SonicWALL TELE3 SP Administrator'S Manual Download Page 141 | Manualshive

Page: 141 / 210

background image

Page 140 SonicWALL TELE3 SP Administrator’s Guide

6. Define the length of time before an IKE Security Association automatically renegotiates in

the

SA Life Time (secs)

field. The

SA Life Time

can range from 120 to 9,999,999

seconds.

Note

: A short SA Life Time increases security by forcing the two VPN gateways to update

the encryption and authentication keys. However, every time the VPN tunnel renegotiates,

users accessing remote resources are disconnected. Therefore, the default SA Life Time of

28,800 seconds (8 hours) is recommended.

7. Select

DES & SHA1

from the

Phase 1 Encryption/Authentication

menu.

8. Select the appropriate encryption algorithm from the

Phase 2

Encryption/

Authentication

menu. The SonicWALL supports the following encryption algorithms:

•

Tunnel Only (ESP NULL)

does not provide encryption or authentication, but offers

access to machines at private addresses behind NAT. It also allows unsupported services
through the SonicWALL.

•

Encrypt (ESP DES)

uses 56-bit DES to encrypt data. DES is an extremely secure

encryption method, supporting over 72 quadrillion possible encryption keys that can be
used to encrypt data.

•

Fast Encrypt (ESP ARCFour)

uses 56-bit ARCFour to encrypt data. ARCFour is a secure

encryption method, and has less impact on throughput than DES or Triple DES. This
encryption method is recommended for all but the most sensitive data.

•

Strong Encrypt (ESP 3DES)

uses 168-bit 3DES (Triple DES) to encrypt data. 3DES is

considered an almost "unbreakable" encryption method, applying three DES keys in
succession, but it significantly impacts the data throughput of the SonicWALL.

•

Strong Encrypt and Authenticate (ESP 3DES HMAC MD5)

uses 168-bit 3DES

encryption and HMAC MD5 authentication. 3DES is an extremely secure encryption
method, and HMAC MD5 authentication is used to verify integrity. This method significantly
impacts the data throughput of the SonicWALL.

•

Strong Encrypt for Checkpoint (ESP 3DES)

uses 168-bit 3DES encryption but does not

use an authentication protocol.

•

Strong Encrypt and Authenticate (ESP 3DES HMAC SHA1)

uses 168-bit 3DES

encryption and HMAC SHA1 authentication. 3DES is an extremely secure encryption
method, and HMAC SHA1 authentication is used to verify integrity. This method
significantly impacts the data throughput of the SonicWALL.

•

Encrypt for Check Point (ESP DES HMAC MD5)

uses 56-bit DES to encrypt data and

is compatible with Check Point Firewall-1. This method impacts the data throughput of the
SonicWALL.

•

Encrypt and Authenticate (ESP DES HMAC MD5)

uses 56-bit DES encryption and

HMAC MD5 authentication. This method impacts the data throughput of VPN
communications. SonicWALL VPN client software supports this method.

•

Authenticate (AH MD5)

uses AH to authenticate VPN communications and MD5 to

generate a 128-bit digest.

«
...
139
140
141
142
143
...
»

Summary of Contents for TELE3 SP

Page 1: ...SONICWALL The TELE3 SP Administrator s Guide...

Page 2: ...or Password 24 3 Managing Your SonicWALL TELE3 SP 25 Status 27 CLI Support and Remote Management 28 4 Logging and Alerts 30 SonicWALL Log Messages 31 Log Settings 32 Log Categories 34 Alert Categories...

Page 3: ...9 Viewing Network Access Rules 70 Services 70 Windows Networking NetBIOS Broadcast Pass Through 71 Detection Prevention 71 Network Connection Inactivity Timeout 71 Add Service 72 Rules 73 Understandin...

Page 4: ...wo SonicWALLs 135 Example of Manual Key Configuration for Two SonicWALLs 138 IKE Configuration for Two SonicWALLs 141 Example Linking Two SonicWALLs using IKE 144 VPN Third Party Digital Certificate S...

Page 5: ...Description 175 SonicWALL TELE3 SP Back Panel 176 The SonicWALL TELE3 SP Back Panel Description 176 14 Troubleshooting Guide 178 The Link LED is off 178 A computer on the LAN cannot access the Interne...

Page 6: ...turned to SonicWALL with transportation charges prepaid A Return Materials Authorization RMA number must be displayed on the outside of the package for the product being returned for replacement or th...

Page 7: ...LL IP settings time and password Chapter 4 Logging and Alerting illustrates the SonicWALL logging alerting and reporting features Chapter 5 Content Filtering and Blocking describes SonicWALL Web conte...

Page 8: ...Port Numbers offers information about IP port numbering Appendix E Configuring TCP IP Settings provides instructions for configuring your Management Station s IP address Appendix F Erasing the Firmwar...

Page 9: ...partners and branch offices The SonicWALL TELE3 SP uses stateful packet inspection to ensure secure firewall filtering Stateful packet inspection is widely considered to be the most effective method...

Page 10: ...omputers to access the Internet even if only one IP address has been provided by your ISP Network Access Rules The default Network Access Rules allow traffic from the LAN to the Internet and block tra...

Page 11: ...gories You can select the information you wish to display in the SonicWALL event log You can view the event log from the SonicWALL Web Management Interface or receive the log as an e mail file Syslog...

Page 12: ...ion Installation Wizard The SonicWALL Installation Wizard helps quickly install and configure the SonicWALL Online help SonicWALL help documentation is built into the SonicWALL Web Management Interfac...

Page 13: ...There are three tabs other than Status in the General section Network Time Password Network Note The Network Settings change to the dial up ISP network settings when a WAN Failover occurs on the SP T...

Page 14: ...hree numbers as the SonicWALL LAN IP Address for example 192 168 168 Multiple LAN Subnet Mask Support Note This feature does not replace or substitute configuring routes with the Routes tab in the Adv...

Page 15: ...If you select NAT with DHCP Client NAT with PPPoE or NAT with L2TP Client mode the SonicWALL WAN IP address is assigned automatically If you select Standard mode the SonicWALL WAN IP Address is the sa...

Page 16: ...e SonicWALL uses the DNS servers for diagnostic tests and for upgrade and registration functionality 6 Click Update Once the SonicWALL has been updated a message confirming the update is displayed at...

Page 17: ...icWALL 3 Enter your network subnet mask in the LAN Subnet Mask field The LAN Subnet Mask tells the SonicWALL which IP addresses are on your LAN Use the default value 255 255 255 0 if there are less th...

Page 18: ...e changes to take effect If you enable Network Address Translation designate the SonicWALL LAN IP Address as the gateway address for computers on your LAN Consider the following example The SonicWALL...

Page 19: ...sing Mode menu 2 Enter a unique IP address from your LAN address range in the SonicWALL LAN IP Address field The SonicWALL LAN IP Address is the address assigned to the SonicWALL LAN and is used for m...

Page 20: ...ttings on your computers to obtain DNS name resolution In the WAN LAN Settings section of Network you can Renew and Release the SonicWALL WAN IP NAT Public Address lease When you click on Renew the So...

Page 21: ...P assigns a specific IP address to you 8 Click Update Once the SonicWALL has been updated a message confirming the update is displayed at the bottom of the browser window Restart the SonicWALL for the...

Page 22: ...the date NTP Settings Network Time Protocol NTP is a protocol used to synchronize computer clock times in a network of computers NTP uses Coordinated Universal Time UTC to synchronize computer clock...

Page 23: ...t locked out of the SonicWALL Warning The password cannot be recovered if it is lost or forgotten If the password is lost you must to reset the SonicWALL to its factory default state Go to Appendix F...

Page 24: ...sensitive Enter the password exactly as defined and click Login Note All SonicWALLs are configured with the User Name admin and the default Password password The User Name is not configurable If you...

Page 25: ...agement interface using HTTPS you may see the following information message Click Yes to continue the login process SSL is supported by Netscape 4 7 and higher as well as Internet Explorer 5 5 and hig...

Page 26: ...nit Number of LAN IP addresses allowed with this license number of IP addresses that can be managed by the SonicWALL Registration code the registration code generated when the SonicWALL is registered...

Page 27: ...of your SonicWALL It contains an overview of the SonicWALL configuration as well as any important messages Check the Status window after making changes to ensure that the SonicWALL is configured prope...

Page 28: ...WALL Restore restores the factory default settings for all saved parameters with the exception of the password the LAN IP address and the subnet mask Status displays the information typically seen on...

Page 29: ...log which displays potential security threats This log can be viewed with a browser using the SonicWALL Web Management Interface or it can be automatically sent to an e mail address for convenience a...

Page 30: ...er List categories are shown below Descriptions of the categories are available at http www sonicwall com Content Filter categories html ActiveX Java Cookie or Code Archive blocked When ActiveX Java o...

Page 31: ...PP Authentication successful successfully authenticated with the dial up server PPP PPP link established connection established over the modem to the dial up server PPP Dial Up Received new IP address...

Page 32: ...ptures all log activity and includes every connection source and destination IP address IP service and number of bytes transferred The SonicWALL Syslog support requires an external server running a Sy...

Page 33: ...elect WebTrends however you must have WebTrends software installed on your system Log Categories You can define which log messages appear in the SonicWALL Event Log All Log Categories are enabled by d...

Page 34: ...are enabled by default Blocked Web Sites is disabled Attacks Log entries categorized as Attacks generate alert messages System Errors Log entries categorized as System Errors generate alert messages...

Page 35: ...frequently accessed Web sites and the number of hits to a site during the current sample period The Web Site Hits report ensures that the majority of Web access is to appropriate Web sites If leisure...

Page 36: ...ell as content filtering using keywords N2H2 N2H2 is a third party content filter software package supported by SonicWALL You can obtain more information on N2H2 at http www n2h2 com If you select N2H...

Page 37: ...tracking Web activities Select the Cookies check box to disable Cookies Known Fraudulent Certificates Digital certificates help verify that Web content and files originated from an authorized party E...

Page 38: ...s to a blocked site is attempted The default message is Web Site blocked by SonicWALL Filter Any message including embedded HTML up to 255 characters long can be entered in this field URL List The URL...

Page 39: ...download the URL List at a time when access to the Internet is at a minimum as downloading the URL List disrupts connectivity to the Internet Settings If you have enabled blocking by Filter Categorie...

Page 40: ...s or keywords to be blocked or allowed Custom Filter You can customize your URL list to include Allowed Domains Forbidden Domains and Keywords By customizing your URL list you can include specific dom...

Page 41: ...e the keyword has been removed a message confirming the update is displayed at the bottom of the browser window Note Customized domains do not have to be re entered when the Content Filter List is upd...

Page 42: ...ustom and keyword lists The Log Only check box allows you to monitor inappropriate usage without restricting access Log and Block Access Select the check box and the SonicWALL blocks access to sites o...

Page 43: ...access must be 192 168 168 168 iAccept html and the link for filtered access must be 192 168 168 168 iAcceptFilter html where the SonicWALL LAN IP Address is used instead of 192 168 168 168 Consent Ac...

Page 44: ...ndow Add New Address The SonicWALL can be configured to enforce content filtering for certain computers on the LAN Enter the IP addresses of these computers in the Add New Address field and click Subm...

Page 45: ...s are proven fraudulent then the SonicWALL blocks the Web content and the files that use these fraudulent certificates Known fraudulent certificates blocked by SonicWALL include two certificates issue...

Page 46: ...entation for details on configuring N2H2 Internet Filtering for your network N2H2 Server Status This section displays the status of the N2H2 Internet Filtering Protocol IFP server you are using for In...

Page 47: ...lue for timeout of the server is 5 seconds but you can enter a value between 1 and 10 seconds If the N2H2 server becomes unavailable select from the following two options Block traffic to all Web site...

Page 48: ...as your source for content filtering Restrict Web Features Select any of the following applications to block Block ActiveX ActiveX is a programming language that embeds scripts in Web pages Malicious...

Page 49: ...g by pointing their computer to the proxy server Check this box to prevent LAN users from accessing proxy servers on the WAN Don t Block Java ActiveX Cookies to Trusted Domains Select this option if y...

Page 50: ...lter List Server Port Enter the UDP port number for the SonicWALL to listen for the Websense Enterprise traffic The default port number is 15686 User Name To enable reporting of users and groups defin...

Page 51: ...d consult your Websense documentation for more information If Server is unavailable for 5 secs If the Websense Enterprise server becomes unavailable select from the following two options Block traffic...

Page 52: ...perform several diagnostic tests There are four tabs in the Tools section Restart Preferences Firmware Diagnostic Restarting the SonicWALL Click Tools on the left side of the browser window and then c...

Page 53: ...ve the SonicWALL settings and then retrieve them later for backup purposes SonicWALL recommends saving the SonicWALL settings when upgrading the firmware The Preferences window also provides options t...

Page 54: ...file on your computer and retrieve it for later use 1 Click Export in the Preferences tab 2 Click Export again to download the settings file Then choose the location to save the settings file The fil...

Page 55: ...t the SonicWALL for the settings to take effect Note The Web browser used to Import Settings must support HTTP uploads Microsoft Internet Explorer 5 0 and higher as well as Netscape Navigator 4 0 and...

Page 56: ...Updating Firmware The SonicWALL has flash memory and can be easily upgraded with new firmware Current firmware can be downloaded from SonicWALL Inc Web site directly into the SonicWALL Note Firmware u...

Page 57: ...lable memory ROM version Options and Upgrades SonicWALL VPN Network Anti Virus Note The SonicWALL Privacy Policy is available at http www sonicwall com corporate_info privacy html for additional infor...

Page 58: ...0 and higher as well as Netscape Navigator 4 0 and higher is recommended When firmware is uploaded the SonicWALL settings can be erased Before uploading new firmware export and save the SonicWALL set...

Page 59: ...vides a summary of the SonicWALL firmware upgrades subscription services and support offerings You can contact SonicWALL or your local reseller for more information about SonicWALL options and upgrade...

Page 60: ...onicWALL then queries the DNS server and displays the result at the bottom of the screen Note You must define a DNS server IP address in the Network tab of the General section to perform a DNS Name Lo...

Page 61: ...nd Network Path requires an IP address The SonicWALL DNS Name Lookup tool can be used to find the IP address of a host Ping The Ping test bounces a packet off a machine on the Internet back to the sen...

Page 62: ...termine if a communications stream is being stopped at the SonicWALL or is lost on the Internet To interpret this tool it is necessary to understand the three way handshake that occurs for every TCP c...

Page 63: ...282 00 a0 4b 05 96 4a To 204 71 200 74 80 02 00 cf 58 d3 6a Client sends a final ACK and waits for start of data transfer 6 TCP sent on WAN ACK From 207 88 211 116 1937 00 40 10 0c 01 4e To 204 71 200...

Page 64: ...2 Enter the IP address of the remote host in the Trace on IP address field and click Start You must enter an IP address in the Trace on IP address field do not enter a host name such as www yahoo com...

Page 65: ...his case number in all correspondence as it allows SonicWALL tech support to provide you with better service In the Tools section click the Diagnostic tab and then select Tech Support Report from the...

Page 66: ...tic utility to assist in diagnosing and troubleshooting router connections on the Internet By using Internet Connect Message Protocol ICMP echo packets similar to Ping packets Trace Route can test int...

Page 67: ...cWALL TELE3 SP Administrator s Guide A second window is displayed with each hop to the destination host By following the route you can diagnose where the connection fails between the SonicWALL and the...

Page 68: ...he LAN The custom rules evaluate network traffic source IP address destination IP address IP protocol type and compare the information to rules created on the SonicWALL Network Access Rules take prece...

Page 69: ...net Otherwise you are blocked from accessing that service By default the LAN Out check boxes are selected Note If an Alert Icon appears next to a LAN Out or LAN In check box a rule in the Rules window...

Page 70: ...ers Randomize IP ID A Randomize IP ID check box is available to prevent hackers using various detection tools from detecting the presence of a SonicWALL appliance IP packets are given random IP IDs wh...

Page 71: ...the IP protocol type 6 for TCP 17 for UDP or 1 for ICMP Note There can be multiple entries with the same name For example the default configuration has two entries labeled Name Service DNS for UDP por...

Page 72: ...ervice in the list 2 Clear the Enable Logging check box 3 Click Modify Delete a Service To delete a service highlight the name in the list and click Delete Service If multiple entries with the same na...

Page 73: ...custom Network Access Rules click Access on the left side of the browser window and then click the Rules tab Note Use extreme caution when creating or deleting Network Access Rules because you can di...

Page 74: ...Chapter 10 Advanced of this manual Add A New Rule 1 Click Add New Rule to open the Add Rule window 2 Select Allow or Deny in the Action list depending upon whether the rule is intended to permit or bl...

Page 75: ...eld The default value is 5 minutes 8 Do not select the Allow Fragmented Packets check box Large IP packets are often divided into fragments before they are routed over the Internet and then reassemble...

Page 76: ...ule menu 7 Enter a value in minutes in the Activity Timeout in Minutes field 8 Do not select the Allow Fragmented Packets check box 9 If you want the Rule to have guaranteed bandwidth select Enable Ou...

Page 77: ...ht of the rule To enable a disabled rule select the Enable check box The configuration is updated automatically and a message confirming the update is displayed at the bottom of the browser window Res...

Page 78: ...on the Internet during business hours 1 Click Add New Rule in the Rules window to launch the Add Network Access Rule Web browser window 2 Select Deny from the Action menu 3 Select NNTP from the Servi...

Page 79: ...tent is to allow a ping only to the SonicWALL enter the SonicWALL LAN IP Address in the Destination Addr Range Begin field 8 Select Always from the Apply this rule menu to ensure continuous enforcemen...

Page 80: ...e 70 for instructions on adding Services to the SonicWALL Users Extensive modifications and additional features are available on the Users tab in the Access section of the Management interface User le...

Page 81: ...nabling this check box allows unauthenticated DNS traffic to access the DNS server over a VPN tunnel with authentication enforcement Use this checkbox if you allow unauthenticated users to access the...

Page 82: ...Capabilities By enabling this check box the user has limited local management access to the SonicWALL Management interface The access is limited to the following pages General Status Network Time Log...

Page 83: ...an the session time set by the administrator The connection closes when the user exceeds the inactivity time out period or the maximum session time is exceeded If the connection is closed the user mus...

Page 84: ...t Number for the RADIUS server 6 If there is a secondary RADIUS server enter the appropriate information in the Secondary Server section 7 Enter the RADIUS server administrative password or shared sec...

Page 85: ...ver User Datagram Protocol UDP that allows network administrators to monitor the status of the SonicWALL Internet Security appliances and receive notification of any critical events as they occur on t...

Page 86: ...P management system receiving the SNMP traps in the Host 1 through 4 fields Up to 4 addresses or hostnames can be specified Configuration of the Log Log Settings for SNMP Trap messages are generated o...

Page 87: ...ly configured in this section 1 Enter a 16 character hexadecimal encryption key in the Encryption Key field Valid hexadecimal characters include 0 1 2 3 4 5 6 7 8 9 A B C D E and F An example of a val...

Page 88: ...check box but the log in process into the SonicWALL Management interface slows down HTTPS Port Management A new feature allows you to configure the port used HTTPS authentication By configuring an al...

Page 89: ...opies of the requested Web pages If it does not the proxy completes the request to the server on the Internet returning the requested information to the user and also saving it locally for future requ...

Page 90: ...Click the Intranet tab at the top of the window 5 To bypass the Proxy Servers if a failure occurs select the Bypass Proxy Servers Upon Proxy Server Failure check box Note The Intranet settings tab is...

Page 91: ...he LAN Ethernet port on the back of the SonicWALL to the network segment to be protected against unauthorized access 2 Connect the WAN Ethernet port on the back of the SonicWALL to the rest of the net...

Page 92: ...computers on your LAN the computers not included are unable to send or receive data through the SonicWALL Specified address ranges are attached to the WAN link Select this option if it is easier to sp...

Page 93: ...over to the modem occurs on the SP To add Static Route entries follow these instructions 1 Enter the destination network of the static route in the Dest Network field The destina tion network is the I...

Page 94: ...y defining internal and external address ranges of equal length Once the relationship is defined the computer with the first IP address of the private address range is accessible at the first IP addre...

Page 95: ...54 and a WAN IP address of 208 1 2 2 Also you own the IP addresses in the range 208 1 2 1 208 1 2 6 Note If you have only one IP address from your ISP you cannot use One to One NAT You have three web...

Page 96: ...from the LAN you must use URLs like http 1921 168 1 10 to reach the web servers An IP address such as 192 168 1 10 on the LAN cannot be used in both public LAN server configurations and in public LAN...

Page 97: ...e it is impossible to differentiate between types of network traffic it is also impossible to control which users or applications have priority on the network Applications can also require a specific...

Page 98: ...s to run smoothly How does SonicWALL Bandwidth Management Work Bandwidth management works by allocating traffic to a class based upon application type source or destination addresses or a combination...

Page 99: ...class a class can temporarily borrow bandwidth and send traffic until the maximum bandwidth allocated to the class is reached Spare bandwidth is allocated among the highest priority classes until no m...

Page 100: ...traffic reply packets for traffic associated with an inbound Rule is managed based on the configuration for that Rule MTU Settings A network administrator may set the MTU Maximum Transmission Unit al...

Page 101: ...your LAN To access the SonicWALL DHCP Setup window click DHCP on the left side of the browser window There are three tabs in the DHCP section Setup DHCP over VPN Status Setup Disable DHCP Server is t...

Page 102: ...he ones specified in the SonicWALL Network section then select Specify Manually Enter your DNS Server addresses in the DNS Server 1 DNS Server 2 and DNS Server 3 fields The DNS servers are used by com...

Page 103: ...ernet MAC address of your computer or server in the Ethernet Address field Then click Update When the SonicWALL has been updated a message confirming the update is displayed at the bottom of your Web...

Page 104: ...te are configured for VPN tunnels for initial DHCP traffic as well as subsequent IP traffic between the sites The SonicWALL at the remote site Remote Gateway passes DHCP broadcast packets through its...

Page 105: ...ecified servers 4 To delete DHCP servers click on the IP address of the DHCP server and click Delete DHCP Server The server is removed from the list of DHCP servers 5 To complete the configuration go...

Page 106: ...tunnel when IP spoof detected the SonicWALL blocks any traffic across the VPN tunnel that is spoofing an authenticated user s IP address If you have any static devices however you must ensure that th...

Page 107: ...the Static IP addresses from the pool of available IP addresses on the DHCP server so that the DHCP server does not assign these addresses to DHCP clients 10 Select LAN Devices not allowed to obtain...

Page 108: ...shows the details on the current bindings IP and MAC address of the bindings along with the type of binding Dynamic Dynamic BootP or Static BootP To delete a binding which frees the IP address in the...

Page 109: ...e SonicWALL demonstrates the configuration of SonicWALL Group VPN settings using the Group VPN Security Association Configuring VPN using Manual Key describes the configuration of a SonicWALL applianc...

Page 110: ...UDP encapsulation is used for IPSec packets NAT NAT Traversal devices use dynamic mappings where a private IP address and source port 192 168 168 168 X are temporarily bound to a shared public IP add...

Page 111: ...ion displays the Unique Firewall Identifier which defaults to the serial number of the SonicWALL appliance You can change the Identifier and use it for configuring VPN tunnels Enable VPN must be selec...

Page 112: ...ration or Advanced Configuration Group Configuration Manual Key Configuration and IKE Configuration SonicWALL to SonicWALL are described in this chapter Advanced Configuration is available at the Soni...

Page 113: ...e either Group VPN default or Add New SA If you select Add New SA a Name field is displayed that allows you to create a name for the SA such as Boston Office Corporate Site etc Select the type of secu...

Page 114: ...ryption Authentication You can also select an encryption method from the Encryption Authentication for the VPN tunnel If you select IKE using Pre Shared Secret for your SA you can select from one of f...

Page 115: ...d hexadecimal characters are 0 to 9 and a to f inclusive 0 1 2 3 4 5 6 7 8 9 a b c d e f The hexadecimal characters 0 to ff inclusive are reserved by the Internet Engineering Task Force IETF and are n...

Page 116: ...k box if you are managing your IP address allocation from a central location Specify destination networks below Configure the destination networks for your VPN Security Association Click Destination N...

Page 117: ...for traffic on the network segment between the two connections Interruption of the signal forces the tunnel to renegotiate the connection Require authentication of local users Selecting this check box...

Page 118: ...LL routing table Inbound traffic is decrypted and can now be forwarded to a remote site via another VPN tunnel Normally inbound traffic is decrypted and only forwarded to the SonicWALL LAN or a specif...

Page 119: ...dular Exponentiation with different prime lengths as listed below If network connection speed is an issue select Group 1 If network security is an issue select Group 5 To compromise between speed and...

Page 120: ...Certificates and Third Party Certificates Group VPN using IKE Pre shared Secret Group VPN using IKE Certificate s Manual Key IKE using Pre shared Secret IKE using Certificates1 Use Aggressive Mode 3 3...

Page 121: ...configure remote VPN clients Group VPN is only available for VPN clients and it is recommended to use Authentication Service or XAUTH RADIUS in conjunction with the Group VPN for added security To ena...

Page 122: ...IPSec packets for this SA Note It is not necessary to configure the Advanced Settings to get the VPN connection working between the SonicWALL and the VPN client You can configure the Advanced Settings...

Page 123: ...at http www sonicwall com documentation html Group VPN Client Configuration To import the Group VPN security policy into the VPN Client use the following steps 1 Open the VPN Client Click File and the...

Page 124: ...Click the sign next to Group VPN to reveal two sections My Identity and Security Policy Select My Identity to view the settings 5 Click Pre Shared Key to enter the Pre Shared Secret created in the Gro...

Page 125: ...vpn center vpn setup html Verifying the VPN Tunnel as Active After the Group VPN Policy is active on the VPN Client you can verify that a secure tunnel is active and sending data securely across the...

Page 126: ...Security Association menu Then select Manual Key from the IPSec Keying Mode menu 3 Enter a descriptive name that identifies the VPN client in the Name field such as the client s location or name 4 Ent...

Page 127: ...k automatically updates the VPN configuration and opens the VPN Destination Network window 10 Enter 0 0 0 0 in the Range Start Range End and Destination Subnet Mask for NetBIOS broadcast fields 11 Cli...

Page 128: ...y policy name Configuring VPN Security and Remote Identity 1 Select Secure in the Network Security Policy box on the right side of the Security Policy Editor window 2 Select IP Subnet in the ID Type m...

Page 129: ...ent Identity To configure the VPN Client Identity click My Identity in the Network Security Policy window 1 Select None from the Select Certificate menu 2 Select the method used to access the Internet...

Page 130: ...1 Select Security Policy in the Network Security Policy window 2 Select Use Manual Keys in the Select Phase 1 Negotiation Mode menu 3 Click the next to Security Policy and select Key Exchange Phase 2...

Page 131: ...Encapsulation Protocol ESP check box 5 Select DES from the Encryption Alg menu 6 Select MD5 from the Hash Alg menu 7 Select Tunnel from the Encapsulation menu 8 Leave the Authentication Protocol AH ch...

Page 132: ...ect Binary in the Choose key format menu 5 Enter the SonicWALL appliance 16 character Encryption Key in the ESP Encryption Key field 6 Enter the SonicWALL appliance 32 character Authentication Key in...

Page 133: ...e Verifying the VPN Client Icon in the System Tray The SonicWALL VPN Client icon is displayed in the System Tray if you are running a Windows operating system The icon changes to reflect the current s...

Page 134: ...al Key for Two SonicWALLs Click VPN on the left side of the SonicWALL browser window and then click the Configure tab 1 Select Manual Key from the IPSec Keying Mode menu 2 Select Add New SA from the S...

Page 135: ...ed to encrypt data Fast Encrypt ESP ARCFour uses 56 bit ARCFour to encrypt data ARCFour is a secure encryption method and has little impact on the throughput of the SonicWALL Strong Encrypt ESP 3DES u...

Page 136: ...6 7 8 9 a b c d e and f 1234567890abcdef1234567890abcdef is an example of a valid authentication key If you enter an incorrect authentication key an error message is displayed at the bottom of the bro...

Page 137: ...ed at LAN select one of the three terminating points for the VPN tunnel 16 Click OK to close the Advanced Settings window Then click Update to update the SonicWALL Configuring the Second SonicWALL App...

Page 138: ...n if NetBIOS broadcast support is enabled Leave the subnet mask field blank Click Update 11 Click Advanced Settings and select the features that apply to the SA Enable Windows Networking NetBIOS broad...

Page 139: ...bnet mask field blank Click Update 11 Click Advanced Settings and select the features that apply to the SA Enable Windows Networking NetBIOS broadcast if the remote clients use Windows Network Neighbo...

Page 140: ...Enter a descriptive name for the Security Association such as Palo Alto Office or NY Headquarters in the Name field 4 Enter the IP address of the remote SonicWALL in the IPSec Gateway Address field T...

Page 141: ...S This encryption method is recommended for all but the most sensitive data Strong Encrypt ESP 3DES uses 168 bit 3DES Triple DES to encrypt data 3DES is considered an almost unbreakable encryption met...

Page 142: ...d close the VPN Destination Network window Once the SonicWALL has been updated a message confirming the update is displayed at the bottom of the browser window 14 Click Advanced Settings and select th...

Page 143: ...N Configure window 3 Select IKE using pre shared secret from the IPSec Keying Mode menu 4 Because the SonicWALL TELE3 SP does not have a permanent WAN IP address the SonicWALL PRO 200 must authenticat...

Page 144: ...lowing boxes that apply to your SA Use Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange Enable Keep Alive if you want to maintain the current conne...

Page 145: ...the same Shared Secret used in the Chicago Office SonicWALL PRO 200 into the SonicWALL TELE3 Shared Secret field 11 Click Add New Network to open the VPN Destination Network window and define the des...

Page 146: ...ity by a trusted third party known as a Certificate Authority CA SonicWALL now supports third party certificates in addition to the existing Authentication Service The difference between third party c...

Page 147: ...VPN SAs you must locate a source for a valid CA certificate from a third party CA service Once you have a valid CA certificate you can import it into the SonicWALL to validate your Local Certificates...

Page 148: ...the same information as the CA Certificate Details section but a Status entry now appears in the details If a certificate is valid and ready to be used with a VPN Security Association the Status is Ve...

Page 149: ...ress 3 The Subject Key type is preset as an RSA algorithm RSA is a public key cryptographic algorithm used for encrypting data 4 Select a Subject Key size from the from the Subject Key Size menu 5 Not...

Page 150: ...You can select Distinguished Name E mail ID or Domain Name from the menu Then cut and paste the information from the Local Certificate into the text field 10 In the Destination Networks section selec...

Page 151: ...g VPN clients to access LAN resources XAUTH authentication provides an additional layer of VPN security while simplifying and centralizing management XAUTH authentication allows many VPN clients to sh...

Page 152: ...forwarded to a remote site via another VPN tunnel Normally inbound traffic is decrypted and only forwarded to the SonicWALL LAN or a specific route on the LAN specified on the Routes tab located unde...

Page 153: ...LAN network If no route is found the SonicWALL checks for a Default LAN Gateway If a Default LAN Gateway is detected the packet is routed through the gateway Otherwise the packet is dropped Testing a...

Page 154: ...your computer for Windows Networking By configuring your computer for Windows Networking you are able to browse the remote network using Network Neighborhood Before logging into the remote network you...

Page 155: ...Domain check box and enter the domain name provided by your administrator into the Windows NT domain text box Select Quick Logon under Network logon options section 4 Click on the Identification tab...

Page 156: ...puter and use the Find tool in the Start menu Type in the IP address into the Computer Named text box and click Find Now To access the computer remotely double click on the computer icon in the box Ad...

Page 157: ...cting to a computer across a SonicWALL VPN Use the Find Computer tool Create a LMHOSTS file in a local computer registry Configure a WINS Server to resolve a name to a remote IP address For more infor...

Page 158: ...le certain security associations and still allow access by remote VPN clients The feature is useful if it is suspected that a remote VPN user connection has become unstable or insecure It can also tem...

Page 159: ...ally consist of 16 or 32 characters The longer the key the more difficult it is to break the encryption Asymmetric vs Symmetric Cryptography Asymmetric and symmetric cryptography refer to the keys use...

Page 160: ...Encapsulating Security Payload ESP ESP provides confidentiality and integrity of data by encrypting the data and encapsulating it into IP packets Encryption can be in the form of ARCFour similar to th...

Page 161: ...characters long and is comprised of hexadecimal characters Valid hexadecimal characters are 0 to 9 and a to f inclusive 0 1 2 3 4 5 6 7 8 9 a b c d e f For example a valid key would be 1234567890abcde...

Page 162: ...tly disrupt business activities Internet connections that provide access to critical resources for remote offices telecommuters and mobile workers Connection downtime can result in lower productivity...

Page 163: ...lity pair must have the same firmware version installed Each SonicWALL in the High Availability pair must have the same upgrades and subscriptions enabled If the backup unit does not have the same upg...

Page 164: ...WALL unit and wait for the diagnostics cycle to complete Configure all of the settings in the primary SonicWALL before configuring High Availability 3 Click High Availability on the left and begin con...

Page 165: ...Trigger Level 6 Enter the Heartbeat Interval time in seconds Use a value between 3 seconds and 255 seconds This interval is the amount of time in seconds that elapses between heartbeats passed betwee...

Page 166: ...nchronize with the backup an error message is displayed at the bottom of the screen An error message also appears on the Status tab To view the error message on the Status tab click General on the lef...

Page 167: ...urs the backup SonicWALL assumes the primary SonicWALL LAN and WAN IP Addresses There are three primary methods to check the status of the High Availability pair the High Availability Status window E...

Page 168: ...ackup SonicWALL is currently Active It is also possible to check the status of the backup SonicWALL by logging into the LAN IP Address of the backup SonicWALL If the primary SonicWALL is operating nor...

Page 169: ...igh Availability pair For example when the backup SonicWALL takes over for the primary after a failure an E mail alert is sent indicating that the backup has transitioned from Idle to Active If the pr...

Page 170: ...side of the browser window and then click Restart at the top of the window Click Restart SonicWALL then Yes to confirm the restart Once the active SonicWALL restarts the other SonicWALL in the High A...

Page 171: ...icWALL Network Anti Virus offers a new approach to virus protection by delivering managed anti virus protection over the Internet By combining leading edge anti virus technology from macafee com with...

Page 172: ...bilities detected and provides administrators with in depth expert guidance to quickly close up any security holes in a network This subscription based service offers vulnerability assessment scans th...

Page 173: ...uarters branch offices and telecommuters from a central location SonicWALL GMS reduces staffing requirements speeds up deployment and lowers delivery costs by centralizing the management and monitorin...

Page 174: ...to the SonicWALL TELE3 SP Modem Lights up when the modem has established a dial up connection There is are two Ethernet ports for the LAN and WAN connections Link Lights up when the Twisted Pair port...

Page 175: ...damage or loss of data due to electrical storms power failures or power surges Reset Switch Erases the firmware and resets SonicWALL TELE3 SP to its factory clean state This can be necessary if the a...

Page 176: ...nd connection fails or it can act as the primary connection to the Internet for the TELE3 SP Cooling Vents The SonicWALLTELE3 SP is convection cooled an internal fan is not necessary Do not block the...

Page 177: ...authentication screen does not appear check for Ethernet connectivity problems Confirm that the computer without Internet access is assigned an IP address in the correct subnet Make sure that the Son...

Page 178: ...t Click Refresh or Reload in the Web browser The changes can have occurred but the Web browser can be caching the old configuration Duplicate IP address errors Duplicate IP address errors occur when t...

Page 179: ...nterfaces 2 10 100Base T ports 1 V 90 Modem port Dimensions 4 66 x 6 5 x 1 33 Weight 8 oz Concurrent Connections 6 000 Power 100V to 240V AC Console 1 Serial Port Mounting Wall Mountable Includes brac...

Page 180: ...r of Nodes 10 3DES 168 bit Speed 20 Mbps Security Services Perfect Forward Secrecy Yes Vulnerability Scanning Optional Prevent Replay Attacks Yes Web Content Filtering Optional Group VPN Tunnel Yes Cu...

Page 181: ...tors with years of experience in networking and Internet security They are also supported by the best in class tools and processes that ensure a quick and accurate solution to your problem Support Off...

Page 182: ...help solve your problems or answer your questions quickly reducing your risk of Internet attack Knowledge Base Instant access to solutions and documentation provides answers to questions and solves p...

Page 183: ...nicWALL Support 24X7 includes the repair or replacement of failing hardware returned to the SonicWALL factory Upon diagnosis of a hardware failure a SonicWALL technical specialist issues an RMA number...

Page 184: ...d hardware not performing to documented specifications Web based support includes interactive communication with a SonicWALL technical specialist SonicWALL also provides general assistance regarding u...

Page 185: ...ncluding locally recognized SonicWALL holidays Telephone and Web based Support SonicWALL provides technical assistance during standard coverage hours by telephone or through Web based support tools fo...

Page 186: ...also includes technical support and software firmware updates for 90 days Coverage is provided during normal business hours Deliverables Coverage Hours Support is provided during standard business hou...

Page 187: ...ort Tools Warranty Support provides access to SonicWALL s Web based support tools including FAQs documentation and Knowledge Base systems Availability This warranty applied to products sold in Europe...

Page 188: ...rk and controls the flow of data from the network to the com puter The NIC has a port where the network cable is connected Network Types LAN stands for Local Area Network Local area refers to a networ...

Page 189: ...nding IP addresses By using DNS a user can type in a computer name such as www sonicwall com instead of an IP address such as 192 168 168 168 to access a computer DHCP Dynamic Host Configuration Proto...

Page 190: ...addresses A B and C Like a main business phone number that one can call and then be transferred through interchange numbers to an individual s extension number the different classes of IP addresses pr...

Page 191: ...all network traffic more manageable it also introduces another level of complexity To communicate with a device on another network one must go through a gateway that connects the two networks Therefor...

Page 192: ...on the LAN not the number of simultaneous connections to the Internet If you have fewer than the maximum number of computers or other devices on your LAN but it appears that the IP license limit is e...

Page 193: ...esses or by programs executed by privileged users Many popular services such as Web FTP SMTP POP3 e mail DNS etc operate in this port range The assigned ports use a small portion of the possible port...

Page 194: ...the SonicWALL From a Windows 95 or 98 computer do the following 1 From the Start list highlight Settings and then select Control Panel 2 Double click the Network icon in the Control Panel window 3 Dou...

Page 195: ...Manually 3 Enter 192 168 168 200 in the IP address field 4 Enter the Subnet Mask address in the Subnet Mask field 5 Click OK Follow the SonicWALL Installation Wizard instructions to perform the initi...

Page 196: ...TELE3 SP models use the small recessed button on the back of the unit for this procedure Erasing the Firmware for all Models 1 Turn off the SonicWALL and disconnect all cables to the network 2 Locate...

Page 197: ...into the SonicWALL Steel Belted RADIUS from Funk Software Steel Belted RADIUS server version 3 0 from Funk Software supports pre configuration of vendor specific attributes in a vendor specific dictio...

Page 198: ...tication takes place even if HTTPS is not available when logging into the SonicWALL management interface Select Allow PAP or CHAP when setting user passwords ACE Server from RSA The ACE Server version...

Page 199: ...ogging into the SonicWALL management interface Internet Authentication Service on Microsoft Windows NT 2000 Server The RADIUS server used on Microsoft Windows NT and Windows 2000 servers is known as t...

Page 200: ...indow Repeat Steps 5 through 11 for each privilege configured for a policy For further information refer to To configure vendor specific attributes for a remote access policy in the IAS help file With...

Page 201: ...Page 200 SonicWALL TELE3 SP Administrator s Guide RADIUS Attributes Dictionary The following is the RADIUS dictionary in the format used with Funk Software s Steel Belted RADIUS server...

Page 202: ...purposes not shown in this manual without the written consent of SonicWALL Inc could void the user s authority to operate this equipment FCC part 68 Telecom Information Repair Information According to...

Page 203: ...alent type recommended by the manufacturer If for any reason the battery or SonicWALL Internet security appliance must be disposed of do so following the battery manufacturer s instructions Power Supp...

Page 204: ...Appendices Page 203 Notes...

Page 205: ...Page 204 SonicWALL TELE3 SP Administrator s Guide...

Page 206: ...112 Certificate Authority Certificates 147 Certificate Revocation List 149 Certificates 112 Choose a diagnostic tool 61 Clear Log Now 33 Client Default Gateway 103 Cold Start Trap 87 Configuration 92...

Page 207: ...ng 158 Ethernet 97 Event 30 Exporting the Settings File 55 F Factory Default 56 Failover Trigger 166 Failover Trigger Level 166 Fast Encrypt ESP ARCFour 136 142 Filter 38 Filter Block Action 43 Filter...

Page 208: ...AT with PPPoE 19 26 Network 164 Network Access Rules 11 Network Address Translation NAT 11 Network Anti Virus 172 Network Configuration for High Availability Pair 164 Network Debug 35 158 Network Secu...

Page 209: ...33 Syslog Server Support 12 System Errors 34 35 System Maintenance 34 T Tech Support Report 66 Tech Support Request Form 66 Temporary Lease Time 108 Third Party Digital Certificate 147 Time 28 Time of...

Page 210: ...SonicWALL Inc 1160 Bordeaux Drive Sunnyvale CA 94089 1209 Tel 408 745 9600 Fax 408 745 9300 E mail info sonicwall com Web www sonicwall com Part 232 0000316 00 Rev A 06 02...

Reviews:

No comments

Related manuals for TELE3 SP

Brand: Paradyne Pages: 22

Brand: Patton electronics Pages: 51

Brand: T&D Pages: 122

neutrino series

Brand: Xilica Audio Design Pages: 26

3C410012A - OfficeConnect Remote 531 Access...

Brand: 3Com Pages: 72

Brand: ZyXEL Communications Pages: 116

Brand: ETAS Pages: 82

Brand: Magma Pages: 2

Brand: Cypress Semiconductor Pages: 15

cPCIS-1100 Series

Brand: ADLINK Technology Pages: 48

LL140 RGB Series

Brand: Corsair Pages: 30

Monochrome Image Acquisition Device NI 1410

Brand: National Instruments Pages: 34

Brand: Renesas Pages: 67

HiGain Line Unit HLU-388

Brand: PairGain Pages: 7

Brand: Renesas Pages: 21

CNPS8900 Series

Brand: ZALMAN Pages: 10

Brand: Thermaltake Pages: 1

Brand: Cambium Networks Pages: 227

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands