ section, click on ‘Add’ to create the new VPN policy for the Check Poi nt FireWall-1.
5 Next select the ‘Network’ tab. In the ‘Local Networks’ section, select the radio b utton ne xt to ‘Choose local net work from list’ and select "LAN Primary Subnet" from the dropdown box.
6 IKE (Phase 1) Proposal Exchange: Aggressive Mode DH Group: Group 5 Encryption: 3DES Authentication: SHA1 Life Time (seconds): 3600 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 DH Group Group 2 Life Time (seconds): 3600 Do not enable Perfect Forward Securit y.
7 SonicWALL Setup Side Bob Log into the SonicWALL’s Management GUI usin g a current web browser. The address objects will be created first, and then a gro up wi ll be created to contain the address object s.
8 Name: checkpoint_lan Name: Side_Alice_lan Zone Assignment: VPN Zone Assignment: VPN Type: Network Type: Network Network: 192.168.170.0 Network: 180.10.10.0 Netmask: 255.255.255.0 Netmask: 255.255.255.0 Click ‘OK’ to finish. Click ‘OK’ to finish.
9 The ‘VPN Policy’ window will then appear. On the ‘General ’ tab pag e, ‘Security Policy’ se ction, select “IKE using Preshared Secret” from the ‘IPSec Keying Mode:’ dr opdown box. Name: "to_checkpoint" IPSec Primary Gateway Name or Address: 67.
10 Next select the ‘Network’ tab. In the ‘Local Networks’ section, select the radio b utton ne xt to ‘Choose local net work from list’ and select "LAN Primary Subnet" from the dropdown box.
11 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 DH Group Group 2 Life Time (seconds): 3600 Do not enable Perfect Forward Securit y. Next select the ‘Advanced’ tab. Make sure that the option Enable Keep Al ive has been check ed.
12 Check Point FireWall-1NG Setup Log into SmartDashboard. Before the VPN can be setup it is necessary to cr eate Net work Objects for all devices and networks. To create the network objects, first click on ‘M anage’ on the top of the SmartDash board.
13 The ‘Network Properties’ window will then appear. In this window, enter the object: Name: CP_LAN Network Address: 192.168.170.0 Net Mask: 255.255.255.0 The next network objects to create are for the LAN of the SonicW AL L appliance at Side Alice a nd for the LAN of the SonicWALL appliance at Side Bob.
14 Here we create the Network Object for the LAN of Side Bob. Make sure that the Object con t ains the corre ct LAN Network Address and Net Mask. Within our example we used: Name: Network_Bob Network Address: 10.234.234.0 Net Mask: 255.255.255 Next, edit the ‘Check Points’ net work object.
15 The ‘Check Point Gateway’ page will appear. On ‘General Properti es’, verify the ‘IP Address’ and that both ‘FireWall- 1’ and ‘VPN-1 Pro’ are selected. In this exam pl e, the ‘IP Addre ss’ is “192.168.170.1”. When finished, click ‘Topology’ on the left hand side.
16 It is needed to create also Interoperable Network objects fo r the both SonicWALL app liances. Go to ‘Manage’ > ‘Net work Objects’ now the Network Objects windo w will then appear.
17 On the ‘Topology’ page, unde r the ‘VPN Domain’ section, sele ct ‘Manuall y d efined’ and se lect the previousl y created “Network_Alice” Net work Object with the dropdo wn menu. Click on ‘OK’ to finish. An Interoperable Device Object needs also to be created for Side Bob.
18 In this window, under ‘General Properti es’ enter: Name: SNWL_Bob IP Address: 80.62.91.20 Next click ‘Topology’ on the le ft hand sid e. On the ‘Topology’ page, unde r the ‘VPN Domain’ section select ‘Manuall y defined’ and sele ct the previousl y created “Network_Bob” Network Object with the dropdo wn menu.
19 From the ‘VPN Communities’ windo w, select the ‘New’ butto n on the bottom. Then select ‘Site To Site’ and ‘Star…’ The ‘Star Community Properties’ page will appear. On the ‘Star Community Properties’ page, enter the VPN name in the ‘Name:’ field.
20 Next, click on ‘Satellite Gateways’. On the Satellite Gateways, click on the ‘Add…’ b utton under the ‘Satellite Gateways :’ section. This will bring up the ‘Satellite Gate ways’ window. Select here the address objects ‘SNWL_Alic e’ and address object ‘SNWL_Bob’ after this i s done press OK.
21 Click on 'VPN Properties'. Enter the ‘IKE (Phase 1) Properties’ and the ‘IPsec (Phase 2) Properties ’. In this exampl e, the ‘IKE (Phase 1)’ section the settings are as follow.
22 In the ‘Advanced Properties’ section, un der IKE (Phase 1), modify the ‘Renegotiate IKE securit y associations every’ fiel d to "60" minutes and the ‘Use Diffie-He llman group’ should be "Group 5 (1536 b it).
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté SonicWALL TZ170 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du SonicWALL TZ170 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation SonicWALL TZ170, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le SonicWALL TZ170 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le SonicWALL TZ170, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du SonicWALL TZ170.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le SonicWALL TZ170. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei SonicWALL TZ170 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.