SonicWALL SonicOS Enhanced 2.2 Скачать руководство пользователя страница 1

Страница: 1 / 190

COMPREHENSIVE INTERNET SECURITY

™

S o n i c WALL Internet Security Ap p l i a n c e s

SonicOS Enhanced

2.2

Administrator's Guide

Содержание SonicOS Enhanced 2.2

Страница 1: ...COMPREHENSIVE INTERNET SECURITY SonicWALL Internet Security Appliances SonicOS Enhanced 2 2 Administrator s Guide...

Страница 2: ...L Products and Services 5 Initial Configuration Using the Wizards 7 Internet Connectivity Using the Setup Wizard 7 Configuring a Static IP Address with NAT Enabled 7 Setup Wizard 8 Step 1 Change Passw...

Страница 3: ...NAT with PPTP Client 25 Step 5 LAN Settings 25 Step 6 DHCP Server 26 Step 7 SonicWALL Configuration Summary 26 Storing SonicWALL Configuration 27 Setup Wizard Complete 27 Configuring a Public Server w...

Страница 4: ...are Management Table 44 Updating Firmware Manually 45 Creating a Backup Firmware Image 45 SafeMode Rebooting the SonicWALL 45 System Information 46 Firmware Management 46 FIPS PRO 3060 PRO 4060 47 Sys...

Страница 5: ...ilover 62 Network Zones 63 Adding a New Zone 64 Modifying a Zone 64 Network DNS 65 Network Address Objects 65 Default Address Objects and Groups 66 SonicWALL TZ 170 66 Default Address Objects 66 Defau...

Страница 6: ...83 Editing an IP Helper Policy 83 Deleting IP Helper Policies 83 Network Web Proxy 83 Configuring Automatic Proxy Forwarding Web Only 84 Bypass Proxy Servers Upon Proxy Failure 84 Firewall 85 Using B...

Страница 7: ...97 VPN Global Settings 97 VPN Policies 98 Currently Active VPN Tunnels 98 Configuring Group VPN on the SonicWALL 98 Configuring GroupVPN with IKE using Preshared Secret 98 General 99 Proposals 99 Adv...

Страница 8: ...igital Certificates 123 Overview of X 509 v3 Certificates 123 SonicWALL Third Party Digital Certificate Support 124 VPN Local Certificates 124 Importing Certificate with Private Key 124 Certificate De...

Страница 9: ...Forcing Transitions 141 Configuration Notes 141 Monitoring Links 142 Security Services 143 Security Services Summary 144 Security Services Summary 144 Manage Services Online 144 If Your SonicWALL is...

Страница 10: ...pection Architecture Works 155 SonicWALL IPS Terminology 156 SonicWALL IPS Activation 157 mySonicWALL com 157 Activating SonicWALL IPS 157 Activating the SonicWALL IPS FREE TRIAL 158 Log 159 Log View...

Страница 11: ...e 167 Internet Security Expertise 167 SonicWALL Support Programs 167 Warranty Support North America and International 167 Appendix B Configuring the Management Station TCP IP Settings 168 Windows 98 1...

Страница 12: ...Limited Warranty SonicWALL Inc warrants that commencing from the delivery date to Customer but in any case commencing not more than ninety 90 days after the original shipment by SonicWALL and continu...

Страница 13: ...ove fails of its essential purpose DISCLAIMER OF LIABILITY SONICWALL S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY IN NO EVENT SHALL SONICWALL OR...

Страница 14: ...g policy based BNAT object based management a multi level administrator GUI and enhanced VPN functionality SonicOS Enhanced is standard on the SonicWALL PRO 4060 and available as an upgrade on the Son...

Страница 15: ...ment Interface when you click OK the settings are automatically applied to the SonicWALL Getting Help Each SonicWALL includes Web based online help available from the Management Interface Clicking the...

Страница 16: ...to create a VPN tunnel between two SonicWALLs and creating a VPN tunnel from the VPN client to the SonicWALL Chapter 7 Users describes the configuration of user level authentication as well as the set...

Страница 17: ...resolution of technical support questions visit SonicWALL on the Internet at http www sonicwall com services support html Web based resources are available to help you resolve most technical issues o...

Страница 18: ...html for the latest technical support telephone numbers More Information on SonicWALL Products and Services Contact SonicWALL Inc for information about SonicWALL products and services at Web http www...

Страница 19: ...Page 6 SonicWALL SonicOS Standard Administrator s Guide...

Страница 20: ...Interface Configuring a Static IP Address with NAT Enabled Using NAT to set up your SonicWALL eliminates the need for public IP addresses for all computers on your LAN It is a way to conserve IP addre...

Страница 21: ...ell as Netscape Navigator 4 0 and above meet these criteria 1 Click the Setup Wizard button on the Network Settings page Read the instructions on the Welcome window and click Next to continue Step 1 C...

Страница 22: ...network information necessary to configure the SonicWALL to access the Internet Click the hyperlinks for definitions of the networking terms You can choose Static IP if your ISP assigns you a specific...

Страница 23: ...es Click Next Step 5 LAN Settings 7 The LAN page allows the configuration of the SonicWALL LAN IP Addresses and the LAN Subnet Mask The SonicWALL LAN IP Addresses are the private IP address assigned t...

Страница 24: ...rver and specify the range of IP addresses that are assigned to computers on the LAN If Disable DHCP Server is selected you must configure each computer on your network with a static IP address on you...

Страница 25: ...de Storing SonicWALL Configuration Setup Wizard Complete 10 The SonicWALL stores the network settings 11 Click Restart to restart the SonicWALL The SonicWALL takes approximately 90 seconds or longer t...

Страница 26: ...ew days When the lease is ready to expire the client contacts the server to renew the lease This is a common network configuration for customers with cable or DSL modems You are not assigned a specifi...

Страница 27: ...ime Zone 4 Select the appropriate Time Zone from the Time Zone menu The SonicWALL internal clock is set automatically by a Network Time Server on the Internet Click Next Step 3 WAN Network Mode 5 Sele...

Страница 28: ...k Mode NAT with DHCP Client 6 The Obtain an IP address automatically window states that the ISP dynamically assigns an IP address to the SonicWALL To confirm this click Next DHCP based configurations...

Страница 29: ...ings 8 The Optional SonicWALL DHCP Server window configures the SonicWALL DHCP Server If enabled the SonicWALL automatically assigns IP settings to computers on the LAN To enable the DHCP server selec...

Страница 30: ...up Wizard Complete 10 Click Restart to restart the SonicWALL The SonicWALL takes 90 seconds to restart During this time the yellow Test LED is lit Tip The new SonicWALL LAN IP address displayed in the...

Страница 31: ...ypically found when using a DSL modem with an ISP requiring a user name and password to log into the remote server The ISP may then allow you to obtain an IP address automatically or give you a specif...

Страница 32: ...Zone menu The SonicWALL internal clock is set automatically by a Network Time Server on the Internet Click Next Step 3 WAN Network Mode 5 The SonicWALL automatically detects the presence of a PPPoE se...

Страница 33: ...k Next Step 5 LAN Settings 7 The LAN Settings page allows the configuration of SonicWALL LAN IP Addresses and LAN Subnet Mask The SonicWALL LAN IP Address is the private IP address assigned to the LAN...

Страница 34: ...range of IP addresses that are assigned to computers on the LAN If Disable DHCP Server is selected you must configure each computer on your network with a static IP address on your LAN Click Next Ste...

Страница 35: ...manage the SonicWALL Setup Wizard Complete 10 Click Restart to restart the SonicWALL 11 The SonicWALL takes approximately 90 seconds or longer to restart During this time the yellow Test LED is lit Co...

Страница 36: ...the Setup Wizard button on the Network Settings page 2 Read the instructions on the Welcome window and click Next to continue Step 1 Change Password 3 To set the password enter a new password in the...

Страница 37: ...one 4 Select the appropriate Time Zone from the Time Zone menu The SonicWALL internal clock is set automatically by a Network Time Server on the Internet Click Next Step 3 WAN Network Mode 5 Select PP...

Страница 38: ...AN Settings page allows the configuration of SonicWALL LAN IP Addresses and LAN Subnet Mask The SonicWALL LAN IP Address is the private IP address assigned to the LAN port of the SonicWALL The LAN Sub...

Страница 39: ...addresses that are assigned to computers on the LAN If Enable DHCP Server is not selected you must configure each computer on your network with a static IP address on your LAN Click Next Step 7 Sonic...

Страница 40: ...w Test LED is lit Configuring a Public Server with the Wizard The Public Server Wizard steps you through adding a public server to your network and automates the following configuration steps Server A...

Страница 41: ...Access Rules The wizard creates an access policy allowing traffic from the WAN zone to the zone where the new server resides Create the Server with the Public Server Wizard 1 Start wizard In the navig...

Страница 42: ...rivate IP address of the server Specify an IP address in the range of addresses assigned to zone where you want to put this server The Public Server Wizard will automatically assign the server to the...

Страница 43: ...erver in the example used the default WAN IP address for the Server Public IP Address the wizard states that it will use the existing WAN address object when constructing poli cies between the new ser...

Страница 44: ...side your network addressed to the WAN IP address back to the address of the mail server Server Access Rules The wizard creates an access policy allowing all mail traffic service traffic from the WAN...

Страница 45: ...Page 32 SonicWALL SonicOS Standard Administrator s Guide...

Страница 46: ...ing information is displayed in this section Model type of SonicWALL product Serial Number also the MAC address of the SonicWALL Authentication Code the alphanumeric code used to authenticate the Soni...

Страница 47: ...can create a mySonicWALL com account directly from the SonicWALL Management Interface You can manually register your SonicWALL at the mySonicWALL com site using the Serial Number and Authentication C...

Страница 48: ...ment interface for increased ease of use and simplified services activation Tip For more information on mySonicWALL com access the online help available at https www mysonicwall com Note mySonicWALL c...

Страница 49: ...ot Licensed or no longer active Expired The number of nodes users allowed for the license is displayed in the Count column The information listed in the Security Services Summary table is updated from...

Страница 50: ...vices Online page is displayed with licensing information from your mySonicWALL com account Manual Upgrade Manual Upgrade allows you to activate your services by typing the service activation key supp...

Страница 51: ...an new administrator name type the new name in the Administrator Name field Click Apply for the changes to take effect on the SonicWALL Changing the Administrator Password To set the password Type th...

Страница 52: ...include the port number when you use the IP address to log into the SonicWALL For example if you configure the port to be 76 then you must type LAN IP Address 76 into the Web browser i e http 192 168...

Страница 53: ...least one IP address or host name but up to four addresses or host names can be used 7 Click OK Configuring Log Log Settings for SNMP Trap messages are generated only for the alert message categories...

Страница 54: ...NAT Device IP Address field The default VPN policy settings are displayed at the bottom of the Configure GMS Settings window Existing Tunnel If this option is selected the GMS server and the SonicWALL...

Страница 55: ...e and automatically update the time choose the time zone from the Time Zone menu The Use NTP to set time automatically is activated by default to use the NTP Network Time Protocol to set time automati...

Страница 56: ...the SonicWALL configuration click Add The Add NTP Server window is displayed Type the IP address of an NTP server in the NTP Server field Click Ok Then click Apply on the System Time page to update t...

Страница 57: ...e To receive automatic notification of new firmware select the Notify me when new firmware is available check box If you enable this feature the SonicWALL sends a status message to the SonicWALL firmw...

Страница 58: ...me corrupted Updating Firmware Manually Click Upload New Firmware to upload new firmware to the SonicWALL The Upload Firmware window is displayed Browse to the firmware file located on your local driv...

Страница 59: ...firmware images are listed Current Firmware firmware currently loaded on the SonicWALL Current Firmware with Factory Default Settings rebooting using this firmware image resets the SonicWALL to its de...

Страница 60: ...PS When you check this setting a dialog box is displayed with the following message Warning Modifying the FIPS mode will disconnect all users and restart the device Click OK to proceed Click Clicking...

Страница 61: ...configuration problems Ping The Ping test bounces a packet off a machine on the Internet and returns it to the sender This test shows if the SonicWALL is able to contact the remote host If users on t...

Страница 62: ...SonicWALL configuration or if there is a problem on the Internet Select Packet Trace from the Diagnostic tool menu Tip Packet Trace requires an IP address The SonicWALL DNS Name Lookup tool can be us...

Страница 63: ...s to the corresponding MAC or physical addresses DHCP Bindings saves entries from the SonicWALL DHCP server IKE Info saves current information about active IKE configurations Generating a Tech Support...

Страница 64: ...e restarted from the Web Management interface Click Restart SonicWALL and then click Yes to confirm the restart The SonicWALL takes approximately one minute to restart and the yellow Test light is lit...

Страница 65: ...Page 52 SonicWALL SonicOS Standard Administrator s Guide...

Страница 66: ...configure static and dynamic routing by interface NAT Policies create NAT policies including One to One NAT Many to One NAT Many to Many NAT or One to Many NAT ARP view the ARP settings and clear the...

Страница 67: ...are configured the names are listed in this column IP Address IP address assigned to the interface Subnet Mask the network mask assigned to the subnet IP Assignment you can select from DHCP or Static...

Страница 68: ...tions enabled by default Click OK 3 Enter the IP address and subnet mask of the Zone in the IP Address and Subnet Mask fields 4 Enter any optional comment text in the Comment field This text is displa...

Страница 69: ...n you choose from the IP Assignment menu complete the corresponding fields that are displayed after selecting the option Static configures the SonicWALL for a network that uses static IP addresses DHC...

Страница 70: ...r Login Inactivity Disconnect minutes Obtain IP Address Automatically Specify IP Address Obtain DNS Server Address Automatically Specify DNS Server PPTP User Name User Password PPTP Server IP Address...

Страница 71: ...the Advanced tab The Ethernet Settings section allows you to manage the Ethernet settings of links connected to the SonicWALL Auto Negotiate is selected by default as the Link Speed because the Ethern...

Страница 72: ...available bandwidth for this interface in Kbps NAT Policy Settings Selecting Create default NAT Policy automatically translates the Source Address of packets from the Default LAN to your new WAN Inte...

Страница 73: ...rface after _ missed intervals enter a number between 1 and 10 The default value is 3 If the default value is used then the interface is considered inactive after 3 successive attempts at 5 seconds ea...

Страница 74: ...et is unable to contact the target device the interface is deactivated and traffic is no longer sent to the primary WAN WAN Load Balancing Statistics The WAN Load Balancing Statistics table displays t...

Страница 75: ...es Selecting Percentage based as the Outbound Load Balancing Method allows you to specify the percentages of network traffic sent through the primary and secondary WAN interfaces This method allows yo...

Страница 76: ...i e the WAN is restricted to two Zone instances The Encrypted Zone type is a special system Zone comprising all VPN traffic and doesn t have any associated interfaces Trusted and Public Zone types of...

Страница 77: ...t Filtering Service to enforce Internet content filtering on the Zone Note Custom Content Filtering Service policies are specified in the Users Local Groups page 4 Select Enforce AV Service to enforce...

Страница 78: ...into the DNS Server fields To use the DNS Settings configured for the WAN Zone select Inherit DNS Settings Dynamically from the WAN Zone Network Address Objects An Address Object consists of a host a...

Страница 79: ...s Objects view displays the default Address Objects and Address Groups for your SonicWALL The Default Address Objects entries cannot be modified or deleted Therefore the Notepad Edit and Trashcan dele...

Страница 80: ...WAN Management IP SonicWALL PRO 3060 4060 Default Address Objects LAN Primary IP LAN Primary Subnet WAN Primary IP WAN Primary Subnet X2 IP X2 Subnet X3 IP X3 Subnet X4 IP X4 Subnet X5 IP X5 Subnet De...

Страница 81: ...you selected Network enter the network IP address and netmask in the Network and Netmask fields 6 Select the zone to assign to the Address Object from the Zone Assignment menu You can choose LAN WAN D...

Страница 82: ...finance from network traffic on the rest of the LAN DMZ or WAN Static Routes Static Routes are configured when network traffic is directed to subnets located behind routers on your network Static Rou...

Страница 83: ...ss that is the SonicWALL LAN IP address Route Advertisement The SonicWALL uses RIPv1 or RIPv2 to advertise its static and dynamic routes to other routers on the network Changes in the status of VPN tu...

Страница 84: ...as a result of temporary change in the VPN tunnel status 7 Enter the number of advertisements that a deleted route broadcasts until it stops in the Deleted Route Advertisements 0 99 field The default...

Страница 85: ...5 5 required for the web server s responses to get back to the computer with the web browser This default NAT policy for outbound traffic is explained in detail later You can create customized NAT po...

Страница 86: ...mary IP in either Custom Policies or All Policies It translates any source to the WAN Primary IP as the traffic goes out to the Internet The Destination and Service are not translated The default poli...

Страница 87: ...osen make the interfaces accessible by ping SNMP HTTP and or HTTPS or if they have enabled GroupVPN or other VPN configurations which use IKE Key Exchange The figure below shows how your System Polici...

Страница 88: ...re used server_IP_private and server_IP_Public Creating an Outbound Traffic Policy To configure a One to One NAT Policy follow these steps 1 Click the Add button under the NAT Policies table to displa...

Страница 89: ...ARP is a broadcast protocol that can create excessive amounts of network traffic on your network To minimize the broadcast traffic an ARP cache is maintained to store and reuse previously learned ARP...

Страница 90: ...and DNS server addresses to the computers on your network Enabling DHCP Server To enable the DHCP Server feature on the SonicWALL select Enable DHCP Server and click Configure The DHCP Server Configur...

Страница 91: ...default IP address is appropriate for most networks 5 Type the last IP address in the Range End field If there are more than 25 computers on your network type the appropriate ending IP address in the...

Страница 92: ...d type the IP address of your DNS Server in the DNS Server 1 field You can specify two additional DNS servers 14 If you have WINS running on your network type the WINS server IP address es in the WINS...

Страница 93: ...is displayed General 2 In the General page make sure the Enable this DHCP Range is checked if you want to enable this range 3 Select the interface from the Interface menu The IP addresses are in the...

Страница 94: ...ailable 12 If you do not want to use the SonicWALL network settings select Specify Manually and type the IP address of your DNS Server in the DNS Server 1 field You can specify two additional DNS serv...

Страница 95: ...available for each interface or where the layer 3 routing mechanism is not capable of acting as a DHCP server itself The IP Helper also allows NetBIOS broadcasts to be forwarded with DHCP client requ...

Страница 96: ...dow Deleting IP Helper Policies Click the Trashcan icon to delete the individual IP Helper policy entry Click the Delete button to delete all the selected IP Helper policies in the IP Helper Policies...

Страница 97: ...he Proxy Servers if a failure occurs select the Bypass Proxy Servers Upon Proxy Server Failure check box 5 Select Forward DMZ Client Requests to Proxy Server if you have clients configured on the DMZ...

Страница 98: ...le a rule that blocks IRC traffic takes precedence over the SonicWALL default setting of allowing this type of traffic Alert The ability to define Network Access Rules is a very powerful tool Using cu...

Страница 99: ...nd LAN WAN VPN or other interface in the To column Select the Notepad icon in the table cell to view the rules Drop down Boxes displays two pull down menus From Zone and To Zone Select an interface fr...

Страница 100: ...to less specific at the bottom of the table At the bottom of the table is the Any rule The Default rule is all IP services except those listed in the Access Rules page Rules can be created to override...

Страница 101: ...ys the Add Service window or Add Service Group window 4 Select the source of the traffic affected by the rule from the Source list Selecting Create New Network displays the Add Address Object window 5...

Страница 102: ...14 Enter the maximum amount of bandwidth available to the Rule at any time in the Maximum Bandwidth field Tip Rules using Bandwidth Management take priority over rules without bandwidth management 15...

Страница 103: ...Select Always from the Schedule menu to ensure continuous enforcement 9 Click OK Editing a Rule Click the Notepad icon to display the Edit Rule window which includes the same settings as the Add Rule...

Страница 104: ...ws Messenger on the Windows XP Enable SIP Transformations Select this option to transform SIP messaging from LAN trusted to WAN untrusted You need to check this setting when you want the SonicWALL to...

Страница 105: ...o support on demand delivery of real time data such as audio and video RTSP Real Time Streaming Protocol is an application level protocol for control over delivery of data with real time properties So...

Страница 106: ...d Weekend Hours You can modify these schedule by clicking on the Notepad icon in the Configure column Adding a Schedule To create schedules click Add The Add Schedule window is displayed 1 Enter a nam...

Страница 107: ...er asking the server for the correct time NTP and the server returns a response Other types of services provide access to different types of data Web servers HTTP respond to requests from clients brow...

Страница 108: ...es by creating a Custom Services Group for easy policy enforcement Adding Custom Services If a protocol is not listed in the Default Services table you can add it to the Custom Services table by click...

Страница 109: ...ing the Ctrl key on your keyboard and clicking on the services 5 Click to remove the services 6 When you are finished click OK to add the group to Custom Services Groups Clicking on the left of a Cust...

Страница 110: ...hat enable network to network VPN connections Using the SonicWALL intuitive Management Interface you can quickly create a VPN Security Association SA to a remote site Whenever data is intended for the...

Страница 111: ...te destination network IP addresses as well as the Peer Gateway IP address Configuring Group VPN on the SonicWALL SonicWALL VPN defaults to a Group VPN setting This feature facilitates the set up and...

Страница 112: ...ocess In the IKE Phase 1 Proposal section select the following settings Group 2 from the DH Group menu 3DES from the Encryption menu SHA1 from the Authentication menu Leave the default setting 28800 i...

Страница 113: ...LL Since packets can have any IP address des tination it is impossible to configure enough static routes to handle the traffic For packets received via an IPSec tunnel the SonicWALL looks up a route f...

Страница 114: ...SonicWALL Distributed Security Client which provides policy enforced firewall protection before allowing a Global VPN Client connection Note For more information on the SonicWALL Global Security Clien...

Страница 115: ...and select any of the following optional settings that you want to apply to your GroupVPN Policy Enable Windows Networking NetBIOS broadcast allows access to remote network resources by browsing the...

Страница 116: ...r this Connection only allows a VPN connection from a remote computer running the SonicWALL Distributed Security Client which provides policy enforced firewall protection before allowing a Global VPN...

Страница 117: ...mic and static IP addresses the VPN gateway with the dynamic address must initiate the VPN connection Site to Site VPN configurations can include the following options Branch Office Gateway to Gateway...

Страница 118: ...ask ___ ___ ___ ___ DNS Server 1 ___ ___ ___ ___ DNS Server 2 ___ ___ ___ ___ Additional Information SA Name ____________________ Manual Key SPI In_____ SPI Out_____ Enc Key ____________________ Auth...

Страница 119: ...the VPN Planning Sheet for Site to Site VPN Policies to record your settings These settings are necessary to configure the remote SonicWALL and create a successful VPN connection Configuring a VPN Pol...

Страница 120: ...nnel If hosts on this side of the VPN connection will be obtaining their addressing from a DHCP server on the remote side of the tunnel select Local network obtains IP addresses using DHCP through thi...

Страница 121: ...osite side of the tunnel are configured to match 13 Under IPSec Phase 2 Proposal the default values for Protocol Encryption Authentication Enable Perfect Forward Secrecy DH Group and Lifetime are acce...

Страница 122: ...through the VPN tunnel select HTTP HTTPS or both from Management via this SA Select HTTP HTTPS or both in the User login via this SA to allow users to login using the SA 20 If you wish to use a router...

Страница 123: ...Incoming SPI and an Outgoing SPI The SPIs are hexadecimal 0123456789abcedf and can range from 3 to 8 characters in length Alert Each Security Association must have unique SPIs no two Security Associa...

Страница 124: ...e Local Remote or both networks communicating via this VPN tunnel To perform Network Address Translation on the Local Network select or create an Address Object in the Translated Local Network drop do...

Страница 125: ...way Name or Address field 5 Click the Network tab 6 Select a local network from Choose local network from list if a specific local network can access the VPN tunnel If traffic can originate from any l...

Страница 126: ...must match the values on the remote SonicWALL 10 Enter a 16 character hexadecimal encryption key in the Encryption Key field or use the default value This encryption key is used to configure the remot...

Страница 127: ...mote should be translated but not both Apply NAT Policies is particularly useful in cases where both sides of a tunnel use either the same or overlapping subnets Alert You cannot use this feature if y...

Страница 128: ...ic can originate from any local network select Any Address 10 Under Destination Networks select Use this VPN Tunnel as default route for all Internet traffic if all remote VPN connections access the I...

Страница 129: ...rk menu To translate the Remote Network select or create an Address Object in the Translated Remote Network menu Generally if NAT is required on a tunnel either Local or Remote should be translated bu...

Страница 130: ...ed heartbeats Enter the number of missed heartbeats in the Failure Trigger Level missed heartbeats field The default value is 3 If the trigger level is reached the VPN connection is dropped by the Son...

Страница 131: ...with old IP addresses and reconnects to the peer gateway VPN DHCP over VPN DHCP over VPN allows a Host DHCP Client behind a SonicWALL obtain an IP address lease from a DHCP server at the other end of...

Страница 132: ...Use Internal DHCP Server to enable the Global VPN Client or a remote firewall or both to use an internal DHCP server to obtain IP addressing information 5 If you want to send DHCP requests to specifi...

Страница 133: ...traffic across the VPN tunnel that is spoofing an authenticated user s IP address If you have any static devices however you must ensure that the correct Ethernet address is typed for the device The...

Страница 134: ...ay and obtaining a lease verify that Deterministic Network Enhancer DNE is not enabled on the remote computer Tip If a static LAN IP address is outside of the DHCP scope routing is possible to this IP...

Страница 135: ...m L2TP supports several of the authentication options supported by PPP including Password Authentication Protocol PAP Challenge Handshake Authentication Protocol CHAP and Microsoft Challenge Handshake...

Страница 136: ...se PPP IP the source IP address of the connection Interface the type of interface used to access the L2TP Server whether it s a VPN client or another SonicWALL appliance Authentication type of authent...

Страница 137: ...nto the SonicWALL using the VPN CA Certificates page Once you import the valid CA certificate you can use it to validate your local certificates you add in the VPN Local Certificates page VPN Local Ce...

Страница 138: ...t Add New Local Certificate from the Certificates menu 2 In the Generate Certificate Signing Request section enter a name for the certificate in the Certificate Name field 3 Enter information for the...

Страница 139: ...ificate 4 Click Import to import the certificate into the SonicWALL Once it is imported you can view the Certificate Details Certificate Details The Certificate Details section lists the following inf...

Страница 140: ...wnloading the list You can import the CRL by manually downloading the CRL and then importing it into the SonicWALL You can also enter the URL location of the CRL by entering the address in the Enter C...

Страница 141: ...Page 128 SonicWALL SonicOS Standard Administrator s Guide...

Страница 142: ...connection User level authentication can performed using a local user database RADIUS or a combination of the two applications The local database on the SonicWALL can support up to 1000 users If you...

Страница 143: ...entication users must log into the SonicWALL using HTTPS in order to encrypt the pass word sent to the SonicWALL If a user attempts to log into the SonicWALL using HTTP the browser is automatically re...

Страница 144: ...of the primary RADIUS server in the RADIUS servers section An optional secondary RADIUS server can be defined if a backup RADIUS server exists on the network 5 Type the IP address of the RADIUS server...

Страница 145: ...hanism used for setting user group memberships for RADIUS users from the following list Use SonicWALL vendor specific attribute on RADIUS server select to apply specific attributes from the RADIUS ser...

Страница 146: ...in this field Enable login session limit you can limit the time a user is logged into the SonicWALL by selecting the check box and typing the amount of time in minutes in the Login session limit minu...

Страница 147: ...ser and type it in the Password field Passwords are case sensitive and should consist of a combination of letters and numbers rather than names of family friends or pets 3 Confirm the password by rety...

Страница 148: ...groups To remove a group select the group from the Member of column and click VPN Access To allow users to access networks using a VPN tunnel select the network from the Networks list and click to mov...

Страница 149: ...ctiveX blocking Limited Management Capabilities By enabling this check box the user has limited local manage ment access to the SonicWALL Management interface The access is limited to the following pa...

Страница 150: ...by allowing the configuration of two SonicWALL appliances one primary and one backup as a Hardware Failover pair In this configuration the backup SonicWALL monitors the primary SonicWALL and takes ov...

Страница 151: ...e for example after recovering from a failure and restarting If this option is not used the backup SonicWALL remains the active SonicWALL Alert The primary and backup SonicWALL appliances use a heartb...

Страница 152: ...tem Administration X0 LAN IP Address This is a unique IP address for accessing the primary SonicWALL from the LAN whether it is Active or Idle Alert This IP address is different from the IP address us...

Страница 153: ...N LAN IP address Synchronizing Changes between the Primary and Backup SonicWALLs Changes made to the Primary or Backup firewall are synchronized automatically between the two firewalls If you click Sy...

Страница 154: ...om the currently active SonicWALL This may be accomplished by disconnecting the active SonicWALL s LAN port by shutting off power on the currently active unit or by restarting it from the Web Manageme...

Страница 155: ...ing Links The Hardware Failover Monitoring page allows you to enter the IP address of the router for Interfaces X0 to X4 to monitor the link Enter the IP address for the router connected to the respec...

Страница 156: ...http www sonicwall com This chapter provides an overview of the SonicWALL Security Services listed under Security Services in the SonicWALL Management Interface which includes SonicWALL Content Filter...

Страница 157: ...service expiration date is displayed in the Expiration column Manage Services Online Clicking the To Activate Upgrade or Renew services click here link displays the mySonicWALL com Login page Enter yo...

Страница 158: ...n icWALL SonicWALL Content Filtering Service SonicWALL Content Filtering Service CFS enforces protection and productivity policies for businesses schools and libraries to reduce legal and privacy risk...

Страница 159: ...or higher as well as SonicOS Enhanced 2 0 or higher Security Services Content Filter The Security Services Content Filter page allows you to configure the SonicWALL Restrict Web Features and Trusted...

Страница 160: ...try a FREE TRIAL of SonicWALL CFS by following these steps 1 Click the FREE TRIAL link The mySonicWALL com Login page is displayed 2 Enter your mySonicWALL com account username and password in the Us...

Страница 161: ...proxy servers on the WAN Known Fraudulent Certificates Digital certificates help verify that Web content and files originated from an authorized party Enabling this feature protects users on the LAN...

Страница 162: ...u can customize SonicWALL filter features included with SonicOS from the SonicWALL Filter Properties window To display the SonicWALL Filter Properties window select SonicWALL CFS from the Content Filt...

Страница 163: ...he Add Keyword field and click OK To remove a keyword select it from the list and click Delete Once the keyword has been removed the Status bar displays Ready Disable all Web traffic except for Allowe...

Страница 164: ...sers window and enter the desired value in the User Idle Time out section Consent Page URL optional filtering When a user opens a Web browser on a computer requiring consent they are shown a consent p...

Страница 165: ...ltered highlight the IP address in the Mandatory Filtered IP Addresses list and click Delete SonicWALL Network Anti Virus By their nature anti virus products typically require regular active maintenan...

Страница 166: ...n Key in the New License Key field and click Submit Your SonicWALL Network Anti Virus subscription is activated on your SonicWALL If you activated SonicWALL Network Anti Virus at www mySonicWALL com t...

Страница 167: ...lable memory for exceptional performance on SonicWALL appliances Inter Zone Intrusion Prevention SonicWALL IPS provides an additional layer of protection against malicious threats by allowing administ...

Страница 168: ...ffic and alerts the administrator Intrusion prevention finds the anomalies in the traffic and reacts to it preventing the traffic from passing through Deep Packet Inspection is a technology that allow...

Страница 169: ...e farther into the protocol to examine information at the application layer and defend against attacks targeting application vulnerabilities Intrusion Detection a process of identifying and flagging m...

Страница 170: ...mySonicWALL com account is accessible from any Internet connection with a Web browser using the HTTPS Hypertext Transfer Protocol Secure protocol to protect your sensitive information You can also ac...

Страница 171: ...our mySonicWALL com account username and password in the User Name and Password fields then click Submit The System Licenses page is displayed If your SonicWALL is already connected to your mySonicWAL...

Страница 172: ...and a brief message describing the event It is also possible to copy the log entries from the management interface and paste into a report Dropped TCP UDP or ICMP packets When IP packets are blocked...

Страница 173: ...ssage provides description of the event Source displays source network and IP address Destination displays the destination network and IP address Notes provides additional information about the event...

Страница 174: ...s system activations System Errors Logs problems with DNS or e mail Blocked Web Sites Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering Blocked Java etc Logs J...

Страница 175: ...es are immediately sent to the e mail address defined in the Send alerts to field Attacks System Errors and System Environment are enabled by default Blocked Web Sites and VPN Tunnel Status are disabl...

Страница 176: ...Send Log Every At The Send Log menu determines the frequency of log e mail messages Dai ly Weekly or When Full If the Weekly or Daily option is selected then select the day of the week the e mail is...

Страница 177: ...t If the SonicWALL is managed by SonicWALL GMS the Syslog Server fields cannot be configured by the administrator of the SonicWALL Adding a Syslog Server To add syslog servers to the SonicWALL click A...

Страница 178: ...ly accessed Web sites and the number of hits to a site during the current sample period The Web Site Hits report ensures that the majority of Web access is to appropriate Web sites If leisure sports o...

Страница 179: ...Security Appliance With SonicWALL ViewPoint you are able to monitor network access enhance network security and anticipate future bandwidth needs SonicWALL ViewPoint Displays bandwidth use by IP addr...

Страница 180: ...y Expertise Technical Support is only as good as the people providing it to you SonicWALL support professionals are Certified Internet Security Administrators with years of experience in networking an...

Страница 181: ...to 192 168 168 200 Make a note of the Management Station s current TCP IP settings If the Management Station accesses the Internet through an existing broadband connection then the TCP IP settings ca...

Страница 182: ...IP in the TCP IP Properties window 4 Select Specify an IP Address 5 Type 192 168 168 200 in the IP Address field 6 Type 255 255 255 0 in the Subnet Mask field 7 Click DNS at the top of the window 8 T...

Страница 183: ...operties window 4 Double click Internet Protocol TCP IP to open the TCP IP properties window 5 Select Use the following IP address and enter 192 168 168 200 in the IP address field 6 Type 255 255 255...

Страница 184: ...e the DNS IP address in the Preferred DNS Server field If you have more than one address type the second one in the Alternate DNS server field 6 Click OK for the settings to take effect on the compute...

Страница 185: ...Page 172 SonicWALL SonicOS Standard Administrator s Guide...

Страница 186: ...alse Positives 155 FIPS 47 Firewall Name 38 Firmware Management Automatic Notification 44 Backup Firmware Image 45 Booting Firmware 45 Export Settings 44 Import Settings 43 SafeMode 45 Updating Firmwa...

Страница 187: ...NAT with PPPoE 18 NAT with PPTP 22 Static IP Address with NAT Enabled 7 Signature 156 Signature Database 154 SNMP Management 39 Snort 156 SonicWALL Support Options 167 Stateful Packet Inspection 156...

Страница 188: ...Page 175...

Страница 189: ...Page 176 SonicWALL SonicOS Enhanced Administrator s Guide...

Страница 190: ...mes mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change with out notice T 408 745 9600 F 408 745 9300 www so...

Результаты поиска

Содержание SonicOS Enhanced 2.2

Отзывы:

Бренды по названию

Популярные бренды

SonicWALL SonicOS Enhanced 2.2, Руководство администратора

Результаты поиска

Содержание SonicOS Enhanced 2.2

Отзывы:

Бренды по названию

Популярные бренды