sonicos standard 26 adminguide

7/27/2019 SonicOS Standard 26 AdminGuide

1/258

COMPREHENSIVE INTERNET SECURITY

SSSS S S onicWALL Security Ap pliance

S onicOS Standard 2. 6

Administrator's Guid eSonicWALL TZ 170 SP and TZ 170 Wireless


2/258

Page i

Table of ContentsPreface................................................................................................xiii

Copyright Notice ............................................................................xiiiLimited Warranty............................................................................xiii

1 Introduction ...................................................... 1SonicWALL SonicOS Standard 2.6 Overview.......................................1About this Guide.................................................................................... 1

Organization of this Guide ............................................................... 2Guide Conventions .......................................................................... 3Icons Used in this Manual................................................................ 3

SonicWALL Management Interface....................................................... 3Accessing the Management Interface..............................................3Navigating the Management Interface.............................................4Applying Changes............................................................................ 4Getting Help ..................................................................................... 4Logging Out .....................................................................................4

SonicWALL Technical Support..............................................................5North America Telephone Support .............................................5International Telephone Support ................................................ 5

More Information on SonicWALL Products and Services ..................... 5

2 Initial Configuration Using the Setup Wizard ... 7Configuring your TZ 170 SP.................................................................. 7

Configuring a Static IP Address with NAT Enabled. ........................7Start the Setup Wizard ............................................................... 8Change Password ...................................................................... 8Change Time Zone..................................................................... 9Configure the Modem................................................................. 9WAN Network Mode .................................................................10WAN Network Mode: NAT Enabled..........................................11LAN Settings............................................................................. 11LAN DHCP Settings ................................................................ 12SonicWALL Configuration Summary ........................................12Storing SonicWALL Configuration............................................ 13

Setup Wizard Complete............................................................13Configuring DHCP Networking Mode ............................................ 14

Change Password .................................................................... 14Change Time Zone................................................................... 14WAN Network Mode .................................................................14WAN Network Mode: NAT with DHCP Client ........................... 15LAN Settings............................................................................. 15DHCP Settings ......................................................................... 16


3/258

Page ii SonicWALL SonicOS Standard 2.6 Administrators Guide

Configuration Summary..................................................................16Storing Configuration ................................................................17Setup Wizard Complete............................................................17

Configuring PPPoE with NAT Enabled...........................................18Change Password.....................................................................18Change Time Zone ...................................................................18WAN Network Mode .................................................................18WAN Network Mode: NAT with PPPoE Client ..........................19LAN Settings.............................................................................19DHCP Server ............................................................................20SonicWALL Configuration Summary ........................................20Storing Configuration ...............................................................21Setup Wizard Complete............................................................21

Configuring the TZ 170 Wireless using the Setup Wizard ...................22TZ 170 Wireless Deployment Scenarios........................................22Configuring the TZ 170 Wireless as an Office Gateway ................23

Welcome to the SonicWALL Setup Wizard...............................23

Selecting the Deployment Scenario..........................................24Changing the Password............................................................24Selecting Your Time Zone ........................................................25Configuring the WAN Network Mode........................................25Configuring WAN Settings ........................................................26Configuring LAN Settings..........................................................26Configuring LAN DHCP Settings ..............................................27Configuring WLAN 802.11b/g Settings .....................................27Configuring WiFiSec - VPN Client User Authentication............28Configuring Wireless Guest Services .......................................28Configuration Summary ............................................................29Storing Configuration ................................................................29Congratulations.........................................................................30

Configuring the TZ 170 Wireless as a Secure Access Point..........31Welcome to the SonicWALL Setup Wizard...............................31Selecting the Deployment Scenario..........................................31Changing the Password............................................................31Selecting Your Time Zone ........................................................31Configuring the LAN Settings....................................................31Configuring the LAN DHCP Settings ........................................31Configuring WLAN 802.11b Settings ........................................32Configuring WiFiSec - VPN Client User Authentication............32Configuration Summary ............................................................32Storing Configuration ................................................................32Congratulations!........................................................................32


4/258

Page iii

Configuring the TZ 170 Wireless as a Guest Internet Gateway.....33Welcome to the SonicWALL Setup Wizard .............................. 33Selecting the Deployment Scenario ......................................... 33Changing the Password ........................................................... 33Selecting Your Time Zone ........................................................33Configuring the WAN Network Mode........................................33Configuring WAN Settings........................................................33Configuring WLAN 802.11b Settings........................................34Configuring Wireless Guest Services.......................................34Configuration Summary............................................................ 34Storing Configuration................................................................34Congratulations! .......................................................................34

Configuring the TZ 170 Wireless as a Secure Wireless Bridge ..... 35Welcome to the SonicWALL Setup Wizard .............................. 35Selecting the Deployment Scenario ......................................... 35Changing the Password ........................................................... 35Selecting Your Time Zone ........................................................35Configuring LAN Settings ......................................................... 35Configuring LAN DHCP Settings..............................................35Configuring WLAN 802.11b Settings........................................35Configuring WLAN Network Setting ......................................... 36Configuring Secure Wireless Bridge Settings...........................36Configuration Summary............................................................ 36Storing Configuration................................................................36Congratulations! .......................................................................36

3 System Settings............................................. 37System > Status ..................................................................................37

System Messages..........................................................................37System Information ........................................................................37Security Services ........................................................................... 38Registering Your SonicWALL Security Appliance.......................... 38

mySonicWALL.com ..................................................................38Latest Alerts ................................................................................... 39Network Interfaces ......................................................................... 39

SonicWALL TZ 170 Wireless.................................................... 39SonicWALL TZ 170 SP............................................................. 39

System > Licenses ..............................................................................39Security Services Summary........................................................... 39Manage Security Services Online.................................................. 40Manual Upgrade ............................................................................ 40Manual Upgrade for Closed Environments .................................... 40

From a Computer Connected to the Internet............................ 40From the Management Interface of your SonicWALLSecurity Appliance.................................................................... 41


5/258

Page iv SonicWALL SonicOS Standard 2.6 Administrators Guide

System > Administration......................................................................41Firewall Name ................................................................................41Name/Password.............................................................................42

Administrator Name ..................................................................42Changing the Administrator Password......................................42

Login Security.................................................................................42

Enable Administrator/User Lockout ..........................................42Web Management Settings............................................................43Advanced Management .................................................................43

Enable SNMP ...........................................................................43Enable Management Using SonicWALL GMS..........................45

System > Time.....................................................................................46Set Time .........................................................................................46NTP Settings ..................................................................................47

System > Settings................................................................................47Settings ..........................................................................................47

Import Settings..........................................................................47Export Settings..........................................................................47

Firmware Management ..................................................................48New Firmware...........................................................................48Updating Firmware Manually ....................................................49Firmware Management Settings ...............................................49

SafeMode - Rebooting the SonicWALL..........................................50System Information ...................................................................50Firmware Management .............................................................50

System > Diagnostics ..........................................................................51

DNS Name Lookup ........................................................................51Find Network Path..........................................................................52Ping ................................................................................................52Packet Trace ..................................................................................52Tech Support Report ......................................................................53

Generating a Tech Support Report...........................................54Trace Route....................................................................................54

System > Restart .................................................................................54

4 Network ..........................................................55Network > Settings...............................................................................55

Network Addressing Modes ...........................................................56Interfaces........................................................................................56Configuring WAN Settings..............................................................57

WAN Properties>General .........................................................57


6/258

Page v

Configuring LAN Settings............................................................... 58LAN Properties>General .......................................................... 58Multiple Network Gateway Support .......................................... 58

Configuring NAT with DHCP Client................................................60Configuring LAN Settings ......................................................... 62LAN Properties>General .......................................................... 62

Configuring NAT with PPPoE Client ..............................................63Configuring LAN Properties for NAT with PPPoE Client ..........65

Configuring NAT with L2TP Client .................................................66Configuring LAN Properties for NAT with L2TP Client ............. 68

Configuring NAT with PPTP Client ................................................69Configuring LAN Properties for NAT with PPTP Client ............ 71

DNS Settings .................................................................................72Configuring Modem Properties (TZ 170 SP Only) .........................73

Settings..................................................................................... 73Profiles...................................................................................... 74Failover.....................................................................................74Activating the Modem............................................................... 75

Configuring WLAN Properties (TZ 170 Wireless Only)..................76Network > One-to-One NAT................................................................ 77

One-to-One NAT Configuration Example ...................................... 79Network > Web Proxy.......................................................................... 81

Configuring Automatic Proxy Forwarding (Web Only) ...................81Bypass Proxy Servers Upon Proxy Failure .............................. 82

Network > Intranet...............................................................................82Installation...................................................................................... 82

Intranet Settings............................................................................. 83Network > Routing............................................................................... 84Static Routes ............................................................................84

Static Route Configuration Example.............................................. 85Route Advertisement ..................................................................... 85Route Table ................................................................................... 86

Network > ARP.................................................................................... 87Navigating and Sorting the ARP Cache Table ............................... 87Flushing the ARP Cache................................................................ 87

Network > DHCP Server ..................................................................... 88DHCP Settings...............................................................................88Configuring DHCP Server for Dynamic Ranges ............................ 88

The General Tab ...................................................................... 89The DNS/WINS Tab .................................................................90


7/258

Page vi SonicWALL SonicOS Standard 2.6 Administrators Guide

Configuring Static DHCP Entries....................................................90The General Tab.......................................................................91The DNS/WINS Tab..................................................................91

Current DHCP Leases....................................................................92

5 Wireless (TZ 170 Wireless)............................93

Considerations for Using Wireless Connections..................................94Recommendations for Optimal Wireless Performance........................94

Adjusting the TZ 170 Wireless Antennas .......................................94Wireless Guest Services (WGS) ....................................................94Wireless Node Count Enforcement................................................95MAC Filter List................................................................................95WiFiSec Enforcement.....................................................................95

Using the Wireless Wizard...................................................................95Welcome to the SonicWALL Wireless Configuration Wizard....96WLAN Network Settings ...........................................................96WLAN 802.11b Settings............................................................97WLAN Security Settings............................................................97WiFiSec - VPN Client User Authentication ...............................98Wireless Guest Services...........................................................98Wireless Configuration Summary .............................................99Updating the TZ 170 Wireless! .................................................99Congratulations!......................................................................100

Wireless > Status...............................................................................101WLAN Settings .............................................................................101

Access Point Status................................................................102

WLAN Statistics............................................................................102Station Status ...............................................................................103Wireless > Settings............................................................................104

Wireless Radio Mode ...................................................................104Wireless Settings..........................................................................104Secure Wireless Bridging.............................................................105Configuring a Secure Wireless Bridge .........................................106

Network Settings for the Example Network ............................107Wireless Bridging (without WiFiSec).......................................107Configuring VPN Policies for the Access Point and Wireless Bridge107

Advanced Configuration for both VPN Policies.......................108


8/258

Page vii

Wireless > WEP/WPA Encryption .....................................................110WEP Encryption Settings.............................................................111WEP Encryption Keys..................................................................111WPA Encryption Settings.............................................................112

WPA-PSK Settings.................................................................112WPA-EAP Settings.................................................................113

Wireless > Advanced ...................................................................114Beaconing & SSID Controls......................................................... 114Wireless Client Communications .................................................114Advanced Radio Settings.............................................................115

Configurable Antenna Diversity ..............................................115Wireless > MAC Filter List .................................................................116Wireless > IDS...................................................................................117

Wireless Bridge IDS ...............................................................117Access Point IDS....................................................................117Enable Client Null Probing......................................................118

Association Flood Detection ...................................................118Rogue Access Point Detection ...............................................118Authorizing Access Points on Your Network ..........................119

6 Wireless Guest Services (TZ 170 Wireless) 121WGS > Status....................................................................................121WGS > Settings.................................................................................121

Bypass Guest Authentication.......................................................121Bypass Filters for Guest Accounts...............................................122Enable Dynamic Address Translation (DAT) ...............................122

Enable SMTP Redirect ................................................................122Enable URL Allow List for Authenticated Users...........................123Enable IP Address Deny List for Authenticated Users.................123Customize Login Page.................................................................124Custom Post Authentication Redirect Page.................................125Maximum Concurrent Guests ......................................................125WGS Account Profiles .................................................................125

WGS > Accounts ...............................................................................126Working with Guest Accounts ......................................................126Automatically Generating Guest Accounts ..................................127Manually Configuring Wireless Guests........................................128

Account Detail Printing ........................................................... 128Flexible Default Route..................................................................129

Secure Access Point with Virtual Adapter Support.................129Secure Access Point with Wireless Guest Services ....................131


9/258

Page viii SonicWALL SonicOS Standard 2.6 Administrators Guide

7 Modem (SonicWALL TZ 170 SP).................133Modem > Status.................................................................................133

Modem Status ..............................................................................133Modem > Settings..............................................................................134

Configuring Profile and Modem Settings......................................134

Modem > Failover..............................................................................135Modem Failover Settings..............................................................135Configuring Modem Failover ........................................................136

Modem > Dialup Profiles....................................................................137Dial-Up Profiles ............................................................................137Configuring a Dialup Profile..........................................................137

Modem > Dialup Profiles > Modem Profile Configuration..................138Configuring a Dialup Profile..........................................................138Chat Scripts ..................................................................................141

Custom Chat Scripts...............................................................141

8 Firewall .........................................................143Using Bandwidth Management with Access Rules............................143Firewall > Access Rules.....................................................................144

Restoring Default Network Access Rules.....................................145Adding Rules using the Network Access Rule Wizard .................146

Step 1: Access Rule Type.......................................................146Configuring a Public Server Rule .................................................147

Step 2: Public Server ..............................................................147Configuring a General Network Access Rule ...............................148

Step 1: Access Rule Type.......................................................148Step 2: Access Rule Service...................................................149Step 3: Access Rule Action ....................................................149Step 4: Access Rule Source Interface and Address ...............150Step 5: Access Rule Destination Interface and Address ........150Step 6: Access Rule Time.......................................................151Completing the Network Access Rule Wizard .......................151

Adding Rules Using the Add Rule Window ..................................152Rule Examples .............................................................................153

Blocking LAN Access for Specific Services ............................153

Enabling Ping..........................................................................154


10/258

Page ix

Access Rules > Advanced.................................................................154Windows Networking (NetBIOS) Broadcast Pass Through .........154Detection Prevention.................................................................... 155

Enable Stealth Mode ..............................................................155Randomize IP ID ....................................................................155Dynamic Ports ........................................................................155

Source Routed Packets ...............................................................155TCP Connection Inactivity Timeout..............................................155Firewall > Services ............................................................................ 156

User Defined (Custom) Services .................................................156Firewall > VoIP ..................................................................................157

VoIP Protocols .............................................................................157Configuring the VoIP Settings......................................................158

SIP Settings............................................................................ 158

9 VPN ............................................................. 159VPN > Settings..................................................................................159

VPN Global Settings ....................................................................159VPN Policies ................................................................................160Currently Active VPN Tunnels .....................................................160

Configuring GroupVPN Policy on the SonicWALL ............................ 160Configuring IKE using Preshared Secret .....................................161

General...................................................................................161Proposals................................................................................161Advanced................................................................................162Client ...................................................................................... 163

Configuring GroupVPN with IKE using 3rd Party Certificates...... 164General...................................................................................164Proposals................................................................................164Advanced................................................................................164Client ...................................................................................... 165

Export a GroupVPN Client Policy ................................................ 166Site to Site VPN Configurations ........................................................ 167

VPN Planning Sheet for Site-to-Site VPN Policies ......................168Site A ......................................................................................168Router.....................................................................................168

Additional Information.............................................................168Configuring Site to Site VPN PoliciesUsing the VPN Policy Wizard ............................................................ 169

Creating a Typical IKE using Preshared Secret VPN Policy........ 169Creating a Custom VPN Policy using IKE and a Preshared Secret169Creating a Manual Key VPN Policy with the VPN Policy Wizard. 170Configuring IKE using 3rd Party Certificates with the VPN Policy Wizard171


11/258

Page x SonicWALL SonicOS Standard 2.6 Administrators Guide

Creating VPN Policies Using the VPN Policy Window ......................172Configuring a VPN Policy using IKE with Preshared Secret ........172...............................Configuring a VPN Policy using Manual Key175

Configuring a VPN Policy with IKE using a Third Party Certificate178VPN > Advanced ...............................................................................180

Advanced VPN Settings...............................................................180VPN Single-Armed Mode (stand-alone VPN gateway) ................181

Configuring a SonicWALL for VPN Single Armed Mode.........182VPN User Authentication Settings................................................183VPN Bandwidth Management ......................................................183

VPN > DHCP over VPN.....................................................................184DHCP Relay Mode .......................................................................184Configuring the Central Gateway for DHCP Over VPN................184Configuring DHCP over VPN Remote Gateway...........................185Device Configuration ....................................................................186Current DHCP over VPN Leases .................................................187

VPN > L2TP Server ...........................................................................187General.........................................................................................188

L2TP Server Settings..............................................................188IP Address Settings ................................................................189Adding L2TP Clients to the SonicWALL .................................189Currently Active L2TP Sessions .............................................189

Digital Certificates..............................................................................189Overview of X.509 v3 Certificates ................................................189SonicWALL Third Party Digital Certificate Support ......................189

VPN > Local Certificates....................................................................190Importing Certificate with Private Key ..........................................190Certificate Details .........................................................................190

Delete This Certificate.............................................................191Generating a Certificate Signing Request ....................................191

VPN > CA Certificates .......................................................................192Importing CA Certificates into the SonicWALL.............................192Certificate Details .........................................................................192

Delete This Certificate.............................................................192Certificate Revocation List (CRL) .................................................193

Importing a CRL List ...............................................................193Automatic CRL Update ...........................................................193


12/258

Page xi

10 Users ......................................................... 195Users > Status...................................................................................195

Active User Sessions ...................................................................195Users > Settings................................................................................196

Authentication Method .................................................................196

Global User Settings....................................................................196Internet Authentication Exclusions...............................................197Acceptable Use Policy .................................................................197Configuring RADIUS Authentication ............................................197

Users > Local Users ..........................................................................200Settings........................................................................................ 200

11 Security Services....................................... 203Security Services > Summary ...........................................................204

Security Services Summary.........................................................204Manage Licenses.........................................................................204If Your SonicWALL Security Appliance is Not Registered ...........205Security Services Settings ...........................................................205

SonicWALL Content Filtering Service ...............................................206Security Services > Content Filter .....................................................207

Content Filter Status ....................................................................207Activating SonicWALL CFS ....................................................208Activating a SonicWALL CFS FREE TRIAL ...........................208

Content Filter Type ......................................................................208Restrict Web Features .................................................................208Trusted Domains..........................................................................209Message to Display when Blocking .............................................210

Configuring SonicWALL Filter Properties..........................................210..................................................................................Custom List210

Enable Keyword Blocking.......................................................211Disable all Web traffic except for Allowed Domains ...............211

Settings........................................................................................ 211Consent........................................................................................212Mandatory Filtered IP Addresses.................................................213

Consent Page URL (mandatory filtering)................................213Adding a New Address...........................................................213SonicWALL Network Anti-Virus......................................................... 214Security Services > Anti-Virus ...........................................................214

Activating SonicWALL Network Anti-Virus...................................214Activating a SonicWALL Network Anti-Virus FREE TRIAL ..........215

Security Services> E-Mail Filter ........................................................215


13/258

Page xii SonicWALL SonicOS Standard 2.6 Administrators Guide

Intrusion Prevention Service..............................................................216SonicWALL IPS Features.............................................................216SonicWALL Deep Packet Inspection............................................217How SonicWALLs Deep Packet Inspection Architecture Works .217SonicWALL IPS Terminology.......................................................218

Security Services > Intrusion Prevention...........................................218SonicWALL IPS Activation ...........................................................218mySonicWALL.com......................................................................219Activating SonicWALL IPS ...........................................................219Activating the SonicWALL IPS FREE TRIAL ...............................219

12 Log .............................................................221Log > View.........................................................................................221

Navigating and Sorting Log View Table Entries ...........................222SonicWALL Log Messages ..........................................................222

Refresh ...................................................................................223Clear Log ................................................................................223E-mail Log...............................................................................223

Log > Categories ...............................................................................224Log Categories .............................................................................224Alerts & SNMP Traps ...................................................................225

Log > Automation...............................................................................226E-mail ...........................................................................................226Syslog Servers .............................................................................226

Log > Reports....................................................................................227

Data Collection .............................................................................228View Data .....................................................................................228

Web Site Hits ..........................................................................228Bandwidth Usage by IP Address ............................................228Bandwidth Usage by Service ..................................................229

Log > ViewPoint.................................................................................230SonicWALL ViewPoint..................................................................230


14/258

Page xiii

Appendices ..................................................... 231Appendix A - SonicWALL Support Solutions.....................................231

Knowledge Base ..........................................................................231Security Expertise ........................................................................231SonicWALL Support Programs ....................................................231

Warranty Support - North America and International................... 231Appendix B- Configuring the Management StationTCP/IP Settings.................................................................................232

Windows 98 .................................................................................232Windows NT.................................................................................233Windows 2000 .............................................................................234Windows XP.................................................................................235Macintosh OS 10 .........................................................................235


15/258

Page xiv SonicWALL SonicOS Standard 2.6 Administrators Guide


16/258

Page xiii

PrefaceCopyright Notice

2004 SonicWALL, Inc. All rights reserved.

Under the copyright laws, this manual or the software described within, can not be copied, in whole orpart, without the written consent of the manufacturer, except in the normal use of the software to make a

backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as wereaffixed to the original. This exception does not allow copies to be made for others, whether or not sold,but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person.Under the law, copying includes translating into another language or format.

SonicWALL is a registered trademark of SonicWALL, Inc.

Other product and company names mentioned herein can be trademarks and/or registered trademarks oftheir respective companies.

Specifications and descriptions subject to change without notice.

Limited WarrantySonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any casecommencing not more than ninety (90) days after the original shipment by SonicWALL), and continuingfor a period of twelve (12) months, that the product will be free from defects in materials and workmanshipunder normal use. This Limited Warranty is not transferable and applies only to the original end user ofthe product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy underthis limited warranty will be shipment of a replacement product. At SonicWALL's discretion thereplacement product may be of equal or greater functionality and may be of e ither new or like-new quality.SonicWALL's obligations under this warranty are contingent upon the return of the defective productaccording to the terms of SonicWALL's then-current Support Services policies.This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged byaccident, abuse, misuse or misapplication, or has been modified without the written permission ofSonicWALL.


17/258

Page xiv SonicWALL SonicOS Standard 2.6 Administrators Guide

DISCLAIMER OF WARRANTY . EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS ORIMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUTLIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR APARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM ACOURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THEMAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTYCANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTYPERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW

LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THISWARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTSWHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall applyeven if the express warranty set forth above fails of its essential purpose.DISCLAIMER OF LIABILITY . SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF AREPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENTSHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESSINTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THEUSE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORYOF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE

EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort(including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shallapply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES ORJURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL ORINCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.


18/258

Page 1 SonicWALL SonicOS Standard 2.6 Administrators Guide

1 IntroductionThank you for purchasing the SonicWALL security appliance. Organizations of all kinds face an array ofsecurity threats -- and must react quickly with limited IT resources. That means that SonicWALL offerssecurity solutions for specific business applications such as networking, site-to-site communications,telecommuting, POS transactions, or secure web-sites. SonicWALL offers solutions that are specificallydesigned to meet the objectives of today's Internet connected business.

SonicWALL security appliances support an array of security applications and deliver powerful firewall and

VPN performance. SonicWALL security appliances are built on stateful inspection firewall technology, anda dedicated security ASIC designed to ensure maximum performance for VPN enabled applications. Withintegrated support for firewall, VPN, Anti Virus, content filtering, and an award-winning GlobalManagement System (GMS), IT administrators can trust SonicWALL to protect their network whilesecurely and reliably connecting their remote businesses or personnel.

SonicWALL SonicOS Standard 2.6 OverviewSonicWALL SonicOS Standard 2.6 is the standard operating system for the SonicWALL TZ 170 SP andTZ 170 Wireless, which provides a complete security solution to protect your network from attacks,intrusions, and malicious tampering. In addition, SonicOS provides secure, encrypted communications viaIPSec VPN to business partners and branch offices as well as support for a growing number of

SonicWALL Security Services, such as SonicWALL Content Filtering Service, SonicWALL Network Anti-Virus, and SonicWALL Intrusion Prevention Service.

Tip! SonicWALL SonicOS Standard can be upgraded to SonicOS Enhanced. For instructions on upgrading to SonicOS Enhanced from SonicOS Standard, see the Upgrading SonicOS Standard to SonicOS Enhanced Technote available at


19/258


Organization of this GuideThe SonicOS Standard Administrators Guide organization follows the SonicWALL Web ManagementInterface structure.

Chapter 1, Introduction - Overview of SonicOS Standard, the SonicWALL Web-based ManagementInterface, and this manuals conventions.

Chapter 2, Initial Configuration Using the Setup Wizard - explains how to get your network securely

connected to the Internet with the SonicWALL security appliance using the Setup Wizard.Chapter 3, System Setting - describes the configuration of the SonicWALL IP settings, time, andpassword as well as providing instructions to restart the SonicWALL security appliance, import and exportsettings, upload new firmware, and perform diagnostic tests.

Chapter 4, Network - outlines configuring network settings manually for the SonicWALL securityappliance as well as static routes and RIPv2 advertising on the network. Setting up the SonicWALLsecurity appliance to act as the DHCP server on your network is also covered in this chapter.

Chapter 5, Wireless (TZ 170 Wireless) - explains how to configure the SonicWALL TZ 170 Wireless asa secure wireless gateway for your wireless clients.

Chapter 6 Wireless Guest Services (TZ 170 Wireless) - describes how to create access accounts fortemporary use that allows wireless clients to connect from the WLAN to the WAN.

Chapter 7, Modem (TZ 170 SP) - explains how to configure the TZ 170 SPs built in modem to use as theprimary Internet link for your network or as a backup connection for your primary broadband Internet(WAN) connection.

Chapter 8, Firewall - explains how to configure and manage access policies to deny or permit traffic andhow to configure Voice over IP (VoIP) settings on the security appliance.

Chapter 9, VPN - explains how to enable SonicWALL GroupVPN policies and how create a site-to-siteVPN tunnel between two SonicWALL security appliances.

Chapter 10, Users - explains how to create and manage local users and how to integrate with a RADIUSserver for user authentication.

Chapter 11, Security Services - provides configuration instructions for SonicWALL subscription-bases

security services, including Content Filtering Service, Network Anti-Virus, and Intrusion PreventionService.

Chapter 12, Logging and Alerts - explains how to use the built in reporting tools to view log records.

Appendices

Appendix A, SonicWALL Support Solutions - describes available support options from SonicWALL.

Appendix B, Configuring Management Station TCP/IP Settings - provides instructions forconfiguring your Management Station's IP address.


20/258

Introduction Page 3

Guide ConventionsThe following Conventions used in this guide are as follows:

Icons Used in this ManualThese special messages refer to noteworthy information, and include a symbol for quick identification:

Alert! Important information that cautions about features affecting firewall performance, security features, or causing potential problems with your SonicWALL security appliance.

Tip! Useful information about security features and configurations on your SonicWALL security appliance.

Note: Important information on a feature that requires callout for special attention.

SonicWALL Management InterfaceThe SonicWALL security appliances Web Management Interface provides a easy-to-use graphicalinterface for configuring your SonicWALL security appliance. SonicWALL management functions areperformed through a Web browser.

Tip! Microsoft Internet Explorer 5.0 or higher, or, Netscape Navigator 4.5 or higher are two recommended Web browsers.

Accessing the Management InterfaceTo access the SonicWALL Management Interface, you need to configure the Management Station TCP/ IP settings in order to initially contact the SonicWALL security appliance. A computer used to manage theSonicWALL security appliance is referred to as the Management Station. Any computer on the samenetwork as the SonicWALL security appliance can be used to access the management interface.

MD5 authentication is used to secure communications between your Management Station and theSonicWALL Web Management Interface. MD5 Authentication prevents unauthorized users fromdetecting and stealing the SonicWALL security appliances password as it is sent over your network.

Convention Use

Bold Highlights items you can select on the SonicWALLManagement Interface.

Italic Highlights a value to enter into a field. For example, type192.168.168.168 in the IP Address field.

Menu Item>Menu Item Indicates a multiple step Management Interface menuchoice. For example, Security Services>Content Filter means select Security Services, then select Content Filter.


21/258


The Web browser used to access the management interface must be Java-enabled and support HTTPuploads in order to fully manage the SonicWALL security appliance. If your Web browser does not supportthese functions, certain features such as uploading firmware and saved preferences files are notavailable.

Note: For instructions on setting up your Management Station for accessing the SonicWALL Management Interface, see Appendix B.

Navigating the Management InterfaceNavigating the SonicWALL Management Interface includes a hierarchy of menu buttons on the navigationbar (left side of window). The SonicOS Standard menu buttons on the navigation bar include:

System Network Firewall VPN Users Security Services Log Help Wizards LogoutWhen you click a menu button, related management functions are displayed as submenu items in thenavigation bar. To navigate to a submenu page, click the link. When you click a menu button, the firstsubmenu item page is displayed.

Applying ChangesClick the Apply button at the top right corner of the SonicWALL Management Interface to save anyconfiguration changes you made on the page.

If the settings are contained in a secondary window within the Management Interface, when you click OK,the settings are automatically applied to the SonicWALL security appliance.

Getting HelpEach SonicWALL security appliance includes Web-based on-line help available from the ManagementInterface.

Clicking the question mark ? button on the top right corner of every page accesses thecontext-sensitive help for the page.

Alert! SonicWALL online help requires Internet connectivity.

Logging Out The Logout button at the bottom of the menu bar terminates the Management Interface session anddisplays the Authentication page.


22/258

Introduction Page 5

SonicWALL Technical Support For timely resolution of technical support questions, visit SonicWALL on the Internet at . Web-based resources are available to help youresolve most technical issues or contact SonicWALL Technical Support.

To contact SonicWALL telephone support, see the telephone numbers listed below:

North America Telephone Support U.S./Canada - 888.777.1476 or +1 408.752.7819

International Telephone Support Australia - + 1800.35.1642

Austria - + 43(0)820.400.105

EMEA - +31(0)411.617.810

France - + 33(0)1.4933.7414

Germany - + 49(0)1805.0800.22

Hong Kong - + 1.800.93.0997

India - + 8026556828

Italy - +39.02.7541.9803

Japan - + 81(0)3.5460.5356

New Zealand - + 0800.446489

Singapore - + 800.110.1441

Spain - + 34(0)9137.53035

Switzerland - +41.1.308.3.977

UK - +44(0)1344.668.484

Note: Please visit for the latest technical support telephone numbers.

More Information on SonicWALL Products and ServicesContact SonicWALL, Inc. for information about SonicWALL products and services at:

Web: http://www.sonicwall.comE-mail: [email protected]: (408) 745-9600Fax:(408) 745-9300


23/258



24/258


2 Initial Configuration Using the Setup WizardThe Setup Wizard takes you step by step through network configuration for Internet connectivity. Thereare four types of network connectivity available: Static IP, DHCP, PPPoE, and PPTP.

The first time you log into the SonicWALL security appliance, the Setup Wizard is launched automatically.To launch the Setup Wizard at any from the Management Interface, log into the SonicWALL securityappliance. Click Wizards and select Setup Wizard .

Tip! You can also configure all your WAN and network settings on the Network>Settings page of the SonicWALL Management Interface

Configuring your TZ 170 SP

Configuring a Static IP Address with NAT Enabled.Using NAT to set up your SonicWALL security appliance eliminates the need for public IP addresses forall computers on your LAN. It is a way to conserve IP addresses available from the pool of IPv4 addresses

for the Internet. NAT also allows you to conceal the addressing scheme of your network. If you do not haveenough individual IP addresses for all computers on your network, you can use NAT for your networkconfiguration.

Essentially, NAT translates the IP addresses in one network into those for a different network. As a formof packet filtering for firewalls, it protects a network from outside intrusion from hackers by replacing theinternal (LAN) IP address on packets passing through a SonicWALL security appliance with a fake onefrom a fixed pool of addresses. The actual IP addresses of computers on the LAN are hidden from outsideview.

This section describes configuring the SonicWALL security appliance in the NAT mode. If you areassigned a single IP address by your ISP, follow the instructions below.

Tip! : Be sure to have your network information including your WAN IP address, subnet mask, and DNS settings ready. This information is obtained from your ISP.


25/258


Start the Setup Wizard

Note: Your Web browser must be Java-enabled and support HTTP uploads in order to fully manage a SonicWALL security appliance. Internet Explorer 5.0 and above as well as Netscape Navigator 4.0 and above are recommended.

1. Click the Setup Wizard button on the Network>Settings page and read the instructions on theWelcome window, or click Wizards in the column on the left of the Management Interface and selectSetup Wizard in the Welcome page. Click Next to continue

Change Password

2. To set the password for the administrative user, admin, enter a new password in the New Password and Confirm New Password fields. Click Next .


26/258

Initial Configuration Using the Setup Wizard Page 9

Change Time Zone

3. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL security applianceinternal clock is set automatically by a Network Time Server on the Internet. Click Next .

Configure the Modem

4. Select the way you will be using the built-in modem on the TZ 170 SP.

Yes - I will use a dialup account as a backup for the WAN ethernet connection : This settinguses the modem dial-up connection as an automatic backup to the WAN ethernet connection. Usethis if you have a DSL or Cable modem, and have dialup access to your ISP.

Yes - Dialup up is my only connection to the Internet : This setting uses the modem dial-up con-nection as the only internet connection.

No - I will not use the modem at this time : This setting does not use the modem.


27/258


5. Click Next .

6. If you selected to use the modem, enter the phone number, username and password for the dial-upconnection. Click Next .

Note: Some Internet Service providers require that you include the @ and domain name with your username, for example, [email protected].

WAN Network Mode

7. Confirm that you have the proper network information necessary to configure the SonicWALL securityappliance to access the Internet. Click the hyperlinks for definitions of the networking terms.

You can choose:Static IP , if your ISP assigns you a specific IP address or group of addresses.DHCP , if your ISP automatically assigns you a dynamic IP address.PPPoE , if your ISP provided you with client software, a user name, and a password.

8. Choose Static IP and click Next .


28/258


WAN Network Mode: NAT Enabled

9. Enter the public IP address provided by your ISP in the SonicWALL WAN IP Address , then fill in therest of the fields: WAN/OPT Subnet Mask , Gateway (Router) Address , and the primary andsecondary DNS Server Addresses . Click Next .

LAN Settings

10. The LAN page allows the configuration of the SonicWALL LAN IP Addresses and the LAN SubnetMask .The SonicWALL LAN IP Addresses are the private IP address assigned to the LAN port ofthe SonicWALL security appliance. The LAN Subnet Mask defines the range of IP addresses on theLAN. The default values provided by the SonicWALL security appliance work for most networks. Ifyou do not use the default settings, enter your preferred private IP address and subnet mask in thefields. Click Next .


29/258


LAN DHCP Settings

11. The Optional-SonicWALL DHCP Server window configures the SonicWALL security applianceDHCP Server. If enabled, the SonicWALL security appliance automatically configures the IP settingsof computers on the LAN. To enable the DHCP server, select Enable DHCP Server , and specify therange of IP addresses that are assigned to computers on the LAN.

If Disable DHCP Server is selected, you must configure each computer on your network with a staticIP address on your LAN. Click Next .

SonicWALL Configuration Summary

12. The Configuration Summary window displays the configuration defined using the InstallationWizard. To modify any of the settings, click Back to return to the Connecting to the Internet window.If the configuration is correct, click Next .


30/258


Storing SonicWALL Configuration

Setup Wizard Complete

13. The SonicWALL security appliance stores the network settings.14. Click Restart to restart the SonicWALL security appliance. The SonicWALL security appliance takes

approximately 90 seconds or longer to restart. During this time, the yellow Test LED is lit.


31/258


Configuring DHCP Networking ModeDHCP is a networking mode that allows you to obtain an IP address for a specific length of time from aDHCP server. The length of time is called a lease which is renewed by the DHCP server typically after afew days. When the lease is ready to expire, the client contacts the server to renew the lease. This is acommon network configuration for customers with cable or DSL modems. You are not assigned a specificIP address by your ISP .

1. Click the Setup Wizard button on the Network>Settings page.

2. Read the instructions on the Welcome window and click Next to continue.

Change Password3. To set the password, enter a new password in the New Password and Confirm New Password

fields. Click Next .

Change Time Zone4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL security appliance

internal clock is set automatically by a Network Time Server on the Internet. Click Next .

WAN Network Mode

5. Select DHCP . Click Next .


32/258


WAN Network Mode: NAT with DHCP Client

6. the WAN Network Mode: NAT with DHCP Client window is displayed, stating the security appliancewill obtain the IP address for the WAN port automatically from a DHCP server. To confirm this, clickNext. DHCP-based configurations are most common with cable modem connections.

LAN Settings

7. The Fill in information about your LAN page allows the configuration of SonicWALL securityappliance LAN IP Addresses and Subnet Masks. SonicWALL security appliance LAN IP Addressesare the private IP addresses assigned to the LAN of the SonicWALL security appliance. The LANSubnet Mask defines the range of IP addresses on the networks. The default values provided by theSonicWALL security appliance are useful for most networks. Click Next .


33/258


DHCP Settings

8. The Optional-SonicWALL DHCP Server window configures the SonicWALL security applianceDHCP Server. If enabled, the security appliance automatically assigns IP settings to computers onthe LAN. To enable the DHCP server, select Enable DHCP Server , and specify the range of IPaddresses assigned to computers on the LAN.

If Disable DHCP Server is selected, the DHCP Server is disabled. Click Next to continue.

Configuration Summary

9. The Configuration Summary window displays the configuration defined using the InstallationWizard . To modify any of the settings, click Back to return to the Connecting to the Internet window.If the configuration is correct, click Apply.


34/258


Storing Configuration


10. Click Restart to restart the SonicWALL security appliance. The SonicWALL security appliance takes90 seconds to restart. During this time, the yellow Test LED is lit.

Tip! The new SonicWALL security appliance LAN IP address, displayed in the URL field of the Congratulations window, is used to log in and manage the SonicWALL security appliance.


35/258


Configuring PPPoE with NAT EnabledNAT with PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connectwith a remote site using various Remote Access Service products. This protocol is typically found whenusing a DSL modem with an ISP requiring a user name and password to log into the remote server. TheISP may then allow you to obtain an IP address automatically or give you a specific IP address.1. Click the Setup Wizard button on the Network>Settings page.

2. Read the instructions on the Welcome window and click Next to continue.

Change Password3. To set the password, enter a new password in the New Password and Confirm New Password

fields. Click Next .

Change Time Zone4. Select the appropriate Time Zone from the Time Zone menu. The SonicWALL security appliance

internal clock is set automatically by a Network Time Server on the Internet. Click Next .

WAN Network Mode

5. The SonicWALL security appliance automatically detects the presence of a PPPoE server on theWAN. If not, then select PPPoE: Your ISP provided you with desktop software, a user name andpassword . Click Next .


36/258


WAN Network Mode: NAT with PPPoE Client

6. Enter the user name and password provided by your ISP into the User Name and Password fields.Click Next .

LAN Settings

7. The LAN Settings page allows the configuration of SonicWALL security appliance LAN IP Addressesand LAN Subnet Mask.The SonicWALL security appliance LAN IP Address is the private IP addressassigned to the LAN port of the SonicWALL security appliance. The LAN Subnet Mask defines therange of IP addresses on the LAN. The default values provided by the SonicWALL security applianceare useful for most networks. If you do not use the default settings, enter your preferred IP addressesin the fields. Click Next .


37/258


DHCP Server

8. The Optional-SonicWALL DHCP Server window configures the SonicWALL security applianceDHCP Server. If enabled, the SonicWALL security appliance automatically assigns IP settings tocomputers on the LAN. To enable the DHCP server, select Enable DHCP Server , and specify therange of IP addresses that are assigned to computers on the LAN.

If Disable DHCP Server is selected, you must configure each computer on your network with a staticIP address on your LAN. Click Next .

SonicWALL Configuration Summary

9. The Configuration Summary window displays the configuration defined using the InstallationWizard . To modify any of the settings, click Back to return to the WAN Settings window. If theconfiguration is correct, click Next to proceed to the Congratulations window.


38/258



Tip! The new SonicWALL security appliance LAN IP address, displayed in the URL field of the

Congratulations window, is used to log in and manage the SonicWALL security appliance.


10. Click Restart to restart the SonicWALL security appliance.

11. The SonicWALL security appliance takes approximately 90 seconds or longer to restart. During thistime, the yellow Test LED is lit.


39/258


Configuring the TZ 170 Wireless using the Setup WizardThe Setup Wizard provides the following four wireless deployment scenarios for TZ 170 Wireless:

TZ 170 Wireless Deployment ScenariosOffice Gateway - Provides secure access for wired and wireless users on your network.

Secure Access Point - Add secure wireless access to an existing wireless network.

Guest Internet Gateway - Provide guests controlled wireless access to the Internet only.


40/258


Secure Wireless Bridge - Operate in wireless bridge mode to securely bridge two networks withWiFiSec.

Configuring the TZ 170 Wireless as an Office GatewayLog into the TZ 170 Wireless using your administrators name and password. Click Wizards in the topright corner of the System > Status page.

Welcome to the SonicWALL Setup Wizard

1. To begin configuration, select Setup Wizard and click Next .


41/258


Selecting the Deployment Scenario

2. Select Office Gateway as the deployment scenario.To view a description of each type of deployment scenario, click the name of the scenario.Click Next .

Changing the Password

3. Type a new password in the New Password field. The password should be a unique combination ofletters, or number, or symbols, or a combination of all three for the most secure password. Avoidnames, birthdays, or any obvious words. Retype the password in the Confirm field. Click Next .


42/258


Selecting Your Time Zone

4. Select your Time Zone from the Time Zone menu. The security appliance uses an internal clock totimestamp logs and other functions requiring time. Click Next .

Configuring the WAN Network Mode

5. Confirm that you have the proper network information necessary to configure the SonicWALL securityappliance to access the Internet. Click the hyperlinks for definitions of the networking terms.

You can choose:

Static IP , if your ISP assigns you a specific IP address or group of addresses.DHCP , if your ISP automatically assigns you a dynamic IP address.PPPoE , if your ISP provided you with client software, a user name, and a password.PPTP , if your ISP provided you with a server IP address, a user name, and password.

6. Choose the correct networking mode and click Next .


43/258


Configuring WAN Settings

7. If you selected Static IP address , you must have your IP address information from your ISP to fill inthe WAN Network Mode fields: Enter the public IP address provided by your ISP in the SonicWALLWAN IP Address , then fill in the rest of the fields: WAN Subnet Mask , Gateway (Router) Address ,and the primary and secondary DNS Server Addresses . Click Next .

Configuring LAN Settings

8. Type a private IP address in the SonicWALL LAN IP Address field. The default private IP addressis acceptable for most configurations. Type the subnet in the Subnet Mask field. The EnableWindows Networking Support checkbox is checked to allow Window networking support. If you donot want to allow Windows networking support, uncheck this setting. Click Next .


44/258


Configuring LAN DHCP Settings

9. If you want to use the SonicWALL security appliances DHCP Server, check the Enable DHCPServer on LAN checkbox and enter a range of IP addresses to assign network devices in the LANAddress Range fields. The default entries work for most network configurations. Click Next .

Configuring WLAN 802.11b/g Settings

10. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumericcharacters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the RadioMode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless tosupport b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .


45/258


Configuring WiFiSec - VPN Client User Authentication

11. WiFiSec and GroupVPN are automatically enabled on the security appliance using the defaultsettings associated with each feature. To add a user with VPN Client privileges, type a user name andpassword in the User Name and Password fields, and confirm your password in the ConfirmPassword field. When users access the security appliance using the VPN client, they are promptedfor a user name and password. Click Next .

Configuring Wireless Guest Services

12. When Enable Wireless Guest Services is selected, guests on your WLAN are permitted access onlyto the WAN and are required to log in when accessing the Internet. Up to 10 users by default can usethe same guest account. Type in the account name and password in the Account Name andPassword fields. Configure the Account Lifetime and the Session Timeout times.


46/258



13. The Configuration Summary page displays all of the settings configured using the DeploymentScenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To use this configuration on the security appliance, click Apply .


14. Wait for the settings to take effect on the security appliance.


47/258


48/258


49/258


If Enable DHCP Server on LAN is not selected, you must configure each computer on your LAN witha static IP address. Click Next .

Configuring WLAN 802.11b Settings7. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumeric

characters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the Radio

Mode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless tosupport b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .

Configuring WiFiSec - VPN Client User Authentication8. WiFiSec and Group VPN are automatically enabled on the security appliance using the default

settings associated with each feature. To add a user with VPN Client privileges, type a user name andpassword in the User Name and Password fields. When users access the security appliance usingthe VPN client, they are prompted for a user name and password. Click Next .


9. The Configuration Summary page displays all of the settings configured using the DeploymentScenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To apply the current settings to the security appliance, click Apply .

Storing Configuration10. Wait for the settings to take effect on the security appliance.

Congratulations!When the settings are applied to the security appliance, the Congratulations page is displayed. ClickRestart to complete the configuration.


50/258


Configuring the TZ 170 Wireless as a Guest Internet GatewayConfigure your wireless security appliance to provide guests controlled wireless access to the Internetonly.

Log into the TZ 170 Wireless using your administrators name and password. Click Wizards in the topright corner of the System > Status page.

Welcome to the SonicWALL Setup Wizard1. To begin configuration, select Setup Wizard and click Next .

Selecting the Deployment Scenario2. Select Guest Internet Gateway as the deployment scenario. Click Next .

Changing the Password3. Type a new password in the New Password field. The password should be a unique combination of

letters, or number, or symbols, or a combination of all three for the most secure password. Avoidnames, birthdays, or any obvious words. Retype the password in the Confirm field. Click Next .

Selecting Your Time Zone4. Select your Time Zone from the Time Zone menu. The security appliance uses an internal clock totimestamp logs and other functions requiring time. Click Next .

Configuring the WAN Network Mode5. Confirm that you have the proper network information necessary to configure the SonicWALL security

appliance to access the Internet. Click the hyperlinks for definitions of the networking terms.

You can choose:

Static IP , if your ISP assigns you a specific IP address or group of addresses.DHCP , if your ISP automatically assigns you a dynamic IP address.PPPoE , if your ISP provided you with client software, a user name, and a password.

PPTP , if your ISP provided you with a server IP address, a user name, and password.6. Choose the correct networking mode and click Next .

Configuring WAN Settings7. If you selected Static IP address , you must have your IP address information from your ISP to fill in

the WAN Network Mode fields: Enter the public IP address provided by your ISP in the SonicWALLWAN IP Address , then fill in the rest of the fields: WAN Subnet Mask , Gateway (Router) Address ,and the primary and secondary DNS Server Addresses . Click Next .


51/258


Configuring WLAN 802.11b Settings8. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumeric

characters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the RadioMode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless tosupport b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .

Configuring Wireless Guest Services9. When Wireless Guest Services is selected, guests on your WLAN are permitted access only to the

WAN and are required to log in when accessing the Internet. Up to 10 users by default can use thesame guest account. Type in the account name and password in the Account Name and Password fields. Configure the Account Lifetime and the Session Timeout times.


10. The Configuration Summary page displays all of the settings configured using the Deployment

Scenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To apply the current settings to the security appliance, click Apply .

Storing Configuration11. Wait for the settings to take effect on the security appliance.

Congratulations!When the settings are applied to the security appliance, the Congratulations page is displayed. ClickRestart to complete the configuration.


52/258


Configuring the TZ 170 Wireless as a Secure Wireless BridgeSet up the TZ 170 Wireless as a Secure Wireless Bridge to securely bridge two networks with WiFiSec.

Log into the TZ 170 Wireless using your administrators name and password. Click Wizards in the topright corner of the System > Status page.

Welcome to the SonicWALL Setup Wizard1. To begin configuration, select Setup Wizard and click Next .

Selecting the Deployment Scenario

2. Select Secure Wireless Bridge as the deployment scenario. Click Next .

Changing the Password

3. Type a new password in the New Password field. The password should be a unique combination ofletters, or number, or symbols, or a combination of all three for the most secure password. Avoidnames, birthdays, or any obvious words. Retype the password in the Confirm field. Click Next .

Selecting Your Time Zone

4. Select your Time Zone from the Time Zone menu. The security appliance uses an internal clock totimestamp logs and other functions requiring time. Click Next .

Configuring LAN Settings

5. Type a private IP address in the SonicWALL LAN IP Address field. The default private IP addressis acceptable for most configurations. Type the subnet in the Subnet Mask field.

If you have Windows devices in both the LAN and WAN zones, you might want to enable windowsnetworking between zones. However, this opens a potential security risk.

6. Click Next .

Configuring LAN DHCP Settings

7. If you want to use the security appliances built-in DHCP server to assign dynamic IP Addresses

within your LAN, check Enable DHCP Server on LAN and enter the range of addresses available tothe DHCP Server. Click Next .

Configuring WLAN 802.11b Settings

8. The Service Set ID ( SSID ) identifies your wireless network. It can be up to 32 alphanumericcharacters long and is case-sensitive. Select the desired channel for your wireless port. Channel 11is selected by default and is the most commonly used channel. Select a radio mode from the RadioMode menu. The default 2.4GHz 802.11b/g Mixed option allows the SonicWALL TZ 170 Wireless to


53/258


support b and g. Select United States - US or Canada - CA from the Country Code menu. Use thedefault AutoChannel setting in the Channel menu. Click Next .

Configuring WLAN Network Setting

9. Enter the appropriate network configuration for the security appliance to work in your bridged networkenvironment. Type a private IP address in the SonicWALL WLAN IP Address field. Type the subnetin the Subnet Mask field. Enter that address of the Gateway (Router) Address and the DNS ServerAddress . If you have a secondary DNS server you can enter its address.

10. Click Next .

Configuring Secure Wireless Bridge Settings

Complete the VPN Security Policy information to configure the Secure Wireless Bridge. Enter the VPNPolicy Name , the Peer IPSec Gateway Address , and the IKE Shared Secret . Click Next to continue.


11. The Configuration Summary page displays all of the settings configured using the DeploymentScenario Wizard . To change any of the settings, click Back until you see the settings you want tochange. To apply the current settings to the security appliance, click Apply .


12. Wait for the settings to take effect on the security appliance.

Congratulations!

When the settings are applied to the security appliance, the Congratulations page is displayed. ClickRestart to complete the configuration.


54/258

System Settings Page 37

3 System SettingsThis chapter describes the configuration of the SonicWALL security appliance IP settings, time, andpassword as well as providing instructions to restart the SonicWALL security appliance, import and exportsettings, upload new firmware, and perform diagnostic tests.

System > StatusThe Status page contains five sections: System Messages, System Information, Latest Alerts,Security Services, and Network Interfaces .

System MessagesAny information considered relating to possible problems with configurations on the SonicWALL securityappliance such as password, log messages, etc.

System InformationThe following information is displayed in this section:

Model - type of SonicWALL security appliance Serial Number - also the MAC address of the SonicWALL security appliance Authentication Code - the alphanumeric code used to authenticate the SonicWALL security appli-

ance on the registration database at . Firmware Version - the firmware version loaded on the SonicWALL security appliance.

ROM Version - indicates the ROM version. CPU Type - displays the type and speed of the SonicWALL security appliance processor. Total Memory - indicates the amount of RAM and flash memory. Uptime - the length of time, in days, hours,

sonicos standard 26 adminguide

Documents