Security Best Practices for TZ 180 Running SonicOS Standard
11
SonicWALL TZ 180 Recommends Guide
Optimize your firewall
access rules
On any firewall rule, enable fragmented
packet handling, and verify that the
connection timeout for the rule is
appropriate to the referenced service. For
example, telnet connections tend to be
long-lasting, so TCP timeout should be set
accordingly. Similarly, timeout can be set
lower for short-lived services, thus keeping
the connection cache clean.
For more information on
firewall access, refer to the
“Configuring Network Access
Rules” chapter in the
SonicOS
Standard 3.8 Administrator’s
Guide.
Optimize your VPN
settings
Navigate to the
VPN > Advanced
Disable all VPN Windows
Networking (NetBIOS) Broadcasts
When creating VPN policies, be sure to
check the box next to
Enable Windows
Networking (NetBIOS) Broadcasts
on
the
Advanced
tab of the VPN policy.
For more information on VPN
settings, refer to the
“Configuring Advanced VPN
Settings” chapter in the
SonicOS
Standard 3.8 Administrator’s
Guide.
Audit your User
accounts
Navigate to the
Users > Local Users
page
and audit user entries at least once a month
to verify there are not inappropriate
accounts. Also enforce the use of complex
passwords, and require users to change
passwords on a regular basis. Three months
is the recommended interval. Do not allow
the use of common accounts, in which the
username and password are known to a
wide audience.
For more information on user
accounts, refer to the
“Configuring Local Users”
chapter in the
SonicOS Standard
3.8 Administrator’s Guide.
Establish, a logging
baseline
On the
Log > View
page, it is
recommended to enable all categories and
alerts for at least the first few days of a new
installation, allowing a better understand
the various functions. This generates a lot
of log messages, so after a few days,
configure logs a level appropriate for your
environment.
For more information on
logging baselines, refer to the
“Viewing Log Events” chapter
in the
SonicOS Standard 3.8
Administrator’s Guide.
Deliver logs and alerts
by email
On the
Log > Automation
page, enter in
the fully-qualified domain name (FQDN)
or IP address of a mail server that you relay
SMTP mail through, and a working email
address that the appliance uses to notify in
case of alerts, and to email the logs to on a
periodic basis. This is strongly
recommended.
For more information on logs
and alerts, refer to the
“Configuring Log Automation”
chapter in the
SonicOS Standard
3.8 Administrator’s Guide.
Solution
Description
Related Information