sonicos standard 26 adminguide
TRANSCRIPT
-
7/27/2019 SonicOS Standard 26 AdminGuide
1/258
COMPREHENSIVE INTERNET SECURITY
SSSS S S onicWALL Security Ap pliance
S onicOS Standard 2. 6
Administrator's Guid eSonicWALL TZ 170 SP and TZ 170 Wireless
-
7/27/2019 SonicOS Standard 26 AdminGuide
2/258
Page i
Table of ContentsPreface................................................................................................xiii
Copyright Notice ............................................................................xiiiLimited Warranty............................................................................xiii
1 Introduction ...................................................... 1SonicWALL SonicOS Standard 2.6 Overview.......................................1About this Guide.................................................................................... 1
Organization of this Guide ............................................................... 2Guide Conventions .......................................................................... 3Icons Used in this Manual................................................................ 3
SonicWALL Management Interface....................................................... 3Accessing the Management Interface..............................................3Navigating the Management Interface.............................................4Applying Changes............................................................................ 4Getting Help ..................................................................................... 4Logging Out .....................................................................................4
SonicWALL Technical Support..............................................................5North America Telephone Support .............................................5International Telephone Support ................................................ 5
More Information on SonicWALL Products and Services ..................... 5
2 Initial Configuration Using the Setup Wizard ... 7Configuring your TZ 170 SP.................................................................. 7
Configuring a Static IP Address with NAT Enabled. ........................7Start the Setup Wizard ............................................................... 8Change Password ...................................................................... 8Change Time Zone..................................................................... 9Configure the Modem................................................................. 9WAN Network Mode .................................................................10WAN Network Mode: NAT Enabled..........................................11LAN Settings............................................................................. 11LAN DHCP Settings ................................................................ 12SonicWALL Configuration Summary ........................................12Storing SonicWALL Configuration............................................ 13
Setup Wizard Complete............................................................13Configuring DHCP Networking Mode ............................................ 14
Change Password .................................................................... 14Change Time Zone................................................................... 14WAN Network Mode .................................................................14WAN Network Mode: NAT with DHCP Client ........................... 15LAN Settings............................................................................. 15DHCP Settings ......................................................................... 16
-
7/27/2019 SonicOS Standard 26 AdminGuide
3/258
Page ii SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuration Summary..................................................................16Storing Configuration ................................................................17Setup Wizard Complete............................................................17
Configuring PPPoE with NAT Enabled...........................................18Change Password.....................................................................18Change Time Zone ...................................................................18WAN Network Mode .................................................................18WAN Network Mode: NAT with PPPoE Client ..........................19LAN Settings.............................................................................19DHCP Server ............................................................................20SonicWALL Configuration Summary ........................................20Storing Configuration ...............................................................21Setup Wizard Complete............................................................21
Configuring the TZ 170 Wireless using the Setup Wizard ...................22TZ 170 Wireless Deployment Scenarios........................................22Configuring the TZ 170 Wireless as an Office Gateway ................23
Welcome to the SonicWALL Setup Wizard...............................23
Selecting the Deployment Scenario..........................................24Changing the Password............................................................24Selecting Your Time Zone ........................................................25Configuring the WAN Network Mode........................................25Configuring WAN Settings ........................................................26Configuring LAN Settings..........................................................26Configuring LAN DHCP Settings ..............................................27Configuring WLAN 802.11b/g Settings .....................................27Configuring WiFiSec - VPN Client User Authentication............28Configuring Wireless Guest Services .......................................28Configuration Summary ............................................................29Storing Configuration ................................................................29Congratulations.........................................................................30
Configuring the TZ 170 Wireless as a Secure Access Point..........31Welcome to the SonicWALL Setup Wizard...............................31Selecting the Deployment Scenario..........................................31Changing the Password............................................................31Selecting Your Time Zone ........................................................31Configuring the LAN Settings....................................................31Configuring the LAN DHCP Settings ........................................31Configuring WLAN 802.11b Settings ........................................32Configuring WiFiSec - VPN Client User Authentication............32Configuration Summary ............................................................32Storing Configuration ................................................................32Congratulations!........................................................................32
-
7/27/2019 SonicOS Standard 26 AdminGuide
4/258
Page iii
Configuring the TZ 170 Wireless as a Guest Internet Gateway.....33Welcome to the SonicWALL Setup Wizard .............................. 33Selecting the Deployment Scenario ......................................... 33Changing the Password ........................................................... 33Selecting Your Time Zone ........................................................33Configuring the WAN Network Mode........................................33Configuring WAN Settings........................................................33Configuring WLAN 802.11b Settings........................................34Configuring Wireless Guest Services.......................................34Configuration Summary............................................................ 34Storing Configuration................................................................34Congratulations! .......................................................................34
Configuring the TZ 170 Wireless as a Secure Wireless Bridge ..... 35Welcome to the SonicWALL Setup Wizard .............................. 35Selecting the Deployment Scenario ......................................... 35Changing the Password ........................................................... 35Selecting Your Time Zone ........................................................35Configuring LAN Settings ......................................................... 35Configuring LAN DHCP Settings..............................................35Configuring WLAN 802.11b Settings........................................35Configuring WLAN Network Setting ......................................... 36Configuring Secure Wireless Bridge Settings...........................36Configuration Summary............................................................ 36Storing Configuration................................................................36Congratulations! .......................................................................36
3 System Settings............................................. 37System > Status ..................................................................................37
System Messages..........................................................................37System Information ........................................................................37Security Services ........................................................................... 38Registering Your SonicWALL Security Appliance.......................... 38
mySonicWALL.com ..................................................................38Latest Alerts ................................................................................... 39Network Interfaces ......................................................................... 39
SonicWALL TZ 170 Wireless.................................................... 39SonicWALL TZ 170 SP............................................................. 39
System > Licenses ..............................................................................39Security Services Summary........................................................... 39Manage Security Services Online.................................................. 40Manual Upgrade ............................................................................ 40Manual Upgrade for Closed Environments .................................... 40
From a Computer Connected to the Internet............................ 40From the Management Interface of your SonicWALLSecurity Appliance.................................................................... 41
-
7/27/2019 SonicOS Standard 26 AdminGuide
5/258
Page iv SonicWALL SonicOS Standard 2.6 Administrators Guide
System > Administration......................................................................41Firewall Name ................................................................................41Name/Password.............................................................................42
Administrator Name ..................................................................42Changing the Administrator Password......................................42
Login Security.................................................................................42
Enable Administrator/User Lockout ..........................................42Web Management Settings............................................................43Advanced Management .................................................................43
Enable SNMP ...........................................................................43Enable Management Using SonicWALL GMS..........................45
System > Time.....................................................................................46Set Time .........................................................................................46NTP Settings ..................................................................................47
System > Settings................................................................................47Settings ..........................................................................................47
Import Settings..........................................................................47Export Settings..........................................................................47
Firmware Management ..................................................................48New Firmware...........................................................................48Updating Firmware Manually ....................................................49Firmware Management Settings ...............................................49
SafeMode - Rebooting the SonicWALL..........................................50System Information ...................................................................50Firmware Management .............................................................50
System > Diagnostics ..........................................................................51
DNS Name Lookup ........................................................................51Find Network Path..........................................................................52Ping ................................................................................................52Packet Trace ..................................................................................52Tech Support Report ......................................................................53
Generating a Tech Support Report...........................................54Trace Route....................................................................................54
System > Restart .................................................................................54
4 Network ..........................................................55Network > Settings...............................................................................55
Network Addressing Modes ...........................................................56Interfaces........................................................................................56Configuring WAN Settings..............................................................57
WAN Properties>General .........................................................57
-
7/27/2019 SonicOS Standard 26 AdminGuide
6/258
Page v
Configuring LAN Settings............................................................... 58LAN Properties>General .......................................................... 58Multiple Network Gateway Support .......................................... 58
Configuring NAT with DHCP Client................................................60Configuring LAN Settings ......................................................... 62LAN Properties>General .......................................................... 62
Configuring NAT with PPPoE Client ..............................................63Configuring LAN Properties for NAT with PPPoE Client ..........65
Configuring NAT with L2TP Client .................................................66Configuring LAN Properties for NAT with L2TP Client ............. 68
Configuring NAT with PPTP Client ................................................69Configuring LAN Properties for NAT with PPTP Client ............ 71
DNS Settings .................................................................................72Configuring Modem Properties (TZ 170 SP Only) .........................73
Settings..................................................................................... 73Profiles...................................................................................... 74Failover.....................................................................................74Activating the Modem............................................................... 75
Configuring WLAN Properties (TZ 170 Wireless Only)..................76Network > One-to-One NAT................................................................ 77
One-to-One NAT Configuration Example ...................................... 79Network > Web Proxy.......................................................................... 81
Configuring Automatic Proxy Forwarding (Web Only) ...................81Bypass Proxy Servers Upon Proxy Failure .............................. 82
Network > Intranet...............................................................................82Installation...................................................................................... 82
Intranet Settings............................................................................. 83Network > Routing............................................................................... 84Static Routes ............................................................................84
Static Route Configuration Example.............................................. 85Route Advertisement ..................................................................... 85Route Table ................................................................................... 86
Network > ARP.................................................................................... 87Navigating and Sorting the ARP Cache Table ............................... 87Flushing the ARP Cache................................................................ 87
Network > DHCP Server ..................................................................... 88DHCP Settings...............................................................................88Configuring DHCP Server for Dynamic Ranges ............................ 88
The General Tab ...................................................................... 89The DNS/WINS Tab .................................................................90
-
7/27/2019 SonicOS Standard 26 AdminGuide
7/258
Page vi SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuring Static DHCP Entries....................................................90The General Tab.......................................................................91The DNS/WINS Tab..................................................................91
Current DHCP Leases....................................................................92
5 Wireless (TZ 170 Wireless)............................93
Considerations for Using Wireless Connections..................................94Recommendations for Optimal Wireless Performance........................94
Adjusting the TZ 170 Wireless Antennas .......................................94Wireless Guest Services (WGS) ....................................................94Wireless Node Count Enforcement................................................95MAC Filter List................................................................................95WiFiSec Enforcement.....................................................................95
Using the Wireless Wizard...................................................................95Welcome to the SonicWALL Wireless Configuration Wizard....96WLAN Network Settings ...........................................................96WLAN 802.11b Settings............................................................97WLAN Security Settings............................................................97WiFiSec - VPN Client User Authentication ...............................98Wireless Guest Services...........................................................98Wireless Configuration Summary .............................................99Updating the TZ 170 Wireless! .................................................99Congratulations!......................................................................100
Wireless > Status...............................................................................101WLAN Settings .............................................................................101
Access Point Status................................................................102
WLAN Statistics............................................................................102Station Status ...............................................................................103Wireless > Settings............................................................................104
Wireless Radio Mode ...................................................................104Wireless Settings..........................................................................104Secure Wireless Bridging.............................................................105Configuring a Secure Wireless Bridge .........................................106
Network Settings for the Example Network ............................107Wireless Bridging (without WiFiSec).......................................107Configuring VPN Policies for the Access Point and Wireless Bridge107
Advanced Configuration for both VPN Policies.......................108
-
7/27/2019 SonicOS Standard 26 AdminGuide
8/258
Page vii
Wireless > WEP/WPA Encryption .....................................................110WEP Encryption Settings.............................................................111WEP Encryption Keys..................................................................111WPA Encryption Settings.............................................................112
WPA-PSK Settings.................................................................112WPA-EAP Settings.................................................................113
Wireless > Advanced ...................................................................114Beaconing & SSID Controls......................................................... 114Wireless Client Communications .................................................114Advanced Radio Settings.............................................................115
Configurable Antenna Diversity ..............................................115Wireless > MAC Filter List .................................................................116Wireless > IDS...................................................................................117
Wireless Bridge IDS ...............................................................117Access Point IDS....................................................................117Enable Client Null Probing......................................................118
Association Flood Detection ...................................................118Rogue Access Point Detection ...............................................118Authorizing Access Points on Your Network ..........................119
6 Wireless Guest Services (TZ 170 Wireless) 121WGS > Status....................................................................................121WGS > Settings.................................................................................121
Bypass Guest Authentication.......................................................121Bypass Filters for Guest Accounts...............................................122Enable Dynamic Address Translation (DAT) ...............................122
Enable SMTP Redirect ................................................................122Enable URL Allow List for Authenticated Users...........................123Enable IP Address Deny List for Authenticated Users.................123Customize Login Page.................................................................124Custom Post Authentication Redirect Page.................................125Maximum Concurrent Guests ......................................................125WGS Account Profiles .................................................................125
WGS > Accounts ...............................................................................126Working with Guest Accounts ......................................................126Automatically Generating Guest Accounts ..................................127Manually Configuring Wireless Guests........................................128
Account Detail Printing ........................................................... 128Flexible Default Route..................................................................129
Secure Access Point with Virtual Adapter Support.................129Secure Access Point with Wireless Guest Services ....................131
-
7/27/2019 SonicOS Standard 26 AdminGuide
9/258
Page viii SonicWALL SonicOS Standard 2.6 Administrators Guide
7 Modem (SonicWALL TZ 170 SP).................133Modem > Status.................................................................................133
Modem Status ..............................................................................133Modem > Settings..............................................................................134
Configuring Profile and Modem Settings......................................134
Modem > Failover..............................................................................135Modem Failover Settings..............................................................135Configuring Modem Failover ........................................................136
Modem > Dialup Profiles....................................................................137Dial-Up Profiles ............................................................................137Configuring a Dialup Profile..........................................................137
Modem > Dialup Profiles > Modem Profile Configuration..................138Configuring a Dialup Profile..........................................................138Chat Scripts ..................................................................................141
Custom Chat Scripts...............................................................141
8 Firewall .........................................................143Using Bandwidth Management with Access Rules............................143Firewall > Access Rules.....................................................................144
Restoring Default Network Access Rules.....................................145Adding Rules using the Network Access Rule Wizard .................146
Step 1: Access Rule Type.......................................................146Configuring a Public Server Rule .................................................147
Step 2: Public Server ..............................................................147Configuring a General Network Access Rule ...............................148
Step 1: Access Rule Type.......................................................148Step 2: Access Rule Service...................................................149Step 3: Access Rule Action ....................................................149Step 4: Access Rule Source Interface and Address ...............150Step 5: Access Rule Destination Interface and Address ........150Step 6: Access Rule Time.......................................................151Completing the Network Access Rule Wizard .......................151
Adding Rules Using the Add Rule Window ..................................152Rule Examples .............................................................................153
Blocking LAN Access for Specific Services ............................153
Enabling Ping..........................................................................154
-
7/27/2019 SonicOS Standard 26 AdminGuide
10/258
Page ix
Access Rules > Advanced.................................................................154Windows Networking (NetBIOS) Broadcast Pass Through .........154Detection Prevention.................................................................... 155
Enable Stealth Mode ..............................................................155Randomize IP ID ....................................................................155Dynamic Ports ........................................................................155
Source Routed Packets ...............................................................155TCP Connection Inactivity Timeout..............................................155Firewall > Services ............................................................................ 156
User Defined (Custom) Services .................................................156Firewall > VoIP ..................................................................................157
VoIP Protocols .............................................................................157Configuring the VoIP Settings......................................................158
SIP Settings............................................................................ 158
9 VPN ............................................................. 159VPN > Settings..................................................................................159
VPN Global Settings ....................................................................159VPN Policies ................................................................................160Currently Active VPN Tunnels .....................................................160
Configuring GroupVPN Policy on the SonicWALL ............................ 160Configuring IKE using Preshared Secret .....................................161
General...................................................................................161Proposals................................................................................161Advanced................................................................................162Client ...................................................................................... 163
Configuring GroupVPN with IKE using 3rd Party Certificates...... 164General...................................................................................164Proposals................................................................................164Advanced................................................................................164Client ...................................................................................... 165
Export a GroupVPN Client Policy ................................................ 166Site to Site VPN Configurations ........................................................ 167
VPN Planning Sheet for Site-to-Site VPN Policies ......................168Site A ......................................................................................168Router.....................................................................................168
Additional Information.............................................................168Configuring Site to Site VPN PoliciesUsing the VPN Policy Wizard ............................................................ 169
Creating a Typical IKE using Preshared Secret VPN Policy........ 169Creating a Custom VPN Policy using IKE and a Preshared Secret169Creating a Manual Key VPN Policy with the VPN Policy Wizard. 170Configuring IKE using 3rd Party Certificates with the VPN Policy Wizard171
-
7/27/2019 SonicOS Standard 26 AdminGuide
11/258
Page x SonicWALL SonicOS Standard 2.6 Administrators Guide
Creating VPN Policies Using the VPN Policy Window ......................172Configuring a VPN Policy using IKE with Preshared Secret ........172...............................Configuring a VPN Policy using Manual Key175
Configuring a VPN Policy with IKE using a Third Party Certificate178VPN > Advanced ...............................................................................180
Advanced VPN Settings...............................................................180VPN Single-Armed Mode (stand-alone VPN gateway) ................181
Configuring a SonicWALL for VPN Single Armed Mode.........182VPN User Authentication Settings................................................183VPN Bandwidth Management ......................................................183
VPN > DHCP over VPN.....................................................................184DHCP Relay Mode .......................................................................184Configuring the Central Gateway for DHCP Over VPN................184Configuring DHCP over VPN Remote Gateway...........................185Device Configuration ....................................................................186Current DHCP over VPN Leases .................................................187
VPN > L2TP Server ...........................................................................187General.........................................................................................188
L2TP Server Settings..............................................................188IP Address Settings ................................................................189Adding L2TP Clients to the SonicWALL .................................189Currently Active L2TP Sessions .............................................189
Digital Certificates..............................................................................189Overview of X.509 v3 Certificates ................................................189SonicWALL Third Party Digital Certificate Support ......................189
VPN > Local Certificates....................................................................190Importing Certificate with Private Key ..........................................190Certificate Details .........................................................................190
Delete This Certificate.............................................................191Generating a Certificate Signing Request ....................................191
VPN > CA Certificates .......................................................................192Importing CA Certificates into the SonicWALL.............................192Certificate Details .........................................................................192
Delete This Certificate.............................................................192Certificate Revocation List (CRL) .................................................193
Importing a CRL List ...............................................................193Automatic CRL Update ...........................................................193
-
7/27/2019 SonicOS Standard 26 AdminGuide
12/258
Page xi
10 Users ......................................................... 195Users > Status...................................................................................195
Active User Sessions ...................................................................195Users > Settings................................................................................196
Authentication Method .................................................................196
Global User Settings....................................................................196Internet Authentication Exclusions...............................................197Acceptable Use Policy .................................................................197Configuring RADIUS Authentication ............................................197
Users > Local Users ..........................................................................200Settings........................................................................................ 200
11 Security Services....................................... 203Security Services > Summary ...........................................................204
Security Services Summary.........................................................204Manage Licenses.........................................................................204If Your SonicWALL Security Appliance is Not Registered ...........205Security Services Settings ...........................................................205
SonicWALL Content Filtering Service ...............................................206Security Services > Content Filter .....................................................207
Content Filter Status ....................................................................207Activating SonicWALL CFS ....................................................208Activating a SonicWALL CFS FREE TRIAL ...........................208
Content Filter Type ......................................................................208Restrict Web Features .................................................................208Trusted Domains..........................................................................209Message to Display when Blocking .............................................210
Configuring SonicWALL Filter Properties..........................................210..................................................................................Custom List210
Enable Keyword Blocking.......................................................211Disable all Web traffic except for Allowed Domains ...............211
Settings........................................................................................ 211Consent........................................................................................212Mandatory Filtered IP Addresses.................................................213
Consent Page URL (mandatory filtering)................................213Adding a New Address...........................................................213SonicWALL Network Anti-Virus......................................................... 214Security Services > Anti-Virus ...........................................................214
Activating SonicWALL Network Anti-Virus...................................214Activating a SonicWALL Network Anti-Virus FREE TRIAL ..........215
Security Services> E-Mail Filter ........................................................215
-
7/27/2019 SonicOS Standard 26 AdminGuide
13/258
Page xii SonicWALL SonicOS Standard 2.6 Administrators Guide
Intrusion Prevention Service..............................................................216SonicWALL IPS Features.............................................................216SonicWALL Deep Packet Inspection............................................217How SonicWALLs Deep Packet Inspection Architecture Works .217SonicWALL IPS Terminology.......................................................218
Security Services > Intrusion Prevention...........................................218SonicWALL IPS Activation ...........................................................218mySonicWALL.com......................................................................219Activating SonicWALL IPS ...........................................................219Activating the SonicWALL IPS FREE TRIAL ...............................219
12 Log .............................................................221Log > View.........................................................................................221
Navigating and Sorting Log View Table Entries ...........................222SonicWALL Log Messages ..........................................................222
Refresh ...................................................................................223Clear Log ................................................................................223E-mail Log...............................................................................223
Log > Categories ...............................................................................224Log Categories .............................................................................224Alerts & SNMP Traps ...................................................................225
Log > Automation...............................................................................226E-mail ...........................................................................................226Syslog Servers .............................................................................226
Log > Reports....................................................................................227
Data Collection .............................................................................228View Data .....................................................................................228
Web Site Hits ..........................................................................228Bandwidth Usage by IP Address ............................................228Bandwidth Usage by Service ..................................................229
Log > ViewPoint.................................................................................230SonicWALL ViewPoint..................................................................230
-
7/27/2019 SonicOS Standard 26 AdminGuide
14/258
Page xiii
Appendices ..................................................... 231Appendix A - SonicWALL Support Solutions.....................................231
Knowledge Base ..........................................................................231Security Expertise ........................................................................231SonicWALL Support Programs ....................................................231
Warranty Support - North America and International................... 231Appendix B- Configuring the Management StationTCP/IP Settings.................................................................................232
Windows 98 .................................................................................232Windows NT.................................................................................233Windows 2000 .............................................................................234Windows XP.................................................................................235Macintosh OS 10 .........................................................................235
-
7/27/2019 SonicOS Standard 26 AdminGuide
15/258
Page xiv SonicWALL SonicOS Standard 2.6 Administrators Guide
-
7/27/2019 SonicOS Standard 26 AdminGuide
16/258
Page xiii
PrefaceCopyright Notice
2004 SonicWALL, Inc. All rights reserved.
Under the copyright laws, this manual or the software described within, can not be copied, in whole orpart, without the written consent of the manufacturer, except in the normal use of the software to make a
backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as wereaffixed to the original. This exception does not allow copies to be made for others, whether or not sold,but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person.Under the law, copying includes translating into another language or format.
SonicWALL is a registered trademark of SonicWALL, Inc.
Other product and company names mentioned herein can be trademarks and/or registered trademarks oftheir respective companies.
Specifications and descriptions subject to change without notice.
Limited WarrantySonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any casecommencing not more than ninety (90) days after the original shipment by SonicWALL), and continuingfor a period of twelve (12) months, that the product will be free from defects in materials and workmanshipunder normal use. This Limited Warranty is not transferable and applies only to the original end user ofthe product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy underthis limited warranty will be shipment of a replacement product. At SonicWALL's discretion thereplacement product may be of equal or greater functionality and may be of e ither new or like-new quality.SonicWALL's obligations under this warranty are contingent upon the return of the defective productaccording to the terms of SonicWALL's then-current Support Services policies.This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged byaccident, abuse, misuse or misapplication, or has been modified without the written permission ofSonicWALL.
-
7/27/2019 SonicOS Standard 26 AdminGuide
17/258
Page xiv SonicWALL SonicOS Standard 2.6 Administrators Guide
DISCLAIMER OF WARRANTY . EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS ORIMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUTLIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR APARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM ACOURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THEMAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTYCANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTYPERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW
LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THISWARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTSWHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall applyeven if the express warranty set forth above fails of its essential purpose.DISCLAIMER OF LIABILITY . SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF AREPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENTSHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESSINTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THEUSE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORYOF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE
EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort(including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shallapply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES ORJURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL ORINCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
-
7/27/2019 SonicOS Standard 26 AdminGuide
18/258
Page 1 SonicWALL SonicOS Standard 2.6 Administrators Guide
1 IntroductionThank you for purchasing the SonicWALL security appliance. Organizations of all kinds face an array ofsecurity threats -- and must react quickly with limited IT resources. That means that SonicWALL offerssecurity solutions for specific business applications such as networking, site-to-site communications,telecommuting, POS transactions, or secure web-sites. SonicWALL offers solutions that are specificallydesigned to meet the objectives of today's Internet connected business.
SonicWALL security appliances support an array of security applications and deliver powerful firewall and
VPN performance. SonicWALL security appliances are built on stateful inspection firewall technology, anda dedicated security ASIC designed to ensure maximum performance for VPN enabled applications. Withintegrated support for firewall, VPN, Anti Virus, content filtering, and an award-winning GlobalManagement System (GMS), IT administrators can trust SonicWALL to protect their network whilesecurely and reliably connecting their remote businesses or personnel.
SonicWALL SonicOS Standard 2.6 OverviewSonicWALL SonicOS Standard 2.6 is the standard operating system for the SonicWALL TZ 170 SP andTZ 170 Wireless, which provides a complete security solution to protect your network from attacks,intrusions, and malicious tampering. In addition, SonicOS provides secure, encrypted communications viaIPSec VPN to business partners and branch offices as well as support for a growing number of
SonicWALL Security Services, such as SonicWALL Content Filtering Service, SonicWALL Network Anti-Virus, and SonicWALL Intrusion Prevention Service.
Tip! SonicWALL SonicOS Standard can be upgraded to SonicOS Enhanced. For instructions on upgrading to SonicOS Enhanced from SonicOS Standard, see the Upgrading SonicOS Standard to SonicOS Enhanced Technote available at
-
7/27/2019 SonicOS Standard 26 AdminGuide
19/258
Page 2 SonicWALL SonicOS Standard 2.6 Administrators Guide
Organization of this GuideThe SonicOS Standard Administrators Guide organization follows the SonicWALL Web ManagementInterface structure.
Chapter 1, Introduction - Overview of SonicOS Standard, the SonicWALL Web-based ManagementInterface, and this manuals conventions.
Chapter 2, Initial Configuration Using the Setup Wizard - explains how to get your network securely
connected to the Internet with the SonicWALL security appliance using the Setup Wizard.Chapter 3, System Setting - describes the configuration of the SonicWALL IP settings, time, andpassword as well as providing instructions to restart the SonicWALL security appliance, import and exportsettings, upload new firmware, and perform diagnostic tests.
Chapter 4, Network - outlines configuring network settings manually for the SonicWALL securityappliance as well as static routes and RIPv2 advertising on the network. Setting up the SonicWALLsecurity appliance to act as the DHCP server on your network is also covered in this chapter.
Chapter 5, Wireless (TZ 170 Wireless) - explains how to configure the SonicWALL TZ 170 Wireless asa secure wireless gateway for your wireless clients.
Chapter 6 Wireless Guest Services (TZ 170 Wireless) - describes how to create access accounts fortemporary use that allows wireless clients to connect from the WLAN to the WAN.
Chapter 7, Modem (TZ 170 SP) - explains how to configure the TZ 170 SPs built in modem to use as theprimary Internet link for your network or as a backup connection for your primary broadband Internet(WAN) connection.
Chapter 8, Firewall - explains how to configure and manage access policies to deny or permit traffic andhow to configure Voice over IP (VoIP) settings on the security appliance.
Chapter 9, VPN - explains how to enable SonicWALL GroupVPN policies and how create a site-to-siteVPN tunnel between two SonicWALL security appliances.
Chapter 10, Users - explains how to create and manage local users and how to integrate with a RADIUSserver for user authentication.
Chapter 11, Security Services - provides configuration instructions for SonicWALL subscription-bases
security services, including Content Filtering Service, Network Anti-Virus, and Intrusion PreventionService.
Chapter 12, Logging and Alerts - explains how to use the built in reporting tools to view log records.
Appendices
Appendix A, SonicWALL Support Solutions - describes available support options from SonicWALL.
Appendix B, Configuring Management Station TCP/IP Settings - provides instructions forconfiguring your Management Station's IP address.
-
7/27/2019 SonicOS Standard 26 AdminGuide
20/258
Introduction Page 3
Guide ConventionsThe following Conventions used in this guide are as follows:
Icons Used in this ManualThese special messages refer to noteworthy information, and include a symbol for quick identification:
Alert! Important information that cautions about features affecting firewall performance, security features, or causing potential problems with your SonicWALL security appliance.
Tip! Useful information about security features and configurations on your SonicWALL security appliance.
Note: Important information on a feature that requires callout for special attention.
SonicWALL Management InterfaceThe SonicWALL security appliances Web Management Interface provides a easy-to-use graphicalinterface for configuring your SonicWALL security appliance. SonicWALL management functions areperformed through a Web browser.
Tip! Microsoft Internet Explorer 5.0 or higher, or, Netscape Navigator 4.5 or higher are two recommended Web browsers.
Accessing the Management InterfaceTo access the SonicWALL Management Interface, you need to configure the Management Station TCP/ IP settings in order to initially contact the SonicWALL security appliance. A computer used to manage theSonicWALL security appliance is referred to as the Management Station. Any computer on the samenetwork as the SonicWALL security appliance can be used to access the management interface.
MD5 authentication is used to secure communications between your Management Station and theSonicWALL Web Management Interface. MD5 Authentication prevents unauthorized users fromdetecting and stealing the SonicWALL security appliances password as it is sent over your network.
Convention Use
Bold Highlights items you can select on the SonicWALLManagement Interface.
Italic Highlights a value to enter into a field. For example, type192.168.168.168 in the IP Address field.
Menu Item>Menu Item Indicates a multiple step Management Interface menuchoice. For example, Security Services>Content Filter means select Security Services, then select Content Filter.
-
7/27/2019 SonicOS Standard 26 AdminGuide
21/258
Page 4 SonicWALL SonicOS Standard 2.6 Administrators Guide
The Web browser used to access the management interface must be Java-enabled and support HTTPuploads in order to fully manage the SonicWALL security appliance. If your Web browser does not supportthese functions, certain features such as uploading firmware and saved preferences files are notavailable.
Note: For instructions on setting up your Management Station for accessing the SonicWALL Management Interface, see Appendix B.
Navigating the Management InterfaceNavigating the SonicWALL Management Interface includes a hierarchy of menu buttons on the navigationbar (left side of window). The SonicOS Standard menu buttons on the navigation bar include:
System Network Firewall VPN Users Security Services Log Help Wizards LogoutWhen you click a menu button, related management functions are displayed as submenu items in thenavigation bar. To navigate to a submenu page, click the link. When you click a menu button, the firstsubmenu item page is displayed.
Applying ChangesClick the Apply button at the top right corner of the SonicWALL Management Interface to save anyconfiguration changes you made on the page.
If the settings are contained in a secondary window within the Management Interface, when you click OK,the settings are automatically applied to the SonicWALL security appliance.
Getting HelpEach SonicWALL security appliance includes Web-based on-line help available from the ManagementInterface.
Clicking the question mark ? button on the top right corner of every page accesses thecontext-sensitive help for the page.
Alert! SonicWALL online help requires Internet connectivity.
Logging Out The Logout button at the bottom of the menu bar terminates the Management Interface session anddisplays the Authentication page.
-
7/27/2019 SonicOS Standard 26 AdminGuide
22/258
Introduction Page 5
SonicWALL Technical Support For timely resolution of technical support questions, visit SonicWALL on the Internet at . Web-based resources are available to help youresolve most technical issues or contact SonicWALL Technical Support.
To contact SonicWALL telephone support, see the telephone numbers listed below:
North America Telephone Support U.S./Canada - 888.777.1476 or +1 408.752.7819
International Telephone Support Australia - + 1800.35.1642
Austria - + 43(0)820.400.105
EMEA - +31(0)411.617.810
France - + 33(0)1.4933.7414
Germany - + 49(0)1805.0800.22
Hong Kong - + 1.800.93.0997
India - + 8026556828
Italy - +39.02.7541.9803
Japan - + 81(0)3.5460.5356
New Zealand - + 0800.446489
Singapore - + 800.110.1441
Spain - + 34(0)9137.53035
Switzerland - +41.1.308.3.977
UK - +44(0)1344.668.484
Note: Please visit for the latest technical support telephone numbers.
More Information on SonicWALL Products and ServicesContact SonicWALL, Inc. for information about SonicWALL products and services at:
Web: http://www.sonicwall.comE-mail: [email protected]: (408) 745-9600Fax:(408) 745-9300
-
7/27/2019 SonicOS Standard 26 AdminGuide
23/258
Page 6 SonicWALL SonicOS Standard 2.6 Administrators Guide
-
7/27/2019 SonicOS Standard 26 AdminGuide
24/258
Page 7 SonicWALL SonicOS Standard 2.6 Administrators Guide
2 Initial Configuration Using the Setup WizardThe Setup Wizard takes you step by step through network configuration for Internet connectivity. Thereare four types of network connectivity available: Static IP, DHCP, PPPoE, and PPTP.
The first time you log into the SonicWALL security appliance, the Setup Wizard is launched automatically.To launch the Setup Wizard at any from the Management Interface, log into the SonicWALL securityappliance. Click Wizards and select Setup Wizard .
Tip! You can also configure all your WAN and network settings on the Network>Settings page of the SonicWALL Management Interface
Configuring your TZ 170 SP
Configuring a Static IP Address with NAT Enabled.Using NAT to set up your SonicWALL security appliance eliminates the need for public IP addresses forall computers on your LAN. It is a way to conserve IP addresses available from the pool of IPv4 addresses
for the Internet. NAT also allows you to conceal the addressing scheme of your network. If you do not haveenough individual IP addresses for all computers on your network, you can use NAT for your networkconfiguration.
Essentially, NAT translates the IP addresses in one network into those for a different network. As a formof packet filtering for firewalls, it protects a network from outside intrusion from hackers by replacing theinternal (LAN) IP address on packets passing through a SonicWALL security appliance with a fake onefrom a fixed pool of addresses. The actual IP addresses of computers on the LAN are hidden from outsideview.
This section describes configuring the SonicWALL security appliance in the NAT mode. If you areassigned a single IP address by your ISP, follow the instructions below.
Tip! : Be sure to have your network information including your WAN IP address, subnet mask, and DNS settings ready. This information is obtained from your ISP.
-
7/27/2019 SonicOS Standard 26 AdminGuide
25/258
Page 8 SonicWALL SonicOS Standard 2.6 Administrators Guide
Start the Setup Wizard
Note: Your Web browser must be Java-enabled and support HTTP uploads in order to fully manage a SonicWALL security appliance. Internet Explorer 5.0 and above as well as Netscape Navigator 4.0 and above are recommended.
1. Click the Setup Wizard button on the Network>Settings page and read the instructions on theWelcome window, or click Wizards in the column on the left of the Management Interface and selectSetup Wizard in the Welcome page. Click Next to continue
Change Password
2. To set the password for the administrative user, admin, enter a new password in the New Password and Confirm New Password fields. Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
26/258
Initial Configuration Using the Setup Wizard Page 9
Change Time Zone
3. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL security applianceinternal clock is set automatically by a Network Time Server on the Internet. Click Next .
Configure the Modem
4. Select the way you will be using the built-in modem on the TZ 170 SP.
Yes - I will use a dialup account as a backup for the WAN ethernet connection : This settinguses the modem dial-up connection as an automatic backup to the WAN ethernet connection. Usethis if you have a DSL or Cable modem, and have dialup access to your ISP.
Yes - Dialup up is my only connection to the Internet : This setting uses the modem dial-up con-nection as the only internet connection.
No - I will not use the modem at this time : This setting does not use the modem.
-
7/27/2019 SonicOS Standard 26 AdminGuide
27/258
Page 10 SonicWALL SonicOS Standard 2.6 Administrators Guide
5. Click Next .
6. If you selected to use the modem, enter the phone number, username and password for the dial-upconnection. Click Next .
Note: Some Internet Service providers require that you include the @ and domain name with your username, for example, [email protected].
WAN Network Mode
7. Confirm that you have the proper network information necessary to configure the SonicWALL securityappliance to access the Internet. Click the hyperlinks for definitions of the networking terms.
You can choose:Static IP , if your ISP assigns you a specific IP address or group of addresses.DHCP , if your ISP automatically assigns you a dynamic IP address.PPPoE , if your ISP provided you with client software, a user name, and a password.
8. Choose Static IP and click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
28/258
Initial Configuration Using the Setup Wizard Page 11
WAN Network Mode: NAT Enabled
9. Enter the public IP address provided by your ISP in the SonicWALL WAN IP Address , then fill in therest of the fields: WAN/OPT Subnet Mask , Gateway (Router) Address , and the primary andsecondary DNS Server Addresses . Click Next .
LAN Settings
10. The LAN page allows the configuration of the SonicWALL LAN IP Addresses and the LAN SubnetMask .The SonicWALL LAN IP Addresses are the private IP address assigned to the LAN port ofthe SonicWALL security appliance. The LAN Subnet Mask defines the range of IP addresses on theLAN. The default values provided by the SonicWALL security appliance work for most networks. Ifyou do not use the default settings, enter your preferred private IP address and subnet mask in thefields. Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
29/258
Page 12 SonicWALL SonicOS Standard 2.6 Administrators Guide
LAN DHCP Settings
11. The Optional-SonicWALL DHCP Server window configures the SonicWALL security applianceDHCP Server. If enabled, the SonicWALL security appliance automatically configures the IP settingsof computers on the LAN. To enable the DHCP server, select Enable DHCP Server , and specify therange of IP addresses that are assigned to computers on the LAN.
If Disable DHCP Server is selected, you must configure each computer on your network with a staticIP address on your LAN. Click Next .
SonicWALL Configuration Summary
12. The Configuration Summary window displays the configuration defined using the InstallationWizard. To modify any of the settings, click Back to return to the Connecting to the Internet window.If the configuration is correct, click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
30/258
Initial Configuration Using the Setup Wizard Page 13
Storing SonicWALL Configuration
Setup Wizard Complete
13. The SonicWALL security appliance stores the network settings.14. Click Restart to restart the SonicWALL security appliance. The SonicWALL security appliance takes
approximately 90 seconds or longer to restart. During this time, the yellow Test LED is lit.
-
7/27/2019 SonicOS Standard 26 AdminGuide
31/258
Page 14 SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuring DHCP Networking ModeDHCP is a networking mode that allows you to obtain an IP address for a specific length of time from aDHCP server. The length of time is called a lease which is renewed by the DHCP server typically after afew days. When the lease is ready to expire, the client contacts the server to renew the lease. This is acommon network configuration for customers with cable or DSL modems. You are not assigned a specificIP address by your ISP .
1. Click the Setup Wizard button on the Network>Settings page.
2. Read the instructions on the Welcome window and click Next to continue.
Change Password3. To set the password, enter a new password in the New Password and Confirm New Password
fields. Click Next .
Change Time Zone4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL security appliance
internal clock is set automatically by a Network Time Server on the Internet. Click Next .
WAN Network Mode
5. Select DHCP . Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
32/258
Initial Configuration Using the Setup Wizard Page 15
WAN Network Mode: NAT with DHCP Client
6. the WAN Network Mode: NAT with DHCP Client window is displayed, stating the security appliancewill obtain the IP address for the WAN port automatically from a DHCP server. To confirm this, clickNext. DHCP-based configurations are most common with cable modem connections.
LAN Settings
7. The Fill in information about your LAN page allows the configuration of SonicWALL securityappliance LAN IP Addresses and Subnet Masks. SonicWALL security appliance LAN IP Addressesare the private IP addresses assigned to the LAN of the SonicWALL security appliance. The LANSubnet Mask defines the range of IP addresses on the networks. The default values provided by theSonicWALL security appliance are useful for most networks. Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
33/258
Page 16 SonicWALL SonicOS Standard 2.6 Administrators Guide
DHCP Settings
8. The Optional-SonicWALL DHCP Server window configures the SonicWALL security applianceDHCP Server. If enabled, the security appliance automatically assigns IP settings to computers onthe LAN. To enable the DHCP server, select Enable DHCP Server , and specify the range of IPaddresses assigned to computers on the LAN.
If Disable DHCP Server is selected, the DHCP Server is disabled. Click Next to continue.
Configuration Summary
9. The Configuration Summary window displays the configuration defined using the InstallationWizard . To modify any of the settings, click Back to return to the Connecting to the Internet window.If the configuration is correct, click Apply.
-
7/27/2019 SonicOS Standard 26 AdminGuide
34/258
Initial Configuration Using the Setup Wizard Page 17
Storing Configuration
Setup Wizard Complete
10. Click Restart to restart the SonicWALL security appliance. The SonicWALL security appliance takes90 seconds to restart. During this time, the yellow Test LED is lit.
Tip! The new SonicWALL security appliance LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL security appliance.
-
7/27/2019 SonicOS Standard 26 AdminGuide
35/258
Page 18 SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuring PPPoE with NAT EnabledNAT with PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connectwith a remote site using various Remote Access Service products. This protocol is typically found whenusing a DSL modem with an ISP requiring a user name and password to log into the remote server. TheISP may then allow you to obtain an IP address automatically or give you a specific IP address.1. Click the Setup Wizard button on the Network>Settings page.
2. Read the instructions on the Welcome window and click Next to continue.
Change Password3. To set the password, enter a new password in the New Password and Confirm New Password
fields. Click Next .
Change Time Zone4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL security appliance
internal clock is set automatically by a Network Time Server on the Internet. Click Next .
WAN Network Mode
5. The SonicWALL security appliance automatically detects the presence of a PPPoE server on theWAN. If not, then select PPPoE: Your ISP provided you with desktop software, a user name andpassword . Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
36/258
Initial Configuration Using the Setup Wizard Page 19
WAN Network Mode: NAT with PPPoE Client
6. Enter the user name and password provided by your ISP into the User Name and Password fields.Click Next .
LAN Settings
7. The LAN Settings page allows the configuration of SonicWALL security appliance LAN IP Addressesand LAN Subnet Mask.The SonicWALL security appliance LAN IP Address is the private IP addressassigned to the LAN port of the SonicWALL security appliance. The LAN Subnet Mask defines therange of IP addresses on the LAN. The default values provided by the SonicWALL security applianceare useful for most networks. If you do not use the default settings, enter your preferred IP addressesin the fields. Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
37/258
Page 20 SonicWALL SonicOS Standard 2.6 Administrators Guide
DHCP Server
8. The Optional-SonicWALL DHCP Server window configures the SonicWALL security applianceDHCP Server. If enabled, the SonicWALL security appliance automatically assigns IP settings tocomputers on the LAN. To enable the DHCP server, select Enable DHCP Server , and specify therange of IP addresses that are assigned to computers on the LAN.
If Disable DHCP Server is selected, you must configure each computer on your network with a staticIP address on your LAN. Click Next .
SonicWALL Configuration Summary
9. The Configuration Summary window displays the configuration defined using the InstallationWizard . To modify any of the settings, click Back to return to the WAN Settings window. If theconfiguration is correct, click Next to proceed to the Congratulations window.
-
7/27/2019 SonicOS Standard 26 AdminGuide
38/258
Initial Configuration Using the Setup Wizard Page 21
Storing Configuration
Tip! The new SonicWALL security appliance LAN IP address, displayed in the URL field of the
Congratulations window, is used to log in and manage the SonicWALL security appliance.
Setup Wizard Complete
10. Click Restart to restart the SonicWALL security appliance.
11. The SonicWALL security appliance takes approximately 90 seconds or longer to restart. During thistime, the yellow Test LED is lit.
-
7/27/2019 SonicOS Standard 26 AdminGuide
39/258
Page 22 SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuring the TZ 170 Wireless using the Setup WizardThe Setup Wizard provides the following four wireless deployment scenarios for TZ 170 Wireless:
TZ 170 Wireless Deployment ScenariosOffice Gateway - Provides secure access for wired and wireless users on your network.
Secure Access Point - Add secure wireless access to an existing wireless network.
Guest Internet Gateway - Provide guests controlled wireless access to the Internet only.
-
7/27/2019 SonicOS Standard 26 AdminGuide
40/258
Initial Configuration Using the Setup Wizard Page 23
Secure Wireless Bridge - Operate in wireless bridge mode to securely bridge two networks withWiFiSec.
Configuring the TZ 170 Wireless as an Office GatewayLog into the TZ 170 Wireless using your administrators name and password. Click Wizards in the topright corner of the System > Status page.
Welcome to the SonicWALL Setup Wizard
1. To begin configuration, select Setup Wizard and click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
41/258
Page 24 SonicWALL SonicOS Standard 2.6 Administrators Guide
Selecting the Deployment Scenario
2. Select Office Gateway as the deployment scenario.To view a description of each type of deployment scenario, click the name of the scenario.Click Next .
Changing the Password
3. Type a new password in the New Password field. The password should be a unique combination ofletters, or number, or symbols, or a combination of all three for the most secure password. Avoidnames, birthdays, or any obvious words. Retype the password in the Confirm field. Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
42/258
Initial Configuration Using the Setup Wizard Page 25
Selecting Your Time Zone
4. Select your Time Zone from the Time Zone menu. The security appliance uses an internal clock totimestamp logs and other functions requiring time. Click Next .
Configuring the WAN Network Mode
5. Confirm that you have the proper network information necessary to configure the SonicWALL securityappliance to access the Internet. Click the hyperlinks for definitions of the networking terms.
You can choose:
Static IP , if your ISP assigns you a specific IP address or group of addresses.DHCP , if your ISP automatically assigns you a dynamic IP address.PPPoE , if your ISP provided you with client software, a user name, and a password.PPTP , if your ISP provided you with a server IP address, a user name, and password.
6. Choose the correct networking mode and click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
43/258
Page 26 SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuring WAN Settings
7. If you selected Static IP address , you must have your IP address information from your ISP to fill inthe WAN Network Mode fields: Enter the public IP address provided by your ISP in the SonicWALLWAN IP Address , then fill in the rest of the fields: WAN Subnet Mask , Gateway (Router) Address ,and the primary and secondary DNS Server Addresses . Click Next .
Configuring LAN Settings
8. Type a private IP address in the SonicWALL LAN IP Address field. The default private IP addressis acceptable for most configurations. Type the subnet in the Subnet Mask field. The EnableWindows Networking Support checkbox is checked to allow Window networking support. If you donot want to allow Windows networking support, uncheck this setting. Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
44/258
Initial Configuration Using the Setup Wizard Page 27
Configuring LAN DHCP Settings
9. If you want to use the SonicWALL security appliances DHCP Server, check the Enable DHCPServer on LAN checkbox and enter a range of IP addresses to assign network devices in the LANAddress Range fields. The default entries work for most network configurations. Click Next .
Configuring WLAN 802.11b/g Settings
10. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumericcharacters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the RadioMode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless tosupport b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
45/258
Page 28 SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuring WiFiSec - VPN Client User Authentication
11. WiFiSec and GroupVPN are automatically enabled on the security appliance using the defaultsettings associated with each feature. To add a user with VPN Client privileges, type a user name andpassword in the User Name and Password fields, and confirm your password in the ConfirmPassword field. When users access the security appliance using the VPN client, they are promptedfor a user name and password. Click Next .
Configuring Wireless Guest Services
12. When Enable Wireless Guest Services is selected, guests on your WLAN are permitted access onlyto the WAN and are required to log in when accessing the Internet. Up to 10 users by default can usethe same guest account. Type in the account name and password in the Account Name andPassword fields. Configure the Account Lifetime and the Session Timeout times.
-
7/27/2019 SonicOS Standard 26 AdminGuide
46/258
Initial Configuration Using the Setup Wizard Page 29
Configuration Summary
13. The Configuration Summary page displays all of the settings configured using the DeploymentScenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To use this configuration on the security appliance, click Apply .
Storing Configuration
14. Wait for the settings to take effect on the security appliance.
-
7/27/2019 SonicOS Standard 26 AdminGuide
47/258
-
7/27/2019 SonicOS Standard 26 AdminGuide
48/258
-
7/27/2019 SonicOS Standard 26 AdminGuide
49/258
Page 32 SonicWALL SonicOS Standard 2.6 Administrators Guide
If Enable DHCP Server on LAN is not selected, you must configure each computer on your LAN witha static IP address. Click Next .
Configuring WLAN 802.11b Settings7. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumeric
characters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the Radio
Mode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless tosupport b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .
Configuring WiFiSec - VPN Client User Authentication8. WiFiSec and Group VPN are automatically enabled on the security appliance using the default
settings associated with each feature. To add a user with VPN Client privileges, type a user name andpassword in the User Name and Password fields. When users access the security appliance usingthe VPN client, they are prompted for a user name and password. Click Next .
Configuration Summary
9. The Configuration Summary page displays all of the settings configured using the DeploymentScenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To apply the current settings to the security appliance, click Apply .
Storing Configuration10. Wait for the settings to take effect on the security appliance.
Congratulations!When the settings are applied to the security appliance, the Congratulations page is displayed. ClickRestart to complete the configuration.
-
7/27/2019 SonicOS Standard 26 AdminGuide
50/258
Initial Configuration Using the Setup Wizard Page 33
Configuring the TZ 170 Wireless as a Guest Internet GatewayConfigure your wireless security appliance to provide guests controlled wireless access to the Internetonly.
Log into the TZ 170 Wireless using your administrators name and password. Click Wizards in the topright corner of the System > Status page.
Welcome to the SonicWALL Setup Wizard1. To begin configuration, select Setup Wizard and click Next .
Selecting the Deployment Scenario2. Select Guest Internet Gateway as the deployment scenario. Click Next .
Changing the Password3. Type a new password in the New Password field. The password should be a unique combination of
letters, or number, or symbols, or a combination of all three for the most secure password. Avoidnames, birthdays, or any obvious words. Retype the password in the Confirm field. Click Next .
Selecting Your Time Zone4. Select your Time Zone from the Time Zone menu. The security appliance uses an internal clock totimestamp logs and other functions requiring time. Click Next .
Configuring the WAN Network Mode5. Confirm that you have the proper network information necessary to configure the SonicWALL security
appliance to access the Internet. Click the hyperlinks for definitions of the networking terms.
You can choose:
Static IP , if your ISP assigns you a specific IP address or group of addresses.DHCP , if your ISP automatically assigns you a dynamic IP address.PPPoE , if your ISP provided you with client software, a user name, and a password.
PPTP , if your ISP provided you with a server IP address, a user name, and password.6. Choose the correct networking mode and click Next .
Configuring WAN Settings7. If you selected Static IP address , you must have your IP address information from your ISP to fill in
the WAN Network Mode fields: Enter the public IP address provided by your ISP in the SonicWALLWAN IP Address , then fill in the rest of the fields: WAN Subnet Mask , Gateway (Router) Address ,and the primary and secondary DNS Server Addresses . Click Next .
-
7/27/2019 SonicOS Standard 26 AdminGuide
51/258
Page 34 SonicWALL SonicOS Standard 2.6 Administrators Guide
Configuring WLAN 802.11b Settings8. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumeric
characters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the RadioMode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless tosupport b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .
Configuring Wireless Guest Services9. When Wireless Guest Services is selected, guests on your WLAN are permitted access only to the
WAN and are required to log in when accessing the Internet. Up to 10 users by default can use thesame guest account. Type in the account name and password in the Account Name and Password fields. Configure the Account Lifetime and the Session Timeout times.
Configuration Summary
10. The Configuration Summary page displays all of the settings configured using the Deployment
Scenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To apply the current settings to the security appliance, click Apply .
Storing Configuration11. Wait for the settings to take effect on the security appliance.
Congratulations!When the settings are applied to the security appliance, the Congratulations page is displayed. ClickRestart to complete the configuration.
-
7/27/2019 SonicOS Standard 26 AdminGuide
52/258
Initial Configuration Using the Setup Wizard Page 35
Configuring the TZ 170 Wireless as a Secure Wireless BridgeSet up the TZ 170 Wireless as a Secure Wireless Bridge to securely bridge two networks with WiFiSec.
Log into the TZ 170 Wireless using your administrators name and password. Click Wizards in the topright corner of the System > Status page.
Welcome to the SonicWALL Setup Wizard1. To begin configuration, select Setup Wizard and click Next .
Selecting the Deployment Scenario
2. Select Secure Wireless Bridge as the deployment scenario. Click Next .
Changing the Password
3. Type a new password in the New Password field. The password should be a unique combination ofletters, or number, or symbols, or a combination of all three for the most secure password. Avoidnames, birthdays, or any obvious words. Retype the password in the Confirm field. Click Next .
Selecting Your Time Zone
4. Select your Time Zone from the Time Zone menu. The security appliance uses an internal clock totimestamp logs and other functions requiring time. Click Next .
Configuring LAN Settings
5. Type a private IP address in the SonicWALL LAN IP Address field. The default private IP addressis acceptable for most configurations. Type the subnet in the Subnet Mask field.
If you have Windows devices in both the LAN and WAN zones, you might want to enable windowsnetworking between zones. However, this opens a potential security risk.
6. Click Next .
Configuring LAN DHCP Settings
7. If you want to use the security appliances built-in DHCP server to assign dynamic IP Addresses
within your LAN, check Enable DHCP Server on LAN and enter the range of addresses available tothe DHCP Server. Click Next .
Configuring WLAN 802.11b Settings
8. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumericcharacters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the RadioMode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless to
-
7/27/2019 SonicOS Standard 26 AdminGuide
53/258
Page 36 SonicWALL SonicOS Standard 2.6 Administrators Guide
support b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .
Configuring WLAN Network Setting
9. Enter the appropriate network configuration for the security appliance to work in your bridged networkenvironment. Type a private IP address in the SonicWALL WLAN IP Address field. Type the subnetin the Subnet Mask field. Enter that address of the Gateway (Router) Address and the DNS ServerAddress . If you have a secondary DNS server you can enter its address.
10. Click Next .
Configuring Secure Wireless Bridge Settings
Complete the VPN Security Policy information to configure the Secure Wireless Bridge. Enter the VPNPolicy Name , the Peer IPSec Gateway Address , and the IKE Shared Secret . Click Next to continue.
Configuration Summary
11. The Configuration Summary page displays all of the settings configured using the DeploymentScenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To apply the current settings to the security appliance, click Apply .
Storing Configuration
12. Wait for the settings to take effect on the security appliance.
Congratulations!
When the settings are applied to the security appliance, the Congratulations page is displayed. ClickRestart to complete the configuration.
-
7/27/2019 SonicOS Standard 26 AdminGuide
54/258
System Settings Page 37
3 System SettingsThis chapter describes the configuration of the SonicWALL security appliance IP settings, time, andpassword as well as providing instructions to restart the SonicWALL security appliance, import and exportsettings, upload new firmware, and perform diagnostic tests.
System > StatusThe Status page contains five sections: System Messages, System Information, Latest Alerts,Security Services, and Network Interfaces .
System MessagesAny information considered relating to possible problems with configurations on the SonicWALL securityappliance such as password, log messages, etc.
System InformationThe following information is displayed in this section:
Model - type of SonicWALL security appliance Serial Number - also the MAC address of the SonicWALL security appliance Authentication Code - the alphanumeric code used to authenticate the SonicWALL security appli-
ance on the registration database at . Firmware Version - the firmware version loaded on the SonicWALL security appliance.
ROM Version - indicates the ROM version. CPU Type - displays the type and speed of the SonicWALL security appliance processor. Total Memory - indicates the amount of RAM and flash memory. Uptime - the length of time, in days, hours,