SonicWALL TZ 210 Series Скачать руководство пользователя страница 38 | Manualshive

Страница: 38 / 88

background image

SonicWALL TZ 210 Series Getting Started Guide

Page 27

Creating Network Access Rules

A Zone is a logical grouping of one or more interfaces designed
to make management a simpler and more intuitive process than
following a strict physical interface scheme.

By default, the SonicWALL security appliance’s stateful packet
inspection allows all communication from the LAN to the
Internet, and blocks all traffic from the Internet to the LAN. The
following behaviors are defined by the “Default” stateful
inspection packet access rule enabled in the SonicWALL
security appliance:

To create an access rule:
1.

On the

Firewall

>

Access

Rules

page in the matrix view,

select two zones that will be bridged by this new rule.

2.

On the Access Rules page, click

Add

.

The access rules are sorted from the most specific to the
least specific at the bottom of the table. At the bottom of the
table is the

Any

rule.

Note:

SonicWALL’s default firewall rules are set in this way

for ease of initial configuration, but do not reflect best
practice installations. Firewall rules should only allow
the required traffic and deny all other traffic.

Originating Zone

Destination Zone

Action

LAN, WLAN

WAN, DMZ

Allow

DMZ WAN

Allow

WAN

DMZ

Deny

WAN and DMZ

LAN or WLAN

Deny

TZ_210_GSG.book Page 27 Thursday, November 13, 2008 7:41 PM

«
...
36
37
38
39
40
...
»

Содержание TZ 210 Series

Страница 1: ...Getting Started Guide SonicWALL Network Security Appliances NETWORK SECURITY TZ 210 Series TZ_210_GSG book Page 1 Thursday November 13 2008 7 41 PM...

Страница 2: ...com us support html Antennas included with TZ 210 Wireless N Only SonicWALL TZ 210 Series Quick Start Start here if you are new to SonicWALL appliances The next few pages provide a Quick Start to conn...

Страница 3: ...t the SonicWALL TZ 210 series appliance using standard CAT 5 Ethernet cables as shown in the illustration below Verify Contents Connect Network Connect Power Boot Appliance Setup Wizard TZ_210_GSG boo...

Страница 4: ...Start Connect the included power cable and adaptor and plug into a properly grounded 120V AC outlet Verify Contents Connect Network Connect Power Boot Appliance Setup Wizard TZ_210_GSG book Page 3 Thu...

Страница 5: ...st LED blinks during the boot sequence Continue to the next step when the test LED is no longer lit This process may take up to 2 minutes For troubleshooting this step see page iv of this guide Verify...

Страница 6: ...ted to the LAN port of the SonicWALL TZ 210 series appliance navigate to http 192 168 168 168 in a Web browser The SonicWALL Setup Wizard displays Continue to page 4 of this guide to complete the Setu...

Страница 7: ...TZ_210_GSG book Page 6 Thursday November 13 2008 7 41 PM...

Страница 8: ...iance running SonicOS Enhanced Document Contents This document contains the following sections Setting Up Your Network page 1 Registering Your Appliance page 9 Enabling Security Services page 13 Advan...

Страница 9: ...Front Panel Provides Provides dedicated LAN WAN port status as follows link spd activity LAN WAN Port Status 10 100 Ethernet Port Status Off 10M Green 100M Solid link Blinking activity Solid wireless...

Страница 10: ...network resources WAN Port X1 Provides dedicated WAN Internet Power Supply Provides power connection using supplied power cable Reset Button Press and hold to manually reset the appliance to SafeMode...

Страница 11: ...Page iv SonicWALL TZ 210 Series LED Reference SonicWALL TZ 210 Series LED Reference X0 X1 X2 X3 X4 X5 X6 TZ_210_GSG book Page iv Thursday November 13 2008 7 41 PM...

Страница 12: ...etting up your SonicWALL TZ 210 series appliance System Requirements page 2 Recording Configuration Information page 2 Completing the Setup Wizard page 4 Accessing the Management Interface page 5 Veri...

Страница 13: ...ord the serial number found on the bottom panel of your SonicWALL appliance Authentication Code Record the authentication code found on the bottom panel of your SonicWALL appliance LAN IP Address Sele...

Страница 14: ...sword Note Your ISP may require your user name in the format name ISP com T1 E1 Static broadband Cable or DSL with a static IP Static IP IP Address Subnet Mask Default Gateway IP Address Primary DNS S...

Страница 15: ...o the Internet This information is provided by your Internet Service Provider ISP WAN Settings Required for some WAN modes This information is also provided by your ISP LAN Settings Enter custom local...

Страница 16: ...gement interface 1 Enter the default IP address of http 192 168 168 168 or the LAN IP address you chose during the Setup Wizard in the Location or Address field of your Web browser Tip If you changed...

Страница 17: ...ing Your Network Devices Wireless Clients Desktop Clients Local Server W0 WLAN X2 LAN X3 LAN X4 LAN Good for small networks less than 5 clients Easy to setup Requires less equipment Each interface may...

Страница 18: ...nected between your computer and the LAN X0 port on your SonicWALL Do you need to add the SonicWALL appliance to your list of trusted sites in your Web browser Use the default IP address 192 168 168 1...

Страница 19: ...ically and Obtain a DNS address automatically 6 Click OK and then click OK again for the settings to take effect Windows XP 1 From the Start menu highlight Connect To and then select Show All Connecti...

Страница 20: ...LL TZ 210 series appliance Creating a MySonicWALL Account page 10 Registering and Licensing Your Appliance on MySonicWALL page 10 Note Registration is an important part of the setup process and is nec...

Страница 21: ...the following subsections Product Registration page 10 Security Services and Software page 11 Activating Security Services and Software page 12 Trying or Purchasing Security Services page 12 Product...

Страница 22: ...ith either a license key or an expiration date The following products and services are available for the SonicWALL TZ 210 series appliances Gateway Service Bundles Client Server Anti Virus Suite Compr...

Страница 23: ...r key into the Activation Key field and then click Submit Once the service is activated you will see an expiration date or a license key string in the Status column on the Service Management page Tryi...

Страница 24: ...sential component of a secure network deployment This section provides instructions for registering and enabling security services on your SonicWALL TZ 210 series appliance Enabling Security Services...

Страница 25: ...SonicOS user interface See the following procedures to enable and configure your security services Verifying Licenses page 14 Enabling Gateway Anti Virus page 15 Enabling Intrusion Prevention Service...

Страница 26: ...s when content is blocked File Type Restrictions blocks various non scannable files Exclusion Lists for network nodes where Gateway Anti Virus enforcement is not necessary Tip For a complete overview...

Страница 27: ...ks attacks of the chosen priority and Detect All saves a log of these attacks that can be viewed on the Log View page 4 Click the Accept button to apply changes Intrusion Prevention contains other use...

Страница 28: ...ges Anti Spyware contains other useful features including Exclusion Lists excludes network nodes when Anti Spyware enforcement is not necessary Log Redundancy controls log size during high volume intr...

Страница 29: ...e Accept button to apply changes Content FIltering Service contains other useful features including URL Rating Review allows the administrator and users to review blocked URL ratings if they think a U...

Страница 30: ...y for internal network traffic To apply services to network zones 1 Navigate to the Network Zones page 2 In the Zone Settings table click the Configure icon for the zone where you want to apply securi...

Страница 31: ...Page 20 Verifying Security Services on Zones TZ_210_GSG book Page 20 Thursday November 13 2008 7 41 PM...

Страница 32: ...WALL TZ 210 series appliance to various network devices An Introduction to Zones and Interfaces page 22 SonicWALL Wireless Firewalling page 23 Configuring Interfaces page 24 Creating Network Access Ru...

Страница 33: ...and FTP servers VPN Trusted endpoints in an otherwise untrusted zone such as the WAN The security features and settings that zones carry are enforced by binding a zone to one or more physical interfa...

Страница 34: ...wo users connected by a common hub or wireless access point wish to exchange data SonicWALL addresses this security shortcoming by managing the SonicPoint access points from the UTM appliance This all...

Страница 35: ...terfaces panel click the Configure button for the interface you wish to configure The Edit Interface window displays Note If only X0 and X1 interfaces are displayed in the Interfaces list click the Sh...

Страница 36: ...n on the top right of the SonicOS management interface 2 Choose PortShield Interface Wizard and click Next 3 Select from the following 4 WAN LAN or WAN LAN DMZ and click Next to continue This will pro...

Страница 37: ...page 2 Click one or more interfaces in the PortShield interface and then click the Configure button 3 Select Enabled from the Port Enable drop down menu 4 Select the port with which you wish to group...

Страница 38: ...icWALL security appliance To create an access rule 1 On the Firewall Access Rules page in the matrix view select two zones that will be bridged by this new rule 2 On the Access Rules page click Add Th...

Страница 39: ...lay the Add Service window or Add Service Group window Select the source of the traffic affected by the access rule from the Source drop down list Selecting Create New Network displays the Add Address...

Страница 40: ...nd Schedule in SonicOS Enhanced Once you define an Address Object it becomes available for use wherever applicable throughout the SonicOS management interface For example consider an internal Web serv...

Страница 41: ...onfigured by default on the SonicWALL security appliance To add an Address Object 1 Navigate to the Network Address Objects page 2 Below the Address Objects table click Add 3 In the Add Address Object...

Страница 42: ...s multiple internal servers from the WAN IP address of the SonicWALL security appliance The more granular the NAT Policy the more precedence it takes Before configuring NAT Policies you must create al...

Страница 43: ...orm the following steps 1 Navigate to the Network NAT Policies page Click Add The Add NAT Policy dialog box displays 2 For Original Source select Any 3 For Translated Source select Original 4 For Orig...

Страница 44: ...pliances These deployments are designed as modular concepts to help in deploying your SonicWALL as a comprehensive security solution SonicPoints for Wireless Access page 34 Public Server on DMZ page 4...

Страница 45: ...gning an Interface to the Wireless Zone page 39 Connecting the SonicPoint page 40 SonicWALL SonicPoints are wireless access points specially engineered to work with SonicWALL security appliances Befor...

Страница 46: ...s Local Network LAN wired local client computers and servers Wireless WLAN using a SonicPoint to deliver wireless to local client computers and devices Internet WAN worldwide public and private networ...

Страница 47: ...icPoint provisioned Select the Country Code for where the SonicPoints are operating 2 In the 802 11g Radio tab Select Enable Radio Optionally select a schedule for the radio to be enabled from the dro...

Страница 48: ...of the 802 11a radio bands The SonicPoint has two separate radios built in Therefore it can send and receive on both the 802 11a and 802 11g bands at the same time The settings in the 802 11a Radio a...

Страница 49: ...the Wireless tab In the Wireless Settings section select Only allow traffic generated by a SonicPoint to allow only traffic from SonicWALL SonicPoints to enter the WLAN Zone interface This provides ma...

Страница 50: ...ne that you created from the Zone drop down list Additional fields are displayed 3 Enter the IP address and subnet mask of the Zone in the IP Address and Subnet Mask fields 4 In the SonicPoint Limit f...

Страница 51: ...Points button The SonicWALL appliance downloads a SonicPoint image from the SonicWALL back end server 3 Follow the instructions in the SonicPoint wizard Be sure to select the same authentication type...

Страница 52: ...s and servers Wireless WLAN wireless local client computers and devices DMZ wired resources available to public Internet such as Web servers and Mail servers Internet WAN worldwide public and private...

Страница 53: ...d that is easy to remember such as My Web Server This name is for your reference and does not necessarily need to be a domain or address 5 Enter the Private IP Address of your server This is the IP ad...

Страница 54: ...he IP assignment 4 Enter an IP Address for the interface This IP address must be in the same subnet as your Web server s local IP address Tip Since we used 192 168 168 123 in the example on page 42 us...

Страница 55: ...series appliances for redundant High Availability HA networking This section contains the following subsections About High Availability page 46 Initial HA Setup page 46 HA License Synchronization Over...

Страница 56: ...gle LAN zone and High Availability HA zone and linked to the LAN and WAN segments with a hub or switch Typical zone assignments in this deployment are as follows Local Network LAN linked to wired loca...

Страница 57: ...of HA on the Primary SonicWALL security appliance perform the following setup 1 On the back panel of the Backup SonicWALL security appliance locate the serial number and write the number down You need...

Страница 58: ...ation is used during HA so that the Backup appliance can maintain the same level of network protection provided before the failover To enable HA you can use the SonicOS UI to configure your two applia...

Страница 59: ...s the secondary backup unit 6 Select the group from the Product Group drop down list The product group setting specifies the MySonicWALL users who can upgrade or modify the appliance 7 Click Register...

Страница 60: ...lity Settings page 2 Select the Enable High Availability checkbox 3 Under SonicWALL Address Settings type in the serial number for the Backup SonicWALL appliance You can find the serial number on the...

Страница 61: ...probes before SonicOS Enhanced concludes that the network critical path is unavailable or the probe target is unreachable This is used in logical monitoring The default is 3 and the allowed range is 3...

Страница 62: ...used for multiple purposes As independent management addresses for each unit only on X0 and X1 interfaces To allow synchronization of licenses between the Idle unit and the SonicWALL licensing server...

Страница 63: ...any of the other interfaces repeat the above steps 10 When finished with all High Availability configuration click Accept All settings will be synchronized to the Idle unit automatically Synchronizin...

Страница 64: ...upper right hand corner Now power the Primary SonicWALL back on wait a few minutes then log back into the management interface If the Backup SonicWALL is active you can use the shared IP address to lo...

Страница 65: ...ternet service providers connected through X1 and a second open port X3 in this case DMZ optional wired resources available to public Internet such as Web servers and Mail servers Wireless WLAN wirele...

Страница 66: ...53 the SonicWALL security appliance is acquiring its secondary WAN address dynamically from ISP 2 using DHCP Any interface added to the WAN zone by default creates a NAT policy allowing internal LAN...

Страница 67: ...because it does not address most failure scenarios for example routing issues with your ISP or an upstream router that is no longer passing traffic If the WAN interface is connected to a hub or switch...

Страница 68: ...n fact it may not be able to pass traffic to and from the public Internet at all To perform reliable link monitoring you can choose ICMP or TCP as monitoring method and can specify up to two targets f...

Страница 69: ...n the Port field 10 If there is a NAT device between the two devices sending and receiving TCP probes the Any TCP SYN to Port checkbox must be selected and the same port number must be configured here...

Страница 70: ...ning options for the SonicWALL TZ 210 series appliances Customer Support page 60 Knowledge Portal page 60 Onboard Help page 61 SonicWALL Live Product Demos page 61 User Forums page 62 Training page 63...

Страница 71: ...eds from our innovative implementation services to traditional statement of work based services For further information visit http www sonicwall com us support contact html Knowledge Portal The Knowle...

Страница 72: ...xes SonicWALL Live Product Demos The SonicWALL Live Demo Site provides free test drives of SonicWALL security products and services through interactive live product installations Unified Threat Manage...

Страница 73: ...y Manager topics Continuous Data Protection topics Email Security topics Firewall topics Network Anti Virus topics Security Services and Content Filtering topics SonicWALL GMS and Viewpoint topics Son...

Страница 74: ...need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications SonicWALL Training provides the following resources for its customers E Training Instruct...

Страница 75: ...Radio Frequency Monitoring Single Sign On SSL Control Virtual Access Points SonicWALL GMS 5 0 Administrator s Guide SonicWALL GVC 4 0 Administrator s Guide SonicWALL ViewPoint 5 0 Administrator s Guid...

Страница 76: ...tegrated Solutions Guide The Official Guide to SonicWALL s market leading wireless networking and security devices This 512 page book is available in hardcopy Order the book directly from Elsevier Pub...

Страница 77: ...Page 66 SonicWALL Secure Wireless Network Integrated Solutions Guide TZ_210_GSG book Page 66 Thursday November 13 2008 7 41 PM...

Страница 78: ...n in German for the SonicWALL TZ 210 Appliance page 69 FCC Part 15 Class B Notice for the SonicWALL TZ 210 Appliance page 70 Safety and Regulatory Information for the SonicWALL TZ 210 Wireless Applian...

Страница 79: ...ate consideration of equipment nameplate ratings must be used when addressing this concern Lithium Battery Warning The Lithium Battery used in the SonicWALL security appliance may not be replaced by t...

Страница 80: ...in der Internet Security Appliance von SonicWALL verwendete Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden Zum Austauschen der Batterie muss die SonicWALL in ein von SonicWALL autorisiert...

Страница 81: ...n the equipment and the re ceiver Connect the equipment into an outlet on a circuit different from the receiver connection Consult SonicWALL for assistance Complies with EN55022 Class B and CISPR22 Cl...

Страница 82: ...meplate ratings must be used when addressing this concern Lithium Battery Warning The Lithium Battery used in the SonicWALL security appliance may not be replaced by the user Return the SonicWALL secu...

Страница 83: ...s zur Lithiumbatterie Die in der Internet Security Appliance von SonicWALL verwendete Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden Zum Austauschen der Batterie muss die SonicWALL in ein...

Страница 84: ...ican Authorized Channels SonicWALL declares that APL20 065 contains FCC ID QWU 06C and APL20 064 contains FCC ID QWU 06D and when sold in US or Canada is limited to CH1 Ch11 by specified firmware cont...

Страница 85: ...Ar o SonicWALL deklar ka APL20 065 APL20 064 atbilst Direkt vas 1999 5 EK b tiskaj m pras b m un citiem ar to saist tajiem noteikumiem iuo SonicWALL deklaruoja kad is APL20 065 APL20 064 atitinka esmi...

Страница 86: ...of the material purchased with all backup copies can be sold given or loaned to another person Under the law copying includes translating into another language or format Specifications and descriptio...

Страница 87: ...Page 76 Notes Notes TZ_210_GSG book Page 76 Thursday November 13 2008 7 41 PM...

Страница 88: ...d or registered trademarks of their respective companies Specifications and descriptions subject to change without notice SonicWALL Inc 1143 Borregas Avenue T 1 408 745 9600 www sonicwall com Sunnyval...

Отзывы:

Нет отзывов

Похожие инструкции для TZ 210 Series

OfficeConnect 1600

Бренд: 3Com Страницы: 8

Бренд: 3Com Страницы: 8

Бренд: Dahua Страницы: 24

Бренд: Garland Страницы: 6

Бренд: CSS Страницы: 2

Бренд: 8level Страницы: 52

Бренд: Patton Страницы: 62

Бренд: Aviosys Страницы: 77

Бренд: Tripp Lite Страницы: 2

Wireless Outdoor Bridge XI-1500-IH

Бренд: IMC Networks Страницы: 13

Бренд: Vivotek Страницы: 317

Бренд: ADTRAN Страницы: 4

Бренд: EINHELL Страницы: 32

DynaStar DS2000-IFR

Бренд: GarrettCom Страницы: 40

Temporary Target Board M38517T-ADS

Бренд: Renesas Страницы: 14

Бренд: Tripp Lite Страницы: 2

Бренд: Zte Страницы: 28

Бренд: Billion Страницы: 157

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды