Manuale d’uso / di manutenzione del prodotto Internet Security Appliances del fabbricante SonicWALL
Vai alla pagina of 293
COMPREHENSIVE INTERNET SECURI T Y ™ S o n i c W A L L I n t e r n e t S e c u r i t y A p p l i a n c e s A D M I N I S T R A T O R ’ S G U I D E.
Cont ents P age 1 C ontent s Co pyr ig h t No t ice .... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .... .. .. .. .. .. .. ... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. . 1 1 Abou t t his Gui d e .... .. .. .. .. .. .. .. .. .
Page 2 SonicW ALL Internet Security Appliance Administrator’s Guide Pr im ary Int e rf a ce .... .. .... .. .... .... .... .... .... .... .. .... .... .... .... .... .. .... ... .... .... .... .. .... .... .... .... 65 Fai lov e r S ett in g s .... .
Cont ents P age 3 7 Log ging and A lerts ..... ..... ...... ..... ...... ...... ..... ......... ..... ...... ..... ...... ...... . 91 Vi ew L og .. .... .... .... ...... .... .... .... .... .... .... .... .... .... .... .... ...... .... .... ... .... .
Page 4 SonicW ALL Internet Security Appliance Administrator’s Guide Ping . .. .. ... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ... .. .. .... .. .. .. .. .. .. .. .. .. .. . 12 2 Packe t T ra ce .
Cont ents P age 5 11 Advanc ed Fe ature s .... ...... ...... ..... ...... ..... ...... ........ ...... ...... ..... ...... .. 148 Pro xy Re l ay .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .
Page 6 SonicW ALL Internet Security Appliance Administrator’s Guide 12 DHCP Se rver .. ..... ...... ..... ...... ..... ...... ........ ...... ...... ..... ...... ..... ...... ..... 166 Set up . .. ..... .. .... .. .... .. .... .. .... .. .... .. ...
Cont ents P age 7 Ena b le Pe rf e c t Fo rw a rd Se cr e cy .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ... .. .. .. .. .. .. .. .. .. .. .. .. .. .. . 18 9 Phas e 2 DH Gro u p .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .
Page 8 SonicW ALL Internet Security Appliance Administrator’s Guide 15 SonicW ALL Opti on s an d Upg ra d es ....... ..... ...... ..... ... ...... ..... ... ...... .. 234 Soni cW A LL VP N C l ien t .... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .
Pa ge 11 C o p y rig h t N o ti c e © 20 02 S onic W AL L, In c. Al l r ig hts re se rv ed . Under the c opyri g ht laws, thi s m anu al or the s oft ware de scrib ed within, c an not be copi ed , i n w hol e or pa rt, without th e written consent of the manufacturer , ex c e pt in the n orm al use of th e software to make a b ackup copy.
Page 1 2 So n icWA LL Int er net S ecu ri ty A ppl ianc e Use r ’s Gui de About this G uide Th ank you for pu rchas in g the Son icWALL Int ern et Secur ity a ppl iance.
Pa ge 13 Chapter 16, Hardware Descripti ons - p rovid es a d escr ipti on of the f ront a nd ba ck of Soni cWALL Int er n et se cu ri t y ap pli a n ce s, in cl ud in g LE D li gh ts an d por t s. Chapter 17, Troubl es hootin g Guid e - show s so lutio n s to c omm o nly en coun t ere d prob lem s.
Page 14 SonicWALL Internet Security Ap pliance Administrator’s Guide 1 In tr od uct i on Y our Soni cWALL In te rnet Securit y Appliance The So ni c WALL Int ernet Securi ty Ap pl ianc e p rovi de s a c omplet e security s o luti o n that p ro tects y ou r network f rom attacks, i n trusio ns, and mali c ious tam p ering.
In trodu cti on P a ge 15 SonicW ALL Internet Security App liance Featur es Int ernet S ecu rity • IC SA-Cert ified Fir ewall After unde rgo in g a rigo rou s suit e of tes ts to ex pose se curi ty .
Page 16 SonicWALL Internet Security Ap pliance Administrator’s Guide Content Filtering • Soni cWALL C onten t Fi ltering You can u s e the Son icWA LL Web c ontent f ilt ering to enf orce y our compan y's Int erne t a ccess poli cies .
In trodu cti on P a ge 17 Dynamic Host Configur at ion Pr ot ocol (DHCP) • DHCP Serve r Th e DHCP S erve r off ers c entr alized mana gement of T CP/IP cli ent co nfig urati ons, inc ludi ng IP addresses, gate w ay addresses, and DNS addresses.
Page 18 SonicWALL Internet Security Ap pliance Administrator’s Guide 2 Con fi gur in g th e N et wo rk M od e o n t he So ni cW ALL The Sonic WA LL Inte rn et security ap plianc e allows the followi.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 19 NAT with DHCP C lient NA T with DH CP Cli ent is a n etw orki n g mode that allo ws you to obtain an IP addre s s for a s pecifi c length of time from a DH CP ser ve r. T he le ngth of t ime i s calle d a l ease, which i s renewed b y the DHCP s erve r typicall y after a few day s .
Page 20 SonicWALL Internet Security Ap pliance Administrator’s Guide Configuri ng the SonicW ALL in NA T Enabled M ode Th is se ctio n de scri bes c onfi gu ring t he S oni cWAL L app li ance i n th e NAT mode . Es sent ial ly, NAT translate s t he I P addresses in one n e tw or k into those for a d i f f er ent ne twork.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 21 Sett i n g th e Pa s sw ord 2. T o set the password , enter a ne w pa ss w o rd in the New Pa sswor d and Co nf irm New Pas swo rd fiel d s . Alert It i s v ery import ant t o c hoo se a pa sswo rd whic h c annot b e ea sily g ues sed b y other s.
Page 22 SonicWALL Internet Security Ap pliance Administrator’s Guide 4. Sele ct the ap p r opri a t e Tim e Zon e fro m t he Ti me Z one menu. The Soni cWALL inter n al c lock is set automati cal ly by a N etwork Time Server on the Internet . Cli ck Next to continue.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 23 Confirming Network Address Translation (NAT) Mode If y ou s ele ct As s ign e d y ou a s in gl e sta t ic IP ad dre ss in the Conne c ting to the Inte rn et pag e, the Use Netwo rk A dd res s T ransl at ion (N AT ) pag e is disp l ay ed.
Page 24 SonicWALL Internet Security Ap pliance Administrator’s Guide Configuring WAN Net work S ettings If y o u se l ec t ed e ith er NAT or Sta n d a rd mo de , the Getti n g to th e Internet page is di spl aye d.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 25 Configuration S ummar y 10 . The Confi g ura tion Su mmary page di sp lays the config u ra tion def ined us ing the Install ation Wizard . To modif y any of th e setti ngs, click Back to return to the Connectin g to the Intern e t page.
Page 26 SonicWALL Internet Security Ap pliance Administrator’s Guide Re starti ng Alert The fi nal page prov ides imp ortant i nfor ma ti on to hel p confi gure th e compu ters on the L AN . Click P rint thi s Page to print the windo w info r ma tion.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 27 Sett i n g th e Pa s sw ord Alert It i s v ery import ant t o c hoo se a pa sswo rd whic h c annot b e ea sily g ues sed b y other s. 1. To set th e password, en ter a new password in the New Pa sswor d and Co nf irm New Pas swo rd fiel d s .
Page 28 SonicWALL Internet Security Ap pliance Administrator’s Guide Connecting to t he Internet The Conn ecting to the Internet page li sts the i nformation r equired to complete the instal lation.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 29 Setting the User Name and Password for PP PoE 6. If yo u sele cted Pro vided yo u wit h d esk top so ftw ar e, a u ser na m e an d pass word ( PPP oE) , th e Sonic W AL L ISP Se tt ings (PPP oE ) page is displ a ye d.
Page 30 SonicWALL Internet Security Ap pliance Administrator’s Guide Configuring the S onicWALL DHC P Server 9. The O ption al -Soni cWA LL DHC P Se rver page c onfigu res the So ni cWAL L DH CP Serve r. If ena bled , the Soni cWALL automatica lly confi gures the IP set tings of compu ters on the LAN.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 31 Congratulations Alert T he new Son icWAL L LA N IP addre ss, displ ayed in t he UR L field of the C ongratu latio ns pa ge, is used to log in and manage the Son icW ALL . 11. Click Re st ar t to restart the SonicWALL.
Page 32 SonicWALL Internet Security Ap pliance Administrator’s Guide Configuri ng N AT w ith DHCP Clie nt Accessing the Ins tallation Wizard The Son icW ALL Installati on Wizard sim plif ies the initi al installa tion and confi gurati on of the So nic WA LL.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 33 Se tting the Time an d Dat e 4. Sele ct the ap p r opri a t e Tim e Zon e fro m t he Ti me Z one menu. The Soni cWALL inter n al c lock is set automati cal ly by a N etwork Time Server on the Internet .
Page 34 SonicWALL Internet Security Ap pliance Administrator’s Guide Selecting Your Internet Connecti on 6. Sele ct th e optio n, Automatically assigns you a d ynamic IP ad dress (DHCP ) . 7. The Obtain an IP addre ss automatically page is di spl aye d.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 35 Configuring L AN Network Se ttings 8. The Fill in informati on about y our LAN pag e all ows th e config ura tion of the So nicWA L L LAN IP Ad dr es s an d t h e L AN Sub n e t Ma s k .
Page 36 SonicWALL Internet Security Ap pliance Administrator’s Guide Configuration S ummar y 10 . The Confi g ura tion S u mmary page di sp l ay s t he co nf ig u ra t io n def in e d us in g t he Instal latio n Wizard . T o modi fy any of th e set tings , clic k Back to return to the Con nectin g to the Internet wind ow.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 37 Re starti ng Tip The fin al wind ow prov ides imp ortant i nformat ion to he lp co nfigure t he compu ters on the LAN. Click Print this Page to print this info rmation. The So n icWALL take s 90 second s to restar t.
Page 38 SonicWALL Internet Security Ap pliance Administrator’s Guide 13. Enter th e ho st nam e in th e L2T P Host Nam e field. 14. En ter the s erve r IP addres s in the L 2T P S erv e r IP A dd re ss field. 15. Enter you r us er name an d pas s word in the User Nam e an d Use r P ass wo rd fi el d s .
Config u r ing the Netwo rk Mode on the Son ic WALL Page 39 Alert It i s v ery import ant t o c hoo se a pa sswo rd whic h c annot b e ea sily g ues sed b y other s. 1. To set th e password, en ter a new password in the New Pa sswor d and Co nf irm New Pas swo rd fiel d s .
Page 40 SonicWALL Internet Security Ap pliance Administrator’s Guide Connecting to t he Internet The Conn ecting to the Internet page li sts the i nformation r equired to complete the instal lation.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 41 Setting the Us er Name and Password for PP TP. 6. The Sonic WALL ISP Setti ng s (PPTP ) page is dis played . Ente r the s erver IP ad dr ess i n the Serv er IP fi e l d, and y our use r name a nd pa s swor d in the Us er Nam e and Pas sword fiel ds.
Page 42 SonicWALL Internet Security Ap pliance Administrator’s Guide Configuring the S onicWALL DHC P Server 8. The O ption al -Soni cWA LL DHC P Se rver page c onfigu res the So ni cWAL L DH CP Serve r. If ena bled , the Soni cWALL automatica lly confi gures the IP set tings of compu ters on the LAN.
Config u r ing the Netwo rk Mode on the Son ic WALL Page 43 Congratulations Alert Th e ne w Son icWA LL L AN IP add re ss, di spl aye d in th e UR L f iel d of the Cong ratu latio ns pa g e, i s used to log in and manage the Son icW ALL . 10. Click Re st ar t to restart the SonicWALL.
Page 44 SonicWALL Internet Security Ap pliance Administrator’s Guide Logging in t o the SonicW ALL Man agement Inter face Once the Soni cWALL restarts , contact the S onicWALL Management int erface at the new Son icWALL LAN IP addr ess .
Config u r ing the Netwo rk Mode on the Son ic WALL Page 45 Ot he r So ni cW A LL ge n er al s ta tu s in fo r m a tio n is d is pl ay e d in th is se c ti on re l a t in g to ot h er fe at ur e s in .
Page 46 SonicWALL Internet Security Ap pliance Administrator’s Guide 3 Re gist ering at m ySoni cWAL L.co m Aft er you comple te the in itial in stallati on and con figur ation of your So nicWALL , you sh ould regi ster your S oni cWAL L I nte rn et Secu r ity Appl iance a t < htt p:/ /w w w.
Re gist er in g at m yS oni cWA L L.c om P a ge 47 Acc oun t Inf orm a tio n 3. Al l fi el d ma rk ed w ith an * ar e req u ir e d fi el ds . B e su r e to fi ll ou t t he fo rm co m p l ete ly b ef or e submittin g to the user da tab ase. Crea te a User Nam e a nd pa sswo rd fo r you r m ySon ic WALL account.
Page 48 SonicWALL Internet Security Ap pliance Administrator’s Guide Personal In formation 5. Complete the Personal I nf ormatio n s ection of the Registrati o n f o rm. Be s ure to enter the c orrec t e-mail ad d res s as th e subscrip tion code f or your S o nic WA LL user account i s e-mai l ed to yo u.
Re gist er in g at m yS oni cWA L L.c om P a ge 49 9. If a ll t he i nf or m a t io n is c o rr e ct , cl ic k OK . A confirmation message appears notifying you that your accoun t m ust be activated with in 72 hours of c r eating it. You also rec e iv e an e-mail w i th you r subsc ript i on cod e in it.
Page 50 SonicWALL Internet Security Ap pliance Administrator’s Guide _ 11. En ter the sub s c ript ion cod e you rec eived via e- mail in to t h e Subscri ption Code fi eld, and c lick Subm it . 12. Your Account Manageme n t interface appears and you can now register SonicWA L L Internet Secu rity A p pl iances or Ser vices .
Re gist er in g at m yS oni cWA L L.c om P a ge 51 Problems Creating a Myso nic WALL.com U s er Account? If you ’ re having tro uble creating a user ac count on the mySonic WA LL.com Web site , be sure to check the fol low ing ite m s in yo ur brow ser : •Ac cept C o okie s •Int ernet Expl o rer 5.
Page 52 SonicWALL Internet Security Ap pliance Administrator’s Guide Qui c k Regi strati on To quickl y register a SonicWALL Inter n et Security Appli ance, e nter the serial nu m ber in the fiel d unde r the Qui ck Reg ist er se cti on, a nd cli ck Go .
Re gist er in g at m yS oni cWA L L.c om P a ge 53 S tatus and Opti ons Click St at u s a nd O p ti o ns u nderne ath the logi n information to search f o r the status and options relati ng to a p artic u lar SonicWALL appliance. Enter the SonicWAL L serial number to search for the relate d informati on.
Page 54 SonicWALL Internet Security Ap pliance Administrator’s Guide Ma na g i ng Y ou r S on ic W AL L Y o u c a n r e n a m e y o u r S o n i c W A L L , t ra n s f e r y o u r S o n i c W A L L , o r de l et e y o u r S o n ic W A L L i n t h i s s e c t i o n of Services Mana gement .
Re gist er in g at m yS oni cWA L L.c om P a ge 55 T r ansf er ring a SonicWAL L Product You c an transfer a SonicWALL to ano th er mySoni c WALL.com user at any time. T ran sferri n g a SonicWAL L is necessary if you s ell th e appliance to another u s er, or if yo u want to transfer i t to another per s on i n yo u r company.
Page 56 SonicWALL Internet Security Ap pliance Administrator’s Guide Also, an e-mail message i s sent to both th e o l d and new u ser as a n otification th at the appliance w a s tra n sfer r ed. Tip Yo u can o nly t ransf er a SonicWAL L to anot her r e giste red u s er o f mySon icWALL .
Re gist er in g at m yS oni cWA L L.c om P a ge 57 Man agi ng Se r vic es for Son icWAL L Inte rnet Sec uri ty Applia nces In th e Applic able Se rvices s e ction of mySonicWALL.com, a li st of installed and i n activated servi c es f o r y our Soni cWA L L is di splay ed.
Page 58 SonicWALL Internet Security Ap pliance Administrator’s Guide Activ at ing Ser v ices Using mySonicW ALL.co m To ac tiv ate a service su c h as Conten t Fi lter , use the fol low in g step s: 1. Log into my SonicW A LL .com usi ng your u s er name and passw ord.
Re gist er in g at m yS oni cWA L L.c om P a ge 59.
Page 60 SonicWALL Internet Security Ap pliance Administrator’s Guide 4 Conf i guri n g the T E LE3 SP Mo d em Co nne cti on To impro ve the operatio n al avail ability of n etworks and ensu re fast re c overy f rom network failures, the Soni cWALL has th e c apabil ity of u sing a modem to di al a seco nd ary netw ork c on necti on for the WAN .
Configuring the T ELE3 SP Mo dem Connection Page 61 Configuring Mo dem Profiles Yo u can co nf igur e mo dem pr of iles on th e S onic W AL L us in g yo ur di a l-up ISP inf or ma tio n for t he con necti on. Mu ltip le modem p rofil es can be used wh en yo u have a d iffe rent p rofil e for i ndivi d ual ISP s.
Page 62 SonicWALL Internet Security Ap pliance Administrator’s Guide ISP Settings To co n figu re yo ur I SP se tt in gs , you m u st o b tai n yo ur In te rne t i nf orm a ti on f rom you r d ial -u p I nt e r net Servi ce Pro v id er. Use th e inf orma t io n to conf igure the fo llowi ng dial -up I SP Settin gs : 1.
Configuring the T ELE3 SP Mo dem Connection Page 63 • Manual Dial - Sele cting Man ual Di al fo r a Prim a r y P r of il e m e an s th at WAN Fai lo v er d o es n o t automatical ly occur. Man ual Dial re quires you to l og into th e Sonic WA LL, cl ick Modem , then Configure .
Page 64 SonicWALL Internet Security Ap pliance Administrator’s Guide TELE3 SP Mo dem Configuration The Configure tab allows you to e nable the modem to p rovide secondary dial - up ISP connection support an d configure the m odem settings. There are two sections avai lable: Modem Settings and Fail over Setti n gs .
Configuring the T ELE3 SP Mo dem Connection Page 65 Primar y Inter face The So n icWALL TEL E3 SP automatic ally detect s if a WA N Ethernet c onnection exi sts when the Son ic WALL i s p ow e red o n. Be cau se i t ca n a u to mat i cal ly d et ect th e E the rn et co nne ct ion , th e Pri ma ry Int er f ace is Et h ernet .
Page 66 SonicWALL Internet Security Ap pliance Administrator’s Guide 6. Enter a value for the number of successful pr o bes require d to reactivate the primary connectio n in th e Successful Probes to Rea cti vate Primary fiel d. Th e defaul t va lue is fi ve (5) .
Configuring the T ELE3 SP Mo dem Connection Page 67 Locati on S ett ings 1. Selec t Man u al D i al t o h a ve t h e m o d e m d i a l o n l y w h e n y o u c l i c k Connect on th e Co nf ig ure page . 2. Enter the number of minutes the connection is al lo wed to be inactive in the In activit y Timeo ut (mi nut es) f ie ld.
Page 68 SonicWALL Internet Security Ap pliance Administrator’s Guide Configur ing Y our TELE3 SP in Modem Only Mode Configur ing the Network Settings Fol low the se steps to con fi gure y our TELE 3 SP to use on ly the mod em for In t ern et acces s: 1.
Configuring the T ELE3 SP Mo dem Connection Page 69 Status The St a tu s tab d is plays di al- up connecti on informati on when the mo dem is active. Modem Statu s In t he Mo d em S ta tus s e c t i o.
Page 70 SonicWALL Internet Security Ap pliance Administrator’s Guide Chat Scri pts Som e leg acy se r ver s can re qu i re comp a ny- spe ci fic ch a t scri pts fo r logg ing on t o the dial-u p ser ver s. A chat script, li ke other ty pes of scri pts, automat es th e act of typi ng commands using a keyboard.
Configuring the T ELE3 SP Mo dem Connection Page 71 Cus t om Chat Scr ipts Cu sto m cha t scr ipt s ca n be us ed whe n the ISP dia l-up serv er do es no t use PAP or CHAP as an authenti c ation p r otocol to control access .
Page 7 2 So n icWA LL Int er net S ecu ri ty A ppl ianc e Use r ’s Gui de 5 Manag ing Your Sonic WALL Internet S e curity A pplian c e Th is c h apt er c ontai ns a brief over view of S onicWA LL managemen t c ommands a nd funct ions .
Managing Your SonicWALL Internet Security Appliance Page 73 The f irst tim e you ac c ess t h e SonicWA L L Managemen t interface u sing H TT PS, you may see th e fol lowin g infor mation mes sage: Click Ye s to c ontinue t h e login p rocess. SSL is s upported b y Netscape 4.
Page 7 4 So n icWA LL Int er net S ecu ri ty A ppl ianc e Use r ’s Gui de Note: The Sta tus windo w di splay s the uni que ch aract eristi cs of th e SonicWAL L Inte rnet Se curi ty A pp l ia n ce , s uc h as th e pr es e nc e o f VP N a cc e l e ra ti on ha r dw ar e o r a di ff er e n t a mo un t o f m em or y.
Managing Your SonicWALL Internet Security Appliance Page 75 CL I Supp or t and Remo te Managem ent Out -of -ba nd ma na ge me nt is av a ilabl e o n S on icW ALL Int er net S ecu ri ty A pp l iance s u sing th e CLI ( Comman d Line Inte rfac e ) f ea t u r e .
Page 76 SonicWALL Internet Security Ap pliance Administrator’s Guide 6 General an d Ne twork Settings Th is chap ter de scri bes t he tabs in t he General sec tion a nd the co nfig urati on of the S oni cWALL So n ic W ALL In t e rn e t Se cu r it y a pp l ian c e N etw ork Settings .
Gen era l a nd Netwo r k S ett ing s Pa ge 77 • NAT w i th L2T P C lie nt mod e uses IPSec to c onnect a L2T P ser ver a nd enc rypts all data transmitt ed from th e client to the server. H o w ev er, it does n ot encrypt n etwork traf f i c to other des tinat ions.
Page 78 SonicWALL Internet Security Ap pliance Administrator’s Guide WAN Se tt in g s • WAN Gateway (Rout er ) A dd res s The WAN Gateway (Route r) Address is th e I P addre s s of the WAN router or default gateway t hat con nects y our ne twork t o the I ntern et.
Gen era l a nd Netwo r k S ett ing s Pa ge 79 S tandard C onfi guratio n If y our ISP pr ovide d you wi th enou gh IP addr esses fo r all the co mp uter s and netw ork devi ces on you r LAN , enabl e Stan dard mod e. To co n figure Sta n da r d ad dr es s ing m o de , co m ple t e t he f o ll ow ing inst r u ctio n s: 1.
Page 80 SonicWALL Internet Security Ap pliance Administrator’s Guide When N AT is enabled , us ers on the I nterne t can n ot a c ces s mach ines o n the LA N unles s they h ave been desig nat ed as Publ ic L A N Ser vers. To e nable N e twork Address T r anslation (NAT) , co mp lete the foll ow ing ins tru ctions.
Gen era l a nd Netwo r k S ett ing s Pa ge 81 •T h e S o n i c W A L L WAN IP (NA T P ubli c) Ad dr e ss is "10. 1.1 .2 5". •T h e p r i v a t e S o n i c W A L L LAN IP Ad dr e ss i s " 192 .1 68. 16 8.1 ". • Co mp uter s on th e LAN h ave priva te IP add ress es ran ging from "192.
Page 82 SonicWALL Internet Security Ap pliance Administrator’s Guide Wh en yo ur S onicW AL L has succ essf ul ly re cei ved a DHCP le ase, t he Netwo rk w i n d o w d i s p l a y s t h e Soni cWAL L WAN IP settings. •T h e Lea se E xpi res value s hows when you r DHCP lease expire s.
Gen era l a nd Netwo r k S ett ing s Pa ge 83 3. Enter y our network subnet m ask in the LA N Su bne t M a sk field . The LA N S u bn et Ma sk te lls your Son icW ALL wh ich I P a d dres se s ar e on yo ur L AN. Use the def a ult valu e, "25 5.255 .
Page 84 SonicWALL Internet Security Ap pliance Administrator’s Guide NAT with L2TP Clie nt Configuration The So nicW A L L can u se L 2 TP o v er Et h er n et t o c on n ec t t o a L 2TP se r ver . To co n figure NAT w ith L 2TP Clien t , complete the follo wing instru cti ons.
Gen era l a nd Netwo r k S ett ing s Pa ge 85 9. Selec t the Disconnect after __ Minutes of Inactivi ty check box to automat i cally dis c onnect the L2TP c on n ection after a specif ied period of inactiv ity . Define a maximu m nu mb er o f minutes o f inactiv ity in the Minutes field .
Page 86 SonicWALL Internet Security Ap pliance Administrator’s Guide NAT w ith PPTP C lient Conf iguration Th e So ni cWAL L can us e Point -to -P oi nt Tunn el ing P ro toc ol ov er E the rne t to c onnec t to a PP TP se rver . Th is o p tion supp orts olde r netw ork i mp leme ntati ons r equiri n g tu nneli ng su ppor t.
Gen era l a nd Netwo r k S ett ing s Pa ge 87 7. Enter the IP address of the PPTP server in the PPTP Se rver IP A dd res s fi eld . 8. En ter you r us e r name and pa ss w or d in t he User Name and Use r P assw o rd fi el ds .
Page 88 SonicWALL Internet Security Ap pliance Administrator’s Guide Se tting th e T ime and Date The Sonic W ALL uses the time and date settings to time stamp log events, to automatic ally update the Content Filter List , and for oth er in ternal purpos es .
Gen era l a nd Netwo r k S ett ing s Pa ge 89 Con fi g u ri n g th e Adm in i s tr a to r S e tt in g s The Pass w ord tab is n ow t h e Admi nis tra to r t ab. In t h is se c tio n, yo u c an co nf ig ur e a ne w adminis trato r name , an administr a tor passwo rd , inactivity timeout, and logi n fai lur e h andling.
Page 90 SonicWALL Internet Security Ap pliance Administrator’s Guide Se ttin g th e Admi n ist rator I nac tiv ity Time out The Administrator Inactivit y T imeout settin g allows y ou to c o nfigu re th e length o f inacti vity th a t can elapse bef ore y ou are automati cally log g ed out of the Web Management I n terface.
Loggin g and Al ert s Pa ge 91 7 Log ging and A lerts This chapter des c ribes the SonicWALL Internet s e curity applianc e loggi n g, ale rtin g, and rep o rtin g fea tures , wh ich ca n be vie wed i n the Log se ction of th e Soni cWAL L Web Manag ement Inte rface.
Page 92 SonicWALL Internet Security Ap pliance Administrator’s Guide So nicWA L L Log Mes s ages Each log entr y contain s the date and tim e o f the event and a brief message descri bing the event. It is al so p os s ibl e to co p y th e l o g en t rie s f r om th e m a n age m en t in te rf ace a nd pa s te in to a rep or t.
Loggin g and Al ert s Pa ge 93 Log S e tt in g s Click Log on the left sid e of the b rows er w indow , and then cli ck th e Lo g Setting s tab. Configur e the following setti ngs: 1. Mai l Ser ver - To e -mail l og or aler t mess ages, e nter the n ame or I P add ress of your mail s erver in th e Ma il S e rv e r f iel d.
Page 94 SonicWALL Internet Security Ap pliance Administrator’s Guide 5. Sys log Serv er - In addition to the standard event log, th e Sonic WALL can send a detailed lo g to an external Syslog server.
Loggin g and Al ert s Pa ge 95 Log C a te g or i es Yo u c an d ef ine w hi ch lo g m e ssag e s ap p ear in t h e S oni cW A LL Event Log . A ll Log C ateg ori es are enabl e d by de fau lt ex ce pt Ne two rk D ebu g .
Page 96 SonicWALL Internet Security Ap pliance Administrator’s Guide Alert s/SNMP T raps Alerts are events , s uch as attacks, which warrant immedi ate attentio n . When events generate al erts, message s are immed iately sent to t he e- mail ad dres s de fined in t he S e nd alerts to fi el d.
Loggin g and Al ert s Pa ge 97 The Re po r ts wind ow in clud es the fo llowi ng fun ct i ons and comm ands: • St art Data Collectio n Click S tart Da ta Collection to begin log analysis. When log analysis is enabled, the button label cha ng es t o Stop Data Colle ction .
Page 98 SonicWALL Internet Security Ap pliance Administrator’s Guide SonicWAL L ViewPoint S onicW ALL Vi ewPoi nt is a s of tware sol uti on that cr eate s dyna mic , Web- ba sed re por ts of n etwo rk activ ity.
Cont ent F ilteri n g an d Block i ng Pa ge 99 8 Co nten t Filter ing an d Block ing Inte rn et content fi ltering al lows you to crea te and enforce Inter n et acces s policies tailored to the need s of y our orga nizati on. Y ou can block harmf ul Web applic atio ns from e nte ring y our n etwor k.
Page 100 SonicW ALL Internet Security Appliance Administrator’s Gui de Configuring So nicWALL C ontent Filte r ing The Confi gure tab is commo n bet ween th e three t ypes of Cont ent Fil teri ng. Cl ick Filter on the left sid e of the brows er w indow , and then cli ck o n the Configure tab .
Con ten t Fi lt eri ng an d Bl oc king P ag e 101 Tr u s te d D o m a i n s Trust ed Do ma ins can be ad ded i n th e Rest r ict W e b Fea tu r es se ctio n of t he Configure t a b .
Page 102 SonicW ALL Internet Security Appliance Administrator’s Gui de Download Automatically ever y Sel ec t in g Download A utomatically every a llows you to conf igure a spec ific t ime to downloa d you r Content Filter List. Select a day of the week and a time (24-hour fo rmat), for example, Sun.
Con ten t Fi lt eri ng an d Bl oc king P ag e 103 Cus tomizin g th e Cont ent F ilter ing List The Custo mize t a b a l l o ws y o u t o c u s t o m i z e y o u r U R L Li s t b y m a n u a l l y e n t e r i n g d om a i n n a m e s o r key wo r ds to be blo ck e d or all ow e d.
Page 104 SonicW ALL Internet Security Appliance Administrator’s Gui de Tip Custo m iz ed domain s do not hav e t o be re- enter ed w hen th e Cont ent F ilter L ist i s u pd a ted each week and do no t re quire a URL list subsc ript ion.
Con ten t Fi lt eri ng an d Bl oc king P ag e 105 Con sent The Consent tab allo ws you to enf orce cont ent fi lterin g on desi gnated comp uters and pro vide opt iona l f il t eri ng on other comp ut e rs.
Page 106 SonicW ALL Internet Security Appliance Administrator’s Gui de • “Co ns ent Accepted ” URL (Fi ltering Of f) When a user ac cept s the t erms ou tlined i n the Co nsent page and choos .
Con ten t Fi lt eri ng an d Bl oc king P ag e 107 Configuring N 2H 2 Internet Filt e ring N2H 2 is a third p ar ty Int ernet f ilter ing p ackage t hat al lows y ou t o use I ntern et cont ent fi lter ing thro u gh the SonicWALL. When you s elect N2H2 as your Content Filter List, th e N2H 2 tab i s available.
Page 108 SonicW ALL Internet Security Appliance Administrator’s Gui de warrant ed b y these f raudulent certi fi c ates. If digital c ertificates are proven fraud ulent, th en the Soni cWAL L bl ocks th e Web cont ent an d th e fil es tha t use these frau dulen t cer tific ates.
Con ten t Fi lt eri ng an d Bl oc king P ag e 109 N2H2 Serv er Status Th is sec tion displ ays t he s tatus of t h e N2 H2 Inter net F ilter ing Pro tocol (I F P) s erver you are us ing for In ter n et fi lt e ri n g.
Page 110 SonicW ALL Internet Security Appliance Administrator’s Gui de Co n f ig u ri n g th e Webs ense En t er p ri s e C o nt en t F ilt er Websen se i s a thir d party s oftware pac kag e th at al lows you to use I nternet con ten t filteri ng t hrough th e Son icWA LL .
Con ten t Fi lt eri ng an d Bl oc king P ag e 111 • Kno wn Fraud ulent Certi fica t es Digi tal certif icates help v erify t hat Web content and f iles o riginated from an aut h orized p arty. Enablin g this feature protec ts users on the LAN from download ing malicious programs warrant ed b y these f raudulent certi fi c ates.
Page 112 SonicW ALL Internet Security Appliance Administrator’s Gui de Co n fig u ri n g th e We bs en se Co nt en t F il t er L i st Configu re th e Websens e Enterpris e s etti ngs o n this page. We bsense Ser ver S ta tus Th is sec tion displ ays the sta tus of t h e Web sense Enterp rise s erver used f or c ontent fil teri ng.
Con ten t Fi lt eri ng an d Bl oc king P ag e 113 If Server is unavailable for 5 secs: If the Websense Enterprise server b e comes un available, select f rom the fo llowing tw o options : • Block traffi c to all Web sites • All ow traffic to all Web sites UR L C ach e Con fi gure t h e size of the URL Cache in K B.
Page 114 SonicW ALL Internet Security Appliance Administrator’s Gui de 9 We b Manage m ent T o ols Th is chap ter desc ri bes the Soni cWA LL Ma nagem ent Tools , avai lable in the Tools sect ion of the So n ic W ALL Web Management In terface .
Web Management Tools P age 115 Pre f er en c es Click Tools o n the left sid e of the b rows er w indow , and then cli ck th e P refe rences tab . You can save the SonicWAL L setting s , and then retrieve the m later for backup purposes. SonicWALL rec omm e nd s sav ing th e S on icW AL L s ett ing s w h en u pgra d ing th e fir mwa re .
Page 116 SonicW ALL Internet Security Appliance Administrator’s Gui de Imp or tin g the Se tt ings Fi l e Af ter e xp o rti ng a s e tti ng s f il e , yo u c an im p or t i t bac k to t he S oni cW A LL. 1. Click Im po r t in the P referen c es tab .
Web Management Tools P age 117 Alert T he So nicWALL LAN IP Ad dress, LAN Sub net Ma sk, an d the Ad mini strator Pas swor d are n o t reset. Updat ing F irmwa re Th e So nicWALL h a s flash memo ry and can be easily u pgraded wi th new firmw are. Cur rent firmw are ca n be dow nloade d from Son icWAL L , Inc.
Page 118 SonicW ALL Internet Security Appliance Administrator’s Gui de Fir mw are Update Wiz ard simplifies an d automates the upgrade process. Follo w th e instruct ions in the F irmw are Update Wizard t o update th e firmwar e . Updat ing F irmware Manually You can also upl oad firmware fr om th e loca l hard drive.
Web Management Tools P age 119 Up gra de Featu res SonicWALL Inter net S ecurit y Ap plianc es can be upgraded to support new or optional f eatur es . Chapter 15, SonicWALL Op tions and Upgr ades , provides a sum m ary of the S onicWALL fi rmware up grade s, su bsc ripti on se r vice s, a nd su ppo rt o ffe ring s.
Page 120 SonicW ALL Internet Security Appliance Administrator’s Gui de Diag nostic T ools The Soni cW A LL ha s sev e ral b uil t- in t o ol s wh ich he lp t rou bl e sho o t ne t w ork p ro bl em s. C lick Tools on th e le ft sid e of th e bro ws er wind ow a nd t hen cli ck the Diag n ostic tab.
Web Management Tools P age 121 Find Network Path The Find Network Path t o o l s h o w s w h e t h e r a n I P h o s t i s l o c a t e d o n t h e L A N o r t h e W A N . T h i s i s help ful in determ ining if th e Son icWALL is proper ly conf igur ed.
Page 122 SonicW ALL Internet Security Appliance Administrator’s Gui de Ping The Pin g test bou nces a packet of f a mac hine o n the Internet and retu rn s i t to th e s en d er. This test shows i f the SonicWA LL i s able to c on tact the re mote host.
Web Management Tools P age 123 Pac ket Tra c e The Pac ket Tra ce tool trac ks th e status o f a communicati o ns str e am as it mo v es from so u rce to dest inati on. This i s a us eful too l to de termin e if a com mun icatio ns str eam is being sto pped at the Son icW ALL , or i s lo st o n t he In ter ne t .
Page 124 SonicW ALL Internet Security Appliance Administrator’s Gui de 1. Selec t Pack et Trace fr om t he Cho o se a di agno sti c too l menu. Tip Pa cke t Tra ce requir es an I P addres s. The So nicWALL DNS Name Looku p tool ca n b e us ed to fin d the I P ad dress o f a h o st.
Web Management Tools P age 125 Generating a Tech Support Report 1. Selec t Te c h Suppor t R epo rt from t he Cho o se a di agno sti c too l m enu . 2. Sel ect the Re po r t Opt i o ns t o be i n clu d ed w it h yo ur e- m ail . 3. Click Save Report t o s a v e t h e f i l e t o y o u r s y s t e m .
Page 126 SonicW ALL Internet Security Appliance Administrator’s Gui de Tr a c e R o u t e Trace Ro ute is a d iagno stic u tility to a ssis t in diag nosing and t roubl es hootin g router con nec tions o n th e Int ernet.
Ne tw ork A cce ss Rul e s Page 127 10 N etwor k A ccess Ru les Network Access R ules are management tools that allow y ou to define inbound and outbound access pol icy , co nfig ure u ser a uth entica tion , and ena ble r emote mana gement of the Soni cWALL.
Page 128 SonicW ALL Internet Security Appliance Administrator’s Gui de Ser vic es Click Access on the l eft s ide of th e br owser wind ow, and t hen cl ick the Servic es tab. Note: The LAN In col umn is not dis p layed if NAT is ena b led . The Services wind ow allo ws yo u to c ustomi ze Netw o rk A cce s s Ru l es by se r vic e.
Ne tw ork A cce ss Rul e s Page 129 Public LAN Ser ver A Pu bli c L AN Ser ver is a LAN server designated to receive inbound traffi c for a speci fic service, s uch as Web or e-mail. You can defin e a Publ ic LA N S erv er by enteri ng the se rver's IP addr ess in th e Pu blic LA N Se rver fi el d f o r t h e a ppr op ri at e se rv i ce .
Page 130 SonicW ALL Internet Security Appliance Administrator’s Gui de Add Serv ice To add a service not li s ted in the Se rvices win dow, cli ck Acce ss on the left side of the brow ser wind ow, and t hen c lic k the Add Se rvi c e tab. Th e list on t h e ri ght side of the windo w display s t h e serv ices th at are curr ently def ined.
Ne tw ork A cce ss Rul e s Page 131 4. Se l ec t the IP p rot o co l t yp e , TCP , UDP or IC MP , fr om t he Pr otocol li s t . 5. Click Ad d . The new service appear s in the li st on the right side of the browser win do w.
Page 132 SonicW ALL Internet Security Appliance Administrator’s Gui de Maxi mum N umber of R ule s by Produ ct To cr eate c ustom Netw ork A cces s R ules , c lic k Acce ss on th e le ft side of th e brow ser wi ndo w, and then c lick th e Rule s tab .
Ne tw ork A cce ss Rul e s Page 133 Net work Ac ce ss Rul e Logic Li st It i s important to f u lly consider th e logic behi nd the new rule b e f or e it is added to the list . Us e th e fol lo win g guideli ne s to help y ou e valuate the impa ct of a rule before adding it to the list : 1.
Page 134 SonicW ALL Internet Security Appliance Administrator’s Gui de Add A New R ule 1. Click Ad d N e w Ru le. .. in the Ru les window to open the A dd R ul e window . 2. Selec t Al low or Deny in th e Ac tion list de p endin g upon whethe r the rule is inte n ded to p er mit or bl oc k IP tr aff ic .
Ne tw ork A cce ss Rul e s Page 135 9. Do n o t se lect the Allow F ragmented Packets ch e ck bo x . La r g e I P pa c k ets are oft e n d iv i de d i nt o frag men ts bef ore they are ro uted over the Internet and then reassembled at a destination ho st.
Page 136 SonicW ALL Internet Security Appliance Administrator’s Gui de 9. If you want the Rule to have guarante e d bandwidth, selec t Enable O utbound Ba ndwid th Man ageme nt , and enter va lues for Guaranteed Bandwidth , Maximum Ban dwi dt h , and Bandwidth Priority .
Ne tw ork A cce ss Rul e s Page 137 7. Since the i n tent is to all ow a ping only to th e SonicWALL , enter the Sonic WA LL LAN IP Address in th e D e s t in at io n A dd r Ra n ge B e g i n fi el d. 8. Selec t Alw ays fro m t he Apply this rul e menu to en sure c ontin uous en forc ement.
Page 138 SonicW ALL Internet Security Appliance Administrator’s Gui de Underst anding the A ccess Rule Hier archy The ru le hi era rch y ha s two ba sic con ce pt s: 1. Spe ci fic rules over ride gener al rules: An in di vidua l se rvice is more spec if ic than the De f ault se rvi ce.
Ne tw ork A cce ss Rul e s Page 139 Us er s Extensive f e atures a re available on the Use rs tab in the Ac cess sec tion o f the Manag ement inte rf ace.
Page 140 SonicW ALL Internet Security Appliance Administrator’s Gui de Users • Use R ADIU S - Sele ct Use Ra dius i f y o u h a ve co n fi g u re d RA D I U S t o a u th e nt i c a t e u se r s a c c e s si n g the network thro ugh the SonicWALL. If you h ave more than 100 u sers requiri ng authenticati on, you m u st us e a RAD IUS se rv er .
Ne tw ork A cce ss Rul e s Page 141 Current Users A lis t of all c urrent u sers is d isplay ed in a tabl e at the bot tom of th e p age. T he Curr ent Us ers tabl e lists the User N a m e , the IP Addr ess of the user, the Se ssio n Time , Time Re maining o f t he se ss io n, and the Inactiv ity Remainin g time.
Page 142 SonicW ALL Internet Security Appliance Administrator’s Gui de Us er L og in When a u s e r other than th e administrator l ogs into the SonicWALL M an ag e ment i nterface, a p ag e i s disp lay ed wit h th e us er’s privi le ges li st ed .
Ne tw ork A cce ss Rul e s Page 143 RADIUS RADIUS can provide c o n tr o l over user acce s s and VP N access. R ADIUS configuratio n is located in the Acces s window. To config ure RADIUS s ettings, complete the follo wi ng instru ctions. Click t he RAD IUS tab.
Page 144 SonicW ALL Internet Security Appliance Administrator’s Gui de RADIUS Users You can s ele ct the def ault pr ivileg es for all RA DIU S users i n this s ec tion. • Rem o te A cc es s - Enabl e th is ch eck b ox i f the us er acces ses th e S oni cWAL L from a re mote com - puter.
Ne tw ork A cce ss Rul e s Page 145 Ma na g e m e nt SonicW ALL SN MP Support SN M P ( Si m pl e Ne t w or k Ma n a g em e n t Pro t oc ol ) i s a networ k pro tocol use d ove r U ser Datag ram Protoc.
Page 146 SonicW ALL Internet Security Appliance Administrator’s Gui de 5. Create a n ame for a gro up o r community of ad minist rator s who can view SNMP d ata, and enter it in the Get Commun ity N ame fi eld. 6. Create a name for a group or community of administrator s who can view SNMP traps, and enter it in the T rap C ommunity Name fiel d.
Ne tw ork A cce ss Rul e s Page 147 To enabl e secur e remote man agement , cl ick Acce ss on the le ft side of the brow ser windo w , and clic k t he Manageme nt tab. The n se lect En a ble M ana gem ent Us in g VPN C lie n t t o e n a b l e s e c u r e remot e man agement usi ng M anual K ey.
Page 148 SonicW ALL Internet Security Appliance Administrator’s Gui de 11 Ad vanced Feature s This ch ap te r desc ribe s the Son icW ALL Adva nced F eatures , such as We b Proxy Forw ard ing , DMZ Addr e ss settings, and One -to-O ne NAT .
Adv anc ed Fea tu res Pag e 1 49 Configur ing We b Proxy R elay 1. Connect your Web proxy server to a hub, an d connect the hub to the SonicWAL L WAN port. Alert The proxy serv er must be lo ca ted on the WAN or the DMZ; it can not be loca te d o n the LAN.
Page 150 SonicW ALL Internet Security Appliance Administrator’s Gui de Intr a net Th e Son icWALL can b e conf igur ed as a n Int ranet fire wall to p r event net w ork use rs f rom acc essin g sens iti ve se r ver s.
Adv anc ed Fea tu res Pag e 1 51 Int ran et Configurat ion Click Advance d o n the left sid e of the browser wi ndow, and then cli c k the In tra n e t tab. To enable an Int r anet firewall, you must specify which m achines are located on the LAN, or you must sp ec ify wh ic h machi nes are loc ated on t h e W AN .
Page 152 SonicW ALL Internet Security Appliance Administrator’s Gui de VP N Single - Armed Mode (stand -a lone VPN gatew ay) Note: Th i s fea t ur e is av aila ble o nl y o n the PR O 10 0, 20 0, 30 0, 23 0, 33 0, an d GX se ries .
Adv anc ed Fea tu res Pag e 1 53 Configur ing a SonicWALL f o r VPN S ingle Armed Mo de You can use t he fo llowi ng ex ample infor mation t o confi gure the I P add resses on a Sonic WALL f or VPN Si.
Page 154 SonicW ALL Internet Security Appliance Administrator’s Gui de Routes If you have r out ers o n your Loca l Area Netw ork (LA N), Dem ilitar i zed Z one (DMZ ), or Wid e Are a Net wor k (WA N), yo u can con figu r e Sta tic R outes on the So nicWA LL.
Adv anc ed Fea tu res Pag e 1 55 LA N R oute Adve r tisem ent Note: T his f e ature i s onl y av aila b le o n t he PRO 1 00 , P RO 20 0, PR O 23 0, PRO 300 , and P RO 3 30 . Th e Soni c WA LL us es RIPv 1 or RI Pv2 to adverti se it s stat ic and dynamic rout es to other routers on the n etwork.
Page 156 SonicW ALL Internet Security Appliance Administrator’s Gui de Ch ange Da mp Time (sec on ds) fi eld . T he de fault v alue is 3 0 sec onds .
Adv anc ed Fea tu res Pag e 1 57 Click Advance d o n the l eft si de of t he br owse r w in dow , a nd the n clic k DMZ Add resses . Ser vers o n th e DMZ must ha ve uniq ue , val id IP ad dr esse s i n the same sub net as t he So n icW ALL WAN I P Ad d r ess .
Page 158 SonicW ALL Internet Security Appliance Administrator’s Gui de 3. If yo u ch o os e t o use D M Z N AT Man y t o O n e P ub li c A dd r es s (O p t io n a l) , en ter t h e DMZ p ublic IP add ress w hi ch is on t h e s am e su bne t as t he WAN for a cc e ss to d ev ice s o n th e DM Z i n ter fac e.
Adv anc ed Fea tu res Pag e 1 59 3. Click Updat e . Once th e SonicWALL has been updated, a message confirmi n g the update is dis played at th e bottom of the b r ow ser win dow.
Page 160 SonicW ALL Internet Security Appliance Administrator’s Gui de One -to -O ne N AT One-t o-On e NAT maps valid, external ad dresses to private addres ses hidden by NAT. Computers on your priv at e LAN are acce sse d on th e Int ern et a t the corr e spo nd ing pu bli c IP addr es se s.
Adv anc ed Fea tu res Pag e 1 61 One- to-One NA T Configur ation Ex ample This exampl e assumes that you have a SonicWALL runn i ng in the NAT-en ab led mode, with IP ad dre sse s on th e LA N in th e rang e 192. 168. 1. 1 - 192. 168 .1. 254, an d a WA N IP add res s of 20 8.
Page 162 SonicW ALL Internet Security Appliance Administrator’s Gui de Ethe rnet The Et h e rn e t tab al lows the m an age m ent of Ethern e t settin gs using the SonicWALL Management inte rfac e.
Adv anc ed Fea tu res Pag e 1 63 Updat e to apply the c h anges to t h e SonicWALL. N ow that yo u have enabled Ba ndwidth Man ageme nt , you ca n be gi n co n fi gu ri ng Ru les to us e bandwi dth mana gemen t .
Page 164 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicW ALL Bandwi dth Manage ment Bandwidth management is a means of alloc ati ng bandwidth resources to cri tical applications on a network.
Adv anc ed Fea tu res Pag e 1 65 . Examples of Bandwidth Ma nagement Rules Bandw idt h M an ag eme nt Sche ma Ru le Service Prio rity Gu arant eed Maximu m Allow SMT P 0 300 Kb ps 1 0 00 Kbps Allow FT.
Page 166 SonicW ALL Internet Security Appliance Administrator’s Gui de 12 D HCP Serv er This ch ap ter de scr ibe s the co n figu rati on o f the S oni cW A LL DHCP Serve r . DHCP, Dynamic Host Config u ratio n Protocol , is a me thod to distri b ute TCP/IP settin g s from a cen t rali zed server to computers on a network .
DH CP S erve r P age 1 67 Configur ing the SonicW AL L DHCP Se r ver To c onf igur e the So nicWA LL DHCP server fo r t he L A N, c omp lete the foll owing in struc tions . 1. Sel ect the En a b le DH C P S e rv e r . Alert M a ke su re th ere a re n o o ther D H CP se rvers o n the L AN be fore yo u en able the DHC P serve r.
Page 168 SonicW ALL Internet Security Appliance Administrator’s Gui de Dele ting Dyna mic Rang es a nd Static Entrie s • To r emov e a range of addr esses from the dy namic p ool, selec t it fro m t h e l ist of dynami c r anges , and cli ck Delete Ra nge .
DH CP S erve r P age 1 69 Conf iguring t he Cent ral Gat eway f or VPN over DHCP To co n figure DHCP over V P N for the Ce ntral Gatew ay , us e t h e follo wing s teps : 1. Log i n to the Management in te rface, click DHCP , and t hen DHC P ov e r VPN .
Page 170 SonicW ALL Internet Security Appliance Administrator’s Gui de 2. Selec t Remote Gateway from t he DHCP R e lay M ode me n u. LAN IP Addres s es 3. Select th e VPN Securi ty Associ ation to be used for the VPN tunnel from the Obta in us ing DHCP through this S A m e nu .
DH CP S erve r P age 1 71 LAN Device Configuration 7. To c onfi gur e Stat ic Device s on the LAN , ent er the IP addr ess of the devic e in the IP Ad dre ss fiel d an d th en ente r the Eth ern et Addres s of th e d evice in t h e Et hernet Addr ess fi el d.
Page 172 SonicW ALL Internet Security Appliance Administrator’s Gui de DHCP Status A Sta tu s page is now available to review DH CP Se rv er St at u s and DHCP o ver VPN Status . The DHCP Ser v e r S t a t us secti on report s the n umber of Current , Av ai lab le Dyn a m ic , Avai la ble Static lea se s a s wel l as the Tot al leases.
DH CP S erve r P age 1 73 DHCP Ser v er on t he SonicWALL TELE3 TZ and TZX Th is sectio n expl ains the con fi gura t i o n of th e So nicWA LL DHCP Server on t he S o nicW A LL TELE 3 TZ an d TZ X.
Page 174 SonicW ALL Internet Security Appliance Administrator’s Gui de Configur ing the SonicW AL L DHCP Se r ver To confi gure the Sonic WALL DHCP server for t he Wor kPort, th e HomeP ort, or bot h , c omplet e the fol lowin g instr uctio ns . 1. Sel ect the En a b le DH C P S e rv e r .
DH CP S erve r P age 1 75 Tip T h e D HC P Se r v er d o es n ot a ssi g n an IP a dd r e ss f r o m the d y na m ic r an g e if th e a dd res s is a l rea d y bein g use d by a c omp ut e r o n yo ur Wor k Po rt . 11 . The DHCP Ser ver can also assign S ta tic Ent r ie s , or st at ic IP addr esse s, to co mpu t ers on th e LAN.
Page 176 SonicW ALL Internet Security Appliance Administrator’s Gui de DHCP Status A St a tu s page is available to review DHCP Se rver Sta tus an d DHCP o ver VPN Statu s . T he DHCP Ser v e r S t a t us secti on report s the n umber of Current , Av ai lab le Dyn a m ic , Avai la ble Static lea se s a s wel l as the Tot al leases.
SonicWALL VPN Page 177 13 Son icW ALL VP N Son icW ALL VP N p rov ides se cur e, e nc rypt ed c om mu ni catio n to bu sine ss partn ers an d re m ote offic e s at a fract i on of the cost of d edicated leased l ines.
Page 178 SonicW ALL Internet Security Appliance Administrator’s Gui de VPN Manageme nt I nt er face Summar y T ab The Summary tab has f our se cti on s: Global V P N Set tings , VPN B an dwi dth Managemen t , VPN Polici e s , and Curren tly Active VPN tunnels .
SonicWALL VPN Page 179 in t he Fa ilu re Trigger Lev el (missed hea rtbeats) fiel d . T h e def a ul t v alue i s 3 . If the tr igger leve l is rea ch ed, t h e VPN co n nect ion is drop pe d by the So ni cWA LL. The Son ic WAL L us es a UD P pac k- et prot ected b y Ph a se 1 Encr ypti on as the heartb eat.
Page 180 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicW ALL N AT T raversal Support VPN NA T Tr ave rsa l is an In ternet Draft propos ed to IETF ( Intern et Eng ineer ing Tas k For c e) to overcome problems faced when IPSec traf fic is intended to pass through a NAT device.
SonicWALL VPN Page 181 Conf igur e T ab Add/Modif y IPSec Security Associations The Co nf ig ure t ab s ett ing s c ha nge d ep en ding o n the S ecur ity As so ciati o n ( SA ) an d I PS ec K eyi ng op tio ns y ou ch oo s e in the Add/M odi fy IPS ec Sec uri ty Ass oci atio ns .
Page 182 SonicW ALL Internet Security Appliance Administrator’s Gui de Security Pol ic y Settings Th e fol low ing se cti ons de scri be th e Secur it y Pol icy set ti ngs fo r Gr oup VP N, IK E usi ng Pr e-s hare d Secret, and M anual Key.
SonicWALL VPN Page 183 - St rong Encr ypt and A uthent i c ate (ES P 3DES HMA C SHA1 ) - uses 16 8- bi t 3DE S en cryp tion and HMA C SH A 1 a u the nt i cat io n . 3 DES i s a n ex tr em e ly se cu re e n cr yp ti on m e tho d, a nd HM AC SH A 1 is u sed to verify int egrity.
Page 184 SonicW ALL Internet Security Appliance Administrator’s Gui de • Phase 1 Encryption/Authentication - se le ct a n e nc ry pt io n m e tho d fr om the Enc ry pt io n / A u th e n - ticati o n f or the VPN tunnel.
SonicWALL VPN Page 185 - Encr ypt and Authenticate (ESP DES HMAC MD5) - u se s 56 -b it D ES e n cr ypt ion a nd H M AC MD 5 authenti c ation . This method impac ts the data throughput of VPN communicati on s . SonicWALL VPN clie nt s upports thi s method.
Page 186 SonicW ALL Internet Security Appliance Administrator’s Gui de Destination Networks In t h is secti on, enter the n etwork s e ttings fo r the re mote V PN site (th e “Destin ation Network” ) . I n c lu de th e subn et mas k whi ch de t er min e s bro adc a st ad dr e s se s f o r Net BIO S su ppor t.
SonicWALL VPN Page 187 Advanc ed Settings All of the Advanced Settin gs for VPN co n necti on s ar e acc esse d by click ing the Ad va nced Setti n gs button l o cated on the Configure tab.
Page 188 SonicW ALL Internet Security Appliance Administrator’s Gui de Re quire authen ticati on of local users Sele c ting this che c k box requires that all outbo u nd VPN traffic on thi s SA is from an authenti c ated user. Unauthe nti c ated traffi c is not allowed on the VPN tunnel.
SonicWALL VPN Page 189 Securi ty Association in your SonicWALL. Traffic can travel from a branch office to a branch office via the co rporat e off ic e.
Page 190 SonicW ALL Internet Security Appliance Administrator’s Gui de a rou te for the LAN . If no rou te is found , the Soni cWALL chec ks for a Defaul t LAN Gateway. If a Defaul t L AN Gateway i s dete cted, the pa cket i s rout ed th rough the gat eway.
SonicWALL VPN Page 191 Adv anced Set tings f or VPN C onfigurati ons The f ollow ing t able lists the av ailabl e set tings for e ach VP N c onfig urat ion.
Page 192 SonicW ALL Internet Security Appliance Administrator’s Gui de Configur ing Son icWALL VPN Th is sec ti on cover s the con figu rat ion of Soni cWAL L VPN fo r the So nicW ALL In tern et Se cur ity Appliance as well as the install a tion and confi guration of the SonicWALL V PN client softwa re.
SonicWALL VPN Page 193 Gr oup VPN C onf iguration for the Sonic W ALL and VPN Clien t Configur ing Group VPN on the Sonic WALL Click VPN on the lef t side of the Soni cWAL L brows er window , and t hen cl ick Configure . The Son icW ALL VPN tab def aults t o a Group V PN setti ng.
Page 194 SonicW ALL Internet Security Appliance Administrator’s Gui de 8. C rea t e and ent er a Sh a r e d S ec r et in th e Shared Secret fi eld o r use the Shared S ecret automatical ly generated by the SonicWALL.
SonicWALL VPN Page 195 Group VPN Client Set up Installing the VP N Client Software 1. Wh en yo u reg ister your Sonic WALL o r So nicWA LL VP N Upg rade, a un ique VPN c lien t seri al num be r an d l i nk t o d ow nlo a d the S o nicW AL L VP N Cl ie n t zi p fi le is di spl a yed.
Page 196 SonicW ALL Internet Security Appliance Administrator’s Gui de 3. A dialogue box confir ming th e request to impo rt the securi ty file appears. Click Yes , and another b o x appears con f irming that th e file i s successful ly imported into the cli ent.
SonicWALL VPN Page 197 6. Click File , the n Sa v e C ha n ges to save the settings to the sec u rity policy. Grou p VPN can als o be c onf igur ed usi ng digita l cer tific ates in th e Se cu r ity As so ci at ion se ttin gs.
Page 198 SonicW ALL Internet Security Appliance Administrator’s Gui de Verifying the VPN Tunnel as A ctive After th e Group VPN Policy is acti ve on the VPN Client, you can ve ri fy that a secure t u nnel is active and sendin g data s ecurel y across the connection .
SonicWALL VPN Page 199 Manual K e y Configuration for the So nicWALL and VPN Clie nt Configur ing the SonicW AL L To c on figu r e t h e Son icWALL applia nc e, cl ic k VP N on th e left side of the browser windo w, and se lect Enab le VPN to allow the VPN connection.
Page 200 SonicW ALL Internet Security Appliance Administrator’s Gui de 7. Enter a 1 6 characte r hexadecimal encry p tion key in the Enc ryption Key field o r us e the defau lt val ue.
SonicWALL VPN Page 201 Launching the S onicWALL VP N Client To l aun ch th e VP N cl ient, s el ect SonicWAL L VPN Cli ent Sec urit y P olicy E ditor fr om the Windows Start me nu , or doub le-c lick th e icon in the W indo ws Task B ar .
Page 202 SonicW ALL Internet Security Appliance Administrator’s Gui de Configuring VPN C lient Identi ty To c onfigur e the VPN Cl ient Id en tit y, clic k My Id entit y in the Network Security Policy win do w . 1. Selec t Non e fr o m the Se l ec t C e rt if ic a t e menu.
SonicWALL VPN Page 203 Configuring VPN Client Key Exchange Proposal 1. Selec t Ke y Exchange (Phase 2) in t he Netw ork Se cur ity Pol icy box . T he n se lect Pro posa l 1 be low Key Exchan ge (Pha se 2 ) . 2. Selec t Un sp ec if ie d in the SA Lif e m e n u.
Page 204 SonicW ALL Internet Security Appliance Administrator’s Gui de Configuring Inbound VPN C lient Keys 1. Click In bo un d K e ys . T he Inbo und Key ing Mate rial box appears . 2. Click Enter Key t o define th e encr y ption an d authen tication key s.
SonicWALL VPN Page 205 Verifying the VPN Tunnel as A ctive Aft er conf iguri ng the V PN Cl ient , you ca n verif y tha t a sec ure tunn el is acti ve and sendi ng dat a secure ly acros s the connection. You can verify the connecti on by verifyin g the type of i con displa yed in the system tray near the system clock.
Page 206 SonicW ALL Internet Security Appliance Administrator’s Gui de IKE and Manu al Ke y Configura tion for T wo Son icWALLs VPN bet w een two SonicWALLs all ow s users to securely access fil es and application s at remote l ocat io ns.
SonicWALL VPN Page 207 6. Defin e an SPI that the local So nicWALL uses to identif y the Sec ur ity A ssoci ation in th e Outgoi ng SPI f i e l d . S P I s s h o u l d r a n g e f r o m 3 t o 8 c h a r a c t e r s i n l e n g t h a n d i n c l u d e o n l y h e x a d e c i m a l characte rs.
Page 208 SonicW ALL Internet Security Appliance Administrator’s Gui de Default L A N Gateway if spec ifying the IP ad dress of th e def ault L AN rout e for in comin g IPSe c pa ck e ts f o r th is S A . Thi s i s use d in con ju nc tio n wi t h t h e Route all in ternet traffic thr ough this SA chec k box .
SonicWALL VPN Page 209 10. C lick Ad d N ew Ne tw ork . E n ter th e IP add res s, “1 9 2.1 68 .22 .1 ” i n t he Ran g e St ar t field. Ent er the IP a d dre ss , “1 92.1 68. 22 .25 4 ” in t he Ran ge End field . This Ran ge End value is appr opr iate even if N etBIOS b roadcas t support is enabled.
Page 210 SonicW ALL Internet Security Appliance Administrator’s Gui de Route all internet tr affic throug h this S A - if f o rcing internet traf fic fro m the WAN to use th is SA to ac c ess a r em ote si te . Default L A N Gateway if spec ifying the IP ad dress of th e def ault L AN rout e for in comin g IPSe c pa ck e ts f o r th is S A .
SonicWALL VPN Page 211 IKE Co nfig urat ion for T wo SonicWALL s An altern ati ve to Ma n u al K ey c o nf ig ur at i on is Interne t Key Excha nge (IKE) .
Page 212 SonicW ALL Internet Security Appliance Administrator’s Gui de 7. D ef in e th e l e ng th of ti m e b ef ore an IK E S ecu r ity As so ci ati o n au to ma t ica ll y re ne go ti at es in t he SA L if e Ti m e (s ec s) fie ld . T he SA Life T ime can rang e fro m 120 to 2,5 00 ,00 0 se co nd s.
SonicWALL VPN Page 213 Example of IKE C onfig urat ion for T wo SonicWAL L s The f ollowing e xample illu s trates the step s necess ary to cr e ate an I KE VPN tunne l between a Son icW ALL PRO 20 0 a nd a So ni cWAL L TE LE3. A compan y wants to use VPN to link two offices to g ether, on e i n Chicago an d the ot he r i n San Francisco.
Page 214 SonicW ALL Internet Security Appliance Administrator’s Gui de 10. Select a VP N encryption method from the Phase 2 Encr yption/Authent ication menu. S ince dat a thro u g h put and securit y are the primary concer n , selec t E n crypt and Authentic ate ( E SP 3DES HMAC SHA 1) .
SonicWALL VPN Page 215 6. Selec t Group 2 fr o m the Phase 1 DH Group menu. 7. Ente r 28 800 in the SA L ife t ime ( secs) f iel d to renegoti ate keys daily. 8. Selec t 3DE S & SH A1 fro m t he Phase 1 E n cryption/Authentication m enu. 9. Sele c t the encryptio n alg ori th m from the Phase 2 Encryption/Authentication menu.
Page 216 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicW ALL Third Par ty Digi t al Cer tificat e Suppor t Tip Th is sec tion ass umes that you are fa miliar wi th Public Key Infra s t ructure ( PKI) and the i mp lemen tatio n of digit al c ertif icates with VPN.
SonicWALL VPN Page 217 Over vi ew of Third P ar ty D igital Cer tific ate Su pport X.509 Version 3 Certificate Standard X.509 v3 c ertificate standard is a specif ication t o be used with cryptographi c certific ates and allows yo u to d ef ine e x ten sio ns whic h yo u ca n in clu de w it h you r c ert ifi ca te.
Page 218 SonicW ALL Internet Security Appliance Administrator’s Gui de Importing Certificate with private key Aft er a c erti ficate is si g ned by t he CA and retu rn ed to y ou, you can imp ort the cert ificate in to the SonicWALL to be used as a Local C er tific ate for a V PN S e cu rity As so ci ati on.
SonicWALL VPN Page 219 Cre at ing a Cer tif i cat e Signin g Request To c r ea t e a cert ifica te for use wi th a VPN SA, foll ow thes e st eps: Tip! You s h o ul d c re a t e a C e rt if ic a te P o li cy t o u sed in c o n ju n ct i on w it h lo c a l ce rt if ic at e s .
Page 220 SonicW ALL Internet Security Appliance Administrator’s Gui de Configuring a VP N Security Association us ing IKE and a Third Party C er tificate To c r ea te a VPN SA usin g IKE and thi rd party ce rtifi cate s, fol low thes e s teps : 1. Click VP N , th en Configu re .
SonicWALL VPN Page 221 3. Selec t the Netwo rk De bu g chec k box, and then c lick Up da te t o e n a b l e t h e Netwo rk Debug set tin g. T esting a VPN T unnel Connec tion Using PING To verif y that your VPN tunnel is working proper ly, it is necessary to ping the IP addres s of a computer on th e remote n etw ork.
Page 222 SonicW ALL Internet Security Appliance Administrator’s Gui de If you are unable to ping the remote network, wait a few minutes for the VPN tun n el to become establi she d, and try pinging the network again. If you are s ti l l unable to ping the remote ne t wo rk , cont a c t your ne t wo r k admi ni st r at or .
SonicWALL VPN Page 223 3. Selec t the Log o n to W ind o ws N T D om ain c he c k b ox , an d e nt e r t he d om ai n n a me pr ov i de d b y your administr a tor in to th e Windows NT domain text box. S elect Qu ick Lo gon unde r Net work lo g on o pt i on s se ct i on.
Page 224 SonicW ALL Internet Security Appliance Administrator’s Gui de 5. Click on TCP/ IP or Dia l-Up A dapte r , and t hen Proper ties . Cl ic k t he WINS Confi g uratio n ta b , an d sele ct Enable WI N S Re s olu tio n . Ent e r the WINS serv er IP ad d res s gi ven to y ou by th e admin istrator, and c l ick Ad d .
H igh Av ail abi lity P a ge 22 5 14 High A vailability Gi ven the cr itical natu re of I n t ernet con necti ons, Son icWALL High Ava ilabi lity i s s t a n d a r d o n t h e S onicWA LL pr oduct line .
Page 226 SonicW ALL Internet Security Appliance Administrator’s Gui de Configur ing High Avai lability on th e Primar y SonicWALL Click Hi gh A va ila bi li ty on th e left sid e of th e Son icW ALL brows er wi nd ow, a nd t hen cl ic k Co nf igu re at the top of the window.
H igh Av ail abi lity P a ge 22 7 4. I n t he Web Manag eme nt i nte rfac e f or the primar y Son icW ALL , con fi gure t he bac kup S oni cWA LL set tin gs as fo llow s: • Ser ia l N u mb er - Enter th e seri al number o f the b ac kup S o nicWALL.
Page 228 SonicW ALL Internet Security Appliance Administrator’s Gui de Alert I t is imp o rt an t du r in g in i t ial co n fi g u ra t io n th at th e ba ck up So nic W A L L has no t be en p re v io us ly confi gured f o r use.
H igh Av ail abi lity P a ge 22 9 Alert If you change the IP addre ss of ei ther SonicWAL L, synch roniza tion cann ot occu r betwee n the two So nicWALLs wi thout u pdating the c hanges manua lly in the High Availa b ili ty configu ration.
Page 230 SonicW ALL Internet Security Appliance Administrator’s Gui de High Ava ilabili ty Sta tus Window On e m e th o d t o de t e rm in e wh ic h S on ic WA L L is a c ti v e i s to c h ec k th e Hi gh A vaila bil it y Sta t u s pag e for the High Ava il abilit y pai r .
H igh Av ail abi lity P a ge 23 1 The f irst lin e in the status w in d ow indi c at es that the backup Son ic WA LL is c urrently Ac tiv e . It is also possib le to check the s tatus of the backup SonicWA L L by log g ing in to the LAN IP A dd res s of t he backup SonicWALL.
Page 232 SonicW ALL Internet Security Appliance Administrator’s Gui de Vie w Lo g The SonicWALL also maintains an event log that display s these High A vailabi lity events in additio n to oth er sta tus messa g es and po ssi ble se cu rity t hre ats.
H igh Av ail abi lity P a ge 23 3 To re start the active Soni c WALL, lo g into th e primary Soni c WALL LAN I P Address and click Tools on th e le ft sid e of th e bro ws er wind ow a nd t hen cli ck Re star t at the top of the window. Click Rest art Son icWA LL , the n Ye s to conf irm t he r estart.
Page 234 SonicW ALL Internet Security Appliance Administrator’s Gui de 15 So nicWALL Options and U pgrades Soni c WAL L, Inc. offer s a vari ety of opt ions and u p gra des to enh ance t he func tional ity of you r SonicWAL L Inter ne t security appliance.
Soni cWAL L Optio ns and U p g rade s Page 23 5 Cont ent Fil t er Lis t Subscr i pt ion Ina ppropri ate on line c ontent ca n creat e an unco mforta ble work en vironm ent, le ad to ha rassment laws u its, or expose child re n to pornography or racial ly intoler ant s ites.
Page 236 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicWALL ViewPoint Repor t ing So n ic W ALL ViewP oi nt , a Web-based graph ical repor tin g tool, enable s admin istrators to understan d an d man age thei r netwo rk.
Hardware Descriptions Page 2 37 16 Hardware Descriptions Th is chapter prov ides detail ed illus trations and d e scrip tions of the S onicWALL Int ernet Se c urity Applian c es fron t an d back panels by model. Refer to th is chapte r to learn about the locati o n of LEDs, swi tches , a nd conne ctor s.
Page 238 SonicW ALL Internet Security Appliance Administrator’s Gui de • Rese t S w i tch Resets the SonicWALL PRO 200 or the SonicWALL PRO 300 to its factory cle an state. This can be required if yo u for ge t th e adm ini stra t or pa sswo rd, or t he So nic WA LL firmw a re h as be co me co rr upt .
Hardware Descriptions Page 2 39 SonicWAL L PRO 200 an d PRO 300 F r ont Panel Th e Soni cWALL P RO 200 f ront pane l is sh own b elow, fo llowe d by a descri ption of each ite m.
Page 240 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicWAL L PRO 200 and PRO 300 Back Panel Th e Soni cWAL L PR O 20 0 ba ck pa nel i s sh own b elow, fol lowed by a desc ripti on of eac h ite m. Th e Soni cWA L L PRO 300 back panel i s identic al to the SonicWALL PRO 200 .
Hardware Descriptions Page 2 41 SonicWALL PRO 100 Front Panel The So nicW A LL PR O 1 00 fro nt pan el i s sho wn be low , f o llowe d by a d es crip tio n of ea ch i t em. SonicWALL PRO 100 Front Panel De scription • Power Ligh ts u p w hen pow er is appl ied to the S o nicWA LL PR O 1 00 .
Page 242 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicWAL L PRO 100 Back Panel The Soni cW A LL PR O 1 00 ba ck pan e l is sh own bel ow , fo llo wed by a de scri ptio n o f ea c h ite m.
Hardware Descriptions Page 2 43 SonicWAL L TELE3 SP Front Panel The So nicW A LL TELE 3 SP f r ont pan el is show n bel ow, fo llo wed by a d e scri ptio n of e ac h i te m. SonicWAL L TELE3 SP Fron t P ane l Descript io n • Power Ligh ts up wh en po wer is a ppli ed to the S o nicW A LL TELE 3 S P.
Page 244 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicWAL L TELE3 SP B ack Panel Th e Son icW ALL T E LE3 SP bac k pa n el is sh ow n belo w , fo ll o w e d by a des cri p tio n of eac h i t em.
Hardware Descriptions Page 2 45 SonicWAL L TELE3 TZ Fro nt Pane l The So nicW A LL TELE 3 TZ f ron t pa ne l is sh ow n be l ow, foll owe d by a d e scri ptio n of e ach it em. SonicWAL L TELE3 TZ F ro nt Pane l Description • Power Ligh ts u p w hen po wer is appl ied to the So nicW A LL TZ.
Page 246 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicWAL L TELE3 TZ B ac k Panel SonicWAL L TELE3 TZ B ac k Panel D escription • Rese t S w i tch Eras es th e fir mw a re a nd rese t s S onic W ALL TZ to it s fac t ory cl e an st at e .
Hardware Descriptions Page 2 47 SonicWAL L TELE3 TZ X Front Panel Th e Son i c WALL TEL E 3 T ZX fr ont pane l is shown bel ow, fol lowed by a descri ptio n of each it em. SonicWAL L TELE3 TZX Front Panel Description • Power Ligh ts u p w hen po wer is appl ied to the So nicW A LL TZX.
Page 248 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicW ALL TEL E3 TZX Bac k Panel l SonicW ALL TEL E3 TZX Bac k Panel Descript ion • Rese t S w i tch Eras es the fir mw are an d rese ts So nicW ALL TZ X t o its facto ry c le an sta te .
Hardware Descriptions Page 2 49 SonicW AL L SOHO3 and TELE3 Front Panel The S oni cWAL L SOHO3 f ron t pan el is sh own bel ow, fo llo wed by a de scr ipt ion o f ea ch it em. The So n ic W ALL TELE3 is identical to th e SonicWALL SOHO 3 ex cept f or t he TELE3 label on th e front pa n el and th e in clus ion of So ni c W A LL VP N .
Page 250 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicW ALL SO HO3 and TELE3 Back Panel The S oni cWAL L S OH O3 back pan e l is sh own be low , fol low ed by a de scr ipt ion o f eac h i tem . The Soni cWAL L TELE3 back panel is iden tic al to the SonicWALL SOHO3 .
Hardware Descriptions Page 2 51 SonicWAL L GX 250 and GX 650 Front Panel The So nicW ALL GX 250 fr ont pane l is sho w n belo w , follo wed by a descr i ption o f eac h ite m. The Soni cWAL L GX 650 i s id entic al to the Soni cWALL GX2 50 except fo r t he GX 650 labe l on the fro nt panel and the types of network inter f aces install ed.
Page 252 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicWAL L GX250 Front Panel Th ree F ast Eth ern et inter faces pr ovide con ne ctivit y for eit h er Ether net and Fas t Ethern et ne tworks .
Hardware Descriptions Page 2 53 SonicWAL L GX 250 and GX 650 Bac k Panel Description • Power In puts There ar e two power in put receptacles to connect th e SonicWALL to th e AC power i n put. The u nit comes standard with redundant hot swappable power supplie s with active power functio n cor rect ion ( 100 -2 40 VA C 50 / 60 Hz) .
Page 254 SonicW ALL Internet Security Appliance Administrator’s Gui de 17 T rou bl es hoot in g Gui de This chapter provi d es solutio ns for problems that you might encou n ter when usin g the SonicWALL . If y ou are u nable t o solve y our prob lem, p lea se visi t the So nicWALL Tech S upport We b si te at <http :// www .
Troubl es hoot ing G uide Pag e 2 55 • I f you a re using an Inter n et E xplorer b rows er, you c an wan t to cli ck the Re f res h bu t ton se v eral times to full y load the Ja va and Java s cript p rogram s. Also, wait u ntil J ava applet has comple tely load ed before atte mp ting to log in.
Page 256 SonicWALL Internet Security Appliance Admi nistrator’s Guide 18 App endic es Appendix A - T echnical Specifications Note: Spe cificati ons for the Soni cWALL Inter net securi ty applianc es are subjec t to change. Pl ease verify the ab ove specific atio ns with pro du ct datash eets .
Ap pen dices P ag e 2 57 Appendi x B - Sonic WA LL Support Solutions Soni c WALL’s powerf ul securit y solutions g i ve unpre c edented p ro tecti o n from the risks of Intern et attac ks.
Page 258 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicW ALL Suppor t 24X7 Fo r c ust om e rs wi th mis s io n -cri ti cal ne tw or k req u i rem e nts w ho can no t aff or d d .
Ap pen dices P ag e 2 59 W arranty Su ppor t - No r th Am er ica Inclu d ed with all SonicWALL products , SonicWALL warr anty support inc l udes re tu rn-t o -factory hard ware replacement for o ne year. Warrant y Su pport also include s technica l s upport and softw a re/f irm war e u pd a tes for 9 0 d ays.
Page 260 SonicW ALL Internet Security Appliance Administrator’s Gui de W arranty Su ppor t - Inte rnationa l Inclu d ed with all SonicWALL products , SonicWALL warr anty support inc l udes re tu rn-t o -factory hard ware replacement for o ne year.
Ap pen dices P ag e 2 61 SonicW ALL Suppor t 24X7 Availab le for all SonicWALL produ c ts, So n ic W AL L Su ppo rt 24 X 7 in cludes sof tware/ firmw are tech nical support, and factory replaceme nt of defecti ve hardware . Cover age is provided 24 hours a day , s ev en da y s a wee k .
Page 262 SonicW ALL Internet Security Appliance Administrator’s Gui de SonicW ALL Suppor t 8X5 Availab l e for all products, Son ic WAL L Support 8X5 in cl ud es so ft w ar e/f irm w are t e ch nica l s upp ort and factor y h ardw a re rep lacement.
Ap pen dices P ag e 2 63 Appendi x C - I ntroductio n to Ne tworking Th is ap p end ix pr ovide s a non-t echni cal ov ervi ew of t he ne twork p rotoc ols sup port ed by th e Son ic W A LL an d in clud es a di scu s s io n of I nte r ne t Pr o toc ol (I P ) ad d re ss in g.
Page 264 SonicW ALL Internet Security Appliance Administrator’s Gui de Net work Pro tocols The method that used to regulat e a workstati on’s a ccess to a comp u ter network to prevent data coll i sion s. The So ni cW A LL use s th e TCP/ I P p rot oc o l.
Ap pen dices P ag e 2 65 IP Addr essing To beco m e part o f an I P network, a n etwork devi c e must have an IP address. An IP address i s a uni que numb er that diff erentiat es on e device from an other o n the n etwork to av oid conf usion d urin g com m unic at ion.
Page 266 SonicW ALL Internet Security Appliance Administrator’s Gui de Subnet Mask The IP a dd res s in g sy st em al lo w s su b n etw o rks o r “i n ter ch ang es ” to b e cr ea te d a n d d evi ce nu m be r s or “ex ten sio ns” to be est abl is hed w ithi n thes e subn e two rks .
Ap pen dices P ag e 2 67 begin s to count IP ad d resses again s t the license, and contin u es to coun t n ew LAN IP addr ess es ac ce ssing t h e Intern et unti l t he a p p lia nce is re booted .
Page 268 SonicW ALL Internet Security Appliance Administrator’s Gui de Appendi x D - IP Port Numb er s Th e port numb ers ar e divi ded int o thr ee range s : Wel l Known Port s , Regi ste red Por ts , and Dynami c and/or Priv ate Ports . Well K no wn Port s r ang e fr o m 0 thro ug h 102 3.
Ap pen dices P ag e 2 69 Appendi x E - Configuring T C P/IP Se ttings The fo llowing steps d escribe how to confi gure the Management St ation TCP/IP setti ngs in order to ini tially contact the SonicWALL. It is assumed that the Management Statio n can access the Internet th roug h an exi sting conne cti on.
Page 270 SonicW ALL Internet Security Appliance Administrator’s Gui de Windows NT 1. From the Star t li s t , hi g h li gh t Setting s and then s elect Contr ol Panel . 2.Do uble-c li ck the Net work ic on in t he C ontro l Pan el wi ndow. 3.Do uble-c lick TCP/IP in th e TC P /IP Proper ties wind ow.
Ap pen dices P ag e 2 71 Win d o w s 20 00 1. In W i nd ows 20 00, c li ck Start , th e n Setting s . 2. Click Netwo rk an d D i a l-up Co nne ctions . Do ubl e -c li ck the net w ork co nn e ctio n na me t o o pe n th e St atus wind o w. 3. Cli ck Status to open the Prop erties window.
Page 272 SonicW ALL Internet Security Appliance Administrator’s Gui de Windows XP 1. Op en t he L ocal A rea Conne ction P r op erties win dow. 2.Do uble-c lick Inte rnet Protoc ol ( TCP/I P ) to open the Intern e t Prot ocol (TCP/ I P) Pro pe rtie s w i nd ow .
Ap pen dices P ag e 2 73 Macintosh OS 10 From a M aci nto sh co m pu t er, do t h e fo l lo win g: 1. Fro m the A pple list, choos e Co ntrol Pane l , and then ch oose TCP/ IP to open the T C P/ IP C ont r ol Pane l . 2. From the Configure list, ch oo se Manu a lly .
Page 274 SonicW ALL Internet Security Appliance Administrator’s Gui de Appendi x F - Basic V PN T erms and Concept s • VPN T un nel A VPN Tunn el is a t erm th at de scri be s a conn ec tio n betw een two o r mor e priva t e nodes or LANs over a pu b lic n etwork , typic ally the Int ernet.
Ap pen dices P ag e 2 75 • Internet Key E x chan ge (IKE) IK E is a n eg oti atio n an d k ey exc han ge p roto col s pec if ied b y t he In tern et Engin eeri ng T as k Forc e (IET F ). An IKE SA automatically ne g otiates Phase 1 Encrypti o n/Authe n ti c ati o n Keys.
Page 276 SonicW ALL Internet Security Appliance Administrator’s Gui de Using A H in cre ase s the pro cessi n g requ ire m ents of VP N and al so i ncre ase s t he communicati o ns latency.
Ap pen dices P ag e 2 77 • Data Encryption Standard (DES) When DES is used for data communicati on s, both sender and receiver mu s t know the same secret key, which can be used to encrypt an d decrypt the message, or to generate and verify a message au th entication c o de.
Page 278 SonicW ALL Internet Security Appliance Administrator’s Gui de App endi x G- Era sing the Fi rm ware Ther e can be in st anc e s wh en it is n ec e ssar y t o res et the So n icWA LL to its .
Ap pen dices P ag e 2 79 Appendi x H- Mountin g the Son ic WALL PRO 200 and PRO 300 The So nicW ALL PRO 20 0 and Son icWAL L PRO 300 a re desi gned t o be m oun ted in a st anda rd 19- inc h rack mount cab in et.
Page 280 SonicW ALL Internet Security Appliance Administrator’s Gui de Appendi x I - Configur ing R ADI US and A CE Ser vers Ind ivid u al user s must ha ve their privil eges defin ed on the RADI US serve r used f or authen ticati ng the use rs.
Ap pen dices P ag e 2 81 Configuring U ser Privi leg es To conf igur e user privi leges, fol low th ese steps: 1. With Steel B e lted RADI US Admini s tr ator op en, cl ick Use rs an d se le c t t he U se r t o c on fi gu re . O r sel ect a prof ile t o be c onfig ured from the Pr of i le Nam e menu.
Page 282 SonicW ALL Internet Security Appliance Administrator’s Gui de ACS S e r ve r ( C i sc o) Th e A CS se rver, vers ion 2.6, f rom Cisco doe s not support t he confi g urati on of vendor- specifi c pri vileg es. Ther efore, if a ACS Serve r is deplo yed, use r p rivi leges c annot be co nfigured on the se rver.
Ap pen dices P ag e 2 83 RA DIU S A ttrib ute s Di ction ar y Th e fol lowin g is the RA DIUS di ct iona ry in th e for mat us ed wit h Funk Sof twa r e’s Ste el B elt ed RAD IUS ser ver.
Page 284 SonicW ALL Internet Security Appliance Administrator’s Gui de Not es.
Ap pen dices P ag e 2 85 Not es.
Page 286 SonicW ALL Internet Security Appliance Administrator’s Gui de Not es.
Ap pen dices P ag e 2 87 Not es.
Page 288 SonicW ALL Internet Security Appliance Administrator’s Gui de Not es.
Ap pen dices P ag e 2 89 Not es.
Page 2 90 Son icWALL I nternet Se curity Appli ance Admin istrator’s Guide Index A Activ atio n Key 119 Ac tiv e X 100, 107, 110 Ad d N ew N etw o rk.
In de x Pag e 291 Dynamic Host C on figuration Proto co l (DHCP) 17 Dynami c Range s 167, 17 4 E Edit a Rule 1 37 E-mai l Alerts 16, 2 3 1 E-ma i l Log Now 94 Enab le A llow ed/ Fo rb idde n Do m ain .
Page 2 92 Son icWALL I nternet Se curity Appli ance Admin istrator’s Guide Log a nd Blo ck A cce ss 1 04 Log C at eg or i es 16 Log On ly 10 4 Log S ettings 93 Logo ut 74 M Ma na g em e nt SA 1 46 M.
In de x Pag e 293 S ys lo g In di v i dual E v ent Ra te 94 Sy sl og S e rv e r 94 Sysl og Se rve r 1 94 Sys log Ser ver Sup po rt 16 Syst em Errors 95 , 9 6 S y stem Mai ntenan ce 9 5 T Tech Supp ort.
© 20 02 So n icWA LL, I n c . Soni cWALL is a re gistered trade mark of SonicWA LL, I n c . Other prod uct and c ompan y n ame s men tioned h erein ma y be t r ade marks a nd/ or re gistere d trad emark s of their respe ctive com panie s. Spe cifica tions an d desc riptio ns subje c t to chan ge wit h out n otice.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il SonicWALL Internet Security Appliances è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del SonicWALL Internet Security Appliances - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso SonicWALL Internet Security Appliances imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul SonicWALL Internet Security Appliances ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il SonicWALL Internet Security Appliances, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del SonicWALL Internet Security Appliances.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il SonicWALL Internet Security Appliances. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo SonicWALL Internet Security Appliances insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.