GMS-UMA 6 0 Administrators Guide

Global Management System (GMS) 6.
0 Administrators Guide
PROTECTION AT THE SPEED OF BUSINESS
SonicWALL GMS / UMA Administrators Guide

Version 6.0 SonicWALL, Inc. 2001 Logic Drive San Jose, CA 95124-3452 Phone: +1.408.745.9600 Fax: +1.408.745.9300 E-mail: info@sonicwall.com
SonicWALL GMS 6.0 Administrators Guide
Copyright Notice
2010 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format. Specifications and descriptions subject to change without notice.
Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc. Windows XP, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Firefox is a trademark of the Mozilla Foundation. Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other countries. Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers.
End User Licensing Agreement For SonicWall Global Management System

This End User Licensing Agreement (EULA) is a legal agreement between you and SonicWALL, Inc. (SonicWALL) for the SonicWALL software product identified above, which includes computer software and any and all associated media, printed materials, and online or electronic documentation (SOFTWARE PRODUCT). By opening the sealed package(s), installing, or otherwise using the SOFTWARE PRODUCT, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, do not open the sealed package(s), install or use the SOFTWARE PRODUCT. You may however return the unopened SOFTWARE PRODUCT to your place of purchase for a full refund. The SOFTWARE PRODUCT is licensed, not sold. You acknowledge and agree that all right, title, and interest in and to the SOFTWARE PRODUCT, including all associated intellectual property rights, are and shall remain with SonicWALL. This EULA does not convey to you an interest in or to the SOFTWARE PRODUCT, but only a limited right of use revocable in accordance with the terms of this EULA. The SOFTWARE PRODUCT is licensed as a single product and can only be used as such. You may also store or install a copy of the SOFTWARE PRODUCT on a storage device, such as a network server, used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network. You may not resell, or otherwise transfer for value, rent, lease, or lend the SOFTWARE PRODUCT. The SOFTWARE PRODUCT is trade secret or confidential information of SonicWALL or its licensors. You shall take appropriate action to protect the confidentiality of the SOFTWARE PRODUCT. You shall not reverse-engineer, de-compile, or disassemble the SOFTWARE PRODUCT, in whole or in part. The provisions of this section will survive the termination of this EULA. You agree and certify that neither the SOFTWARE PRODUCT nor any other technical data received from SonicWALL, nor the direct product thereof, will be exported outside the United States except as permitted by
ii
the laws and regulations of the United States, which may require U.S. Government export approval/licensing. Failure to strictly comply with this provision shall automatically invalidate this License.
License
SonicWALL grants you a non-exclusive license to use the SOFTWARE PRODUCT for a number of SonicWALL eligible products. This number is specified and shipped with the SOFTWARE PRODUCT. Support for additional SonicWALL eligible products is subject to a separate upgrade license.
Upgrades
If the SOFTWARE PRODUCT is labeled as an upgrade, you must be properly licensed to use a product identified by SonicWALL as being eligible for the upgrade in order to use the SOFTWARE PRODUCT. A SOFTWARE PRODUCT labeled as an upgrade replaces and/or supplements the product that formed the basis for your eligibility for the upgrade. You may use the resulting upgraded product only in accordance with the terms of this EULA. If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product, the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be separated for use on more than one computer.
Support Services
SonicWALL may provide you with support services related to the SOFTWARE PRODUCT (Support Services). Use of Support Services is governed by the SonicWALL policies and programs described in the user manual, in online documentation, and/or in other SonicWALL-provided materials. Any supplemental software code provided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to terms and conditions of this EULA. With respect to technical information you provide to SonicWALL as part of the Support Services, SonicWALL may use such information for its business purposes, including for product support and development. SonicWALL shall not utilize such technical information in a form that identifies its source.
Ownership
As between the parties, SonicWALL retains all title to, ownership of, and all proprietary rights with respect to the SOFTWARE PRODUCT (including but not limited to any images, photographs, animations, video, audio, music, text, and applets incorporated into the SOFTWARE PRODUCT), the accompanying printed materials, and any copies of the SOFTWARE PRODUCT. The SOFTWARE PRODUCT is protected by copyrights laws and international treaty provisions. The SOFTWARE PRODUCT is licensed, not sold. This EULA does not convey to you an interest in or to the SOFTWARE PRODUCT, but only a limited right of use revocable in accordance with the terms of this EULA.
U.S. Government Restricted Rights

If you are acquiring the Software including accompanying documentation on behalf of the U.S. Government, the following provisions apply. If the Software is supplied to the Department of Defense (DoD), the Software is subject to Restricted Rights, as that term is defined in the DOD Supplement to the Federal Acquisition Regulations (DFAR) in paragraph 252.227 7013(c) (1). If the Software is supplied to any unit or agency of the United States Government other than DOD, the Governments rights in the Software will be as defined in paragraph 52.227 19(c) (2) of the Federal Acquisition Regulations (FAR). Use, duplication, reproduction or disclosure by the Government is subject to such restrictions or successor provisions. Contractor/Manufacturer is: SonicWALL, Inc. 2001 Logic Drive, San Jose, CA 95124-3452, USA.
iii
Exports License
Licensee will comply with, and will, at SonicWALLs request, demonstrate such compliance with all applicable export laws, restrictions, and regulations of the U.S. Department of Commerce, the U.S. Department of Treasury and any other any U.S. or foreign agency or authority. Licensee will not export or re-export, or allow the export or re-export of any product, technology or information it obtains or learns pursuant to this Agreement (or any direct product thereof) in violation of any such law, restriction or regulation, including, without limitation, export or re-export to Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria or any other country subject to applicable U.S. trade embargoes or restrictions, or to any party on the U.S. Export Administration Table of Denial Orders or the U.S. Department of Treasury List of Specially Designated Nationals, or to any other prohibited destination or person pursuant to U.S. law, regulations or other provisions.
Miscellaneous
This EULA represents the entire agreement concerning the subject matter hereof between the parties and supercedes all prior agreements and representations between them. It may be amended only in writing executed by both parties. This EULA shall be governed by and construed under the laws of the State of California as if entirely performed within the State and without regard for conflicts of laws. Should any term of this EULA be declared void or unenforceable by any court of competent jurisdiction, such declaration shall have no effect on the remaining terms hereof. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.
Termination
This EULA is effective upon your opening of the sealed package(s), installing or otherwise using the SOFTWARE PRODUCT, and shall continue until terminated. Without prejudice to any other rights, SonicWALL may terminate this EULA if you fail to comply with the terms and conditions of this EULA. SonicWALL reserves the right to terminate this EULA five (5) years after the SOFTWARE PRODUCT is issued to Licensee. In event of termination, you agree to return or destroy the SOFTWARE PRODUCT (including all related documents and components items as defined above) and any and all copies of same.
Limited Warranty
SonicWALL warrants that a) the software product will perform substantially in accordance with the accompanying written materials for a period of ninety (90) days from the date of purchase, and b) any support services provided by SonicWALL shall be substantially as described in applicable written materials provided to you by SonicWALL. Any implied warranties on the software product are limited to ninety (90) days. Some states and jurisdictions do not allow limitations on duration of an implied warranty, so the above limitation may not apply to you.
Customer Remedies
SonicWALLs and its suppliers entire liability and your exclusive remedy shall be, at SonicWALLs option, either a) return of the price paid, or b) repair or replacement of the SOFTWARE PRODUCT that does not meet SonicWALLs Limited Warranty and which is returned to SonicWALL with a copy of your receipt. This Limited Warranty is void if failure of the SOFTWARE PRODUCT has resulted from accident, abuse, or misapplication. Any replacement SOFTWARE PRODUCT shall be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. Outside of the United States, neither these remedies nor any product Support Services offered by SonicWALL are available without proof of purchase from an authorized SonicWALL international reseller or distributor.
No Other Warranties
To the maximum extent permitted by applicable law, SonicWALL and its suppliers/licensors disclaim all other warranties and conditions, either express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement, with regard to the SOFTWARE PRODUCT, and the provision of or failure to provide support services. This limited warranty gives you specific legal rights. You may have others, which vary from state/jurisdiction to state/jurisdiction.
iv
Limitation of Liability
Except for the warranties provided hereunder, to the maximum extent permitted by applicable law, in no event shall SonicWALL or its suppliers/licensors be liable for any special, incidental, indirect, or consequential damages for lost business profits, business interruption, loss of business information,) arising out of the use of or inability to use the SOFTWARE PRODUCT or the provision of or failure to provide support services, even if SonicWALL has been advised of the possibility of such damages. In any case, SonicWALLs entire liability under any provision of this EULA shall be limited to the amount actually paid by you for the SOFTWARE PRODUCT; provided, however, if you have entered into a SonicWALL support services agreement, SonicWALLs entire liability regarding support services shall be governed by the terms of that agreement. Because some states and jurisdiction do not allow the exclusion or limitation of liability, the above limitation may not apply to you. Manufacturer is SonicWALL, Inc. with headquarters located at 2001 Logic Drive, San Jose, CA 95124-3452, USA.
vi
Table of Contents
Chapter 1: Introduction to SonicWALL GMS .....................................................1
Overview of SonicWALL GMS ....................................................................................................................1 What Is SonicWALL GMS? ....................................................................................................................2 Benefits of Using SonicWALL GMS .....................................................................................................2 Scaling SonicWALL GMS Deployments ..............................................................................................9 Deployment Requirements ......................................................................................................................... 10 Operating System Requirements ......................................................................................................... 10 Database Requirements ......................................................................................................................... 11 MySQL Requirements ........................................................................................................................... 11 Java Requirements .................................................................................................................................. 12 Browser Requirements .......................................................................................................................... 12 Hardware for Single Server Deployment ........................................................................................... 12 Hardware for a Distributed Server Deployment ............................................................................... 12 SonicWALL Appliance and Firmware Support ................................................................................ 13 GMS Gateway Requirements ............................................................................................................... 13 Network Requirements ......................................................................................................................... 15 GMS Internet Access through a Proxy Server .................................................................................. 16 Logging in to GMS ....................................................................................................................................... 16 Navigating the SonicWALL GMS User Interface ................................................................................... 18 SonicToday Panel ................................................................................................................................... 18 Appliance Panels .................................................................................................................................... 19 Monitor Panel ......................................................................................................................................... 23 Console Panel ......................................................................................................................................... 24 Understanding SonicWALL GMS Icons .................................................................................................. 25 Using the GMS TreeControl Menu ........................................................................................................... 27 About Signed Applets in SonicWALL GMS ............................................................................................ 28 Otherwise, click No. In this case you must manually edit the java.policy file. Configuring SonicWALL GMS View Options ........................................................................................................................................... 29 Group View ............................................................................................................................................ 30
vii
Unit View ................................................................................................................................................ 31 Creating SonicWALL GMS Fields and Dynamic Views ................................................................. 33 Getting Help .................................................................................................................................................. 41 Tips and Tutorials .................................................................................................................................. 42
Chapter 2: Adding SonicWALL Appliances and Performing Basic Management Tasks ...................................................................................................................43
Adding SonicWALL Appliances to SonicWALL GMS ......................................................................... 43 Adding SonicWALL Appliances Manually ........................................................................................ 45 Importing SonicWALL Appliances ..................................................................................................... 50 Registering SonicWALL Appliances .......................................................................................................... 51 Modifying Management Properties ............................................................................................................ 52 Modifying SonicWALL Appliance Management Options .............................................................. 52 Changing Agents or Management Methods ...................................................................................... 53 Moving SonicWALL Appliances Between Groups .......................................................................... 54 Deleting SonicWALL Appliances from GMS ......................................................................................... 55 Performing Basic Appliance Management ................................................................................................ 55
Chapter 3: Using the SonicToday Panel ..........................................................57

Overview of the SonicToday Panel ........................................................................................................... 58 Editing a Component Window .................................................................................................................. 58 Adding a Component Window .................................................................................................................. 60 Application Widget ................................................................................................................................ 60 Event Alert .............................................................................................................................................. 62 RSS Feed .................................................................................................................................................. 66 Adding More Pages ...................................................................................................................................... 68 Editing and Deleting Pages ......................................................................................................................... 69 Other Features .............................................................................................................................................. 70
Chapter 5: UMH/UMA System Settings ............................................................75

Status ............................................................................................................................................................... 77 Licenses .......................................................................................................................................................... 78 Time ................................................................................................................................................................ 80 Administration .............................................................................................................................................. 81
viii
Settings ........................................................................................................................................................... 83 Diagnostics .................................................................................................................................................... 85 Technical Support Report ..................................................................................................................... 87 Logs and Syslogs .................................................................................................................................... 87 File Manager .................................................................................................................................................. 88 Working with Multiple Files ................................................................................................................. 89 Backup/Restore ............................................................................................................................................ 90 Data Export Wizard .............................................................................................................................. 91 RAID .............................................................................................................................................................. 94 Restart ............................................................................................................................................................. 95
Chapter 6: UMA Network Settings ....................................................................97

Settings ........................................................................................................................................................... 98 Routes ............................................................................................................................................................. 99
Chapter 7: UMH/UMA Deployment Settings ..................................................101

Deployment Roles ...................................................................................................................................... 101 Configuring the All In One Role ....................................................................................................... 103 Configuring the Database Only Role ................................................................................................ 105 Configuring the Console Role ............................................................................................................ 105 Configuring the Agent Role ............................................................................................................... 107 Configuring the Reports Summarizer Role ...................................................................................... 108 Configuring the Monitor Role ........................................................................................................... 109 Configuring the Event Role ............................................................................................................... 110 Configuring the Syslog Collector Role .............................................................................................. 111 Configuring Database Settings ........................................................................................................... 112 Deployment Settings .................................................................................................................................. 114 Configuring Web Port Settings .......................................................................................................... 115 Configuring SMTP Settings ................................................................................................................ 115 Configuring SSL Access ...................................................................................................................... 116 Deployment Services .................................................................................................................................. 117
Chapter 9: Configuring SonicOS System Settings .......................................121

Viewing System Status ............................................................................................................................... 122
ix
Configuring Time Settings ........................................................................................................................ 125 Viewing Licensed Node Status ................................................................................................................. 127 Configuring Administrator Settings ......................................................................................................... 129 Using Configuration Tools ........................................................................................................................ 131 Restarting SonicWALL Appliances ................................................................................................... 132 Requesting Diagnostics for SonicWALL ......................................................................................... 132 Inheriting Settings ................................................................................................................................ 133 Clearing the ARP Cache ...................................................................................................................... 136 Synchronizing Appliances ................................................................................................................... 136 Synchronizing with mysonicwall.com ............................................................................................... 137 Manually Uploading Signature Updates ............................................................................................ 137 Generating Tech Support Reports .................................................................................................... 138 Configuring Contact Information ............................................................................................................ 139 Configuring System Settings ..................................................................................................................... 139 Configuring Schedules ............................................................................................................................... 141 Editing Management Settings ................................................................................................................... 143 Configuring SNMP .................................................................................................................................... 145 Navigating the System > Certificates Page ...................................................................................... 147 About Certificates ................................................................................................................................ 148 Configuring CA Certificates ............................................................................................................... 148 Importing New Local and CA Certificates ...................................................................................... 149 Generating a Certificate Signing Request ......................................................................................... 150 Configuring SCEP ............................................................................................................................... 151
Chapter 10: Configuring SonicOS Network Settings ....................................153

Overview of Interfaces .............................................................................................................................. 153 Virtual Interfaces (VLAN) .................................................................................................................. 154 Configuring Network Settings in SonicOS Enhanced .......................................................................... 156 Configuring Interface Settings ........................................................................................................... 156 WAN Failover and Load Balancing .................................................................................................. 168 Configuring Zones ............................................................................................................................... 172 Configuring the WLAN Zone .......................................................................................................... 176 Configuring DNS ................................................................................................................................. 180 Configuring Dynamic DNS ................................................................................................................ 181
Configuring Address Objects ............................................................................................................. 184 Configuring NAT Policies .................................................................................................................. 187 Configuring Web Proxy Forwarding Settings .................................................................................. 195 Configuring Routing in SonicOS Enhanced .................................................................................... 196 Configuring RIP in SonicOS Enhanced ................................................................................................. 198 Configuring IP Helper ......................................................................................................................... 200 Configuring ARP .................................................................................................................................. 203 Configuring SwitchPorts ..................................................................................................................... 207 Configuring PortShield Groups ......................................................................................................... 208 Configuring Network Monitor ........................................................................................................... 210 Configuring Network Settings in SonicOS Standard ............................................................................ 212 Configuring Basic Network Settings in SonicOS Standard ........................................................... 213 Configuring Dynamic DNS ................................................................................................................ 222 Configuring Web Proxy Forwarding ................................................................................................. 223 Configuring Intranet Settings ............................................................................................................. 223 Configuring Routing in SonicOS Standard ...................................................................................... 225 Configuring RIP in SonicOS Standard ............................................................................................. 225 Configuring OPT Addresses .............................................................................................................. 227 Configuring One-to-One NAT ......................................................................................................... 229 Configuring Ethernet Settings ............................................................................................................ 231 Configuring ARP .................................................................................................................................. 233
Chapter 11: Configuring UTM Appliance Settings ........................................235

Understanding the Network Access Rules Hierarchy ........................................................................... 235 Configuring Firewall Settings in SonicOS Enhanced .......................................................................... 237 Configuring Firewall Rules in SonicOS Enhanced ......................................................................... 238 Configuring Advanced Firewall Settings ......................................................................................... 245 Configuring Multicast Settings ........................................................................................................... 247 Configuring Voice over IP Settings ................................................................................................... 249 Configuring TCP Settings ................................................................................................................... 251 Configuring Quality of Service Mapping .......................................................................................... 254 Configuring SSL Control ................................................................................................................... 265 Configuring Firewall Settings in SonicOS Standard .............................................................................. 269 Configuring Rules in SonicOS Standard .......................................................................................... 269
xi
Configuring Advanced Firewall Settings in SonicOS Standard .................................................... 273 Configuring Voice over IP Settings ................................................................................................... 275
Chapter 12: Configuring Log Settings ...........................................................277

Configuring Log Settings ........................................................................................................................... 278 Configuring Enhanced Log Settings ........................................................................................................ 281 Heartbeat Settings on the Enhanced Log Settings Page ................................................................ 284 Configuring Name Resolution .................................................................................................................. 285
Chapter 13: Viewing Diagnostic Information .................................................287

Viewing Network Diagnostic Settings ..................................................................................................... 288 Viewing Connections Monitor ................................................................................................................. 290 Viewing CPU Monitor ............................................................................................................................... 292 Viewing Process Monitor .......................................................................................................................... 293
Chapter 14: Configuring Website Blocking ...................................................295

Configuring General Website Blocking .................................................................................................. 296 Selecting the Content to Block ................................................................................................................. 298 Content Filter List ................................................................................................................................ 299 CFS Filter List ....................................................................................................................................... 302 Configuring the CFS Exclusion List ........................................................................................................ 308 Customizing Access by Domain .............................................................................................................. 309 Enabling Website Blocking Customization ..................................................................................... 310 Adding Individual Forbidden/Allowed Domains .......................................................................... 311 Adding Multiple Domains From a List ............................................................................................ 311 Timing Options in SonicOS Standard .............................................................................................. 312 Deleting Domains from the Domain Lists ...................................................................................... 312 Blocking Access to Domains by Keywords ........................................................................................... 313 Blocking Web Features .............................................................................................................................. 315 Configuring Access Consent ..................................................................................................................... 316 N2H2 and Websense Content Filtering .................................................................................................. 318 N2H2 ..................................................................................................................................................... 318 Websense ............................................................................................................................................... 320
xii
Chapter 15: Configuring Dynamic Host Configuration Protocol .................321

DHCP Server Options Overview ............................................................................................................ 322 Configuring DHCP Over VPN ................................................................................................................ 322 Configuring Dynamic DHCP IP Address Ranges ................................................................................ 325 Configuring Static IP Addresses ............................................................................................................... 329 Configuring DHCP Option Objects ...................................................................................................... 333 Configuring DHCP Option Groups ...................................................................................................... 334 Configuring General DHCP Settings ...................................................................................................... 334 Configuring Trusted DHCP Relay Agents ............................................................................................. 336
Chapter 16: Configuring User Settings ..........................................................337

Configuring Users in SonicOS Enhanced .............................................................................................. 337 Configuring User Login Settings ....................................................................................................... 338 Configuring LDAP and Active Directory ........................................................................................ 340 Global User Settings ............................................................................................................................ 352 Configuring an Acceptable Use Policy ............................................................................................. 353 Configuring Local Users ..................................................................................................................... 354 Configuring Local Groups .................................................................................................................. 356 Configuring ULA Settings .................................................................................................................. 359 Configuring HTTP URL-Based ULA Settings ................................................................................ 359 Configuring RADIUS for SonicOS Enhanced ............................................................................... 360 Configuring Single Sign-On .............................................................................................................. 362 Configuring Guest Services ................................................................................................................ 366 Configuring Guest Accounts .............................................................................................................. 368 Configuring Users in SonicOS Standard ................................................................................................. 370 Configuring User Settings ................................................................................................................... 370 Global User Settings ............................................................................................................................ 372 Configuring an Acceptable Use Policy ............................................................................................. 373 Configuring ULA Settings .................................................................................................................. 374 Configuring HTTP URL-Based ULA ............................................................................................... 374 Configuring RADIUS for SonicOS Standard .................................................................................. 375
Chapter 17: Configuring Anti-Spam Settings ................................................377

Activating Anti-Spam .......................................................................................................................... 377
xiii
Configuring Anti-Spam Settings ........................................................................................................ 378 Configuring Anti-Spam Real-Time Black List Filtering ................................................................. 383
Chapter 18: Configuring Virtual Private Networking ....................................389

VPN SA Management Overview ............................................................................................................. 389 Deployment Caveats ............................................................................................................................ 390 Authentication Methods ..................................................................................................................... 390 Viewing the VPN Summary ...................................................................................................................... 391 Configuring VPN Settings ......................................................................................................................... 392 Configuring ULA Settings for VPNs ...................................................................................................... 395 Configuring VPNs in SonicOS Enhanced .............................................................................................. 396 Configuring VPNs in Interconnected Mode ................................................................................... 396 Configuring VPNs in Non-Interconnected Mode .......................................................................... 399 Generic VPN Configuration in SonicOS Enhanced ...................................................................... 401 Configuring VPNs in SonicOS Standard ................................................................................................ 403 IKE Using SonicWALL Certificates ................................................................................................. 404 IKE Using Third-Party Certificates .................................................................................................. 412 IKE Using Pre-Shared Secret ............................................................................................................. 421 Manual Keying ...................................................................................................................................... 429 Setting up the L2TP Server ...................................................................................................................... 436 Monitoring VPN Connections ................................................................................................................. 437 Management of VPN Client Users .......................................................................................................... 437 Enabling the VPN Client .................................................................................................................... 438 Downloading VPN Client Software .................................................................................................. 439 VPN Terms and Concepts ........................................................................................................................ 439 Using OCSP with SonicWALL Security Appliances ............................................................................ 442 OpenCA OCSP Responder ................................................................................................................ 444 Using OCSP with VPN Policies ........................................................................................................ 444
Chapter 19: Configuring SSL-VPN Settings ..................................................445

SSL VPN NetExtender Overview ..................................................................................................... 445 SSL VPN > Portal Settings ................................................................................................................ 449 SSL VPN > Client Settings ................................................................................................................ 450 SSL VPN > Client Routes .................................................................................................................. 454
xiv
Chapter 20: Configuring Security Services ...................................................457

Configuring SonicWALL Network Anti-Virus ...................................................................................... 458 Configuring Anti-Virus Settings ........................................................................................................ 458 SonicWALL Network Anti-Virus Email Filter ...................................................................................... 461 Email Filtering ...................................................................................................................................... 461 Configuring the SonicWALL Content Filter Service ............................................................................ 463 Configuring the SonicWALL Intrusion Prevention Service ................................................................ 463 Overview of IPS ................................................................................................................................... 464 SonicWALL Deep Packet Inspection ............................................................................................... 464 Enabling Intrusion Prevention Services ........................................................................................... 466 Configuring IPS Policies .................................................................................................................... 469 Manual Upload of Keyset and Signature Files ................................................................................ 470 Configuring the SonicWALL RBL Filter ............................................................................................... 472 Configuring the SonicWALL Gateway Anti-Virus ............................................................................... 473 Configuring GAV Settings ................................................................................................................. 475 Configuring GAV Protocols .............................................................................................................. 476 Viewing SonicWALL GAV Signatures ............................................................................................. 477 Configuring the SonicWALL Anti-Spyware Service ............................................................................. 478 Enabling SonicWALL Anti-Spyware ................................................................................................ 480 Specifying Spyware Danger Level Protection .................................................................................. 481 Applying SonicWALL Anti-Spyware Protection to Zones (Enhanced) ..................................... 482
Chapter 21: Configuring High Availability .....................................................487

Configuring High Availability Settings .................................................................................................... 488 Configuring Advanced High Availability Settings ................................................................................. 489 Monitoring High Availability .................................................................................................................... 492 Verifying High Availability Status ........................................................................................................... 493
Chapter 22: Configuring SonicPoints ............................................................495

Managing SonicPoints ................................................................................................................................ 496 Before Managing SonicPoints ............................................................................................................ 496 SonicPoint Provisioning Profiles ....................................................................................................... 497 Updating SonicPoint Settings ............................................................................................................. 508 SonicPoint WLAN Scheduling ......................................................................................................... 509
xv
Updating SonicPoint Firmware ......................................................................................................... 510 Automatic Provisioning (SDP & SSPP) ........................................................................................... 510 Viewing Station Status ............................................................................................................................... 511 Event and Statistics Reporting ........................................................................................................... 511 Using and Configuring SonicPoint IDS .................................................................................................. 513 Detecting SonicPoint Access Points ................................................................................................. 513 Wireless Intrusion Detection Services .............................................................................................. 513 Using and Configuring Virtual Access Points ........................................................................................ 516 Configuring Virtual Access Point Groups ....................................................................................... 517 Configuring Virtual Access Points .................................................................................................... 518 Configuring Virtual Access Point Profiles ....................................................................................... 519
Chapter 23: Configuring Wireless Options ....................................................521

Configuring General Wireless Settings .................................................................................................... 522 Wireless Radio Operating Schedule .................................................................................................. 524 Configuring Wireless Security Settings .................................................................................................... 525 WEP Encryption Settings ................................................................................................................... 525 WEP Encryption Keys ........................................................................................................................ 526 WPA and WPA2 Encryption Settings .............................................................................................. 526 WPA and WPA2 Settings ................................................................................................................... 528 Preshared Key Settings (PSK) ............................................................................................................ 528 Extensible Authentication Protocol (EAP) Settings ...................................................................... 529 Configuring Advanced Wireless Settings ................................................................................................ 530 Configuring MAC Filter List Settings ...................................................................................................... 533 Configuring Intrusion Detection Settings ............................................................................................... 535
Chapter 24: Configuring Wireless Guest Services .......................................537

Configuring Wireless Guest Services Settings ........................................................................................ 538 Adding a Guest ..................................................................................................................................... 540 Configuring the URL Allow List .............................................................................................................. 541 Denying Access to Networks with the IP Deny List ............................................................................ 542 Configuring the Custom Login Screen .................................................................................................... 543 Configuring External Authentication ...................................................................................................... 544 Configuring General Settings ............................................................................................................. 545
xvi
Configuring Settings for Auth Pages ................................................................................................. 546 Configuring Web Content Settings ................................................................................................... 547 Configuring Advanced Settings ......................................................................................................... 548 Configuring WGS Account Profiles ........................................................................................................ 549
Chapter 25: Configuring Modem Options ......................................................551

Configuring the Modem Profile ............................................................................................................... 551 Configuring Modem Settings .................................................................................................................... 555 Configuring Advanced Modem Settings ................................................................................................. 558
Chapter 26: Configuring Wireless WAN Options ..........................................559

About Wireless WAN ................................................................................................................................ 559 Configuring the Connection Profile ........................................................................................................ 560 Configuring WWAN Settings ................................................................................................................... 564 Configuring Advanced Settings ................................................................................................................ 565
Chapter 27: Managing Inheritance in GMS ....................................................569

Configuring Inheritance Filters ................................................................................................................ 569 Applying Inheritance Settings ................................................................................................................... 570
Chapter 28: Configuring Web Filters with CSM .............................................575

Configuring Web Filter Settings ............................................................................................................... 575 Configuring Web Filter Policies ............................................................................................................... 578 Modifying the *Default Policy Group .............................................................................................. 579 Adding Category Sets .......................................................................................................................... 580 Restoring Defaults ............................................................................................................................... 581 Configuring Custom Categories ............................................................................................................... 582 Configuring Miscellaneous Web Filters .................................................................................................. 584 Configuring the Custom Block Page ....................................................................................................... 586
Chapter 29: Configuring Application Filters for CSM ...................................587

Configuring Application Filters ................................................................................................................ 587
xvii
Chapter 30: Registering and Upgrading SonicWALL Appliances ...............591

Registering SonicWALL Appliances ........................................................................................................ 591 Upgrading Firmware .................................................................................................................................. 592 Upgrading Licenses .................................................................................................................................... 594 Searching ...................................................................................................................................................... 594 Creating License Sharing Groups ............................................................................................................. 597 Viewing Used Activation Codes ............................................................................................................... 600
Chapter 31: Adding SSL-VPN Appliances to GMS ........................................603

Preparing SSL VPN Appliances for GMS Management ...................................................................... 603 Preparing SonicWALL SSL VPN Appliances ................................................................................. 604 Preparing SonicWALL Aventail EX-Series SSL VPN Appliances .............................................. 605 Adding SSL-VPN Appliances in GMS .................................................................................................... 606 Managing SSL-VPN Appliance Settings ................................................................................................. 608
Chapter 32: Using General SSL-VPN Status and Tools ................................611

SSL-VPN Status .......................................................................................................................................... 612 SSL-VPN Tools .......................................................................................................................................... 614 SSL-VPN Info ............................................................................................................................................. 616 Updating SSL-VPN Appliance Information .................................................................................... 616
Chapter 33: Registering, Upgrading, and Logging in to SonicWALL SSL-VPN Appliances ........................................................................................................617
Registering SonicWALL SSL-VPN Appliances ..................................................................................... 617 Upgrading SonicWALL SSL-VPN Firmware ........................................................................................ 619 Logging in to SSL-VPN using SonicWALL GMS ................................................................................ 620
Chapter 34: CDP / Email Security Appliance Management ..........................623

Adding a CDP/ES Appliance to GMS ................................................................................................... 624 Preparing the Appliance ...................................................................................................................... 624 Adding the Appliance to GMS ......................................................................................................... 625 Managing CDP/ES General Settings ...................................................................................................... 626 Viewing and Managing CDP/ES Status ........................................................................................... 627 CDP/ES Appliance Tools for Synchronization .............................................................................. 630
xviii
Editing CDP/ES Appliance Contact Information ......................................................................... 631 Registering CDP/ES Appliances ............................................................................................................. 632 Registration Tasks on GMS ................................................................................................................ 632 Registration Tasks on the CDP/ES Appliance ............................................................................... 633 Modifying a CDP/ES Appliance ....................................................................................................... 633 Deleting a CDP/ES Appliance .......................................................................................................... 634 Configuring Alerts ...................................................................................................................................... 634 Adding Alerts ........................................................................................................................................ 635 Enabling/Disabling Alerts .................................................................................................................. 635 Deleting Alerts ...................................................................................................................................... 636 Editing Alerts ........................................................................................................................................ 636 Current Alerts ....................................................................................................................................... 637 Templates ..................................................................................................................................................... 637 Template Management Screen ........................................................................................................... 637 Accessing the CDP/ES Management Interface .................................................................................... 640 Using Multi-Solution Management .......................................................................................................... 640 Logging into the CDP/ES Management Interface ......................................................................... 641 Configuring Multi-Solution Management ........................................................................................ 642 Recording .............................................................................................................................................. 644 Configuring Heartbeat using Email Security CLI ........................................................................... 648
Chapter 35: GMS Reporting Features ............................................................651

GMS Reporting Overview ........................................................................................................................ 651 Viewing GMS Reports ........................................................................................................................ 653 Navigating GMS Reporting ...................................................................................................................... 655 Global and Group Views .................................................................................................................... 656 Unit View .............................................................................................................................................. 657 Using Interactive Reports ................................................................................................................... 658 Searching for a Report ......................................................................................................................... 659 Collapsible TreeControl Pane ............................................................................................................ 664 Enabling/Disabling Scheduled Reports ........................................................................................... 664 Combined Reports ............................................................................................................................... 664 Improved Navigation .......................................................................................................................... 665 Showing Domain Names in Reports ...................................................................................................... 666
xix
Managing GMS Reports on the Console Panel and Policies Panel .................................................... 667
Chapter 36: Scheduling and Configuring Reports ........................................671

Configuring Scheduled Reports ................................................................................................................ 671 Viewing or Managing Scheduled Reports ........................................................................................ 672 Adding or Editing a Scheduled Report ............................................................................................. 673 Selecting Reports for Summarization ...................................................................................................... 675 Configuring Inheritance for Reporting Screens ..................................................................................... 676 Configuring Data Storage Settings ........................................................................................................... 677 Configuring Summarization Data for Top Usage ................................................................................. 678 Configuring Summarization Data for Bandwidth Reports .................................................................. 679 Viewing Current Alerts .............................................................................................................................. 680 Scheduling PDF Compliance Reports ..................................................................................................... 680 Compliance Report Overview ............................................................................................................ 680 Adding a New Scheduled Compliance Report ................................................................................ 681 Customizing Your Detailed Reports Page ....................................................................................... 685
Chapter 37: Viewing Reports ..........................................................................689

Managing Report Settings ......................................................................................................................... 690 Editing Report Settings ....................................................................................................................... 690 Selecting a Graphical Display ............................................................................................................. 690 Setting a Date or Date Range ............................................................................................................. 691 Additional Settings ............................................................................................................................... 692 Troubleshooting Reports ................................................................................................................... 692 Viewing Dashboard Reports ..................................................................................................................... 694 Viewing the Dashboard Summary Report ....................................................................................... 694 Viewing the Security Dashboard Report .......................................................................................... 697 Using Custom Reports on UTM Appliances ......................................................................................... 699 Toggling Between Split Mode and Full Mode ................................................................................. 700 Configuring the Date and Time for Custom Reports .................................................................... 702 Configuring the Report Layout and Generating the Report ......................................................... 704 Generating the Custom Report .......................................................................................................... 712 Viewing a Custom Report ................................................................................................................... 713 Printing a Page or Exporting the Report as a PDF or CSV File .................................................. 715
xx
Saving the Report Template ............................................................................................................... 716 Viewing Status Reports .............................................................................................................................. 716 Viewing the Status Up-Time Summary Report ............................................................................... 717 Viewing Status Up-Time Over Time ................................................................................................ 718 Viewing the Status Down-Time Summary Report ......................................................................... 720 Viewing Status Down-Time Over Time ........................................................................................... 721 Viewing Bandwidth Reports ..................................................................................................................... 723 Viewing the Bandwidth Summary Report ........................................................................................ 723 Viewing the Top Users of Bandwidth .............................................................................................. 725 Viewing Bandwidth Usage Over Time ............................................................................................. 727 Viewing the Top Users of Bandwidth Over Time .......................................................................... 729 Viewing Services Reports .......................................................................................................................... 731 Viewing the Services Summary Report ............................................................................................. 731 Viewing Web Usage Reports .................................................................................................................... 733 Viewing the Web Usage Summary Report ....................................................................................... 734 Viewing the Top Web Sites ................................................................................................................ 736 Viewing the Top Users of Web Bandwidth ..................................................................................... 737 Viewing Web Usage by User .............................................................................................................. 739 Viewing Web Usage By Site ............................................................................................................... 741 Viewing Web Usage By Category ...................................................................................................... 742 Viewing Web Usage Over Time ........................................................................................................ 744 Viewing Top Sites Over Time ............................................................................................................ 745 Viewing Top Users Over Time .......................................................................................................... 747 Viewing Web Usage By User Over Time ......................................................................................... 749 Viewing Web Usage By Category Over Time ................................................................................. 750 Viewing Web Filter Reports ...................................................................................................................... 751 Viewing the Web Filter Summary Report ........................................................................................ 752 Viewing the Web Filter Top Sites Report ........................................................................................ 754 Viewing the Top Users that Try to Access Blocked Sites ............................................................. 755 Viewing the Blocked Sites for Each User ........................................................................................ 757 Viewing Blocked Sites Sorted By Site ............................................................................................... 758 Viewing Blocked Sites Sorted By Category ...................................................................................... 759 Viewing Blocked Site Attempts Over Time ..................................................................................... 761 Viewing the Top Blocked Site Attempts Over Time ..................................................................... 762
xxi
Viewing the Top Blocked Site Users Over Time ............................................................................ 763 Viewing Blocked Sites for Each User Over Time .......................................................................... 764 Viewing Blocked Sites By Category Over Time .............................................................................. 765 Viewing File Transfer Protocol Reports ................................................................................................. 767 Viewing the FTP Summary Report ................................................................................................... 767 Viewing the Top FTP Sites By User ................................................................................................. 769 Viewing FTP Bandwidth Usage Over Time .................................................................................... 770 Viewing the Top Users of FTP Bandwidth Over Time ................................................................ 772 Viewing Mail Usage Reports ..................................................................................................................... 773 Viewing the Mail Usage Summary Report ....................................................................................... 774 Viewing the Top Users of Mail Bandwidth ..................................................................................... 776 Viewing Mail Usage Over Time ......................................................................................................... 777 Viewing the Top Users of Mail Bandwidth Over Time ................................................................. 779 Viewing VPN Usage Reports ................................................................................................................... 780 Viewing the VPN Usage Summary Report ...................................................................................... 781 Viewing the Top VPN Users ............................................................................................................. 783 Viewing VPN Usage Over Time ....................................................................................................... 784 Viewing the Top VPN Users Over Time ......................................................................................... 785 Viewing VPN Usage By Policy .......................................................................................................... 787 Viewing the Top VPN Policies Over Time ..................................................................................... 788 Viewing Hourly VPN Usage By Policy ............................................................................................ 789 Viewing the VPN Services Summary Report .................................................................................. 790 Viewing Attacks Reports ........................................................................................................................... 792 Viewing the Attack Summary Report ............................................................................................... 792 Viewing the Attacks By Category ...................................................................................................... 794 Viewing the Errors Report ................................................................................................................. 795 Viewing Attack Reports Over Time .................................................................................................. 797 Viewing the Attacks By Category Over Time ................................................................................. 798 Viewing Errors Over Time ................................................................................................................. 799 Viewing Virus Attacks Reports ................................................................................................................ 801 Viewing the Top Viruses By Attack Attempts Report ................................................................... 803 Viewing the Virus Attack Attempts Report ..................................................................................... 804 Viewing the Virus Attacks By User Report ..................................................................................... 806 Viewing Anti-Spyware Reports ................................................................................................................ 807
xxii
Viewing a Spyware Summary ............................................................................................................. 809 Viewing Spyware Attempts By Category .......................................................................................... 810 Viewing Spyware Attempts Over Time ............................................................................................ 811 Viewing Spyware Attempts By Category Over Time ..................................................................... 813 Viewing Intrusion Prevention Reports ................................................................................................... 814 Viewing the Intrusion Prevention Summary Report ...................................................................... 816 Viewing Intrusion Attempts By Category ........................................................................................ 817 Viewing Intrusions Over Time .......................................................................................................... 819 Viewing Intrusion Reports By Category Over Time ...................................................................... 821 Viewing Application Firewall Reports ..................................................................................................... 822 Viewing the Application Firewall Summary Report ....................................................................... 823 Viewing the Application Firewall Over Time Report .................................................................... 824 Viewing Application Firewall Top Applications ............................................................................. 825 Viewing Application Firewall Top Users ......................................................................................... 826 Viewing Application Firewall Top Policies ...................................................................................... 827 Viewing Authentication Reports .............................................................................................................. 828 Viewing the User Login Report ......................................................................................................... 829 Viewing the Administrator Login Report ........................................................................................ 830 Viewing the Failed Login Report ....................................................................................................... 830 Viewing the Log .......................................................................................................................................... 831 Viewing the Log for a SonicWALL Appliance ................................................................................ 832
Chapter 38: SSL-VPN Reporting .....................................................................835

SSL-VPN Reporting Overview ................................................................................................................ 835 What is SSL-VPN Reporting? ............................................................................................................ 836 Benefits of SSL-VPN Reporting ........................................................................................................ 836 How Does SSL-VPN Reporting Work? ........................................................................................... 837 Using and Configuring SSL-VPN Reporting ......................................................................................... 837 About Viewing Available SSL-VPN Report Types ........................................................................ 837 Configuring SSL-VPN Scheduled Reports ..................................................................................... 839 Configuring SSL-VPN Summarization ............................................................................................. 840
Chapter 39: Viewing SSL-VPN Reports ..........................................................841

Viewing Status Reports .............................................................................................................................. 841 Viewing the Status Summary Report ............................................................................................... 842 Viewing the Status Over Time Report ............................................................................................ 842 Viewing the Status Down-Time Summary Report ......................................................................... 842 Viewing the Status Down-Time Over Time Report ...................................................................... 843 Viewing SSL-VPN Bandwidth Reports .................................................................................................. 845 Viewing SSL-VPN Bandwidth Summary Reports .......................................................................... 845 Viewing SSL-VPN Top Users of Bandwidth Reports ................................................................... 847
xxiii
Viewing SSL-VPN Bandwidth Usage Over Time Reports ............................................................848 Viewing SSL-VPN Top Users of Bandwidth Over Time Reports ...............................................850 Using SSL-VPN Custom Reports ............................................................................................................851 Toggling Between Split Mode and Full Mode .................................................................................852 Configuring the Date and Time for Custom Reports .....................................................................855 Configuring the Report Layout and Generating the Report ..........................................................858 Generating the Custom Report ..........................................................................................................864 Viewing a Custom Report ...................................................................................................................865 Printing a Page or Exporting the Report as a PDF or CSV File ...................................................867 Saving the Report Template ................................................................................................................868 Viewing SSL-VPN Resources Reports ....................................................................................................869 Viewing SSL-VPN Resources Summary Reports ............................................................................869 Viewing SSL-VPN Resources Top Users Reports ..........................................................................871 Viewing SSL-VPN Authentication Reports ............................................................................................874 Viewing SSL-VPN User Login Reports ............................................................................................874 Viewing SSL-VPN Failed Login Reports .........................................................................................875 Viewing the SSL-VPN Log .......................................................................................................................876 Viewing the Log for a SSL-VPN Appliance .....................................................................................876
Chapter 40: Using Navigation and Monitoring Tools ...................................881

GMS Navigation Tool ................................................................................................................................881 VPN Monitor ...............................................................................................................................................883 Net Monitor .................................................................................................................................................886 Configuring the Net Monitor .............................................................................................................887 Adding Devices to the Net Monitor ..................................................................................................891 Managing Realtime Monitors ..............................................................................................................900 Managing Severity and Thresholds ....................................................................................................906 Adding Custom Icons to the Net Monitor .......................................................................................912 Real-Time Syslog .........................................................................................................................................912 Live Monitoring ...........................................................................................................................................913
Chapter 41: Configuring User Settings ..........................................................927

Configuring General Settings ...................................................................................................................928 Configuring Reports Settings ...................................................................................................................930 Adding Web Sites to the Filter List ....................................................................................................931 Deleting Web Sites from the Filter List ............................................................................................931 Adding Web Users to the Filter List ..................................................................................................931 Deleting Web Users from the Filter List ..........................................................................................932
Chapter 42: Configuring Log Settings ...........................................................933

Configuration ...............................................................................................................................................933 xxiv
View Log ...................................................................................................................................................... 934
Chapter 43: Managing Tasks ...........................................................................937

Scheduled Tasks .......................................................................................................................................... 937
Chapter 44: Configuring Management Settings ............................................941

Settings ........................................................................................................................................................ 941 Configuring Email Settings ................................................................................................................. 942 Configuring Prefs File Settings .......................................................................................................... 942 Enabling Reporting and Synchronization with Managed Units ................................................... 943 Enhanced Security Access Settings ................................................................................................... 944 Domains ....................................................................................................................................................... 945 About Domains .................................................................................................................................... 945 Creating a New Domain ..................................................................................................................... 946 Users ............................................................................................................................................................. 953 Creating User Groups ......................................................................................................................... 954 Adding Users ........................................................................................................................................ 955 Moving a User ...................................................................................................................................... 957 Configuring Screen Access ................................................................................................................. 958 Configuring Appliance Access ........................................................................................................... 960 Configuring Unit, View, and Other Permissions ............................................................................ 961 Custom Groups .......................................................................................................................................... 964 Creating Custom Fields ....................................................................................................................... 964 Configuring Prefs File Settings .......................................................................................................... 966 Enabling Reporting and Synchronization with Managed Units ................................................... 966 Enhanced Security Access Settings ................................................................................................... 967 Custom Groups .......................................................................................................................................... 968 Creating Custom Fields ....................................................................................................................... 968 Sessions ........................................................................................................................................................ 970 Managing Sessions ............................................................................................................................... 971 Agents ........................................................................................................................................................... 971 Managing Agent Configurations ........................................................................................................ 972 SNMP Managers ......................................................................................................................................... 973 Configuring SNMP Settings ............................................................................................................... 974 Inheritance Filters ....................................................................................................................................... 974 Message of the Day .................................................................................................................................... 975 Database Maintenance ............................................................................................................................... 977 Configuring Backup Schedule and Settings ..................................................................................... 978 Backing Up a Database Immediately ................................................................................................ 979 Restoring a Database Backup ............................................................................................................. 979
xxv
Chapter 45: Managing Reports in the Console Panel ..................................981

Settings ..........................................................................................................................................................981 Enabling Report Table Sorting ...........................................................................................................982 Controlling the Number of Appliances with Log Viewer Enabled ..............................................982 Summarizer ..................................................................................................................................................983 About Summary Data in Reports .......................................................................................................983 About the Distributed Summarizer ..................................................................................................984 Summarizer Settings and Summarization Interval ...........................................................................987 Configuring the Syslog Deletion Schedule Settings ........................................................................991 Configuring Host Name Resolution ..................................................................................................992 Email/Archive .............................................................................................................................................994 Configuring Email/Archive Settings .................................................................................................994 Scheduled Reports .......................................................................................................................................995 Management ...............................................................................................................................................1000 Configuring Report Data Management ...........................................................................................1000
Chapter 46: Using Diagnostics .....................................................................1003

Debug Log Settings ...................................................................................................................................1003 Configuring Debug Log Settings ......................................................................................................1004 Request Snapshot ......................................................................................................................................1006 Performing a System Snapshot .........................................................................................................1006 Performing the Snapshot ...................................................................................................................1007 Snapshot Status ..........................................................................................................................................1008 Viewing the Snapshot or Diagnostics ..............................................................................................1008 Summarizer Status .....................................................................................................................................1009
Chapter 47: Granular Event Management ...................................................1015

Granular Event Management Overview ................................................................................................1015 What is Granular Event Management? ...........................................................................................1017 Benefits .................................................................................................................................................1018 How Does Granular Event Management Work? ..........................................................................1018 Using Granular Event Management .......................................................................................................1019 About Alerts ........................................................................................................................................1020 Configuring Granular Event Management ............................................................................................1023 Configuring Events on the Console Panel .....................................................................................1023 Configuring Alerts on the Policies Panel ........................................................................................1037 Configuring Alerts on the Reports Panel ........................................................................................1038 Adding Destinations and Schedules to an Alert ............................................................................1039 Viewing Current Alerts .............................................................................................................................1040 Sample Event Alert Reports ....................................................................................................................1041 xxvi
Chapter 48: Managing Licenses ...................................................................1045

GMS License ............................................................................................................................................. 1045 Upgrading a Demo License to a Retail License ............................................................................ 1046 Product Licenses ................................................................................................................................ 1047 SonicWALL Upgrades ............................................................................................................................. 1049 Upgrading the Node License ............................................................................................................ 1050 Purchasing Upgrades ......................................................................................................................... 1050 Activating the Upgrades .................................................................................................................... 1051
Chapter 49: Web Services .............................................................................1053

URI Basics ................................................................................................................................................. 1054 Settings ....................................................................................................................................................... 1055 Status ........................................................................................................................................................... 1056 Distributed Instances ............................................................................................................................... 1057 The Distributed Instances Table ..................................................................................................... 1057 Configuring Distributed Settings ..................................................................................................... 1058 Adding a Distributed Instance ......................................................................................................... 1058
Chapter 50: Using GMS Help .........................................................................1061

Tips and Tutorials ..................................................................................................................................... 1061 About GMS ............................................................................................................................................... 1062 Log Viewer ................................................................................................................................................. 1066 Real-time Syslog Viewer .......................................................................................................................... 1068 GMS Reports and Corresponding Syslog Categories ......................................................................... 1069 Forwarding Syslog Data to Another Syslog Server ............................................................................. 1072 Forwarding the Syslog Data to a WebTrends Server .......................................................................... 1072 Posting GMS Reporting to Another Web Server for End-User Access .......................................... 1073 Miscellaneous Procedures and Troubleshooting Tips ........................................................................ 1073 Miscellaneous Procedures ................................................................................................................. 1073 Troubleshooting Tips ........................................................................................................................ 1076 Accessing the CLI ..................................................................................................................................... 1080 Local CLI Access ............................................................................................................................... 1080 Remote (SSL) CLI Access ................................................................................................................ 1080 CLI Commands ........................................................................................................................................ 1081 Logging In ........................................................................................................................................... 1082 Logging Out ........................................................................................................................................ 1082 Executing a Command without Logging In .................................................................................. 1083 Adding SonicWALL Appliances ...................................................................................................... 1084 Adding Users ...................................................................................................................................... 1088 Changing Users ................................................................................................................................... 1092
xxvii
Deleting a Single User ........................................................................................................................1095 Deleting Multiple Users .....................................................................................................................1096 Adding and Removing Activation Codes .......................................................................................1097 Deleting Nodes Using XML .............................................................................................................1101 Monitoring Tunnel Status ..................................................................................................................1102 Monitoring Tunnel Statistics .............................................................................................................1103 Refreshing a Tunnel ...........................................................................................................................1104 Renegotiating a Tunnel ......................................................................................................................1104 Synchronizing Tunnel Information .................................................................................................1104 Configuring SonicWALL Parameters ....................................................................................................1105 Using the Configure Command .......................................................................................................1105 Preparing a Configuration File .........................................................................................................1106 Modifying SonicWALL Parameters .......................................................................................................1109 Using the ModifyArray Command ..................................................................................................1109 Preparing a Parameter Modification File ........................................................................................1110 Configuration Parameters ........................................................................................................................1112 System/Time .......................................................................................................................................1112
xxviii
CHAPTER 1 Introduction to SonicWALL GMS

This chapter introduces the SonicWALL Global Management System (GMS) User Interface (UI) navigation and management views. SonicWALL GMS is intended for large-scale deployments for enterprise and service provider solutions. This section includes the following subsections:

Overview of SonicWALL GMS section on page 1 Deployment Requirements section on page 10 Logging in to GMS section on page 16 Navigating the SonicWALL GMS User Interface section on page 18 Understanding SonicWALL GMS Icons section on page 25 Using the GMS TreeControl Menu section on page 27 About Signed Applets in SonicWALL GMS section on page 28 Otherwise, click No. In this case you must manually edit the java.policy file. Configuring SonicWALL GMS View Options section on page 29 Getting Help section on page 41
Overview of SonicWALL GMS

This section contains the following subsections:

What Is SonicWALL GMS? section on page 2 Benefits of Using SonicWALL GMS section on page 2 Scaling SonicWALL GMS Deployments section on page 9
What Is SonicWALL GMS?

The SonicWALL Global Management System (SonicWALL GMS) is a Web-based application that can configure and manage thousands of SonicWALL Internet security appliances and non-SonicWALL appliances from a central location. SonicWALL GMS is capable of managing large networks that use SonicWALL appliances. This dramatically lowers the cost of managing a secure distributed network. SonicWALL GMS does this by enabling administrators to monitor the status of and apply configurations to all managed SonicWALL appliances, groups of SonicWALL appliances, or individual SonicWALL appliances. You can also configure multiple site VPNs for SonicWALL appliances. From the SonicWALL GMS user interface (UI), you can add VPN licenses to SonicWALL appliances, configure VPN settings, and enable or disable remote-client access for each network. SonicWALL GMS provides monitoring features that enable you to view the current status of SonicWALL appliances, pending tasks, and log messages. It also provides graphical reporting of UTM appliance and network activities for the SonicWALL appliances. A wide range of informative real-time and historical reports can be generated to provide insight into usage trends and security events.
Benefits of Using SonicWALL GMS

SonicWALL GMS offers the following benefits:
Major New Features in GMS 6.0
Multi-Solution Management:Comprehensive Management Support for CDP and Email SecurityThe Multi-Solution Management feature in GMS provides next generation management capability by allowing administrators to manage multiple appliance typessuch as CDP, SSL VPN, SonicWALL-Aventail SSL VPN, and Email Securitythrough their respective web user interfaces over HTTP and HTTPS. This enhancement enables the configuration of GMS Core Management functionalities through the GMS user interface. Now functions such as creating tasks, posting policies, scheduling tasks, and more are easily completed across multiple appliances at Unit Node and Group Node levels.
Simplified Certificate ManagementAllows the administrator to configure both CA and Local certificates in one place, simplifying the process of viewing, editing, and creating new certificates. GMS Web Services GMS administrators typically use several other consoles to manage their network or, in the case of an MSP, their customers' networks. The web services API facilitates integration between GMS and other management consoles and greatly increases the productivity of the internal IT staff. Constructed using the Representational State Transfer (REST), an architectural style that specifies constraints, such as the uniform interface, that if applied to a Web service induce desirable properties, such as performance, scalability and modifiability, that enable services to work best on the Web. Using this RESTful approach, GMS Web Services will be simple, lightweight, and scalable. Group Level InterfacesAllows interface management to be applied at a group level. Administrators are now able to manage all UTM appliance interface features with a few clicks, including configuration of network interfaces, WAN connection models, DNS servers, and more. Application Firewall ReportingApplication Firewall Reporting introduces detailed reporting on the application firewall feature of fifth generation UTM devices. Reports include but are not limited to top categories, top applications, top users, and top policies. Users can drill down within reports. This feature allows reports to be generated for Dynamic Policies and Custom Policies. Useful examples for this feature include, viewing a report by category such as Instant Messaging, or applying Bandwidth Management by monitoring the activity of streaming media. CDP ReportingThis feature supports following reports. The reports are categorized based on the selected context node (Group or Unit) on the tree control panel. Report Navigation (drill down) is also supported among specific reports. CDP Alert and MonitoringApart from basic alert configuration, the extended GEM framework within GMS allows users to define severities and thresholds, as well as destinations and schedules for every destination for the alerts when triggered. SonicOS 5.5 SupportThis feature brings GMS support for the UTM product line to the recently released SonicOS 5.5. New features now manageable by GMS include SonicPoint N support, SSL VPN NetExtender, UTM anti-spam, and active/active failover, and more SonicOS 5.5 support renders GMS applicable to a wider range of UTM appliance features and makes the GMS administrator more productive.
Custom and Granular ReportsThis feature allows the GMS administrator to create custom reports using the raw logs collected from Aventail and SMB SSL VPN devices under management. GMS customers can now create granular reports on who accessed what applications at what time for forensic analysis and troubleshooting. Using data from these reports can help increase employee productivity and network uptime. Enhanced CLI SupportThe new Command Line Interface (CLI) does not require a user to do an OS level login into the GMS server. With this feature users are able to send commands to GMS from a remote host in a secure manner. This feature enables the automation of the interaction between GMS and other systems used by the customer. It facilitates execution of commands on the GMS CLI if the user can not access the GMS Console host using Remote Desktop. In addition, a third party application can interact with the GMS CLI from a remote host using the GMS CLI Client and Server. Lastly, a user can automate tasks on the GMS CLI from a remote host by using the GMS CLI Client application in batch/shell scripts. This feature enhances the productivity of the internal IT staff of enterprise and service provider customers. Enhanced Summarizer Capacity PlanningGMS 6.0 includes enhanced tools to assess hardware utilization for collection of syslog data and summarization for reporting. This feature also includes an estimation tool to determine total capacity of the hardware in use. The impact of a variety of parameters such as number of users and types of reports enabled is taken into consideration both at the global level and for each device under management. Enhanced performance assessment facilitates finding the root cause of peak hardware usage and proper capacity expansion planning and therefore allows the GMS administrator to time his new hardware purchases and associated expenses appropriately as he grows his business and brings more devices under management. ESPER Live MonitoringProvides the user with the ability to monitor the deployment setup and alert based on any irregularities detected. Live monitoring allows the user to see the threats as and when it is displayed in the UI and at the same time tag the threats with a severity and provide additional Destinations based on Schedules. Inheritance EnhancementsGMS now allows for reverse inheritance, offering the ability to inherit policy settings from a unit up to the parent nodes. GMS 5.1 only allowed for forward inheritance, i.e. policies could only be pushed from the group level down to the device level. With GMS 6.0, reverse Inheritance allows for policies to be inherited from a specific device to the group level. Effectively, Reverse Inheritance enables the user to copy existing configurations and to create predefined SonicWALL
configurations. Reverse Inheritance saves GMS administrators a considerable amount of time by taking one well configured firewall and promoting its policy configuration to the group level. From the group level the configurations can then be pushed down to other devices.
Inheritance Support for Reporting ScreensAdds inheritance support for setting configurations for GMS reports. This allows a new unit to be added to a group which then can inherit the GMS report settings for that group. This feature increases the GMS administrators productivity. Multiple Authentication ServersThe GMS administrator can define multiple authentication servers per GMS Domain. Many customers use multiple authentication domains within their network. This feature allows GMS to be used within a broader range of customer environments. RADIUS Authentication Support GMS LoginThe login module for GMS now supports RADIUS authentication. Many customers use RADIUS as part of their authentication infrastructure. RADIUS authentication support allows GMS to be used within a broader range of customer environments. It is also part of the upcoming PCI 1.2 requirements.
Existing GMS Features
Enhanced User ManagementSonicWALL GMS includes the ability to move users across groups, search for users, and apply unit permissions at user-group level. Domain-level user management support is also introduced, with domain level user groups, where users belonging to each domain can view each other and set privileges within the domain, and stay isolated from users of other domains. Third Party Authentication Server SupportSonicWALL GMS supports third party authentication servers, including LDAP, RADIUS, and Active Directory. Custom ReportsSonicWALL GMS provides the Custom Reports feature that lets you filter raw syslog data to generate granular reports customized by date and time ranges and by highly flexible filtering of the data customized for your own needs. In the Internet Activity custom report, you can see the date and time down to the second of all Internet activity passing through a monitored SonicWALL security appliance, and view detailed information not available in reports generated from summarized data. Policy-Based ManagementSonicWALL GMS enables network administrators to globally define, distribute, enforce and deploy network security policies for managed SonicWALL appliances, creating a highly secure and controllable firewall configuration environment.
Managed VPN ServicesSonicWALL GMS simplifies the task of globally defining, distributing, enforcing and deploying VPN policies for managed VPN gateways, making it easy to manage a global VPN network. Managed Remote VPN Client ConnectionsSonicWALL GMS allows administrators to define user policies for remote Global VPN Client users. The user policies can either be emailed to remote users or directly downloaded from the SonicWALL VPN gateways. Comprehensive Security Service Management In addition to managing security and VPN policies, SonicWALL GMS enables network administrators to globally define, distribute, enforce and deploy all the firewall settings for managed SonicWALL appliances. It also enables network administrators to remotely upgrade SonicWALL appliances and add subscription services such as content filtering and virus scanning. License ManagementSonicWALL GMS provides centralized license management of SonicWALL upgrade and subscription services. This makes it easy to store, apply, track, and update upgrade and subscription license information for all managed SonicWALL appliances. Multi-Tier Policy Hierarchy ArchitectureSonicWALL GMS enables administrators to define and distribute one or more policies to an individual or a group of managed SonicWALL appliances. The policies can be executed immediately or can be scheduled to take effect at a later time. SonicWALL GMS supports up to seven levels of groups. Policies can be applied at any level. Scalable ArchitectureThe SonicWALL GMS distributed architecture scales to support thousands of SonicWALL appliances, making large-scale deployments easy to manage. It allows network administrators to deploy a management architecture that scales to support a rapidly growing customer base while minimizing support staff and hardware. Load balancing and Redundancy for Security ManagementIn a SonicWALL GMS multi-server configuration, each Agent is responsible for a set of SonicWALL appliances. If an Agent fails, peer SonicWALL GMS Agents will manage the SonicWALL appliances for the failed Agent. SonicWALL GMS also provides redundancy for the SonicWALL GMS Console. Role-Based ManagementSonicWALL GMS provides a multi-user architecture with customizable views. Multiple users with different management privileges can be defined to distribute management tasks across a group of administrators and operators. Granular Event ManagementSonicWALL GMS introduces Granular Event Management (GEM). GEM offers a significant improvement in control over the way different events are handled. You now have more flexibility when
deciding where and when to send alerts, and you can configure event thresholds, severities, schedules, and alerts from a centralized location in the management interface rather than configuring these on a per-unit basis as before.
Centralized ReportingSonicWALL GMS provides graphical reporting of firewall and network activities for the SonicWALL appliances. A wide range of informative real-time and historical reports can be generated to provide insight into usage trends and security events. SonicWALL GMS provides aggregated reports for groups of SonicWALL appliances. It also enables the user, in addition to changing the date for a report, to set the number of users or sites as well as select a type of chart for the report.
Centralized MonitoringSonicWALL GMS includes monitoring capabilities for fault and performance data analysis. Monitoring includes VPN and device up/down status, VPN statistics, uptime calculations, and security events for GMS management activities, as well as for any TCP/IP based device or application. Support for SNMPA powerful real-time alert mechanism greatly enhances the administrator's ability to pinpoint and respond to critical events. SonicWALL GMS can centrally receive firewall SNMP traps over the secure management tunnel and forward them to an SNMP management system, ensuring the security of firewall traps. The SonicWALL GMS security events can also be forwarded to the SNMP management system as SNMP traps. Log ViewerSonicWALL GMS provides detailed daily firewall logs to analyze specific events. Command-Line InterfaceSonicWALL GMS features a command line interface that can add multiple SonicWALL appliances at once, configure security and VPN policies, change SonicWALL appliance settings, and display product-related status. Database SupportSonicWALL GMS supports access to industry-leading relational databases for highly efficient and reliable data storage and retrieval. Audit TrailingAll changes made in SonicWALL GMS are automatically logged, along with the identities of the individuals making the changes. Enhanced Security AccessSonicWALLs ESA feature allows for greater granular control of user access across a GMS network, which is applicable for installations that must comply with stringent regulatory compliance and account management controls as found in such standards as PCI, SOX, or HIPPA.
GUI-Based ArchitectureThe SonicWALL GMS user interface (UI) is easy to use and enables administrators to navigate through the managed SonicWALL appliances, view their settings, and make changes. Advanced Security Features
A random password is assigned to each SonicWALL appliance. SonicWALL GMS communicates with managed SonicWALL
appliances using Internet Protocol Security (IPSec) VPN tunnels.

SonicWALL GMS communicates with the SonicWALL registration
database using HTTPS.

The SonicWALL GMS login password is encrypted.
Enhanced Search FeaturesSonicWALL GMS enables you to locate task or log entries by entering search criteria. It also enables you to search for licenses and subscriptions. Upgrade and Subscription Expiration NoticesSonicWALL GMS sends an email notification to the SonicWALL GMS administrator when firewall upgrade and subscription services are about to expire for the managed SonicWALL appliances. By default, the emails are sent out 30 days and 7 days prior to the expiration dates. The SonicWALL GMS administrator can change the default values by specifying the period when to email the expiry notifications for the firewall upgrades and subscriptions.
Scaling SonicWALL GMS Deployments

SonicWALL GMS is designed to be highly scalable to support service providers and enterprise customers with large numbers of SonicWALL appliances. SonicWALL GMS offers a distributed management architecture, consisting of multiple servers, multiple consoles and several agents. Each agent server can manage a number of SonicWALL appliances. Additional capacity can be added to the management system by adding new agent servers. This distributed architecture also provides redundancy and load balancing, assuring reliable connections to the SonicWALL appliances under management. In the distributed architecture, the console server provides the user a single interface to the management system. Each agent server can manage a number of SonicWALL appliances, depending on the GMS gateway that resides between the agent server and the SonicWALL appliances and the amount of syslog traffic from the remotely managed appliances. For example, the SonicWALL PRO Series can act as the gateway for up to 1,000 SonicWALL appliances.

The GMS gateway that resides between a SonicWALL GMS agent server and the SonicWALL appliances provides secure communications. Each SonicWALL appliance can have a primary agent server and a standby server. Each agent server can be a primary server for certain SonicWALL appliances and a standby server for other SonicWALL appliances. Configuration of and changes to the SonicWALL GMS and the SonicWALL appliances are written to the database. The users at the Admin Workstations can access the SonicWALL GMS console through a Web browser (HTTP) from any location. The SonicWALL GMS console can also be securely accessed using HTTPS. The SonicWALL GMS console server can also be an agent server.
Deployment Requirements
Before installing SonicWALL GMS, review the following deployment requirements.
Note
SonicWALL does not support installations of GMS running on any virtualization software, such as VMware.
This section includes the following subsections:

Operating System Requirements section on page 10 Database Requirements section on page 11 Java Requirements section on page 12 Browser Requirements section on page 12 Hardware for Single Server Deployment section on page 12 Hardware for a Distributed Server Deployment section on page 12 SonicWALL Appliance and Firmware Support section on page 13 GMS Gateway Requirements section on page 13 Network Requirements section on page 15 GMS Internet Access through a Proxy Server section on page 16
Operating System Requirements

The SonicWALL GMS supports the following operating systems:

Windows 2000 Server (SP4) Windows 2000 Professional (SP4) Windows XP Professional (SP2) Windows 2003 Server (SP1, 32-bit)
Note
GMS management is not supported on MacOS.
10
Database Requirements
The SonicWALL GMS release supports the following databases:
Microsoft SQL Server 2000 (SP4) and Microsoft SQL Server 2005 (SP1) on either Windows 2000 Server (SP4) or 2003 Server (SP1) Regarding MS SQL Server 2005, SonicWALL GMS supports:
SQL Server 2005 Workgroup SQL Server 2005 Standard SQL Server 2005 Enterprise
SonicWALL GMS does not support MS SQL Server 2005 Express.
SonicWALL MySQL Install Package installed on either Windows 2000 Server (SP4) or 2003 Server (SP1)
Caution
The MySQL bundled with GMS/VP/UMA is fine tuned for optimal performance in a system with 2 GB RAM and above. Changing the MySQL configuration is not supported. The configuration information is kept in the my.ini file, and should not be changed unless instructed to do so by SonicWALL technical support.
Note
SonicWALL GMS services use JRE 1.5.0_06. SonicWALL GMS automatically downloads the Java Plug-in 1.5 when accessing GMS. For Microsoft SQL Server installations, SonicWALL GMS uses Tomcat 5.5.26.
MySQL Requirements
MySQL is intended for use with SonicWALL GMS 5.1 or higher. It is not recommended to use with other platforms. In order to run a successful installation of MySQL, the following prerequisites must be met:

Windows Operating System (XP, 2000, 2003) 6 GB disk space, minimum 2 GB RAM, minimum
Note that only NTFS file systems are supported, not FAT. MySQL for GMS 5.1 is not supported on Virtual Machines (VMs).
11
Java Requirements
Java Plug-in version 1.5 or higher. The JDBC driver is installed by GMS for Microsoft SQL Server and MySQL Server.
Browser Requirements

Microsoft Internet Explorer 6.0 or higher Mozilla Firefox 2.0 or higher Pop-up blocker disabled
SonicWALL GMS supports SSL 3.0 / TLS 1.0 for HTTPS management of SonicWALL appliances, and for direct login to the unit from GMS. For enhanced security across a GMS network for installations that must comply with stringent regulatory compliance and account management controls as found in such standards as PCI, SOX, or HIPPA, the following browsers have SSL 3.0/TLS 1.0 as standard encryption protocols:

Microsoft Internet Explorer 7.0 or higher Mozilla Firefox 2.0 or higher
You can set other browsers to use these protocols in their Tools > Internet Options > Advanced settings.
Hardware for Single Server Deployment
x86 Environment: Minimum 3 GHz processor dual-core CPU Intel processor, 2 GB RAM, and 300 GB disk space
Hardware for a Distributed Server Deployment

GMS Server
x86 Environment: Minimum 3 GHz processor single-CPU Intel processor, 2 GB RAM, and 300 GB disk space
Database Server
x86 Environment: Minimum 3 GHz processor dual-core CPU Intel processor, 2 GB RAM, and 300 GB disk space
12
Note
It is highly recommended that you install the database on a separate server.
SonicWALL Appliance and Firmware Support

Table 1 SonicWALL Platforms Platforms and Firmware Versions SonicWALL Firmware Version
SonicWALL Security appliances: NSA Series, TZ Series, and PRO Series SonicWALL SSL VPN Series appliances
SonicOS Standard 2.0 or higher, SonicOS Enhanced 2.0 or higher SonicOS SSL VPN 1.5.0.3 or higher for basic management; SonicOS SSL VPN 2.1 or higher for SSL VPN Reporting
SonicWALL CSM Series appliances SonicOS CF 1.0 or higher SonicWALL CDP Series appliances SonicWALL CDP 2.3 or higher SonicWALL Aventail EX-Series Version 9.0 or higher
Note
Legacy SonicWALL XPRS/XPRS2, SonicWALL SOHO2, SonicWALL Tele2, and SonicWALL Pro/Pro-VX models are not supported for GMS management. Appliances running SonicWALL legacy firmware including SonicOS Standard 1.x and SonicWALL firmware 6.x.x.x are not supported for GMS management.
Non-SonicWALL Appliance Support

SonicWALL GMS provides monitoring support for non-SonicWALL TCP/IP and SNMP-enabled devices and applications.
GMS Gateway Requirements

A GMS gateway is a SonicWALL appliance (a firewall) that allows for secure communication between the SonicWALL GMS server and managed appliance(s) using VPN tunnels. The GMS gateway must meet one of the following requirements:
13
SonicWALL NSA Series network security appliance with minimum firmware version SonicOS Enhanced 5.0 SonicWALL PRO Series network security appliance with minimum firmware version SonicOS Enhanced 3.2 SonicWALL VPN-based network security appliance
Note
The GMS gateway should be at minimum a SonicWALL NSA 2400 with minimum firmware SonicOS Enhanced 5.0, or a SonicWALL PRO 2040 with minimum firmware SonicOS Enhanced 3.2.
There are three SonicWALL GMS management methods with different GMS gateway requirements. When using HTTPS as the management method, it is optional to have a GMS gateway between each SonicWALL GMS agent server and the managed SonicWALL appliance(s). If you select Existing VPN tunnel, a gateway is optional. If you select Management VPN tunnel, you must have a GMS gateway between the SonicWALL GMS agent server and the managed SonicWALL appliance(s) to allow each SonicWALL GMS agent server to securely communicate with its managed appliance(s). The following list provides more detail on SonicWALL GMS management methods and gateway requirements:
Management VPN tunnelA GMS gateway is required. Each GMS agent server must have a dedicated gateway. The security association (SA) for this type of VPN tunnel must be configured in the managed SonicWALL appliance(s). SonicWALL GMS automatically creates the SA in the GMS gateway. For this configuration, the GMS gateway must be a SonicWALL VPN-based appliance. The GMS gateway can be configured in NAT-Enabled or transparent mode. The reason for a dedicated gateway with this method is due to the Scheduler's function. When a unit is added into GMS with 'Management VPN' as the method, the scheduler service logs into the gateway and creates the management tunnel. Also, the scheduler service periodically logs into its gateway and checks for management SAs. If there are SAs created for units that the agent does not manage, the SAs are deleted. If there are two agents sharing a gateway, they will be constantly deleting the other agents SAs.
Existing VPN tunnelA GMS gateway is optional. SonicWALL GMS can use VPN tunnels that already exist in the network to communicate with the managed appliance(s). For this configuration, the GMS gateway can be a SonicWALL VPN-based appliance or another VPN device that is interoperable with SonicWALL VPN.
14
HTTPSA GMS gateway is optional. SonicWALL GMS can use HTTPS management instead of a VPN tunnel to communicate with the managed appliance(s). However, the SonicWALL Aventail EX-Series SSL VPN appliance allows HTTPS access only to its LAN port(s), and not to its WAN port(s). This means that when SonicWALL GMS is deployed outside of the Aventail LAN subnet(s), management traffic must be routed from GMS to a gateway that allows access into the LAN network, and from there be routed to the Aventail LAN port.
Network Requirements
To complete the SonicWALL GMS deployment process, the following network requirements must be met:

The SonicWALL GMS server must have access to the Internet The SonicWALL GMS server must have a static IP address The SonicWALL GMS servers network connection must be able to accommodate 1 KB/s for each device under management. For example, if SonicWALL GMS is monitoring 100 SonicWALL appliances, the connection must support at least 100 KB/s.
Note
Depending on the configuration of SonicWALL log settings and the amount of traffic handled by each device, the network traffic can vary dramatically. The 1 KB/s for each device is a general recommendation. Your installation requirements may be different.
15
Logging in to GMS
GMS Internet Access through a Proxy Server

If the GMS server cannot access the Internet directly and needs to go through a proxy server, the following proxy entries are required in the sgmsConfig.xml file of the GMS server:
<Parameter name="proxySet" value="1"/> <Parameter name="proxyHost" value="10.0.30.62"/> <Parameter name="proxyPort" value="3128"/> <Parameter name="proxyUser" value="0A57CF01AB39ACF8863C8089321B9287"/> <Parameter name="proxyPassword" value="EE80851182B4B962FC3E0EDF1F00275A"/>
The proxyUser and proxyPassword parameters are required only if the Proxy Server requires authentication, in which case these are TEAV encrypted. This configuration supports both HTTP and HTTPS Proxy, as long as the settings are identical for both. To exempt certain hosts from the proxy configuration and allow them to be connected to directly, add the following tag to sgmsConfig.xml:
<Parameter name="nonProxyHosts" value="*something.com|www.foo*|192.168.0.*"/>
The exact values of all of these parameters should be changed to the appropriate values for your deployment. The asterisk symbol (*) is a wildcard that means any string. The pipe symbol (|) is a delimiter for the hosts in the list. To do TEAV encryption of the string test, please go to the directory <gms-install>\bin in a DOS window. Type the following command:
..\jre\bin\java -cp . TEAV test
The output will look like this:

input = [test] Encrypted: 5F397A4552CC08F2A409A9297588F134 Decrypted: [test]
Logging in to GMS
The first time you start SonicWALL GMS, the Registration page will appear.
Note
SonicWALL GMS must be registered before you can use it. To register, SonicWALL GMS must have direct access to the Internet.
16
Logging in to GMS
To register SonicWALL GMS, follow these steps: Installation Type GMS Software UMA Login Procedure Double-click the GMS icon on the desktop of the system where you installed GMS. Open a web browser and navigate to the IP address of the UMA appliance on your network. open a Web browser and enter or http://sgms_ipaddress or http://localhost.
http://sgms_ipaddress/sgms/login
UMA or GMS via Remote Login
The SonicWALL GMS login page appears.
1. 2.
Enter the SonicWALL user ID (default: admin) and password (default: password). Select Local Domain as the domain (default). Click Submit. The SonicWALL GMS UI opens. For more information on installation, login procedures, and registration of your GMS installation, please refer to the appropriate Getting Started Guide, available at: <http://www.sonicwall.com/us/support.html>
Note
17
Navigating the SonicWALL GMS User Interface

The following sections describe the four major panels of the SonicWALL GMS UI:

SonicToday Panel section on page 18 Appliance Panels section on page 19 Monitor Panel section on page 23 Console Panel section on page 24
SonicToday Panel
Using RSS and AJAX technology, SonicToday is a tab intended to work as a customizable dashboard where you are able to monitor the latest happenings with your SonicWALL GMS 5.1 deployment, your network, the IT and Security World, as well as the rest of the world. Upon initial login, you see a default SonicToday tab. You are able to further customize this page by configuring and adding preferred components.
18
Appliance Panels
The appliance panels allows administrators to add, delete, configure and view SonicWALL UTM appliances and other compatible appliances which are managed by GMS. These panels include:

UTM PanelFor management and reporting on compatible firewall/UTM appliances. SSL-VPN PanelFor management and reporting on SonicWALL SSL-VPN Virtual Private Networking appliances. CDP PanelFor Management of SonicWALL Continuous Data Protection appliances. ES PanelFor Management of SonicWALL Email Security appliances. Policies Panel section on page 20 Reports Panel section on page 21
Within the Firewall and SSL-VPN panels are two sub-panels:
19
Policies Panel
The Policies Panel is used to configure SonicWALL appliances. From these pages, you can apply settings to all SonicWALL appliances being managed by SonicWALL GMS, all SonicWALL appliances within a group, or individual SonicWALL appliances. To open the Policies Panel, click the Firewall tab at the top of the SonicWALL GMS UI and then click the Policies tab. The SonicWALL appropriate appliance Policies Panel appears:
From the Policies Panel, you can do the following:

View the status of a SonicWALL appliance or group. Change general settings such as network settings, time, and SonicWALL passwords. Configure SonicWALL log settings. Configure website blocking options. Configure firewall options. Configure advanced settings, such as proxy settings, intranet settings, routes, DMZ addresses, one-to-one network address translation (NAT), and Ethernet settings. Configure Dynamic Host Configuration Protocol (DHCP) settings. Create Virtual Private Networking (VPN) Security Associations (SAs). Configure Remote Authentication Dial-In User Service (RADIUS), anti-virus, and high availability settings. Register SonicWALL appliances.
20
Update SonicWALL firmware. Activate other feature upgrades and subscription services.
Reports Panel
The Reports Panel is an essential component of network security that is used to view and schedule reports about critical network events and activity, such as security threats, inappropriate Web use, and bandwidth levels. To open the Reports Panel, clickthe UTM or SSL-VPN tab at the top of the SonicWALL GMS UI and then click the Reports tab.
From the Reports Panel, you can view the following for managed SonicWALL appliances:
View general bandwidth usage. These reports include a real-time report, a daily bandwidth summary report, a top users of bandwidth report, and a weekly summary report. View bandwidth usage, by service. These reports include a real-time report and a summary report. View Web bandwidth usage. These reports include a daily bandwidth summary report, a top visited sites report, a top users of Web bandwidth report, a report that contains the top sites of each user, and a weekly summary report.
21
View the number of attempts that users made to access blocked websites. These reports include a daily summary report, a top blocked sites report, a top users report, a report that contains the top blocked sites of each user, and a weekly summary report. View file transfer protocol (FTP) bandwidth usage. These reports include a daily FTP bandwidth summary report, a top users of FTP bandwidth report, and a weekly summary report. View mail bandwidth usage. These reports include a daily mail summary report, a top users of mail report, and a weekly summary report. View VPN usage. These reports include a daily VPN summary report, a top users of VPN bandwidth report, and a weekly summary report. View reports on attempted attacks and errors. The attack reports include a daily attack summary report, an attack by category report, a top sources of attacks report, and a weekly attack summary report. The error reports include a daily error summary report and a weekly error summary report. View detailed logging information. The detailed logging information contains each transaction that occurred on the SonicWALL appliance. View successful and unsuccessful user and administrator authentication attempts. These reports include a user authentication report, an administrator authentication report, and a failed authentication report.
22
Monitor Panel
The Monitor Panel is the administrators central tool for monitoring the status of any managed TCP/IP and SNMP capable devices and applications. The GMS Monitor panel provides power and flexibility to help you manage availability of network devices by providing a real-time graphical representation of your network, creating custom threshold-based realtime monitor alerts and emailing or archiving network status reports based on your specifications. To access the Monitoring features, click the Monitor tab at the top of the SonicWALL GMS UI.
From the Monitor Panel, you can access the following information about managed appliances:

GMS Navigation ToolShows a color-coded graphical representation of the GMS network, providing a quick way to locate devices. VPN MonitorShows a color-coded graphical representation of the VPN network. NetMonitorPeriodically tests the status of SonicWALL appliances and other attached network devices. Enables you to do the following:
Categorize and monitor devices by device type, geography, or any
other organizational scheme

Assign priorities to devices within each category Create Realtime SNMP-based monitors
23
Create and automatically email and archive scheduled SNMP reports
for devices being monitored in real time
Real-Time SyslogEnables you to diagnose the system by viewing the syslog message in real time.
Console Panel
The Console Panel is used to configure SonicWALL GMS settings, view pending tasks, manage licenses, and configure system wide granular event management settings. To open the Console Panel, click the Console tab at the top of the SonicWALL GMS UI.
From the Console Panel, you can do the following:

Change the SonicWALL GMS password. View the SonicWALL GMS log. The SonicWALL GMS log contains information on alert notifications, failed SonicWALL GMS login attempts, and other events that apply to SonicWALL GMS. Manage tasks. You can view the status of SonicWALL tasks and, if necessary, delete them. Manage upgrade and subscription licenses for SonicWALL appliances. After loading these licenses into the license pool, you can apply them to SonicWALL appliances from the Policies Panel. Manage SonicWALL GMS user logins and privileges, agents, and dynamic views.
24
Understanding SonicWALL GMS Icons
Manage system wide Granular Event Management settings, including general settings, severity levels, event thresholds, schedules and schedule groups, and alerts.

This section describes the meaning of icons that appear next to managed appliances listed in the left pane of the SonicWALL GMS management interface. Status Icon Description One blue box indicates that the appliance is operating normally. The appliance is accessible from SonicWALL GMS, and no tasks are pending or scheduled. Two blue boxes indicate that appliances in a group are operating normally. All appliances in the group are accessible from SonicWALL GMS and no tasks are pending or scheduled. Three blue boxes indicate that all appliances in the global group of this type (Firewall/SSL-VPN/CDP) are operating normally. All appliances of this type are accessible from SonicWALL GMS and no tasks are pending or scheduled. One blue box with a lightning flash indicates that one or more tasks are pending or running on the appliance. Two blue boxes with a lightning flash indicate that tasks are currently pending or running on one or more appliances within the group. Two blue boxes with a clock indicate that tasks are currently scheduled to execute at a future time on one or more appliances within the group. One blue box with a clock indicates that one or more tasks are scheduled on the appliance. One yellow box indicates that the appliance has been added to SonicWALL GMS management (provisioned), but not yet acquired.
25
Two yellow boxes indicate that one or more appliances in the group have been added to SonicWALL GMS management, but not acquired. Three yellow boxes indicate that one or more of the global group of appliances of this type (Firewall/SSL-VPN/CDP) have been added to SonicWALL GMS management, but not acquired. One yellow box with a lightning flash indicates that one or more tasks are pending on the provisioned appliance. Two yellow boxes with a lightning flash indicates that tasks are pending on one or more provisioned appliances within the group. One red box indicates that the appliance is no longer sending heartbeats to SonicWALL GMS. Two red boxes indicate that one or more appliance in the group is no longer sending heartbeats to SonicWALL GMS. Three red boxes indicate that one or more of the global group of appliances of this type (UTM/SSL-VPN/CDP) is no longer sending heartbeats to SonicWALL GMS. Two red boxes with a lightning flash indicate that one or more appliance in the group is no longer sending heartbeats to SonicWALL GMS and has one or more tasks pending. One red box with a lightning flash indicates that the appliance is no longer sending heartbeats to SonicWALL GMS and has one or more tasks pending.
26
Using the GMS TreeControl Menu
Using the GMS TreeControl Menu

This section describes the content of the TreeControl menu within the SonicWALL GMS UI. You can control the display of the TreeControl pane by selecting one of the appliance tabs at the top. For example, when you click the UTM tab, the TreeControl pane displays all the managed firewall units. You can display any of the following three appliance types when GMS is managing all of these device types:

UTM Appliances SSL-VPNs CDPs
You can hide the entire TreeControl pane by clicking the sideways arrow icon, and redisplay the pane by clicking it again. This is helpful when viewing some reports or other extra-wide screens, especially on the Monitor or Console panel.
To open a TreeControl menu, right-click the View All icon, a Group icon, or a Unit icon.
27
About Signed Applets in SonicWALL GMS
The following options are available in the right-click menu:

FindOpens a Find dialog box that allows you to search for groups or units. RefreshRefreshes the GMS UI display. Rename Unit(unit view only) Renames the selected SonicWALL appliance. Add UnitAdd a new unit to the GMS management view. Requires unit IP and login information. Modify Unit(unit view only) Change basic settings for the selected unit, including unit name, IP and Login information, serial number, management port and encryption/authentication keys. DeleteDelete the selected unit, with option to delete interconnected SAs or to delete from Net Monitor. Add to NetMonitorAdd an existing unit to Net Monitor. Import XMLImport an edited XML file to replace the current TreeControl navigation view. Login to Unit(unit view only) Login to the selected unit using HTTP or HTTPS protocols. Modify PropertiesDisplays the properties for the selected SonicWALL appliance. Manage ViewsOpens a dialog box where you can create, delete, or modify a view. Change ViewSelect pre-set or user created views. Views are created in the Manage View window (see above). Reassign AgentsOpens a dialog box where you can change the IP address of the primary and standby schedulers and the type of VPN tunnel (management vs. site-to-site) used between SonicWALL GMS and the managed SonicWALL appliances.
About Signed Applets in SonicWALL GMS

There are a number of applets in the GMS UI, such as the TreeControl Applet in the leftmost pane, Net Monitor and other Monitoring Tools in the Monitor Tab. Signed Applets refers to a technique for adding a digital signature to a Java applet to prove that it was not tampered with upon receipt from the signer. Signed applets can be given more privileges than ordinary applets. By default, 28
Otherwise, click No. In this case you must manually edit the java.policy file.
applets have no access to system resources outside the directory from which they were launched, but a signed applet can access local system resources as allowed by the local systems security policy. In some previous releases of GMS, you were required to edit the java.policy file yourself on the client browser system in order to enable a number of applet related operations, such as Copy/Paste, Import file, Browse local folders, and HTTP/HTTPS login to the managed units from the GMS UI. There is no need to edit the java.policy file for signed applets. When a signed applet starts up, a warning pop-up is displayed. If you want to trust the applet, click Yes. Copy/paste, Import and HTTP/HTTPS logins will work without any edits to the java.policy file.
Configuring SonicWALL GMS View Options
The SonicWALL GMS UI is a robust and powerful tool you can use to apply settings to all SonicWALL appliances being managed by SonicWALL GMS, all appliances or devices within a group, or individual appliances or devices
29
Otherwise, click No. In this case you must manually edit the java.policy file. Configuring
simply by selecting the Global, Group, or Unit view within the SonicWALL GMS UI. The SonicWALL GMS UI supports up to seven group levels of hierarchy.
Note
Views are only available in the Policies and Reports Panel. Changing views does not affect the Console or Monitor Panels.
This section describes each view and what to consider when making changes. Select from the following:

Group View section on page 30 Unit View section on page 31 Creating SonicWALL GMS Fields and Dynamic Views section on page 33
Group View
From the Group view of the Policies panel, changes you make are applied to all SonicWALL appliances within the group. The Global viewthe top view that contains all appliancesis a type of Group view. To open the Group view, click a group icon in the left pane of the SonicWALL GMS UI. The Group Status page appears. The Group View Status page contains a list of statistics for all SonicWALL appliances within the group.
30
As you move through the SonicWALL GMS UI with the Group view selected and make changes, those changes are broken down into configuration tasks and applied to each subgroup and each SonicWALL appliance within the group. As SonicWALL GMS processes the tasks, some SonicWALL appliances may be down or offline. When this occurs, SonicWALL GMS spools the task and reattempts the update later. Depending on the page that you are configuring, the SonicWALL appliance(s) may automatically restart. We recommend scheduling the tasks to run when network activity is low. To determine if a change will require restarting, refer to the configuration instructions for that task. Making group changes through the SonicWALL GMS UI enables you to save time by instituting changes that affect all SonicWALL appliances within the group through a single operation. Although this is very convenient, some changes can have unintended consequences. Be careful when making changes on a group or global level.
Unit View
From the Unit view of the Policies panel, changes you make are only applied to the selected SonicWALL appliance. To open the Unit view, click a SonicWALL appliance in the left pane of the SonicWALL GMS UI. The Status page for the SonicWALL appliance appears.
From the Unit view on the Reports Panel, you can generate real-time and historical reports for the selected SonicWALL appliance. As you navigate the SonicWALL GMS UI, you can generate graphical reports and view detailed log data for the selected SonicWALL appliance. For more information, see Reports Panel on page 21.
31
As you navigate the SonicWALL GMS UI with a single SonicWALL appliance selected and make changes, those changes are broken down into configuration tasks and sent to the selected SonicWALL appliance. As SonicWALL GMS processes the tasks, the SonicWALL appliance may be down or offline. When this occurs, SonicWALL GMS spools the task and reattempts the update later.
Note
Depending on the page that you are configuring, the SonicWALL appliance may automatically restart. We recommend scheduling the tasks to run when network activity is low. To determine if a change will require restarting, refer to the configuration instructions for that task.
Unit View Status Page

The Unit View Status page contains a list of statistics for the selected SonicWALL appliance. These include the following:
SonicWALL Modelspecifies the model of the SonicWALL appliance. If the unit is not registered, Not Registered appears instead of a model number. Serial Numberspecifies the serial number of the SonicWALL appliance. Number of LAN IPs allowedspecifies the number of IP addresses that are allowed on the LAN. DMZ Portspecifies whether the SonicWALL appliance has a DMZ port. CPUspecifies the CPU used in the SonicWALL appliance. VPN Upgradespecifies whether the SonicWALL is licensed for a VPN upgrade. VPN Clientsspecifies whether the SonicWALL is licensed for VPN Clients. Firmware Versionspecifies the version of the firmware installed on the SonicWALL appliance. Content Filter Subscription List/Servicespecifies whether the SonicWALL appliance is licensed for a Content Filter List subscription. PKI Subscriptionspecifies whether the SonicWALL appliance has a PKI subscription. Anti-Virus Subscriptionspecifies whether the SonicWALL appliance has an anti-virus subscription.
32
Extended Warrantyspecifies whether the SonicWALL appliance has an extended warranty. SonicWALL Statusspecifies the operational status of the SonicWALL appliance. Tasks Pendingspecifies whether the SonicWALL appliance has any pending tasks. Agent Assignedspecifies the IP address of the SonicWALL GMS agent server that is the primary agent managing the SonicWALL appliance. Standby Agentspecifies the IP address of the peer SonicWALL GMS that acts as the backup agent for this SonicWALL appliance. If the primary agent fails, this SonicWALL GMS server will manage the appliance. Managed using Management Tunnelspecifies if the SonicWALL appliance is being managed by SonicWALL GMS using the management VPN tunnel. Fetch Uptimethe Uptime parameter indicates how long the SonicWALL has been running since the last time it was powered up or restarted. To display the current uptime setting at the unit level for the selected SonicWALL, click Fetch Uptime.
Creating SonicWALL GMS Fields and Dynamic Views

The SonicWALL GMS uses an innovative method for organizing SonicWALL appliances. SonicWALL appliances are not forced into specific, limited, rigid hierarchies. You can simply create a set of fields that define criteria (e.g., country, city, state) which separate SonicWALL appliances. Then, create and use dynamic views to display and sort appliances on the fly. For information about organizing SonicWALL appliances, see the following sections:

About Default SonicWALL Fields on page 34 Creating Custom Fields on page 36 Understanding Dynamic Views on page 38 Configuring Dynamic Views on page 39 Changing Views on page 41
33
About Default SonicWALL Fields

SonicWALL GMS includes standard fields that can be used to sort SonicWALL appliances based on their model, their firmware version, and other criteria. Default SonicWALL GMS fields include the following:
AV Enforcementplaces the SonicWALL appliances into two groups: appliances that have anti-virus (AV) subscriptions and appliances that do not. AV Statusplaces the SonicWALL appliances into different groups based on their status. CFS Statusplaces the SonicWALL appliances into two groups: appliances that have content filtering service (CFS) subscriptions and appliances that do not. Dialup Modeperforms grouping based on whether an appliance has switched to dialup mode for Internet access. Firmwarecreates a group for each Firmware version and places each SonicWALL appliance into its corresponding group. Managementperforms grouping based on whether appliances are managed by HTTPS Management mode, GMS Management Tunnel mode, or Existing/LAN mode. Modelcreates a group for each SonicWALL model and places each SonicWALL appliance into its corresponding group. Network Typecreates a group for each network type and places each SonicWALL appliance into its corresponding group. These include:
Standard NAT with DHCP Client NAT with PPPoE Client NAT with L2TP Client NAT with PPTP Client NAT Enabled Unknown
Nodescreates a group for each node range and places each SonicWALL appliance into its corresponding group. PKI Statusplaces the SonicWALL appliances into two groups: appliances that have Public Key Infrastructure (PKI) certificates and appliances that do not.
34
Registeredplaces the SonicWALL appliances into two groups: appliances that are registered and appliances that are not. Schedulercreates a group for each scheduler agent and places each SonicWALL appliance into its corresponding group. UnitStatusperforms grouping based on the Up/Down/Provisioned status of appliances. VPN Presentplaces the SonicWALL appliances into two groups: appliances that have VPN and appliances that do not. Warranty Statusplaces the SonicWALL appliances into two groups: appliances that have current warranties and appliances that do not.
35
Creating Custom Fields

When first configuring SonicWALL GMS, you can create custom fields that you can use to organize managed appliances. SonicWALL GMS supports up to ten custom fields.
Note
Although SonicWALL GMS supports up to ten custom fields, only seven fields can be used to sort SonicWALL appliances at any given time.
The following are examples of custom fields that you can use:
Geographicuseful for organizing SonicWALL appliances by location. Especially useful when used in combination with other grouping methods. Geographic fields may include:
Country Time Zone Region City
Customer-baseduseful for organizations that are providing managed security services for multiple customers. Customer-based fields may include:
Company Division Department
Configuration-baseduseful when SonicWALL appliances will have very different configurations. (e.g., Filtering, No Filtering, Pornography Filtering, Violence Filtering, or VPN). User-typedifferent service offerings can be made available to different user types. For example, engineering, sales, and customer service users can have very different configuration requirements. Or, if offered as a service to end users, you can allow or disallow network address translation (NAT) depending on the number of IP addresses that you want to make available.
36
SonicWALL GMS is pre-configured with four custom fields: Country, Company, Department, and State. These fields can be modified or deleted. To add fields, follow these steps:
1.
Click the Console tab, expand the Management tree and click Custom Groups.
2. 3. 4.
Right-click Custom Groupings in the right pane. Select Add Category from the pop-up menu. Enter the name of the group in the Category Name field. Category names can only contain alpha-numeric characters. Special characters and/or spaces are not accepted. Enter the default value for the group in the Default Value field. Click Ok. You can create up to ten fields. Although the fields appear to be in a hierarchical form, this has no effect on how the fields will appear within a view.
Note
5. 6.
Note
To modify or delete fields, right-click any of the existing fields and select Properties or Delete Category, respectively from the pop-up menu.
37
Understanding Dynamic Views

After creating custom fields and reviewing the SonicWALL GMS fields, SonicWALL GMS administrators can set up views to dynamically filter the SonicWALL security appliances that are displayed in the GMS user interface based on fields.
Note
Each view can filter for a maximum of seven fields.
Some views can include the following:
Standard Geographic Views When the number of SonicWALL appliances managed by SonicWALL GMS becomes large, you can divide the appliances geographically among SonicWALL administrators. For example, if one administrator will be responsible for each time zone in the United States, you can choose the following grouping methods:
Administrator 1: Country: USA, Time Zone: Pacific, State, City. Administrator 2: Country: USA, Time Zone: Mountain, State, City. Administrator 3: Country: USA, Time Zone: Central, State, City. Administrator 4: Country: USA, Time Zone: Eastern, State, City.
Firmware Views To ensure that all SonicWALL appliances are using the current firmware, you can create a view to check and update firmware versions and batch process firmware upgrades when network activity is low. For example, if you want to update all SonicWALL appliances to the latest firmware at 2:00 A.M., you can use the following grouping method:
Firmware Version, Time Zone
If you want to update SonicWALL appliances only for companies that have agreed to the upgrade and you want the upgrades to take place at 2:00 A.M., you can use the following grouping method:
Company, Firmware Version, Time Zone
Registration Views To ensure that all SonicWALL appliances are registered, you can create a registration view and check it periodically. To create a registration view, you can use the following grouping method:
Registration Status, any other grouping fields
38
Upgrade View You can create views that contain information on which upgrades customers do not have and forward this information to the Sales Department. For example, you can choose the following grouping methods:
Content Filter List, Company, Division, Department Anti-Virus, Company, Division, Department Warranty Status, Company, Division, Department
Configuring Dynamic Views

To create a view, follow these steps:
1.
Right-click anywhere in the left pane of the SonicWALL GMS window and select Manage Views from the pop-up menu. The Edit View page appears.
2. 3.
Type a descriptive name for the new view in the View Name field. To make this view available to non-administrators, select Visible to Non-Administrators.
39
4.
To add a view category, click Add Level. View categories are used to filter SonicWALL appliances in your view. The Group Categories column contains categories that are a combination of custom fields and SonicWALL GMS fields. To change the Group Category field, select the desired field from the drop-down list. For a list of SonicWALL GMS fields and their meanings, see About Default SonicWALL Fields on page 34. Choose an Operator to apply to apply to the value for this view:
equals (default value) starts with ends with contains does not equal does not contain
5.
6.
7. 8. 9.
Type a value for the category in the Value column. You can add up to seven categories or levels. To delete a view category, select the level and click Delete Level.
10. When you are finished configuring this view, click Modify View. 11. When you are finished, click Done.
40
Getting Help
Changing Views
To change views from within the SonicWALL GMS UI, follow these steps:
1.
Right-click anywhere in the left pane of the SonicWALL GMS window and select Change View from the pop-up menu. The Change View dialog box appears.
2.
Select a view and click OK. The GMS UI displays only the SonicWALL appliances that meet the requirements of the filters defined in the view.
Getting Help
In addition to this manual, SonicWALL GMS provides on-line help resources. To get help, follow these steps:
1. 2.
Navigate to the page where you need help. Click the Question Mark (?) in the upper right-hand corner of the window. Help for the selected page appears.
41
Getting Help
Tips and Tutorials

Tips and tutorials are also available in some section of the user interface, and are denoted by a Lightbulb icon:
To access tips and tutorials:

1. 2.
Navigate to the page where you need help. If available, click the Lightbulb icon in the upper right-hand corner of the window. Tips, tutorials, and online help are displayed for this topic.
42
CHAPTER 2 Adding SonicWALL Appliances and Performing Basic Management Tasks

This chapter describes how to add SonicWALL appliances to SonicWALL GMS, register appliances, and modify management properties. It also provides an introduction to basic appliance management tasks that can be performed through SonicWALL GMS. This chapter contains the following sections:

Adding SonicWALL Appliances to SonicWALL GMS on page 43 Registering SonicWALL Appliances on page 51 Modifying Management Properties on page 52 Deleting SonicWALL Appliances from GMS on page 55 Performing Basic Appliance Management on page 55
Adding SonicWALL Appliances to SonicWALL GMS

SonicWALL GMS can communicate with SonicWALL appliances through VPN tunnels, HTTPS, or directly over VPN tunnels that already exist between the SonicWALL appliances and the GMS gateway. When using HTTPS to access a SonicWALL Aventail SSL VPN appliance, GMS must connect to the LAN port of the Aventail appliance. When SonicWALL GMS is deployed outside of the Aventail LAN subnet, management traffic must be routed from GMS to a gateway that allows access into the LAN network, and from there be routed to the Aventail LAN port.
43
To add SonicWALL appliances using the command-line interface, refer to the SonicWALL Global Management System Command Line Interface Guide. The following sections describe two methods for adding SonicWALL appliances to GMS:

Adding SonicWALL Appliances Manually on page 45 Importing SonicWALL Appliances on page 50
44
Adding SonicWALL Appliances Manually

To manually add a SonicWALL appliance using the SonicWALL GMS management interface, follow these steps:
1.
Click the appliance tab that corresponds to the type of appliance that you want to add: UTM, SSL-VPN, CDP, or Email Security.
2.
Expand the SonicWALL GMS tree and select the group to which you will add the SonicWALL appliance. Then, right-click the group and select Add Unit from the pop-up menu. To not specify a group, right-click an open
45
area in the left pane (TreeControl pane) of the SonicWALL GMS management interface and select Add Unit. The Add Unit dialog box appears.
3.
Enter a descriptive name for the SonicWALL appliance in the Unit Name field. Do not enter the single quote character () in the Unit Name field. If applicable, choose a Domain to add this appliance to from the Domain drop-down list.
Note 4.
Note
Domain selection is only available to the admin of the LocalDomain. Individual domain admins are only able to add an appliance to their respective domains. Enter the serial number of the SonicWALL appliance in the Serial Number field. On SonicWALL Aventail appliances, the serial number is found on a sticker on the back of the appliance. Enter it without hyphens into the field. For the Managed Address, choose weather to Determine automatically, or Specify manually. Most deplyoments will be able to determine the address automatically.
5.
6.
46
7.
Enter the administrator login name for the SonicWALL appliance in the Login Name field. For SonicWALL Aventail SSL VPN appliances, the login name is pre-configured as GMS and cannot be changed. Enter the password used to access the SonicWALL appliance in the Password field. For Management Mode, select from the following:
If the SonicWALL appliance will be managed through an existing VPN
8. 9.
tunnel or over a private network, select Using Existing Tunnel or LAN.
If the SonicWALL appliance will be managed through a dedicated
management VPN tunnel, select Using Management VPN Tunnel (default). Using HTTPS.
If the SonicWALL appliance will be managed over HTTPS, select 10. Enter the IP address of the managed appliance in the IP Address field. 11. Enter the port used to administer the SonicWALL appliance in the
HTTP(S) Port field (default ports are HTTP: 80; HTTPS: 443).
For SonicWALL Aventail appliance management, use HTTPS port 8443.

12. For VPN tunnel management, enter a 16-character encryption key in the
SA Encryption Key field. The key must be exactly 16 characters long and composed of hexadecimal characters. Valid hexadecimal characters are 0 to 9, and a to f (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef.
Note
This key must match the encryption key of the SonicWALL appliance. You can set the key on the appliance by logging directly into it.
13. For VPN tunnel management, enter a 32-character authentication key in
the SA Authentication Key field. The key must be exactly 32 characters long and composed of hexadecimal characters. For example, a valid key would be 1234567890abcdef1234567890abcdef.
Note
This key must match the authentication key of the SonicWALL appliance.
14. If the SonicWALL appliance uses the Anti-Virus feature, enter the
Anti-Virus password. Otherwise, leave the field blank.
47
15. Select the IP address of the SonicWALL GMS agent server that will If SonicWALL GMS is configured in a multi-tier distributed
manage the SonicWALL appliance from the Agent IP Address list box: environment, you must select the SonicWALL GMS Agent whose IP address matches the IP address that you specified when configuring the SonicWALL appliance for SonicWALL GMS management.
If SonicWALL GMS is in a single-server environment, the IP address
of the SonicWALL GMS agent server already appears in the field.

16. If SonicWALL GMS is configured in a multi-tier distributed environment,
enter the IP address of the backup SonicWALL GMS server in the Standby Agent IP field. The backup server will automatically manage the SonicWALL appliance in the event of a primary server failure. Any Agent can be configured as the backup.
Note
If SonicWALL GMS is deployed in a single server environment, leave this field blank.
17. To add the appliance to Net Monitor, select the Add this unit to Net
Monitor checkbox.
18. Click Properties. The Unit Properties dialog box appears.
19. This dialog box displays the category fields to which the SonicWALL
appliance belongs. To change any of the values, select a new value from the drop-down list. When you are finished, click OK. You are returned to the Add Unit dialog box.
48
20. Click OK. The User Privileges dialog box displays.
21. Select the user group or individual users to which read-write privileges
should be assigned. Keep in mind that admins always maintain read-write privileges, regardless of your selection here.
22. Click OK. The new SonicWALL appliance appears in the SonicWALL GMS
management interface. It will have a yellow icon that indicates it has not yet been successfully acquired. SonicWALL GMS will then attempt to establish a management VPN tunnel, set up an HTTPS connection, or use the existing site-to-site VPN tunnel to access the appliance. GMS then reads the appliance configuration and acquires the SonicWALL appliance for management. This will take a few minutes. After the SonicWALL appliance is successfully acquired, its icon turns blue, its configuration settings are displayed at the unit level, and its settings are saved to the database. A text version of this configuration file is also saved in the file: <gms_directory>/etc/Prefs.
Note
In a multi-tier distributed environment, both the primary and secondary SonicWALL GMS Agents must be configured to use the same management method.
49
Importing SonicWALL Appliances

To reduce the amount of information that you have to manually enter when adding SonicWALL appliances, GMS enables you to import the saved prefs file of a SonicWALL appliance. To add a SonicWALL appliance to the SonicWALL GMS UI using the import option, follow these steps:
1. 2.
Right-click in the left pane of the SonicWALL GMS UI and select Add Unit from the pop-up menu. The Add Unit dialog box appears. Enter a descriptive name for the SonicWALL appliance in the Unit Name field. Do not enter the single quote character (') in the SonicWALL Name field. Enter the password to access the SonicWALL appliance in the Password field. Click Import. The Import dialog box appears.
3. 4.
Note
If the above Import Dialog Box does not appear, you need to edit the java.policy file on your system. Find and select the saved prefs file of the SonicWALL appliance. Click Import. You are returned to the Add Unit dialog box. Click Properties. The Unit Properties dialog box appears. This dialog box displays fields to which the SonicWALL appliance belongs. To change any of the values, enter a new value. When you are finished, click OK. After you are returned to the Add Unit dialog box, click OK again. Select the user group or individual users to which read-write privileges should be assigned. Keep in mind that admins always maintain read-write privileges, regardless of your selection here. have a yellow icon that indicates it has not yet been successfully acquired. The SonicWALL GMS will then attempt to establish a management VPN tunnel to the appliance, read its configuration, and acquire it for management. This will take a few minutes.
5. 6. 7.
8. 9.
10. The new SonicWALL appliance appears in the SonicWALL GMS UI. It will
50
Registering SonicWALL Appliances
After the SonicWALL appliance is successfully acquired, its icon will turn blue, its configuration settings will be displayed at the unit level, and its settings will be saved to the database. A text version of this configuration file is also saved in <gms_directory>/etc/Prefs.

After successfully adding one or more SonicWALL appliances to the SonicWALL GMS UI, the next step is to register them. Registration is required for firmware upgrades, technical support, and more.
Note
Registering SonicWALL Aventail SSL VPN appliances from GMS is not supported.
To register one or more SonicWALL appliances, follow these steps:

1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the Register/Upgrades tree and click Register SonicWALLs. The Register SonicWALLs page appears.
3.
Click Register. SonicWALL GMS creates a task for each SonicWALL appliance registration. If the appliance is already registered, the Register SonicWALLs page will state This appliance is registered. By default, SonicWALL GMS executes the tasks immediately. However, they can also be scheduled for another time and will remain in the schedule queue until they are executed. To view the status of these tasks, click the Console tab. Then, expand the Tasks tree and click Scheduled Tasks.
51
Modifying Management Properties
During the task execution, SonicWALL GMS registers each selected SonicWALL appliance using the information that you used to register with the SonicWALL registration site. After registration is complete, the task will be removed from the Scheduled Tasks page and the status of the task execution will be logged. To view these logs, click the Console tab. Then, expand the Log tree and click View Log.

The following sections describe how to modify management properties:

Modifying SonicWALL Appliance Management Options on page 52 Changing Agents or Management Methods on page 53 Moving SonicWALL Appliances Between Groups on page 54
Modifying SonicWALL Appliance Management Options

If you make a mistake or need to change the settings of an added SonicWALL appliance, you can manually modify its settings or how it is managed.
Note
If a unit has not been acquired (yellow icon), you can change its management mode using this procedure. After it has been acquired (red or blue icon), you cannot change its management mode using this procedure and must reassign it. For more information, see Changing Agents or Management Methods on page 53.
To modify a SonicWALL appliance, perform the following steps:

1. 2.
Right-click in the left pane of the SonicWALL GMS UI and select Modify Unit from the pop-up menu. The Modify Unit dialog box appears. The Modify Unit dialog box contains the same options as the Add Unit dialog box. For descriptions of the fields, see Adding SonicWALL Appliances to SonicWALL GMS on page 43. When you have finished modifying options, click OK. The SonicWALL appliance settings are modified.
3.
52
Changing Agents or Management Methods

To provide increased flexibility when managing SonicWALL appliances, SonicWALL GMS enables you to change the Agents that manage SonicWALL appliances, as well as their management methods. To change how a SonicWALL appliance is managed, follow these steps:
1. 2.
Right-click on the group or appliance that you want to re-assign and select Re-assign Agents from the pop-up menu. If the appliances to be re-assigned are managed using existing tunnels or the LAN, a warning message is displayed. Click Ok.
Caution
Make sure that the appliances will be able to successfully connect to the re-assigned GMS to avoid losing connection to the appliances.
3.
The Re-assign Agents dialog box appears.
4.
Select the IP address of the SonicWALL GMS agent server that will manage the SonicWALL appliance from the Scheduler IP Address list box. If SonicWALL GMS is configured in a multi-tier distributed environment, enter the IP address of the backup SonicWALL GMS server in the Standby Scheduler IP field. The backup server will automatically manage the SonicWALL appliance in the event of a primary failure. Any Agent can be configured as the backup.
5.
Note
If SonicWALL GMS is in a single server environment, leave this field blank.

53
6.
Select from the following management modes:

If the SonicWALL appliance will be managed through an existing VPN
tunnel or over a private network, select Using Existing Tunnel or LAN.
If the SonicWALL appliance will be managed through a dedicated
management VPN tunnel, select Using Management VPN Tunnel (default). Using HTTPS.
If the SonicWALL appliance will be managed over HTTPS, select
Note
HTTPS management requires additional configuration on the appliance itself.
7.
Enter the port used to administer the SonicWALL appliance in the SonicWALL HTTP Port field (standard: 80; HTTPS: 443). For SonicWALL Aventail appliance management, use HTTPS port 8443. When you are finished, click OK. A task is created for each selected SonicWALL appliance.
8.
Moving SonicWALL Appliances Between Groups

To move SonicWALL appliances between groups, simply change the properties of their custom fields. To change these properties, follow these steps.
1.
Right-click on a SonicWALL appliance or group in the left pane of the SonicWALL GMS UI and select Modify Properties from the pop-up menu. The Properties dialog box appears Make any changes to the categories to which the SonicWALL appliance or group of appliances belongs. For information on creating categories, see Creating SonicWALL GMS Fields and Dynamic Views on page 33.
2.
Note
If you are performing this procedure at the group or global level, all parameters will be changed for all selected SonicWALL appliances. For example, if you were attempting to only change the Country attribute, all other parameters would be changed as well. Click OK. The SonicWALL appliance(s) are moved to the new group.
3.
54
Deleting SonicWALL Appliances from GMS
Deleting SonicWALL Appliances from GMS

To delete a SonicWALL appliance or a group of appliances from GMS, perform the following steps:
1. 2.
Right-click on a SonicWALL appliance or group in the left pane and select Delete from the pop-up menu. In the warning message that displays, click Yes. The SonicWALL appliance or group is deleted from GMS.
Performing Basic Appliance Management

This section provides links to locations in this guide that describe the most common appliance management tasks.
Table 2 Appliance Management
Management Task Inheriting Group Settings Upgrading Firmware Managing Subscription Services Manually Uploading Signatures Managing Certificates
Location Managing Inheritance in GMS on page 569 Upgrading Firmware on page 592 Configuring Security Services on page 457 Manually Uploading Signature Updates on page 137 Configuring Certificates on page 146 Generating a Certificate Signing Request on page 150
Backing up the Prefs File
Configuring System Settings on page 139
Understanding Heartbeat Messages Configuring System Settings on page 139 Configuring Log Settings on page 278
55
Performing Basic Appliance Management
56
CHAPTER 3 Using the SonicToday Panel

This chapter introduces the SonicWALL Global Management System (GMS) management interface navigation and management views. SonicWALL GMS is intended for large-scale deployments for enterprise and service provider solutions. This section includes the following subsections:

Overview of the SonicToday Panel section on page 58 Editing a Component Window section on page 58 Adding a Component Window section on page 60 Adding More Pages section on page 68 Editing and Deleting Pages section on page 69 Other Features section on page 70
57
Overview of the SonicToday Panel
Overview of the SonicToday Panel

Using RSS and AJAX technology, SonicToday is a tab intended to work as a customizable dashboard where you are able to monitor the latest happenings with your SonicWALL GMS 6.0 deployment, your network, the IT and Security World, as well as the rest of the world. Upon initial login, you see a default SonicToday tab. You are able to further customize this page by configuring and adding preferred components.
Editing a Component Window

One customizable feature of SonicToday is the ability to edit the title of any given component window. To do this:
1.
Click the Edit link, located on the right side of the component window you wish to modify. In this example, we will modify the title of the component window CNN Top Stories.
58
Editing a Component Window
2.
The component window will expand, revealing the following entries you can modify:
Title The title of the component window. RSS URL The URL of the RSS Feed the current component window updates from. Items The number of items to be displayed on the component window. Refresh Interval The frequency of time the component window will refresh the RSS Feed.
In this example, we will change the title to CNN Top 5 Stories. For Items, we specify that we want five items shown in the component window, and we want the Refresh Interval to occur every 30 minutes. Click Save to save your changes and exit the component window. The changes will update the component window immediately.
59
Adding a Component Window

Another way to fully customize your SonicToday dashboard is by adding a component window specifically to your preferences. Note that no component containing the same content can be added more than once in the SonicToday dashboard. In this section, there are three different component windows you can add:

Application Widget section on page 60 Event Alert section on page 62 RSS Feed section on page 66
Application Widget
The application widget specifically details Logs, Scheduled Tasks, and Current Sessions in SonicWALL GMS 6.0. The convenience of this new widget is that it enables you to keep track of all these different details from the SonicToday dashboard page, rather than navigating through other tabs. To add the application widget:
1.
Click Add Component to bring up the Add Component Manager dialogue box. Select Application Widget from the Type drop-down list.
60
2.
Specify what type of Widget you want in the component. The Title will default to the Widget you choose, but you may customize this if you prefer. You also will indicate how many Items you want to be shown on the component window, as well as the Refresh Interval. In this example, we will add a widget that monitors Logs, displaying the latest five every ten minutes.
3.
Click Add when finished specifying entries. The component window is added to the SonicToday dashboard.
61
Event Alert
This feature in SonicWALL GMS allows you to receive alerts from your email, SNMP traps, and console on the SonicToday dashboard. You are able to filter which alerts you want directed to your SonicToday dashboard. To set up an event alert:
1.
Click Add Component to bring up the Add Component Manager dialogue box. Select Event Alert from the Type drop-down list.
62
2.
Select the Alert Type you would like to add from the drop-down list. The Title will default to the Alert Type you choose, but you may customize this if you prefer. You also will indicate how many Items you want to be shown on the component window, as well as the Refresh Interval. The field Show Alerts Triggered within last is used to provide the number of triggered alerts in hours. Only alerts triggered within this time period will appear on the SonicToday dashboard. In this example, we will add an event alert for Unit Status, displaying the latest five every 30 minutes. This event alert will also show alerts triggered within the last 24 hours.
3.
Click Add when finished specifying entries. The component window is added to the SonicToday dashboard. You will see a No alerts configured for destination SonicToday notification in the newly added Unit Status component window. This is because you have not identified which unit you are inquiring status on.
63
To Identify a Unit for this Alert

1.
Click the UTM tab to bring up a detailed list of all the units associated with SonicWALL GMS.
2.
Click on the unit for which you wish to receive alerts. In this example, we will use the unit TZ 150. Double click the unit name to see detailed information regarding this unit.
64
3.
Navigate under the Policies tab to the Events link. Click the option Alert Settings.
4.
For the first option of Unit Status, click the configure icon settings for this status alert. A dialog box will appear.
to specify
65
You must ensure one of the destinations for this alert is User Interface-SonicToday or else the alert will not be directed to your SonicToday dashboard. Click this option from the drop-down list under the Destination/Schedule section. Click Update to save changes. You will now be alerted on the component window as soon as a unit fails. It is a very detailed failure notice, complete with date and exact time the unit failed.
Whenever there is no alert added for a selected alert type, the No alerts configured for destination SonicToday message is displayed. Once the alert destination is configured as mentioned in To Identify a Unit for this Alert section on page 64, the alert message will appear in the component window. Only alerts triggered within a timeperiod displays in the SonicToday dashboard.
RSS Feed
RSS Feed is a component window designed to keep you updated with what is going on in the IT and Security World, as well as all around the globe. This section contains procedures for customizing an RSS Feed component window on your SonicToday dashboard. To choose a Predefined RSS Feed:
1.
Click Add Component to bring up the Add Component Manager dialogue box.
66
2.
Select RSS Feed from the Type drop-down list. This will automatically bring up a list of predefined RSS Feeds you may choose from. The Title will default to the Alert Type you choose, but you may customize this if you prefer. You also will indicate how many Items you want to be shown on the component window, as well as the Refresh Interval. In this example, we will select AP Sports News, displaying the first five items every 30 minutes on the component window.
3.
Click Add when you are finished. This will add the new RSS Feed component window to your SonicToday dashboard. Click Add Component to bring up the Add Component Manager dialogue box. Select RSS Feed from the Type drop-down list. This will automatically bring up a list of predefined RSS Feeds you may choose from. Scroll to the bottom of the predefined list and select Custom RSS Feed... Enter the URL of the RSS Feed you would like on your component window.
To Choose a Custom RSS Feed:

1. 2. 3.
Note
To search a large directory of available RSS Feeds, navigate to: http://www.rsfeeds.com/
67
Adding More Pages
4.
Enter the Title for this custom RSS Feed page. Also indicate how many Items you want to be shown on the component window, as well as the Refresh Interval. In this example, we will choose Rediff Top Stories, displaying the first five items every 30 minutes on the component window.
5.
Click Add when you are finished. This will add the new RSS Feed component window to your SonicToday dashboard.
Adding More Pages

SonicToday allows you to create more pages in addition to your default dashboard page. Note that only one page may be designated as your SonicToday default page. As soon as a new page is marked as the default, any previous default page settings are overwritten. To create a new page:
1. 2. 3. 4.
Click Manage Page from the toolbar to bring up the Page Manager. In the Page section, select Add New Page from the drop-down list. Name your new page under Page Title. Select the layout of your page under Page Layout. A thumbnail image pops up alongside each option to assist you.
68
Editing and Deleting Pages
5.
You also have the option of making this your default page, simply by placing a checkmark in the box labeled Default Page.
6.
Click Add when you are finished. The toolbar now displays the newly added page. In this example, we titled the new page News.
You can now add and customize component windows to navigate between pages.
Editing and Deleting Pages

To edit a page, click Manage Page from the toolbar. Select the page you wish to edit, make your changes, and click Edit to finish. To delete a page, click Manage Page from the toolbar. Select the page you wish to delete and click Delete. Click OK to finish.
69
Other Features
Other Features
See the following sections:

AutoHide, page 70 Page Selector, page 70 Component Height Resize, page 71 Manual Refresh, page 71 Removing or Deleting a Component, page 71 Minimizing or Maximizing a Component, page 71
AutoHide
AutoHide is a feature you customize by turning on or off. When AutoHide is turned on, the control bar will hide after an interval of two seconds when the mouse is moved away from the control bar. When AutoHide is turned off, the control bar always appears on the SonicToday dashboard. To turn AutoHide on, click the Off icon To turn AutoHide off, click the On icon .
Page Selector
Whenever the number of pages added to the SonicToday dashboard exceeds five, a page selector bar appears at the top of the main window with left and right arrows. The arrows can be used to scroll across different pages in both directions. By default, the selector is scrolled to a point where the default page appears on it. Any page can be selected by clicking on the page title.
70
Other Features
Component Height Resize

The height of a component can be increased and decreased by stretching or shrinking the resize cursor on the status bar when the mouse is moved over the status bar.
Manual Refresh
Aside from the automatic refresh, which you configure in the Editing a Component Window section on page 58, you can force a refresh on the component window by clicking the refresh icon on the component window header.
Removing or Deleting a Component

Any component window can be removed or deleted from the page by clicking the close icon on the component window header.
Minimizing or Maximizing a Component

Each component can be in minimized or maximized state. The components are loaded in the page with the state they were saved in the database. To minimize a component window, click the minimize icon component window header. To maximize a component window, click the maximize icon component window header. in the in the
71
Other Features
72
Part 1 Host and Appliance Settings
73
74
CHAPTER 5 UMH/UMA System Settings

This chapter describes how to configure the system settings that are available on the SonicWALL UMH/UMA system pages.
Note
The UMA appliance and the GMS application both provide a system settings interface, referred to as UMA for the appliance and UMH in GMS software deployments. In either scenario, the switch icon is used to toggle between application and system interfaces.
The UMH System > Status page is shown below:
75
The UMA System > Status page is shown below:
This chapter includes the following sections:

Status section on page 77 Licenses section on page 78 Time section on page 80 Administration section on page 81 Settings section on page 83 Diagnostics section on page 85 File Manager section on page 88 Backup/Restore section on page 90 RAID section on page 94 Restart section on page 95
76
Status
Status
This section describes the UMH/UMA System > Status page, used to view general status of the appliance hardware and licensed firmware. The UMH System > Status page is shown below:
The UMA System > Status page is shown below:
This page identifies the following specifications: Item Name Serial Number Version Usage Displays the user-friendly name of the system. Displays the system identification number. Displays current firmware version and date.
77
Licenses
Item License Role
Usage Displays the Global Management System or ViewPoint license status. Displays configuration set in the Deployment > Roles section of the user interface. Displays the system host name (for example, an FQDN such as mysystem.myhost.com) and IP address. Displays the current date and time, based on your localized time zone settings Displays the systems currently loaded operating system. Displays basic specifications (speed and number of cores) for the systems processor. Displays amount of random access memory (RAM) installed on the system. Displays type, status, and size of the currently installed RAID array.
Host Name / IP
Current Time Operating System CPU RAM RAID Array (UMA only)
Available Disk Space Displays free space and total space, in gigabytes.
Licenses
This section describes the UMH/UMA System > Licenses page, used to view and manage GMS and ViewPoint licenses. The UMH System > Licenses page is shown below:
78
Licenses
The UMA System > Licenses page is shown below:
This page identifies the following specifications: Item Security Service Support Service Usage The current license type based on product registration and serial number. The available SonicWALL support types based on product registration and serial number. For the UMA, the Hardware Warranty is also listed here. License status. If unlicensed, you must purchase a license or register your product or appliance. Number of valid licenses. Expiration date of your current license.
Status
Count Expiration
In addition, you may also use the buttons on this screen to:
Manage Licenses through your MySonicWALL.com account Refresh Licenses by connecting with the SonicWALL licensing server Upload Licenses if no external network connection is available
79
Time
Time
This section describes the UMA appliance System > Time page, used to view and manage the appliance date/time settings. This page is only available on the UMA appliance.
This page allows the administrator to set the following time and date settings:

Time in Hours/Minutes/Seconds Date in Month / Day / Year Time Zone from standard international time zones or coordinated universal time (UTC) for deployments spanning multiple time zones. The Set time automatically using NTP checkbox may be selected for auto-updated time using standard time servers. Selecting this option causes the system to automatically adjust for daylight savings time in time zones that recognize DST.
80
Administration
Administration
This section describes the UMH/UMA System > Administration page, used to manage basic administrative settings. The UMH System > Administration page is shown below:
The UMA System > Administration page is shown below:
81
Administration
This page provides the following functions: Item Host Settings Inactivity Timeout Number of minutes before an administrator is forcefully logged out of the user interface. Entering a value of -1 allows the account to remain logged in until the appliance is power cycled. Ensure that your console is in a secure location as this setting can expose your system to potential physical security issues. The default value is 10 minutes. Usage
Enhanced Security Access (ESA) Enforce Password Security Check this box to enforce the password security settings in the following boxes. Number of failed login attempts before user can be locked out User lockout minutes Number of tries a user has to enter the correct password before being locked out of the system for a specified time. Default is 6. Time specified for locking a user out after the user has failed to correctly log in the specified number of times. Default is 30 minutes. Number of days before a user is forced to change his or her password. Default is 90 days. Default administrator login name, admin. The current password for the admin account. The new password for the admin account. The new password for the admin account.
Number of days to force password change Administrator Password Administrator Name Current Password New Password Confirm Password
To change the administrator password, enter the Current Password in the appropriate field, and then enter a New Password and confirm that password. Click the Update button when you are finished making changes. Click Reset to return to default settings.
82
Settings
Settings
This section describes the UMH/UMA System > Settings page, used to manage manual software or firmware upgrades and, on the appliance, re-initialization of factory default settings. The UMH System > Settings page is shown below:
The UMA System > Settings page is shown below:
On the UMH, this page displays the current version of SonicWALL GMS running on the system, and provides a link to click for the history of upgrades on this system. This page also allows the administrator to:
Upload a SonicWALL GMS Service Pack or Hotfix by uploading a valid
software image from your local drive. After uploading the software, click Apply to reboot the system with the new version.
83
Settings
On the UMA, this page displays the current version of SonicWALL firmware running on the appliance, and provides a link to click for the history of upgrades on this system. This page also allows the administrator to:
Upgrade firmware by uploading a valid firmware image from your local
drive. SonicWALL approved service packs and hotfixes can also be installed through this screen. After uploading the firmware, click Apply to reboot the appliance with the new version.
Reinitialize the appliance to factory default settings by clicking the
Reinitialize button. This will remove any of your current settings on the appliance and re-image the UMA with factory default settings. This option is only available for the UMA appliance.
Note
Please be patient while the process is taking place. This process can take up to 15 minutes. Do NOT manually reset or cycle power to the device during this time.
84
Diagnostics
Diagnostics
This section describes the UMH/UMA System > Diagnostics page, used to set the log debug level, test connectivity to servers, and download system and log files. The UMH System > Diagnostics page is shown below:
85
Diagnostics
The UMA System > Diagnostics page is shown below:
This page provides the following diagnostic capabilities:
Debug Log Settings Set the System Debug Level by selecting a value from the drop-down list. Select 0 for no debug information in the logs, 1 or 2 for more debug information, and 3 for maximum debug information. Click Update to apply your changes, or click Reset to return to the default setting of 3. Test Connectivity Select one of the following options and then click Test to test connectivity:
Database Connectivity Test connectivity using the database
parameters configured on the Deployment > Roles page.

License Manager Connectivity Test connectivity with the host
name that you type into the License Manager Host field.
SMTP Server Connectivity Test connectivity using the SMTP
server displayed here. The SMTP server is configured on the Deployment > Settings page.
Download System/Log Files You can generate a TSR and view or search log files in this section:
For information about generating a TSR, see the Technical Support
Report section on page 87. 86

Diagnostics
For information about viewing and searching log files, see the Logs and Syslogs section on page 87.
Technical Support Report

The Tech Support Report generates a detailed report of the SonicWALL security appliance configuration and status, and saves it to the local hard disk using the Export Reports button. This file can then be e-mailed to SonicWALL Technical Support to help assist with a problem.
Tip
You must register your SonicWALL security appliance on mysonicwall.com to receive technical support.
Before e-mailing the Tech Support Report to the SonicWALL Technical Support team, complete a Tech Support Request Form at https://www.mysonicwall.com. After the form is submitted, a unique case number is returned. Include this case number in all correspondence, as it allows SonicWALL Technical Support to provide you with better service.
Logs and Syslogs

Both the Logs and Syslogs checkboxes and selection screens allow for the selection of one or more application or system logs. Within the log list, you can select multiple logs using the Ctrl key and search log titles using the Search Filter field. The Search Filter field accepts regular expressions, such as *Summarizer* for files with Summarizer in their name, or *.?r? for files with an extension that has r as the middle letter (for example, leak.wri and mysql.err). After entering a search filter value, click the right arrow next to the field to see the resulting file list. After you have selected the appropriate log files, click the Export Logs button. Log(s) are exported to a zip file in a location which you specify.
87
File Manager
File Manager
This section describes the UMA appliance System > File Manager page, used to view and manage system files for an UMA appliance. This page is only available on the UMA appliance.
The File Manager feature provides a way to view the file system and export, delete, add, or modify files without opening an SSH session to the appliance. You can select the folder to view from the Select Folder drop-down list. To search for certain file names, enter search parameters using regular expressions in the Search Filter field and then click the right arrow next to the field.
88
File Manager
This page allows the administrator to perform the following actions: Item Export Usage Exports the currently selected file. If the file size is larger than 5MB, the file is exported as a .zip file. Files exported should be less than 200MB. Single files can be exported by clicking the Export icon to the right of the file name. Deletes the currently selected file if correct permissions are available. Single files can be deleted by clicking the Delete icon to the right of the file name. Allows files to be added to, or overwritten in, the currently selected folder. This feature is only available for certain folders and files. Files can be uploaded by clicking the Upload icon (a plus sign) in the upper right corner of the screen.
Delete
Add/Edit (Upload)
Working with Multiple Files

Both Export and Delete actions are supported on multiple files.To perform these actions on multiple files:
1. 2.
Select checkboxes for multiple files, or click the Select All checkbox to choose all files. Click the Export or Delete buttons on the bottom of the screen to perform these actions on selected files.
Note
Multiple files are exported as a .zip file. Be aware that files larger than 200MB may take a large portion of your units bandwidth.
89
Backup/Restore
Backup/Restore
This section describes the UMA appliance System > Backup/Restore page, used to create or restore a snapshot of configurations and data on your UMA appliance. This page is only available on the UMA appliance.
This data export feature allows you to periodically offload backup data and archived reports from your UMA appliance to an offsite client. Web Services are used with this feature. See the Web Services chapter for more information about Web Services. See the Data Export Wizard section on page 91 for information about using the date export feature. To create a local snapshot, select one of the following backup options in the Manage Backups section and then click Download Snapshot:

Backup Configurations Only Backs up system configurations only. Backup Data Only Backs up system data only. Backup Both Configurations and Data Backs up system configurations and data.
To restore a backup, the snapshot is uploaded to your local storage and then used to restore data. In the Manage Restores section, click Browse to select the backup file in the Snapshot file field and then click Restore Snapshot.
90
Backup/Restore
Data Export Wizard

If you have a SonicWALL UMA appliance, you can download and run the Data Export Wizard. The wizard will help you configure a Java-based client and a corresponding script that you can use to schedule recurring, automatic backups. To download and use the wizard:
1. 2. 3.
Log in as admin to your UMA appliance and navigate to the System > Backup/Restore page. Click the HERE link under Manage Backups and select whether to run or save the auto_export.zip file. Click the Extract button, browse to the desired folder such as C:\Program Files, and select the Use folder names option to extract the files from the zip file into a sub-folder called auto_export. Open the README.txt file and read the instructions for using the wizard. On a Windows machine, double-click runWizard.bat to launch the wizard. On a Linux machine, execute runWizard.sh.
Note
4.
In the first release of SonicWALL GMS 6.0, if the runWizard.bat file seems to exit immediately, it may be because you chose a folder with spaces in the name. Edit the runWizard.bat file in a text editor and add quotes around the command.
5.
The Select a Task screen displays.
91
Backup/Restore
Select one of the following options and then click Next:

Create a new configuration script from scratch Edit an existing configuration script
The Select button appears. Click Select to open a dialog showing existing configuration files in the auto_export/configs directory. Click the desired file and then click Open.
6.
The GMS Instance Authentication screen displays.
7.
Enter the following information to allow SonicWALL GMS to communicate with Web Services on the UMA, and then click Next:
GMS Serial The serial number of the UMA system IP/Domain Either the domain name or the IP address of the UMA
system
HTTPS Port GMS Web Services always uses the HTTPS protocol
to provide the fundamental security mechanism. By default, the port number is 8443.
Username The GMS administrators username Password The GMS administrators password 8.
The wizard displays the available export Web services. Select the checkbox for each service that should be included in the configuration and then click Next.
92
Backup/Restore
For example, select the System Backup export service to include it in the export script to offload system backups from a UMA system.
9.
The wizard displays a configuration summary. After reviewing the summary, click Save to create the configuration file.
10. Type the file name into the Input dialog box, or accept the pre-populated
name if editing an existing configuration script. Click OK.
The wizard saves the file in the .../auto_export/configs directory with ".ec" as the file name extension.
11. Click Done to exit the wizard.
93
RAID
12. You can now set up a scheduled task (in Windows) or a cron job (in Linux)
to execute runTask.bat or runTask.sh to periodically download backup data from the UMA. The downloaded backup data is stored in the /auto_export/export directory. Windows command example:
C:\Program Files\auto_export\runTask.bat config_004010235FBE_archiv_report.ec
Linux command example:

/home/ac/auto_export\runTask.sh config_004010235FBE_archived_report.ec
Data is transferred from the UMA system to the target client that executes the export task whenever the schedule is triggered.
RAID
This section describes the UMA appliance System > RAID page, used to review RAID array drive status. This page is only available on the UMA appliance.
94
Restart
This page identifies the following specifications: Item RAID Settings Usage Displays the RAID manufacturer, model, serial number, driver, and firmware version. Do not use the serial number from this screen for MySonicWALL registration, it is not the same information as your UMA appliance. Displays array type, combined size (for all active drives) and status. This section also itemizes all installed drives in the array and their model, serial number, size (individual), and status.
Array
Restart
This section describes the UMA appliance System > Restart page, used to restart the appliance. This page is only available on the UMA appliance.
This page allows the administrator to restart the appliance, temporarily disconnecting users and stopping any services. If you made any changes to the settings, be sure to apply them before you restart.The process of restarting generally takes about 3 minutes.
95
Restart
96
CHAPTER 6 UMA Network Settings

This chapter describes how to configure the network settings that are available in the SonicWALL UMA appliance Network screens. This chapter includes the following sections:

Settings section on page 98 Routes section on page 99
97
Settings
Settings
This section describes the UMA appliance Network > Settings page, used to configure basic networking and host settings.
This page allows the administrator to configure the following settings: Item Host section: Name Domain Networking section: Host IP address Subnet mask Default gateway The static IP address for the eth0 interface of the appliance In the form of 255.255.255.0 The IP address of the network gateway this is the default gateway of your perimeter firewall or networking appliance, not the GMS Gateway. The IP address of the primary DNS server A descriptive name for this appliance In the form of sonicwall.com; this domain is not used for authentication Usage
DNS server 1
98
Routes
Item DNS server 2 DNS server 3
Usage (Optional) The IP address of the secondary DNS server (Optional) The IP address of the tertiary DNS server
To apply your changes to the above fields, click the Update button. To revert to default settings, click Reset. You can also configure suffixes and enable suffix searches on this page, to aid in host name resolution. If the UMA cannot resolve a host name to its IP address, it appends one suffix at a time to the host name in the order the suffixes are configured, and tries to resolve the host name with that suffix.
To enable suffix searches, select the Search Suffix checkbox. To add a suffix, click the Add button to open the Add/Edit Search Suffix dialog box. Type the desired suffix into the Search Suffix field and then click Add. You can click the Configure icon for the suffix to edit it, or click the delete icon to delete it.
Note
Adding, configuring, or deleting a suffix restarts the Web server on the UMA, and disconnects your browser login session.
Routes
This section describes the UMA appliance Network > Routes page, used to configure default or alternate network routes.
99
Routes
The default route is generally populated with the Default Gateway, specified in the Network > Settings page.
100
CHAPTER 7 UMH/UMA Deployment Settings

This chapter describes how to configure the settings that are available in the SonicWALL UMH/UMA Deployment pages.
Note
The UMA appliance and the GMS application both provide a system settings interface, referred to as UMA for the appliance and UMH in GMS software deployments. In either scenario, the switch icon is used to toggle between application and system interfaces.

Deployment Roles section on page 101 Deployment Settings section on page 114 Deployment Services section on page 117
Deployment Roles
The role that you assign to your SonicWALL GMS instance defines the SonicWALL Universal Management Suite services that it will provide. SonicWALL GMS uses these services to perform management, monitoring, and reporting tasks. Your SonicWALL GMS instance can be deployed in any of the following roles:

All In One Agent Console

101
Deployment Roles
Database Only Reports Summarizer Monitor Event Syslog Collector
In the UMH or UMA system management interface, clicking Details in the same row as a role provides a list of the services that run on a system in that role, and information about using the role. As the number of managed appliances increases, a more distributed deployment provides better performance. To manage large numbers of SonicWALL appliances, you can use several SonicWALL GMS appliances operating in different roles in a distributed deployment. You can also use Windows Server machines running SonicWALL GMS in any of the roles. You can include the MySQL database installation with any role. The All In One or Database Only roles automatically include the MySQL database. If you are configuring a role that includes a Console, such as the Console or All In One role, the system can be configured as a redundant Console. The Include Redundancy checkbox is used to configure the GMS deployment to have a redundant Console. You can scale your deployment to handle more units and more reporting by adding more systems in the Agent role. Agents provide built-in redundancy capability, meaning that if an Agent goes down, other Agents can perform the configuration tasks and other tasks of the Agent that went down.
Note
When configuring the role for the first appliance in a distributed deployment, you should either include the database or be prepared to provide the IP address of an existing database server.
You can meet this database objective in one of the following ways:

By selecting a role that includes the database automatically, such as All In One or Database Only By selecting the Include Database (MYSQL) checkbox if configuring the appliance with any other role By setting up a compatible database on another machine and providing that IP address when prompted
You can configure the role of the SonicWALL GMS appliance without using the Role Configuration Tool.
102
Deployment Roles
All role configuration is performed in the appliance management interface, available at the URL: http://<IP address>:<port>/appliance/ Refer to the following sections for instructions on manually configuring the system role:

Configuring the All In One Role section on page 103 Configuring the Database Only Role section on page 105 Configuring the Console Role section on page 105 Configuring the Agent Role section on page 107 Configuring the Reports Summarizer Role section on page 108 Configuring the Monitor Role section on page 109 Configuring the Event Role section on page 110 Configuring the Syslog Collector Role section on page 111
Configuring the All In One Role

All In One deployments are ideal for managing a small number of SonicWALL appliances or for test environments.
However, SonicWALL recommends that you use a multi-system, distributed deployment in production environments, with the database on a dedicated server and the other services on one or more systems. When only one other system is deployed, the Console role should be assigned to it. The All In One role provides all nine services utilized by SonicWALL GMS:

Syslog Collector Reports Scheduler Update Manager Reports Summarizer
103
Deployment Roles
SNMP Manager Scheduler Monitoring Manager Web Server Database
To deploy your SonicWALL GMS in the All In One role, perform the following steps in the appliance management interface:
1. 2.
Navigate to the Deployment > Role page. Under Host Role Configuration, select the All In One radio button. If this SonicWALL GMS will connect to managed appliances through a GMS gateway, type the gateway IP address into the GMS Gateway IP field. To determine if a GMS Gateway is required, see the SonicWALL Getting Started Guide for your product. If a GMS gateway will be used, type the password into both the GMS Gateway Password and Confirm GMS Gateway Password fields. If this SonicWALL GMS listens for syslog messages on a non-standard port, type the port number into the Syslog Server Port field. The default port is 514. If deploying another system in the Console role, select the Include Redundancy checkbox to configure this system as a redundant Console. Configure the database settings as described in the Configuring Database Settings section, on page 112. Select the Include Redundancy checkbox to configure this system as a redundant Console. Configure the Web port settings as described in the Configuring Web Port Settings section, on page 115. To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
3. 4.
5. 6. 7. 8. 9.
104
Deployment Roles
Configuring the Database Only Role

The Database Only role is used in a multi-server SonicWALL GMS deployment. In this role, the server is configured to run only the database service. SonicWALL recommends that one of the servers in a multi-server GMS deployment is assigned a Database Only role.
Only the SonicWALL Universal Management Suite Database service runs on a Database Only system. The MySQL database engine is pre-installed along with the SonicWALL GMS installation. SonicWALL GMS can also use a MySQL database or a Microsoft SQL Server database installed on a server. Only the MySQL database included in the installer is supported. On the Deployment > Role page in the SonicWALL GMS appliance management interface, you can configure your SonicWALL GMS systems to use either a MySQL or a SQL Server database. To deploy your SonicWALL GMS in the Database Only role, perform the steps described in the Configuring Database Settings section, on page 112.
Configuring the Console Role

The Console role is used in a multi-server, distributed SonicWALL GMS deployment. In this role, the SonicWALL GMS installation will run all SonicWALL Universal Management Suite services except for the Database service. In this scenario, the Database role is assigned to a separate appliance or server. In the Console role, the SonicWALL GMS behaves as an Agent, and also provides the following functions:
105
Deployment Roles
Provides Web user interface for the SonicWALL GMS application Emails Scheduled Reports Performs Event Management tasks Performs various periodic checks, such as checking for new appliances that can be managed, checking for new firmware versions of managed appliances, and similar functions
To deploy your SonicWALL GMS in the Console role, perform the following steps in the appliance management interface:
1.
Navigate to the Deployment > Role page. Under Host Role Configuration, select the Console radio button.
2.
If this SonicWALL GMS will connect to managed appliances through a GMS gateway, type the gateway IP address into the GMS Gateway IP field. To determine if a GMS Gateway is required, see the SonicWALL Getting Started Guide for your product. If a GMS gateway will be used, type the password into both the GMS Gateway Password and Confirm GMS Gateway Password fields. If this SonicWALL GMS listens for syslog messages on a non-standard port, type the port number into the Syslog Server Port field. The default port is 514. To use a MySQL or Microsoft SQL Server database on another system, do not select the Include Database (MYSQL) checkbox. To include the MySQL database on this system (not recommended), select this checkbox (for this configuration, select the All In One role instead of the Console role). If deploying another system in the Console or All In One role, select the Include Redundancy checkbox to configure this system as a redundant Console. Configure the database settings as described in the Configuring Database Settings section, on page 112.
3. 4.
5.
6.
7.
106
Deployment Roles
8. 9.
Configure the Web port settings as described in the Configuring Web Port Settings section, on page 115. To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
Configuring the Agent Role

The Agent role can be used in a distributed deployment of SonicWALL GMS. The primary functions of this role include the following:

Manages units by acquiring them, pushing configuration tasks to the units and tracking their up/down status Performs monitoring based on ICMP probes, TCP probes, and SNMP OID retrievals Collects and stores syslog messages Performs report summarization
The following SonicWALL Universal Management Suite services run on an Agent system:

Syslog Collector Reports Summarizer SNMP Manager Scheduler Monitoring Manager
To deploy your SonicWALL GMS in the Agent role, perform the following steps in the appliance management interface:
1.
Navigate to the Deployment > Role page. Under Host Role Configuration, select the Agent radio button.
107
Deployment Roles
2.
If this SonicWALL GMS will connect to managed appliances through a GMS gateway, type the gateway IP address into the GMS Gateway IP field. To determine if a GMS Gateway is required, see the SonicWALL Getting Started Guide for your product. If a GMS gateway will be used, type the password into both the GMS Gateway Password and Confirm GMS Gateway Password fields. If this SonicWALL GMS listens for syslog messages on a non-standard port, type the port number into the Syslog Server Port field. The default port is 514. To include the MySQL database on this system, select the Include Database (MYSQL) checkbox. To use a MySQL or Microsoft SQL Server database on another system, do not select this checkbox. Configure the database settings as described in the Configuring Database Settings section, on page 112. Configure the Web port settings as described in the Configuring Web Port Settings section, on page 115. To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
3. 4.
5.
6. 7. 8.
Configuring the Reports Summarizer Role

The Reports Summarizer role is used to dedicate a server for performing only summarization of reports in a multi-server GMS deployment. Syslogs collected by the Syslog Collector service are consumed by the Reports Summarizer service to create generate reports. In such a deployment, it is essential that the Syslog Collectors running on various GMS Servers write syslogs to folders that are accessible by Reports Summarizer systems. The following services run on a Summarizer system:

SonicWALL Universal Management Suite - Reports Summarizer SonicWALL Universal Management Suite - Web Service Server
108
Deployment Roles
To deploy your SonicWALL GMS in the Reports Summarizer role, perform the following steps in the appliance management interface:
1.
Navigate to the Deployment > Role page. Under Host Role Configuration, select the Reports Summarizer radio button.
2.
To include the MySQL database on this system, select the Include Database (MYSQL) checkbox. To use a MySQL or Microsoft SQL Server database on another system, do not select this checkbox. Configure the database settings as described in the Configuring Database Settings section, on page 112. Configure the Web port settings as described in the Configuring Web Port Settings section, on page 115. To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
3. 4. 5.
Configuring the Monitor Role

The Monitor role is used to dedicate the SonicWALL GMS installation to monitoring appliances and applications in a multi-server SonicWALL GMS deployment. The monitoring is based on ICMP probes, TCP probes, and SNMP OID retrievals. Only the SonicWALL Universal Management Suite Monitoring Manager service runs on a Monitor system.
109
Deployment Roles
To deploy your SonicWALL GMS in the Monitor role, perform the following steps in the appliance management interface:
1.
Navigate to the Deployment > Role page. Under Host Role Configuration, select the Monitor radio button.
2.
3. 4. 5.
Configuring the Event Role

The Event, or Event Management, role of a GMS Server is used to dedicate a server for performing only event based alerting of appliances and applications in a multi-server SonicWALL GMS deployment. The following services run on an Event Management system:

SonicWALL Universal Management Suite - Event Manager SonicWALL Universal Management Suite - Web Service Server
110
Deployment Roles
To deploy your SonicWALL GMS in the Event role, perform the following steps in the appliance management interface:
1.
Navigate to the Deployment > Role page. Under Host Role Configuration, select the Event radio button.
2.
3. 4. 5.
Configuring the Syslog Collector Role

The Syslog Collector role can be assigned to a SonicWALL GMS installation in a multi-server deployment of SonicWALL GMS. In this role, the SonicWALL GMS installation is dedicated to collecting syslog messages on the configured port (by default, port 514). The syslog messages are stored in the SonicWALL GMS file system. The syslog messages are used by the Reports Summarizer service running on another SonicWALL GMS server or SonicWALL GMS in the distributed deployment. The folder where the Syslog Collector service stores the syslog messages must be accessible by the server running the Reports Summarizer service. Only the SonicWALL Universal Management Suite Syslog Collector service runs on a Syslog Collector system.
111
Deployment Roles
To deploy your SonicWALL GMS in the Syslog Collector role, perform the following steps in the appliance management interface:
1.
Navigate to the Deployment > Role page. Under Host Role Configuration, select the Syslog Collector radio button.
2.
If this SonicWALL GMS listens for syslog messages on a non-standard port, type the port number into the Syslog Server Port field. The default port is 514. To include the MySQL database on this system, select the Include Database (MYSQL) checkbox. To use a MySQL or Microsoft SQL Server database on another system, do not select this checkbox. Configure the database settings as described in the Configuring Database Settings section, on page 112. Configure the Web port settings as described in the Configuring Web Port Settings section, on page 115. To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
3.
4. 5. 6.
Configuring Database Settings

Database settings configuration is largely the same for any role when you choose to include the database on that appliance. For roles that automatically include the default MySQL database, such as All In One or Database Only, the Database Type, Database Host, and Database Port fields are not editable. This is also the case for any role when the Include Database (MYSQL) checkbox is selected. The Administrator Credentials fields are displayed only if the role has been defined to include the installation of the MySQL database. These are not available when a SQL Server database is selected. This section describes the options for configuring the database settings for either the MySQL database or the Microsoft SQL Server database. The SonicWALL GMS can run the MySQL database, but SonicWALL GMS can also use either a MySQL or a SQL Server database running on a Windows Server machine in a multi-system deployment.
112
Deployment Roles
To configure the database settings for any role, perform the following steps in the appliance management interface:
1. 2.
Navigate to the Deployment > Role page and select the role for this appliance. To run the MySQL database on this SonicWALL GMS, select the Include Database (MYSQL) checkbox. To use a MySQL or Microsoft SQL Server database on another system, do not select this checkbox. Under Database Configuration, if Include Database (MYSQL) was not selected in the previous step, select either MYSQL or SQL Server from the Database Type drop-down list. This field is not editable if you previously selected Include Database (MYSQL) or if the selected role is All In One or Database Only.
3.
4.
In the Database Host field, type in the IP address of the database server or accept the default, localhost, if this SonicWALL GMS includes the database. This field is not editable if you previously selected Include Database (MYSQL) or if the selected role is All In One or Database Only. If your deployment requires an instance name for the SQL server database, when completing the Database Host field, enter the Host or IP address, followed by a back slash and the instance name. The format should look as follows: 10.20.30.40\INSTANCE. To use a different port when SonicWALL GMS accesses the database, type the port into the Database Port field. The default port is 3306. To use a different user name when SonicWALL GMS accesses the database, type the user name into the Database User field. The default user name is sa.
Note
5. 6.
113
Deployment Settings
7.
Type the password that SonicWALL GMS will use to access the database into both the Database Password and Confirm Database Password fields. If your deployment uses a custom database driver, type the value into the Database Driver field. Otherwise, accept the default, com.mysql.jdbc.Driver. If your deployment uses a custom database URL, type the value into the Database URL field. If you are using a different port, change the default port, 3306, in the URL. Otherwise, accept the default URL, jdbc:mysql://localhost:3306.
8.
9.
Deployment Settings
This section describes the UMH/UMA Deployment > Settings page, used for Web port, SMTP, and SSL access configuration. The Deployment > Settings page is identical in both the UMH and UMA management interfaces, except for the left navigation pane which shows the Network menu item on the UMA.
114
Deployment Settings

Configuring Web Port Settings section on page 115 Configuring SMTP Settings section on page 115 Configuring SSL Access section on page 116
Configuring Web Port Settings

Web port settings configuration is largely the same on any role:
1.
On the Deployment > Settings page under Web Port Configuration, to use a different port for HTTP access to the SonicWALL GMS, type the port number into the HTTP Port field. The default port is 80. If you enter another port in this field, the port number must be specified when accessing the appliance management interface or SonicWALL GMS management interface. For example, if port 8080 is entered here, the appliance management interface would be accessed with the URL: http://<IP Address>:8080/appliance/.
2.
To use a different port for HTTPS access to the SonicWALL GMS, type the port number into the HTTPS Port field. The default port is 443. If you enter another port in this field, the port number must be specified when accessing the appliance management interface or SonicWALL GMS management interface. For example, if port 4430 is entered here, the appliance management interface would be accessed with the URL: https://<IP Address>:4430/appliance/.
Configuring SMTP Settings

The SMTP Configuration section allows you to configure an SMTP server name or IP address, a sender email address, and an administrator email address. You can test connectivity to the configured server. To configure SMTP settings:
1. 2. 3.
Navigate to the Deployment > Settings page under the SMTP Configuration section. Type the FQDN or IP address of the SMTP server into the SMTP server field. Type the email address from which mail will be sent into the Sender address field.
115
Deployment Settings
4. 5. 6.
Type the email address of the system administrator into the Administrator address field. To test connectivity to the SMTP server, click Test Connectivity. To apply your changes, click Update.
Configuring SSL Access

The SSL Access Configuration section allows you to configure and upload a custom Keystore/Certificate file for SSL access to the GMS appliance, or select the default local keystore. To configure SSL access:
1.
Navigate to the Deployment > Settings page under SSL Access Configuration section.
2.
Select the Default radio button to keep, or revert to, the default settings, where the default GMS Web Server certificate with 'gmsvpserverks' keystore is used. Select the Custom radio button to upload a custom keystore certificate for GMS SSL access. In the Keystore/Certificate file field, click the Browse button to select your certificate file.
3. 4.
Note 5. 6. 7.
Your custom file is renamed to gmsvpservercustomks after upload. Type the password for the keystore certificate into the Keystore/Certificate password field. Click the View button to display details about your keystore certificate. Click the Update button to submit your changes.
116
Deployment Services
Deployment Services
This section describes the UMH/UMA Deployment > Services page, used for starting and stopping the GMS services running on the system. The Deployment > Services page is identical in both the UMH and UMA management interfaces, except for the left navigation pane which shows the Network menu item on the UMA. Details are available for the current role, and the status of each service is displayed on the page The page is shown below for the All In One role, which includes all services.
To start, stop, or restart one or more services:

1. 2. 3. 4. 5.
Navigate to the Deployment > Services page. Select the checkbox next to Service Name to select all services, or select one or more checkboxes for individual services. To disable or stop the selected services, click the Disable/Stop button. To enable or start the selected services, click the Enable/Start button. To restart the selected services, click the Restart button.
117
Deployment Services
118
Part 2 Policies
119
120
CHAPTER 9 Configuring SonicOS System Settings

This chapter describes how to use SonicWALL GMS to configure general System Policy settings on managed SonicWALL appliances. The following sections describe how to configure the system settings:
StatusProvides a comprehensive collection of information to help you manage your SonicWALL security appliances and SonicWALL Security Services licenses. It includes GMS status information on Firewall, Management, Subscription, and Firewall Models. See Viewing System Status on page 122. TimeDescribes how to change the time and time options for one or more SonicWALL appliances. See Configuring Time Settings on page 125. Licensed Nodes (Unit-level view only)Provides a Node License Status table listing the number of nodes your SonicWALL security appliance is licensed to have connected at any one time, how many nodes are currently connected, and how many nodes you have in your Node license Exclusion List. See Viewing Licensed Node Status on page 127. AdministratorDescribes how to change the administrator and password options for one or more SonicWALL appliances. See Configuring Administrator Settings on page 129. ToolsProvides a set of common system configuration tasks for restarting an appliance, requesting diagnostic information, inheriting settings, system synchronization, and synchronizing the appliance to mysonicwall.com. Also includes options to generate a Tech Support Report (TSR) and the ability to email the TSR. See Using Configuration Tools on page 131. InfoDescribes how to change contact information for one or more SonicWALL appliances. See Configuring Contact Information on page 139.
121
Viewing System Status
SettingsDescribes how to backup and save SonicWALL appliance settings as well as restore them from preferences files. See Configuring System Settings on page 139. SchedulesDescribes how to create and configure schedule groups, which are used to apply firewall rules for specify days and hours of the week. See Configuring Schedules on page 141. ManagementDescribes how to edit the remote management settings on SonicWALL security appliances for management by GMS or VPN client. See Editing Management Settings on page 143. SNMPDescribes how to configure Simple Network Management Protocol. See Configuring SNMP on page 145. Certificates (Unit-level view only)Describes how to configure both third-party Certificate Authority (CA) certificates and local certificates. See Configuring Certificates on page 146.

The System Status page provides a comprehensive collection of information to help you manage your SonicWALL security appliances and SonicWALL Security Services licenses. In the global view mode, it provides a summary of all of the devices that are managed by the SonicWALL GMS, including the number of appliances, whether the appliances are up or down, and the number of security services subscriptions.
122
To view a summary of all devices managed by the GMS, click the Change View icon at the top left and select GlobalView. Expand the System tree in the middle panel, and click on Status. The Status page displays.
At the individual appliance level, the Status page provides more details such as the serial number, firmware version, and information on management, reporting, and security service subscriptions.
123
To view a summary of the status of an individual appliance, select the appliance in the left pane, and then click System > Status in the navigation pane. The Status page displays.
If tasks are pending for the selected unit, GMS provides a hyperlink that takes the user to the Tasks Screen for that unit. Also in System > Status, GMS displays the Last Log Entry for the unit with a hyperlink that takes the user to the unit Logs screen. The links are only provided if the user actually has permissions to access those screens on the Console panel. In the Subscription section header, GMS provides a click here link that displays your current subscription details on the Register/Upgrades > Search screen. The search parameters are pre-populated for retrieving the subscription services that are currently active on the appliance(s) and the search is executed and the results are sorted by Expiry Date for your convenience. This page provides a PDF icon that you can click to get a PDF file containing the same content as the Web page.
124
Configuring Time Settings
At the bottom of the status screen, GMS provides a way to retrieve dynamic information about the selected appliance, and also provides a link to the GMS Getting Started Guide.
You can click the Fetch Information link to view the following dynamic information:

Firewall UpTime since Last Reboot Last Modified Time and the user who last modified the appliance Modem speed and active profile used (only for dial-up appliances)
You can retrieved this information by clicking the Fetch Information button at the global, group, or unit level. The actual results, however, are displayed only at the unit level.
To view the SonicWALL GMS Getting Started Guide, click the Open Getting Started Instructions In New Window button.

The SonicWALL Global Management System (SonicWALL GMS) user interface (UI) is similar to the standard SonicWALL appliance UI. However, SonicWALL GMS offers the ability to push configuration settings to a single
125
SonicWALL appliance, a group of SonicWALL appliances, or all SonicWALL appliances being managed by the SonicWALL GMS. To change time settings on one or more SonicWALL appliances, perform the following steps:
1.
Expand the System tree and click Time. The Time page displays.
2. 3.
Select the Time Zone of the appliance(s) from the Time Zone field. To configure the SonicWALL(s) to automatically adjust their clocks for Daylight Savings Time, select the Automatically Adjust Clock for Daylight Savings Changes check box. To configure the SonicWALL(s) to use Universal Time Coordinated (UTC) or Greenwich Mean Time (GMT) instead of local time, select the Display UTC in Logs Instead of Local Time check box. To configure the SonicWALL(s) to display the time in the international time format, select the Display Time in International Format check box. Select from the following:
To manually configure the time and date, make sure the Use NTP to
4.
5. 6.
set time automatically check box is deselected. The SonicWALL appliance(s) will automatically use the time settings of the SonicWALL GMS agent.
To configure the SonicWALL(s) to automatically set the local time
using Network Time Protocol (NTP), select the Use NTP to set time automatically check box.
7.
When you are finished, click Update. A task gets scheduled to apply the new settings for each selected appliance.
126
Viewing Licensed Node Status
8.
If you don't want to use the SonicWALL appliance's internal NTP list, you can add your own NTP list. To add an NTP server, enter the IP address of an NTP server in the Add NTP Server field. A task gets scheduled to add the NTP server to each selected SonicWALL appliance.
Note
To add additional NTP servers, click Add and enter another NTP server.
9.
To clear all screen settings and start over, click Reset. If you are not using NTP for the appliance, then GMS configures the time of the appliance to be identical to the time of the GMS Agent pushing the configuration to the appliance (after adjusting for any time zone differences).
Note

A node is a computer or other device connected to your LAN with an IP address. If your SonicWALL security appliance is licensed for unlimited nodes, the Licensed Nodes section displays the message: The SonicWALL is licensed for unlimited Nodes/Users. No other settings are displayed. If your SonicWALL security appliance is not licensed for unlimited nodes, the Node License Status table lists how many nodes your security appliance is licensed to have connected at any one time, how many nodes are currently connected, and how many nodes you have in your Node License Exclusion List. To view licensed node information, perform the following steps:
1.
Expand the System tree and click on Licensed Nodes. The Licensed Nodes page displays.
127
2.
To update the licensed node information, click on Request Licensed Node Information from the appliance. The Currently Licensed Nodes table lists details on each node connected to your security appliance. Above the table, GMS displays how many nodes the appliance is licensed for.
When you exclude a node, you block it from connecting to your network through the security appliance. Excluding a node creates an address object for that IP address and assigns it to the Node License Exclusion List address group. To exclude a node that is currently licensed, perform the following steps:
1.
Click the configure icon in the Exclude column of the Currently Licensed Nodes table. Then click Ok on the warning message that displays. To exclude a node that is not currently licensed, click on Add New Node For Exclusion. The Add License Exclusion Node window displays.
2.
3. 4. 5.
Enter the IP address of the node in the Node IP Address field. Optionally, you can enter a comment about the node in the Comment field. Click Update.
In SonicOS Enhanced, you can manage the License Exclusion List group and address objects in the Network > Address Objects page of the management interface. On the Address Objects page, scroll down to the Node License Exclusion List row and click the configure icon. See Configuring Address Objects on page 184 for instructions on managing address objects.
128
Configuring Administrator Settings

The Administrator page configures administrator settings for the SonicWALL appliance. These settings affect both SonicWALL GMS and other administrators. To change administrator settings on one or more SonicWALL appliances, perform the following steps:
1.
Expand the System tree and click Administrator. The Administrator page displays.
2. 3. 4.
Enter the login name for the administrator in the Administrator Login Name field. Specify the maximum number of days after which the a password expires and must be updated in the Password must be changed every (days) field. Specify the number of previous passwords that are remembered and that a new password cannot match in the Bar repeated passwords for this many changes field. Specify the minimum password length in the Enforce a minimum password length of field. Select the level of password complexity from the Enforce Password Complexity drop-down list. You can select one of the following:
None Require both alphanumeric and numeric characters Require alphabetic, numeric and symbolic characters
5. 6.
129
7. 8. 9.
Select the Administrators checkbox to apply these password constraints only to full and read-only administrators. Select the Other full administrators checkbox to apply these password constraints to all administrators with local passwords. Select the Limited administrators checkbox to apply these password constraints to all local users with limited administrator privileges. constraints only to non-administrator users.
10. Select the Other local users checkbox to apply these password 11. Specify how long the SonicWALL appliance(s) wait (in minutes) before
logging out inactive administrators in the Log out the Administrator after inactivity of field. Enable user lockout on login failure check box. Then, specify the number of login failure attempts that must occur before the user is locked out in the Failed login attempts per minute before lockout field and how long the user will be locked out in the Lockout Period field. following actions to take when an administrator is preempted by another:
Drop to non-config mode - move the preempted administrator to
12. To lockout the SonicWALL appliance after user login failure, select the
13. For On preemption by another administrator:, select one of the
non-configuration mode
Log out - log out the preempted administrator. 14. Select from the following options to change the SonicWALL appliance
password(s):
If you are configuring a SonicWALL appliance at the unit level, enter
and reenter the new SonicWALL password. Then, enter the SonicWALL GMS password and click Change Password. The password is changed.
If you are configuring a SonicWALL appliance at the group or global
level, enter the SonicWALL GMS password and click Change Password. Each SonicWALL appliance will receive a unique randomly generated password. This unique password is encrypted and recorded in the SonicWALL GMS database. At the non-unit level, passwords can be configured in two ways:
GMS can assign random passwords to the appliances
(recommended for security purposes).

The user can specify a specific password which will be assigned to
all the appliances in the node (not recommended).
130
Using Configuration Tools
To have GMS assign random passwords, leave the New SonicWALL Password and Confirm New SonicWALL Passwords fields empty.
Note
The unique encrypted password is also written into a file in <gms_directory>/etc/. The filename format is Prefs<serialnumber>.pwd; each file contains the old and the new password for the SonicWALL appliance. The file gets overwritten every time the password for the SonicWALL appliance is changed. The encryption is base64.
15. When you are finished, click Update. A task gets spooled and once it is
executed successfully, the settings are updated for the selected SonicWALL appliances.
16. To clear all screen settings and start over, click Reset.

This chapter describes how to use SonicWALL tools to restart SonicWALL appliances, request diagnostics, inherit settings from the group, and more. The following sections describe the options available in the GMS tools menu:

Restarting SonicWALL Appliances on page 132 Requesting Diagnostics for SonicWALL on page 132 Inheriting Settings on page 133 Clearing the ARP Cache on page 136 Synchronizing Appliances on page 136 Synchronizing with mysonicwall.com on page 137 Manually Uploading Signature Updates on page 137 Generating Tech Support Reports on page 138
131
Restarting SonicWALL Appliances

Some SonicWALL GMS changes require the SonicWALL appliance(s) to automatically be restarted after changes are applied. However, there may be instances when you want to restart the SonicWALL appliance(s) manually. To restart one or more SonicWALL appliances, perform the following steps:
1.
Expand the System tree and click Tools. The Tools page displays.
2.
To restart the selected SonicWALL appliance(s), click Restart SonicWALL.
Note
We recommend restarting the SonicWALL appliance(s) when network activity is low.
Requesting Diagnostics for SonicWALL

To request diagnostics for SonicWALL appliances, perform the following steps:
1. 2.
Expand the System tree and click Tools. The Tools page displays. To request diagnostics for the selected SonicWALL appliance(s), click Request Diagnostics. SonicWALL GMS schedules a task to request diagnostics for the selected SonicWALL appliances.
132
3. 4. 5.
To view the diagnostics, navigate to Diagnostics > Snapshot Status on the Console panel. In the Diagnostics Requested drop-down list, select the diagnostics that you want to review. Click View SnapShot Data.
Inheriting Settings
On the Policies panel, in the System > Tools screen, you can apply inheritance filters at a global, group, or appliance level. You can select an existing inheritance filter and customize which of its rules are actually inherited. You can do this on the fly, without the need to create an entirely separate filter. For more information on inheritance, see Configuring Inheritance Filters on page 569. To apply the inheritance filters, perform the following steps:
1.
2.
Select the appropriate radio button for either forward or reverse inheritance. Use the Filter drop down menu to select the desired filter to apply. Click the Preview button to proceed to the Preview of Inheritance Settings window.
133
Note
When configuring forward inheritance at the group level, all selected settings are pushed to all units in the group.
3.
Review the settings to be inherited. Users may continue with all of the default screens selected for inheritance or select only specific screens for inheritance by checking boxes next to the desired settings.
Note
The Preview panel footer states, All referring objects should also be selected as part of the settings picked, to avoid any dependency errors while inheriting. If the user deselects dependent screen data, the settings will not inherit properly. If the user is attempting forward inheritance, they may click Update to proceed. If the user is attempting to reverse inherit settings, an additional selection must be made at the bottom of the Preview panel. The user must select either to update the chosen settings to only the target parent node,
4.
134
or to update the target parent node along with all unit nodes under it. Once the user makes this selection, they may click Update to proceed, or Reset to edit previous selections.
5.
If the user selects to update the target parent node and all unit nodes, a Modify Task Description and Schedule panel opens in place of the Preview panel. (This panel will not appear if the user selects Update only target parent node). If the Modify Task Description and Schedule panel opens, the user can edit the task description in the Description field. They may also adjust the schedule for inheritance, or continue with the default scheduling. If the user chooses to edit the timing by clicking on the arrow next to Schedule, a calendar expands allowing the user to click on a radio button for Immediate execution, or to select an alternate day and time for inheritance to occur. Once the user has completed any edits, they select either Accept or Cancel to execute or cancel the scheduled inheritance, respectively.
6.
Once the inheritance operation begins, a progress bar appears, along with text stating the operation may take a few minutes, depending on the volume of data to be inherited. Once the inheritance operation is complete, the desired settings from the unit or group node should now be updated and reflected in the parent nodes settings, as well as in the settings of all other units, if selected.
135
Note
For the Access/Services and Access/Rules pages, by default, inheriting group settings overwrites the values at the unit level with the group values. If you wish for SonicWALL GMS to append the group settings to the values at the unit level, you need to enable the Append Group Settings option on the General/GMS Settings page on the Console Panel.
For more information on inheritance, see Managing Inheritance in GMS on page 569.
Clearing the ARP Cache

SonicWALL appliances store information about all devices with which they have communicated. To clear the ARP Cache for one or more SonicWALL appliances, perform the following steps:
1. 2.
Expand the System tree and click Tools. The Tools page displays. Click Clear ARP Cache.
Synchronizing Appliances
If a change is made to the SonicWALL appliance through any means other than through GMS, SonicWALL GMS will be notified of the change through the syslog data stream. You can configure an alert through the Granular Event Management framework to send email notification when a local administrator makes changes to a SonicWALL appliance through the local user interface rather than through GMS. After the syslog notification is received, SonicWALL GMS will schedule a task to synchronize its database with the local change. After the task successfully executes, the current configuration (prefs) file is read from the SonicWALL appliance and loaded into the database. Auto-synchronization automatically occurs whenever SonicWALL GMS receives a local change notification status syslog message from a SonicWALL appliance. You can also force an auto-synchronization at any time for a SonicWALL appliance or a group of SonicWALL appliances. To do this, perform the following steps:
1.
136
2.
To synchronize the selected SonicWALL appliance(s), click Synchronize Now. SonicWALL GMS schedules a task to synchronize the selected SonicWALL appliances.
Note
The auto-synchronization feature can be disabled on the Console/Management Settings screen and by unchecking the Enable Auto Synchronization checkbox.
Synchronizing with mysonicwall.com

SonicWALL appliances check their licenses/subscriptions with mysonicwall.com once very 24 hours. Using the Synchronize with mysonicwall.com Now button, a user can have an appliance synchronize this information with mysonicwall.com without waiting for the 24-hour schedule. To force the SonicWALL to synchronize with mysonicwall.com now, perform the following steps:
1. 2.
Expand the System tree and click Tools. The Tools page displays. To synchronize the selected SonicWALL appliance(s), click Synchronize with mysonicwall.com Now. SonicWALL GMS schedules a task to synchronize the selected SonicWALL appliances license information into GMS.
Manually Uploading Signature Updates

For SonicWALL appliances that do not have direct access to the Internet (for example, appliances in high-security environments) you can manually upload updates to security service signatures. To instruct GMS to download updates to security service signatures, perform the following steps:
1. 2.
Click on the Console tab, expand the Management tree, and click on GMS Settings. Select the check boxes for the Firewalls managed by this GMS do not have Internet Access and Upload latest signatures on subscription status change settings. See Settings on page 941 for more information. Click on the Policies tab, expand the System tree, and click Tools. When there are updates signatures to upload, the Upload Signatures Now button is displayed. Click this button to manually upload the signatures.
3. 4.
137
Note
The Upload Signatures Now button is displayed only when the GMS has downloaded updated signature files that are ready to be uploaded.
Generating Tech Support Reports

To generate a Tech Support Report that is emailed to the administrator email address perform the following steps:
1. 2.
Expand the System tree and click Tools. The Tools page displays. Select any of the following four report options:
VPN KeysSaves shared secrets, encryption, and authentication
keys to the report.

ARP CacheSaves a table relating IP addresses to the
corresponding MAC or physical addresses.

DHCP BindingsSaves entries from the SonicWALL security
appliance DHCP server.

IKE InfoSaves current information about active IKE configurations. 3.
Click Email TechSupport Report. The requested reports are emailed to the administrator email address.
138
Configuring Contact Information
Configuring Contact Information

The System > Info page contains contact information for the SonicWALL appliance. These settings are for informational purposes only and do not affect the operation of SonicWALL appliances. To change informational settings on one or more SonicWALL appliances, perform the following steps:
1.
Expand the System tree and click Info. The Info page displays.
2. 3.
Enter contact information for the SonicWALL appliance(s). When you are finished, click Update. A task gets spooled and once it is executed successfully, the information is updated for the selected SonicWALL appliances. To reset all screen settings and start over, click Reset.
4.
Configuring System Settings

SonicWALL GMS enables you to save SonicWALL appliance settings to the SonicWALL GMS database which can be used for restoration purposes. GMS can automatically take back ups of the appliance configuration files at regular schedules and store them in the database. The schedule is configured in the Console > Management > GMS Settings screen Automatically save... Here you can specify that a back up should never be taken or back ups should be taken on a daily or weekly schedule. If the schedules are set for daily or weekly, then the back ups are performed for all appliances for which the Enable Prefs File Backup checkbox is selected in this screen.
139
Configuring System Settings
To purge older back ups, you can specify how many of the latest prefs files should be stored in the database. The listbox here displays all the Prefs files backed up, along with the firmware version. In addition to automatic back ups, you can manually force a Prefs back up by selecting the Store settings... buttons. To save or apply SonicWALL appliance settings, perform the following steps:
1.
Expand the System tree and click Settings. The Settings page displays.
2.
To save the settings of a SonicWALL appliance to the SonicWALL GMS database, enter a name for the settings in the Name field and click Store settings read from unit. Then, if you want to save these settings to a local file, click Save the settings to a local file. You can save multiple version of settings for each SonicWALL appliance to the SonicWALL GMS database and to different local files. To apply settings to the SonicWALL appliance directly from SonicWALL GMS database, select the saved settings and click Restore the settings to the unit. The Restore the settings to the unit option is available only at the unit level, and not at the group and global levels. This option previously was available at the group and global levels. GMS now does not display the option at both the group and global levels to minimize risk of you writing a non-compatible prefs file to an incorrect firmware version running on a SonicWALL appliance.
3.
Note
140
Configuring Schedules
4.
To store an external Prefs file into the database, enter the path to the file and click Store settings from local file. The Store settings from local file button is used to store the prefs file from the local hard disk into the GMS database so that it displays in the list box of the Settings page. Once stored in the database (when it will display in the list box), you can then click the Restore the settings to the unit button. To automatically backup the preferences for the selected SonicWALL appliance, select the Enable Prefs File Backup check box and click Update. The backed up prefs file contains the configuration settings and the firmware version of the security appliance you are backing up. Go to the Console > Management > GMS Settings page and update the values in the Automatically save prefs file section. This enables you to specify when and how frequently GMS backs up the prefs files. If you want to automatically purge older backups, select the number of newer backup files you want to keep in the Number of newest Prefs Files to be preserved field. Enter 0 to prevent purging of older backups. Set the value in the Missed Reports Threshold field to the number of heartbeat messages GMS can miss before considering the unit to be down. GMS relies on special syslogs called heartbeat messages to determine if an appliance is up and running. By default, if GMS does not receive three successive heartbeat messages, it makes the appliance as down. You can customize this threshold to any number. If you set the value to 0, then GMS will not mark this node as down.
5.
Note
6.
7.
8.
9.
To delete settings from the SonicWALL GMS database, select the saved settings and click Delete the settings.
You can configure schedule groups on the Policies panel, in System > Schedules. Schedule Groups are groups of schedules to which you can apply firewall rules. For example, you might want to block access to auction sites during business hours, but allow employees to access the sites after hours. You can apply rules to specific schedule times or all schedules within a Schedule Group. For example, you might create an Engineering Work Hours group that runs from 11:00 AM to 9:00 PM, Monday through Friday and 12:00
141
PM to 5:00 PM, Saturday and Sunday. Once configured, you can apply specific firewall rules to the entire Engineering Work Hours Schedule Group or only to the weekday schedule. To create a Schedule Group, perform the following steps:
1.
Expand the System tree and click Schedules. The Schedules page displays.
2.
To add a Schedule Group, click Add Schedule Group.
3. 4.
Enter the name of the Schedule Group in the Name field. In the Schedule Type section, select if the schedule will occur Once, Recurring, or Mixed. The one-time and mixed schedule types are only available for systems running SonicOS Enhanced 5.5 and above. For a schedule that occurs only once, select the year, month, date, hour, and minutes for the Start and End fields.
Note
5.
142
Editing Management Settings
6. 7. 8. 9.
For recurring schedules, select the check boxes for each day the schedule will apply. Enter the start time for the recurring schedule in the Start Time field. Make sure to use the 24-hour format. Enter the end time for the recurring schedule in the Stop Time field. Make sure to use the 24-hour format. Click Add.
10. Repeat Step 4. through Step 9. for each schedule to add. 11. To delete a schedule, select the schedule and click Delete. 12. Click OK. The Schedule Group is added and configured. 13. To edit a Schedule Group, click its Edit icon (
). The Edit Schedule Group dialog box displays. Edit the Schedule Group details and click OK.

To edit the remote management settings for a SonicWALL security appliance, perform the following steps:
1.
Expand the System tree and click Management. The Management page displays.
Caution
Changing the management parameters can cause units to be disconnected from GMS.
143
2. 3.
Enter the port number for HTTP connections in the HTTP Port field. To enable HTTPS access to the appliance, select the Enable HTTPS Access to the unit checkbox and enter the port number in the HTTPS Port field. For the SonicWALL Aventail appliance, use port 8443 for HTTPS access. The Certificate Common Name field defaults to the SonicWALL LAN Address. This allows you to continue using a certificate without downloading a new one each time you log into the appliance.
4.
Note
To change the HTTP or HTTPS ports for SonicOS Enhanced units, go to the Firewalls > Service Objects screen and edit the corresponding service object. Specify whether the appliance is to be managed by GMS or a VPN client in the Enable Management Using pull-down menu. Enter the IP address or host name of the GMS server in the GMS HostName or IPAddress field. Enter the syslog server port (default: 514) in the GMS Syslog Server Port field. If the GMS is behind a device performing Network Address Translation (NAT), select the GMS behind NAT Device checkbox and enter the IP address in the NAT Device IP Address field. If the appliance will be managed over an existing VPN tunnel, select the GMS on VPN (No SA Required) checkbox. security appliance, select the Send Heartbeat Status Messages Only checkbox. This option should be used if you do not need the data to generate reports in GMS. When you check this setting, the unit will only send heartbeat (m=96) messages that tell GMS that the unit is alive. Click the Change button. is online, select the Enable Ping from LAN/WorkPort to management interface checkbox. Click the Change button.
5. 6. 7. 8.
9.
10. To minimize the amount of syslog between the GMS and the SonicWALL
11. To allow users on the LAN interface to ping the appliance to verify that it
12. To allow GMS administrators to preempt users who are logged in directly
to the SonicWALL security appliance, select the Allow GMS to preempt a logged in administrator checkbox.
144
Configuring SNMP
13. If you have configured security associations on the appliance the Security
Association Information section displays at the bottom of the Management page. Enter the SA keys in the Encryption Key and Authentication Key fields and click Change Only SA Keys. Update.
14. When you have finished configuring remote management settings, click
Configuring SNMP
This section describes how to configure Simple Network Management Protocol (SNMP) settings for one or more SonicWALL appliances. To configure SNMP, perform the following steps:
1.
Expand the System tree and click SNMP. The SNMP page displays.
2. 3. 4. 5. 6. 7. 8.
Select the Enable SNMP check box. Enter a name for the System Name field. Enter the name of the administrator responsible for the SNMP server in the System Contact field. Enter the location of the SNMP server in the System Location field. Enter the community name from which the SNMP server will respond to Get requests in the Get Community Name field. Enter the name of administrator group that can view SNMP traps in the Trap Community Name field Enter the SNMP server IP addresses or hostnames in the Hosts 1-4 fields.
145
Configuring SNMP
9.
When you are finished, click Update. A task gets spooled and once it is executed successfully, the information is updated for each selected SonicWALL appliances.
Configuring Certificates
The Certificates dialog box displays details for Certificate Authority (CA) Certificates and local certificates that you have imported or configured on your SonicWALL appliance.
This section contains the following sub-sections:

Navigating the System > Certificates Page, page 147 About Certificates, page 148 Configuring CA Certificates, page 148 Importing New Local and CA Certificates, page 149 Generating a Certificate Signing Request, page 150 Configuring SCEP, page 151
146
Configuring SNMP
Navigating the System > Certificates Page

The Certificate and Certificate Requests section provides all the settings for managing CA and Local Certificates.
View Style
The View Style menu allows you to choose which certificates are displayed.
Options include:

All Certificates - displays all certificates and certificate requests. Imported certificates and requests - displays all imported certificates and generated certificate requests. Built-in certificates - displays all certificates included with the SonicWALL security appliance. Include expired and built-in certificates - displays all expired and built-in certificates.
Certificates and Certificate Requests

The Certificates and Certificate Requests table displays information about your certificates.
Information and options include:

Certificate - the name of the certificate. Type - the type of certificate, which can include CA or Local. Validated - the validation information. Expires - the date and time the certificate expires.
147
Configuring SNMP
Details - the details of the certificate. Moving the pointer over the MAGNIFYING GLASS icon displays the details of the certificate. Configure - Allows configuration with the following options:
Edit icon to make changes to the certificate Delete icon to remove a certificate Import icon to import either certificate revocation lists (for CA
certificates) or signed certificates (for Pending requests).

New Signing Request - Create a new signing request directly from the GMS user interface SCEP - Manage certificates using the Simple Certificate Enrollment Protocol (SCEP) standard
About Certificates
A digital certificate is an electronic means to verify identity by using a trusted third party known as a Certificate Authority (CA). SonicWALL now supports third party certificates in addition to the existing Authentication Service. SonicWALL security appliances interoperate with any X.509v3-compliant provider of Certificates. However, SonicWALL security appliances have been tested with the following vendors of Certificate Authority Certificates:

Entrust Microsoft OpenCA OpenSSL VeriSign
Configuring CA Certificates
To configure CA Certificates in this dialog box, perform the following steps.
1. 2. 3. 4.
From the Name list box, click on a certificate. Note the details, including the certificate name and subject in the Details region. Click on the Email Certificate button if you want to send the certificate to a location by email. Click the Delete Certificate button if you want to remove the certificate.
148
Configuring SNMP
5. 6. 7.
Specify a URL of the location of the Certificate Revocation List (CRL) in the CRL URL field. Then click the CRL URL button to launch the CRL. To import a CRL, click the Browse button for the Import CRL field and navigate to the CRL. Then click the Import CRL button to import the CRL. Click on the Invalidate Certificates and Security Association if CRL import or processing fails checkbox to ensure safe cleanup of half-imported certificates if when trying to import a CRL, the process is interrupted.
Importing New Local and CA Certificates

This option allows you to import pre-existing certificates stored locally.
To import a certificate:
8. 9.
Click the Import Certificate link. Choose between a local end-user certificate or a CA certificate.
10. (local only) Enter a name in the Certificate Name field. 11. (local only) Enter the password used to encrypt the certificate in the
Certificate Management Password field.
12. Browse to the certificate location and Open the file. 13. Click the Import button to complete the process.
149
Configuring SNMP
Generating a Certificate Signing Request

Note
This section assumes that you are familiar with Public Key Infrastructure (PKI) and the implementation of digital certificates with VPN.
To obtain a certificate, perform the following steps:

1.
On the System > Certificates page, click the New Signing Request link.
2.
Complete the information in the Generate Certificate Request section and click Generate Request. The request displays in the Current Certificate Requests section. Click Export. You are prompted to save the file. It will be saved in the PKCS 10 format. Obtain a certificate from one of the approved certificate authorities using the PKCS 10 file. After you receive the certificate file, locate and import the file by clicking Browse in the Import Certificate With Private Key section. Then click Import. The certificate will appear in the Current Local Certificates section.
3. 4. 5.
150
Configuring SNMP
Configuring SCEP
Note
SCEP configuration is supported at the appliance level.
The Simple Certificate Enrollment Protocol (SCEP) simplifies the process of issuing large numbers of certificates using an automatic enrollment technique. SCEP is supported for appliances running SonicOS Enhanced 5.5 or higher. To configure SCEP, perform the following steps:
1.
On the System > Certificates page, click the SCEP link. The SCEP Configuration window displays.
2. 3.
Configure the following options for the SCEP configuration: CSR list - Select a certificate signing request (CSR) list if one has been uploaded. Challenge Password - (optional) Enter the password that is used to authenticate the enrollment request. CA URL - Enter the URL of the certificate authority. Request Count - The default is 256. Polling Interval(S) - The default is 30. Max Polling Time(S) - The default is 28800. Click the SCEP button to apply the SCEP configuration.
151
Configuring SNMP
152
CHAPTER 10 Configuring SonicOS Network Settings

This chapter describes how to configure network settings for SonicWALL appliances. It is divided into sections for SonicWALL security appliances running SonicOS Enhanced and SonicOS Standard.

Overview of Interfaces section on page 153 Configuring Network Settings in SonicOS Enhanced section on page 156 Configuring Network Settings in SonicOS Standard section on page 212
Overview of Interfaces
You can configure the LAN interface in three different modes:

Static IPUses a static IP address and acts as a gateway for devices on the LAN. Transparent ModeAllows you to assign a single IP address to two physical interfaces, where each interface accesses an exclusive range of IP addresses in the shared subnet. Behaves as a proxy at Layer 3, intercepting ARPs and changing source MAC addresses of packets traversing the interface pair. Layer 2 Bridged ModeSimilar to Transparent Mode, but dynamically learns IP addresses on both interfaces so that you do not need to subdivide the subnet that is being bridged. Provides deep-packet inspection and application of policies before forwarding packets. Places the bridged interfaces into promiscuous mode and passes traffic between them with source and destination MAC addresses intact.
153
Figure 1 shows the basic interfaces for a SonicWALL appliance. The WAN interface can use a static or dynamic IP address and can connect to the Internet via Transmission Control Protocol (TCP), Point-to-Point Protocol over Ethernet (PPPoE), Level 2 Tunneling Protocol (L2TP), or Point-to-Point Tunneling Protocol (PPTP). A SonicWALL appliance might have one, many, or no optional interfaces. Optional interfaces can be configured for LAN, WAN, DMZ, WLAN, or Multicast connections, or they can be disabled.
Figure 1 Interfaces
Network Security Appliance
LAN Static IP Transparent Mode Layer 2 Bridge Mode
OPT (LAN/WAN/DMZ/Multicast) Static IP Dynamic IP
WAN Static IP, Dynamic IP, TCP, PPPoE, L2TP, PPTP
Internet
LAN
DMZ
WAN
Virtual Interfaces (VLAN)

On the SonicWALL NSA Series and SonicWALL PRO 2040/3060/4060/4100/5060 security appliances, virtual Interfaces are sub-interfaces assigned to a physical interface. Virtual interfaces allow you to have more than one interface on one physical connection. Virtual interfaces provide many of the same features as physical interfaces, including Zone assignment, DHCP Server, and NAT and Access Rule controls. Selecting Layer 2 Bridged mode is not possible for a VLAN interface. VLAN support on SonicOS Enhanced is achieved by means of sub-interfaces, which are logical interfaces nested beneath a physical interface. Every unique VLAN ID requires its own sub-interface. For reasons of security and control, 154
SonicOS does not participate in any VLAN trunking protocols, but instead requires that each VLAN that is to be supported be configured and assigned appropriate security characteristics.
Figure 2 VLAN Interfaces
Network Security Appliance
E7500
X0 VLAN 10
X3 VLAN 20
10.10.10.5 10.10.10.7
10.10.10.9
10.20.20.3
10.20.20.5
10.10.10.4
10.10.10.2
10.20.20.7
LAN / WLAN 10.10.10.1/24 / 10.20.20.1/24
SonicOS Enhanced 4.0 and higher can apply bandwidth management to both egress (outbound) and ingress (inbound) traffic on the WAN interface. Outbound bandwidth management is done using Class Based Queuing. Inbound Bandwidth Management is done by implementing ACK delay algorithm that uses TCPs intrinsic behavior to control the traffic. Class Based Queuing (CBQ) provides guaranteed and maximum bandwidth Quality of Service (QoS) for the SonicWALL security appliance. Every packet destined to the WAN interface is queued in the corresponding priority queue. The scheduler then dequeues the packets and transmits it on the link depending on the guaranteed bandwidth for the flow and the available link bandwidth.
155
Configuring Network Settings in SonicOS Enhanced

The following sections describe how to configure network settings in SonicOS Enhanced:

Configuring Interface Settings on page 156 WAN Failover and Load Balancing on page 168 Configuring Zones on page 172 Configuring the WLAN Zone on page 176 Configuring DNS on page 180 Configuring Dynamic DNS on page 181 Configuring Address Objects on page 184 Configuring NAT Policies on page 187 Configuring Web Proxy Forwarding Settings on page 195 Configuring RIP in SonicOS Enhanced on page 198 Configuring IP Helper on page 200 Configuring ARP on page 203 Configuring SwitchPorts on page 207 Configuring PortShield Groups on page 208 Configuring Network Monitor on page 210
Configuring Interface Settings

Interface settings define the networks associated with the LAN, WAN, optional (OPT), and WWAN interfaces. This includes protocols, gateways, DNS servers, Virtual LANs, and management settings. To configure the network interfaces for one or more SonicWALL appliance, perform the following steps:
1.
Select a single SonicWALL appliance, or a group of SonicWALL appliances running SonicOS Enhanced.
Note
Group level interface edits are only available for UTM appliances.
156
2.
Expand the Network tree and click Interfaces. The Interfaces page displays.
3.
Click the Edit icon ( ) of the LAN, WAN, OPT, or WWAN interface. The Edit Interface window is displayed. For a WWAN interface, GMS navigates directly to the Network > WWAN > Settings screen. For configuration information, see Configuring WWAN Settings on page 564.
157
Editing Interface Settings

You can edit interface settings in the Network > Interfaces screen by clicking the edit icon in the row for the interface that you want to edit. The Edit Interface dialog box displays.
Transparent Mode
The following options are available when configuring an interface in Transparent Mode:
For LAN, DMZ, or Multicast interfaces, configure the following settings:
For IP Assignment, select Static, Transparent Mode, or Layer 2 Bridged Mode. The display changes according to your selection. Configure the resulting field as follows:
StaticFor static IP addresses, enter the IP Address for the interface
and Subnet Mask for the network.
Transparent ModeFor transparent mode, select an address object
that contains the range of IP addresses you want to have access through this interface in the Transparent Range menu.
PortShield Switch ModeFor SonicWALL TZ 210, TZ 210W and
NSA 240 appliances, you can configure interfaces for PortShield switch mode, which manually groups ports together to share a common network subnet as well as common zone settings. For more information, see Configuring PortShield Groups on page 208.
158
Layer 2 Bridge Mode

Note
When configuring a zone for Layer 2 Bridge Mode, the only access rule automatically added is an allow rule between the bridge pair. Other necessary access rules must be added manually.
The following options are available when configuring an interface in Layer 2 Bridge Mode:
Layer 2 Bridged ModeOn appliances running SonicOS Enhanced
3.5 and 4.0 or higher, you can select Layer 2 Bridged Mode for physical interfaces in either the LAN or the DMZ zone. On appliances running SonicOS Enhanced 5.5 or higher, you can select Layer 2 Bridge Mode for the WLAN zone.
In the Bridged-to field, select a WAN, LAN, or DMZ interface with a
static IP address.
Select the Block all non-IPv4 traffic checkbox to allow only IPv4
traffic on this bridge-pair.

Select the Never route traffic on this bridge-pair checkbox to
prevent traffic from being routed to another interface.

Select the Only sniff traffic on this bridge-pair checkbox to allow
the bridged interface to be connected to a mirrored port on a switch in a one-arm mode to perform intrusion detection by examining traffic going through the switch.
159
Select the Disable stateful-inspection on this bridge-pair to
enable asymmetric routing on this interface.

Layer 2 Bridge Bypass Relay Control
The Engage physical bypass on malfunction option enables Layer 2 Bridge Bypass Relay Control, also known as Fail to Wire. The bypass relay option provides the user the choice of avoiding disruption of network traffic by bypassing the firewall in the event of a malfunction. The bypass relay will be closed for any unexpected anomaly (power failure, watchdog exception, fallback to safe-mode).
Note
The Engage physical bypass on malfunction option is available only for SonicWALL E7500 appliances running SonicOS Enhanced version 5.5 or higher and only when the X0 interface is bridged to the X1 interface. Selecting the Engage physical bypass on malfunction option automatically configures the other Layer 2 Bridge mode options as follows:
Block all non-IPv4 traffic - Disabled Never route traffic - Enabled Only sniff traffic - Disabled Disable stateful-inspection - Not modified
CommentEnter any comments regarding the interface. ManagementSelect one or more of the following management options:
HTTPAllows HTTP management over the interface. HTTPSAllows HTTPS management over the interface. PingThe interface will respond to ping requests. SNMPThe interface will support Simple Network Management
Protocol (SNMP).
SSHThe interface will support Secure Shell (SSH) for CLI-based
administration.
User LoginSelect from the following user login options:

HTTPWhen selected, users will be able to login using HTTP. HTTPSWhen selected, users will be able to login using HTTPS.
160
Add rule to enable redirect from HTTP to HTTPSRedirects users
to HTTPS when they attempt to access the device using HTTP. This option is only applicable when HTTPS access is enabled and HTTP access is not.
WAN Settings
Perform the following steps to configure the WAN settings for the SonicWALL appliance.
1.
Select how the WAN connects to the Internet from the IP Assignment list box: StaticConfigure the following settings for static IP address interfaces:
IP AddressEnter the IP address of the interface. Subnet MaskEnter the subnet mask for the network. Default GatewayIP address of the WAN gateway. DNS Server 1-3IP addresses of the DNS Servers. CommentEnter any comments regarding the interface.
DHCPConfigure the following settings if the WAN IP address will use DHCP:
Host NameSpecifies the host name of the SonicWALL device on the
WAN interface.
CommentEnter any comments regarding the interface. IP Address, Subnet Mask, Gateway (Router) Address, and DNS
Server 1-3These settings are automatically filled in by DHCP.
161
PPPoEConfigure the following settings if the WAN IP address will use PPPoE:
User NameEnter username provided by the ISP. PasswordEnter the password used to authenticate the username
with the ISP. This field is case-sensitive.

CommentEnter any comments regarding the interface. Service NameEnter the name of a service that must be supported
by PPPoE servers that respond to a client connection request. The service name can be up to 50 characters. Many installations use the system name as a service name, for example sonicwall-server or redback-server. If the service name is left blank the client will connect to any service.
Select from the following: To configure the SonicWALL appliance(s) to dynamically obtain an
IP address, select Obtain an IP Address automatically.
To configure the SonicWALL appliance(s) to use a fixed IP address,
select Use the following IP Address and enter the IP address.
Select from the following: To configure the SonicWALL appliance(s) to obtain the DNS server
information automatically, select Obtain DNS Server Address Automatically. DNS Server IP addresses.
To specify DNS servers, select Specify DNS Servers and enter the
162
Note
For PPPoE interfaces, a Protocol tab appears that displays the acquired IP address, subnet mask, gateway address, and DNS server addresses.
Click the Protocol tab. View the settings for the acquired IP address, subnet mask, gateway
address, and DNS server addresses.

Inactivity DisconnectSpecify how long (in minutes) the
SonicWALL appliance waits before disconnecting from the Internet, and select the checkbox.
Strictly use LCP echo packets for server keep-aliveThis
checkbox is enabled when the client recognizes that the server relies on Link Control Protocol (LCP) echo requests for keeping the PPPoE connection alive.
Disconnect the PPPoE client if the server does not send traffic for
__ minutesSelect this checkbox and enter the number of minutes to wait without traffic before the connection is ended. When enabled, the PPPoE client monitors traffic from the server on the tunnel and disconnects when no traffic is seen for the specified time period.
PPTPConfigure the following settings if the WAN IP address will use PPTP:
User NameEnter username provided by the ISP. User PasswordEnter the password used to authenticate the
username with the ISP. This field is case-sensitive.

PPTP Server IP Addressthis information is provided by your ISP. PPTP (Client) Host Namethis information is provided by your ISP. CommentEnter any comments regarding the interface. Inactivity DisconnectSpecify how long (in minutes) the
SonicWALL appliance waits before disconnecting from the Internet.

Select from the following from the PPTP IP Assignment list box: To configure the SonicWALL appliance(s) to dynamically obtain an IP
address, select DHCP.
select Static and enter the IP address, subnet mask, and gateway IP address.
163
Note
For PPTP interfaces, a Protocol tab appears that displays the acquired IP address, subnet mask, gateway address, and DNS server addresses. L2TPConfigure the following settings if the WAN IP address will use L2TP:
User NameEnter username provided by the ISP. User PasswordEnter the password used to authenticate the
username with the ISP. This field is case-sensitive.

L2TP Server IP Addressthis information is provided by your ISP. L2TP (Client) Host Namethis information is provided by your ISP. CommentEnter any comments regarding the interface. Inactivity DisconnectSpecify how long (in minutes) the
SonicWALL appliance waits before disconnecting from the Internet.

Select from the following from the L2TP IP Assignment list box: To configure the SonicWALL appliance(s) to dynamically obtain an
IP address, select DHCP.
select Static and enter the IP address, subnet mask, and gateway IP address.
Note
For L2TP interfaces, a Protocol tab appears that displays the acquired IP address, subnet mask, gateway address, and DNS server addresses. Select one or more of the following management options:
HTTPWhen selected, allows HTTP management from the interface. HTTPSWhen selected, allows HTTPS management from the
2.
interface.
PingWhen selected, the interface will respond to ping requests. SNMPWhen selected, the interface will support Simple Network
Management Protocol (SNMP).

3.

HTTPWhen selected, users will be able to login using HTTP. HTTPSWhen selected, users will be able to login using HTTPS.
164
Add rule to enable redirect from HTTP to HTTPSRedirects users
4. 5.
Click Update. The settings are saved. To clear any changes and start over, click Reset. Click the Advanced tab and configure the following Ethernet settings:
Link SpeedTo configure the interface to automatically negotiate
Ethernet settings, select Auto Negotiate. If you want to specify the forced Ethernet speed and duplex, select the appropriate setting. address. Otherwise, the default MAC address is used.
Override Default MAC AddressSelect to manually enter the MAC Enable Multicast SupportSelect to enable multicast on the
interface.
Interface MTUSpecify the size of the Maximum Transmission
Unit (MTU) in octets (default: 1500).

To fragment packets that are larger than this MTU, select the
Fragment non-VPN outbound packets larger than this Interface's MTU check box.
Note
If the maximum transmission unit (MTU) size is too large for a remote router, it may require more transmissions. If the packet size is too small, this could result in more packet header overhead and more acknowledgements that have to be processed.
To ignore Dont Fragment (DF) bits from routers connected to the
SonicWALL appliance, select the Ignore Don't Fragment (DF) Bit check box.
6.
Configure the following Bandwidth Management settings: To enable egress bandwidth management on this interface, select the check box and enter the bandwidth of the connection in the Available Interface Bandwidth field in kilobytes per second (Kbps). To enable ingress bandwidth management on this interface, select the check box and enter the bandwidth of the connection in the Available Interface Bandwidth field in kilobytes per second (Kbps). Click Update. The settings are saved. To clear any changes and start over, click Reset.
7.
165
Configuring VLAN Sub-Interfaces

When you add a VLAN sub-interface, you need to assign it to a Zone, assign it a VLAN Tag, and assign it to a physical interface. Based on your zone assignment, you configure the VLAN sub-interface the same way you configure a physical interface for the same zone.
1.
At the bottom of the Network > Interfaces page, click Add VLAN Interface. The Add Interface window displays.
2.
Select a Zone to assign to the interface. You can select LAN, DMZ, WLAN, or unassigned. The zone assignment does not have to be the same as the parent (physical) interface. Enter a Portshield Interface Name for the sub-interface. Declare the parent (physical) interface to which this sub-interface will belong. There is no per-interface limit to the number of sub-interfaces you can assign you may assign sub-interfaces up to the system limit (in the hundreds). For LAN and DMZ, select Static or Transparent for the IP Assignment. WLAN interfaces use static IP addresses:
For static IP addresses, enter the IP Address for the interface and
3. 4.
5.
Subnet Mask for the network.
For transparent mode, select an address object that contains the
range of IP addresses you want to have access through this interface in the Transparent Range menu.
6.
ManagementSelect from the following management options:

HTTPWhen selected, allows HTTP management from the interface. HTTPSWhen selected, allows HTTPS management from the
interface.
PingWhen selected, the interface will respond to ping requests. SNMPWhen selected, the interface will support Simple Network
Management Protocol (SNMP).

7.
166
HTTPWhen selected, users will be able to login using HTTP. HTTPSWhen selected, users will be able to login using HTTPS. Add rule to enable redirect from HTTP to HTTPSRedirects users
8. 9.
Check Create Default DHCP Lease Scope to indicate that the amount of time allowed for an IP address issued by DHCP will be the default. Click OK.
The Virtual interface displays in the VLAN Interfaces table below the Interfaces table.
WAN Connection Model

To configure the WAN connection model for a SonicWALL appliance with WWAN capability running SonicOS Enhanced 3.6 or higher, navigate to the Network > Interfaces page and select one of the following options in the WAN Connection Model drop-down menu:

WWAN onlyThe WAN interface is disabled and the WWAN interface is used exclusively. Ethernet onlyThe WWAN interface is disabled and the WAN interface is used exclusively. Ethernet with WWAN FailoverThe WAN interface is used as the primary interface and the WWAN interface is disabled. If the WAN connection fails, the WWAN interface is enabled and a WWAN connection is automatically initiated.
Managing WWAN Connections

To initiate a WWAN connection, perform the following steps:
1. 2.
In the Interface Settings table, in the WWAN row, click Connect. The SonicWALL appliance attempts to connect to the WWAN service provider. To disconnect a WWAN connection, click Disconnect.
167
WAN Failover and Load Balancing

WAN Failover enables you to configure one of the user-defined interfaces as a secondary WAN port. The secondary WAN port can be used in a simple active/passive setup to allow traffic to be only routed through the secondary WAN port if the Primary WAN port is unavailable. This allows the SonicWALL to maintain a persistent connection for WAN port traffic by failing over to the secondary WAN port. For a SonicWALL appliance with a WWAN interface, such as a TZ 190, you can configure failover using the WWAN interface. Failover between the Ethernet WAN (the WAN port, OPT port, or both) and the WWAN is supported through the WAN Connection Model setting. This feature also allows you to perform simple load balancing for the WAN traffic on the SonicWALL. You can select a method of dividing the outbound WAN traffic between the two WAN ports and balance network traffic. Load-balancing is currently only supported on Ethernet WAN interfaces, but not on WWAN interfaces. The SonicWALL can monitor WAN traffic using Physical Monitoring which detects if the link is unplugged or disconnected, or Physical and Logical Monitoring, which monitors traffic at a higher level, such as upstream connectivity interruptions.
Note
Before you begin, be sure you have configured a user-defined interface to mirror the WAN port settings.
168
To configure the WAN Failover for a SonicWALL appliance, perform the following steps:
1.
Expand the Network tree and click WAN Failover & LB. The WAN Failover & LB page displays.
2. 3.
Select the Enable Load Balancing check box. Select the secondary interface(s) from the Secondary WAN Interface drop-down menu.
Note
If this is not configured, you will need to configure a WAN interface from the Network > Interfaces page. Appliances running SonicOS Enhanced 5.5 can support up to three alternate WAN interfaces. For these appliances, the Secondary WAN Interface drop-down menu is replaced with up to three Alternate WAN drop-down menus. The drop-down menu will contain all interfaces configured as WAN interfaces.
4.
Specify how often the SonicWALL appliance will check the interface (5-300 seconds) in the Check interface every field (default: 5 seconds).
169
5.
Specify the number of times the SonicWALL appliance tests the interface as inactive before failing over in the Deactive interface after field (default: 3). For example, if the SonicWALL appliance tests the interface every 5 seconds and finds the interface inactive after 3 successive attempts, it will fail over to the secondary interface after 15 seconds. Specify the number of times the SonicWALL appliance tests the interface as active before failing back to the primary interface in the Deactive interface after field (default: 3). For example, if the SonicWALL appliance tests the interface every 5 seconds and finds the interface active after 3 successive attempts, it will fail back to the primary interface after 15 seconds. To configure outbound load balancing, select from the following:
Select Basic Active/Passive Failover to enable a basic failover
6.
7.
setup. When the primary device fails to provide a connection, it will enter standby and allow the secondary device to take over network traffic. Check the Preempt and failback to Primary WAN when possible checkbox to enable immediate failback to the primary device when available.
Select Per Connection Round-Robin to enable a Round-Robin form
of load balancing. In the 17th or 18th century, when peasants in France wanted to complain to the king using a petition, the usual reaction from the monarch was to seize the two or three people on top of that petition list and execute them. In order to stop this form of arbitrary vengeance, the names were signed in a circle at the bottom of the petition so that no one would be on top of the list. This became known as a Round-Robin. Thus, in load balancing, Round-Robin is where network requests are applied to a circular list. When the network load becomes too much, GMS acts as a monarch and picks several of the network clients from the list to execute. This process allows GMS to quickly and easily free up network resources.
Select Spillover-based and enter a value (in Kb/sec) to enable the
secondary device to serve as a load balancer. With this option selected, traffic will be re-routed to the secondary device should the primary WAN device exceed the specified bandwidth.
Select Percentage-Based to split network traffic between the primary
and secondary or alternate WAN interfaces based on your specified percentages.

Enter a Primary WAN Percentage and Secondary WAN
Percentage that add up to 100 to divide traffic between the two WAN interfaces.
170
Appliances running SonicOS Enhanced 5.5 or above can divide
traffic between up to four WAN interfaces. Enter a Primary WAN Percentage, and up to three Alternate WAN Percentage settings that add up to 100.
When using Percentage-Based load balancing, you may select the Use Source and Destination IP Addresses Binding checkbox to keep related traffic together across an interface.
Timesaver When using Percentage-Based load balancing, fill in the Primary
WAN Percentage field only. The Secondary WAN Percentage field will be calculated for you.
8.
The SonicWALL appliance can monitor the WAN by detecting whether the link is unplugged or disconnected or by sending probes to a target IP address of an always available target upstream device on the WAN network, such as an ISP side router. To enable probe monitoring, select the Enable Probe Monitoring check box and configure the following settings:
Primary WAN Probe SettingsSelect the protocol used for
monitoring and enter the IP address and port (TCP only) of the probe target. If there will be an optional probe target, specify these settings also and select whether the SonicWALL appliance must test both targets or either target.
Secondary WAN Probe SettingsSelect the protocol used for
monitoring and enter the IP address and port (TCP only) of the secondary probe target. If there will be an optional secondary probe target, specify these settings also and select whether the SonicWALL appliance must test both targets or either target.
171
WWAN WAN Probe SettingsSelect the protocol used for
monitoring and enter the IP address and port (TCP only) of the WWAN probe target. If there will be an optional WWAN probe target, specify these settings also and select whether the SonicWALL appliance must test both targets or either target.
Note
TCP probing is useful if you do not have ping (ICPM) response enabled on your network devices. In this case, TCP can be used to probe the device on a user-specified port. Select the Respond to Probes checkbox to enable GMS managed devices to respond to probe requests. With this option selected, you can also check the Any TCP-SYN to Port checkbox and enter a specific port to probe.
9.
10. Click the Update button at the bottom of the page to save these settings.
Configuring Zones
A Zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of Access Rules, a simpler and more intuitive process than following a strict physical interface scheme. There are four fixed Zone types: Trusted, Untrusted, Public, and Encrypted. Trusted is associated with LAN Zones. These fixed Zone types cannot be modified or deleted. A Zone instance is created from a Zone type and named accordingly, i.e Sales, Finance, etc. Only the number of interfaces limits the number of Zone instances for Trusted and Untrusted Zone types. The Untrusted Zone type (i.e. the WAN) is restricted to two Zone instances. The Encrypted Zone type is a special system Zone comprising all VPN traffic and doesnt have any associated interfaces. Trusted and Public Zone types offer an option, Interface Trust, to automate the creation of Access Rules to allow traffic to flow between the Interfaces of a Zone instance. For example, if the LAN Zone has interfaces X0, X3, and X5 assigned to it, checking Allow Interface Trust on the LAN Zone creates the necessary Access Rules to allow hosts on these Interfaces to communicate with each other. To add or edit a Zone, perform the following steps:
1.
Select the global icon, a group, or a SonicWALL appliance.
172
2.
Expand the Network tree and click Zones. The Zones page displays.
3.
Click the Edit Icon ( ) for a Zone or click Add New Zone. The Edit Zone or Add Zone dialog box displays.
4. 5. 6.
If this is a new Zone, enter a name for the Zone. Select the Security Type. To configure the SonicWALL appliance to automatically create the rules that allow data to freely flow between interfaces in the same Zone, select the Allow Interface Trust check box. To enforce content filtering on multiple interfaces in the same Trusted or Public Zones, select the Enforce Content Filtering Service check box. For appliances running SonicOS Enhanced 4.0 or above, if the selected node is a group or global node, or if the selected appliance is licensed for SonicWALL CFS Premium, select a predefined CFS policy or the default policy from the CFS Policy drop-down list. The drop-down list is only populated if the Enforce Content Filtering Service checkbox is enabled. It is not available for the WAN zone. To enforce network anti-virus protection on multiple interfaces in the same Trusted or Public Zones, select the Enforce Network Anti-Virus Service check box.
7. 8.
9.
173
10. To enforce gateway anti-virus protection on multiple interfaces in the same
Trusted or Public Zones, select the Enable Gateway Anti-Virus Service check box. the same Trusted or Public Zones, select the Enable IPS check box. Service.
11. To enforce Intrusion Prevention Services (IPS) on multiple interfaces in 12. To enable Anti-Spyware on the zone, select Enable Anti-Spyware 13. To enforce security policies for Global Security Clients on multiple
interfaces in the same Trusted or Public Zones, select Enforce Global Security Clients. Group VPN.
14. To automatically create a GroupVPN policy for this zone, select Create 15. For appliances running SonicOS Enhanced 4.0 or above, select the
Enable SSL Control check box to allow SSL Control in this zone. This check box is not active for the VPN or Multicast zones.
16. For WLAN zones, see for information about configuring settings on the
other tabs. For all other zones, click Update when you are finished. The Zone is modified or added for selected SonicWALL appliance. To clear all settings and start over, click Reset.
Configuring Guest Services on Non-Wireless Zones

Trusted and Public Zone types offer the ability to configure guest services. To configure Guest Services on a non-wireless zone, perform the following steps:
1.
When the Security Type for a zone is selected as either Trusted or Public, the Guest Services tab displays.
2.
Select the Enable Guest Services checkbox.
174
3.
Configure any of the following options: Enforce Guest Login over HTTPSRequires guests to use HTTPS instead of HTTP to access the guest services. Enable inter-guest communicationAllows guests connecting to SonicPoints in this Zone to communicate directly and wirelessly with each other. Bypass AV Check for GuestsAllows guest traffic to bypass Anti-Virus protection. Enable External Guest AuthenticationRequires guests connecting from the device or network you select to authenticate before gaining access. This feature, based on Lightweight Hotspot Messaging (LHM) is used for authenticating Hotspot users and providing them parametrically bound network access.
Note
Refer to the SonicWALL Lightweight Hotspot Messaging technote available at the SonicWALL documentation Web site http://www.sonicwall.com/us/Support.html for complete configuration of the Enable External Guest Authentication feature.
Custom Authentication PageRedirects users to a custom authentication page when they first connect to the zone. Click Configure to set up the custom authentication page. Enter either a URL to an authentication page or a custom challenge statement in the text field, and click OK. Post Authentication PageDirects users to the page you specify immediately after successful authentication. Enter a URL for the post-authentication page in the filed. Bypass Guest AuthenticationAllows the appliance to integrate into environments already using some form of user-level authentication. This feature automates the Guest Services authentication process, allowing users to reach Guest Services resources without requiring authentication. This feature should only be used when unrestricted Guest Services access is desired, or when another device upstream of the appliance is enforcing authentication. Redirect SMTP traffic toRedirects SMTP traffic incoming on this zone to an SMTP server you specify. Select the address object to redirect traffic to. Deny NetworksBlocks traffic from the networks you name. Select the subnet, address group, or IP address to block traffic from.
175
Pass NetworksAutomatically allows traffic through the zone from the networks you select. Max GuestsSpecifies the maximum number of guest users allowed to connect to the zone. The default is 10.
4.
Click OK to apply these settings to the zone.
Configuring the WLAN Zone

The Add Zone or Edit Zone screens for WLAN zones contain two tabs that are not available for other zones. This section describes the settings on the Wireless and Guest Services tabs of the Add or Edit Zone screens. For instructions about WLAN configuration settings on the General tab, see Configuring Zones, page 172. To configure specific wireless-zone settings:
1. 2. 3.
Select the global icon, a group, or a SonicWALL appliance. In the Network > Zones pages, click the Add New Zone or the Edit icon for the WLAN zone. Configure the settings on the General tab as described for other zones. To expose the wireless-only tabs when adding a new zone, select Wireless for the Security Type. Click the Wireless tab.
4.
5.
On the Wireless tab, select Only allow traffic generated by a SonicPoint to allow only traffic from SonicWALL SonicPoints to enter the WLAN Zone interface. This allows maximum security of your WLAN. Uncheck this option if you want to allow any traffic on your WLAN Zone regardless of whether or not it is from a wireless connection.
176
Tip
Uncheck Only allow traffic generated by a SonicPoint and use the zone on a wired interface to allow guest services on that interface. Select SSL-VPN Enforcement to require that all traffic that enters into the WLAN Zone be authenticated through a SonicWALL SSL-VPN appliance. If you select both SSL-VPN Enforcement, and WiFiSec Enforcement, the Wireless zone will allow traffic authenticated by either a SSL-VPN or an IPsec VPN. In the SSL-VPN Server list, select an address object to direct traffic to the SonicWALL SSL-VPN appliance. In the SSL-VPN Service list, select the service or group of services you want to allow for clients authenticated through the SSL-VPN. Select WiFiSec Enforcement to require that all traffic that enters into the WLAN Zone interface be either IPsec traffic, WPA traffic, or both. With WiFiSec Enforcement enabled, all non-guest wireless clients connected to SonicPoints attached to an interface belonging to a Zone on which WiFiSec is enforced are required to use the strong security of IPsec. The VPN connection inherent in WiFiSec terminates at the WLAN GroupVPN, which you can configure independently of WAN GroupVPN or other Zone GroupVPN instances. If you select both WiFiSec Enforcement, and SSL-VPN Enforcement, the Wireless zone will allow traffic authenticated by either a SSL-VPN or an IPsec VPN. are allowed to bypass the WiFiSec enforcement by checking WiFiSec Exception Service and then selecting the service you want to exempt from WiFiSec enforcement.
6.
7. 8. 9.
10. If you have enabled WiFiSec Enforcement, you can specify services that
11. If you have enabled WiFiSec Enforcement, you can select Require
WiFiSec for Site-to-Site VPN Tunnel Traversal to require WiFiSec security for all wireless connections through the WLAN zone that are part of a site-to-site VPN. alternative to IPsec. Both WPA-PSK (Pre-shared key) and WPA-EAP (Extensible Authentication Protocol using an external 802.1x/EAP capable RADIUS server) will be supported on SonicPoints.
12. Select Trust WPA traffic as WiFiSec to accept WPA as an allowable
13. Under the SonicPoint Settings heading, select the SonicPoint
Provisioning Profile you want to apply to all SonicPoints connected to this zone. Whenever a SonicPoint connects to this zone, it will automatically be provisioned by the settings in the SonicPoint Provisioning Profile, unless you have individually configured it with different settings.
177
14. Click the Guest Services tab. You can choose from the following
configuration options for Wireless Guest Services:
Enable Wireless Guest ServicesEnables guest services on the WLAN zone. Enforce Guest Login over HTTPSRequires guests to use HTTPS instead of HTTP to access the guest services. Enable inter-guest communicationAllows guests connecting to SonicPoints in this WLAN Zone to communicate directly and wirelessly with each other. Bypass AV Check for GuestsAllows guest traffic to bypass Anti-Virus protection. Enable External Guest AuthenticationRequires guests connecting from the device or network you select to authenticate before gaining access. This feature, based on Lightweight Hotspot Messaging (LHM) is used for authenticating Hotspot users and providing them parametrically bound network access.
Note
Refer to the SonicWALL Lightweight Hotspot Messaging technote available at the SonicWALL documentation Web site http://www.sonicwall.com/us/Support.html for complete configuration of the Enable External Guest Authentication feature.
178
Custom Authentication PageRedirects users to a custom authentication page when they first connect to a SonicPoint in the WLAN zone. Click Configure to set up the custom authentication page. Enter either a URL to an authentication page or a custom challenge statement in the text field, and click OK. Post Authentication PageDirects users to the page you specify immediately after successful authentication. Enter a URL for the post-authentication page in the filed. Bypass Guest AuthenticationAllows a SonicPoint running WGS to integrate into environments already using some form of user-level authentication. This feature automates the WGS authentication process, allowing wireless users to reach WGS resources without requiring authentication. This feature should only be used when unrestricted WGS access is desired, or when another device upstream of the SonicPoint is enforcing authentication. Redirect SMTP traffic toRedirects SMTP traffic incoming on this zone to an SMTP server you specify. Select the address object to redirect traffic to. Deny NetworksBlocks traffic from the networks you name. Select the subnet, address group, or IP address to block traffic from. Pass NetworksAutomatically allows traffic through the WLAN zone from the networks you select. Max GuestsSpecifies the maximum number of guest users allowed to connect to the WLAN zone. The default is 10. Enable Dynamic Address Translation (DAT)Wireless Guest Services (WGS) provides spur of the moment hotspot access to wireless-capable guests and visitors. For easy connectivity, WGS allows wireless users to authenticate and associate, obtain IP settings from the SonicWALL appliance Wireless DHCP services, and authenticate using any Web-browser. Without DAT, if a WGS user is not a DHCP client, but instead has static IP settings incompatible with the Wireless WLAN network settings, network connectivity is prevented until the users settings change to compatible values. Dynamic Address Translation (DAT) is a form of Network Address Translation (NAT) that allows the SonicWALL Wireless to support any IP addressing scheme for WGS users. For example, the SonicWALL Wireless WLAN interface is configured with an address of 172.16.31.1, and one WGS client has a static IP Address of 192.168.0.10 and a default gateway of 192.168.0.1, while another has a static IP address of 10.1.1.10 and a gateway of 10.1.1.1, and DAT enables network communication for both of these clients.
179
15. Click OK to apply these settings to the WLAN zone.
Configuring DNS
Domain Name System (DNS) is the Internet standard for locating domain names and translating them into IP addresses. By default, the SonicWALL appliance will inherit its DNS settings from the WAN Zone. To configure DNS, perform the following steps:
Note
Network > DNS is only available in appliances running SonicOS Enhanced. Expand the Network tree and click DNS. The DNS page displays.
1.
2.
Select from the following:

To specific IP addresses manually, select Specify DNS Servers
Manually and enter the IP addresses of the servers.
To inherit the DNS settings from the WAN Zone configuration, select
Inherit DNS Settings Dynamically from WAN Zone.
3.
When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
180
DNS Rebinding Attack Prevention

DNS rebinding is a DNS-based attack on code embedded in web pages. Normally requests from code embedded in web pages (JavaScript, Java and Flash) are bound to the web-site they are originating from.DNS rebinding attackers register a domain which is delegated to a DNS server they control. The domains exploit very short TTL parameters to scan the attacked network and perform other malicious activities. To configure DNS, perform the following steps:
1. 2.
Select the Enable DNS Rebinding Attack Prevention checkbox. From the Action pull-down menu, select an action to perform when a DNS rebinding attack is detected:
Log Attack Log Attack & Return a Query Refused Reply Log Attack & Drop DNS Reply
3.
(Optional) For the Allowed Domains pull-down menu, select an FQDN Address Object/Group containing allowed domain-names (e.g. *.sonicwall.com) for which locally connected/routed subnets should be considered legal responses.
Configuring Dynamic DNS

Dynamic DNS (DDNS) is a service provided by various companies and organizations that dynamically changes IP addresses to automatically update DNS records without manual intervention. This service allows for network access using domain names rather than IP addresses, even when the targets IP addresses change. To configure Dynamic DNS on the SonicWALL security appliance, perform these steps:
1.
Expand the Network tree and click Dynamic DNS. The Dynamic DNS page displays.
181
2.
Click Add Dynamic DNS Profile. The Add Dynamic DNS Profile window is displayed.
3.
Select the Provider from the drop-down list at the top of the page. This example uses DynDNS.org. Dyndns.org requires the selection of a service. This example assumes you have created a dynamic service record with dyndns.org. Enter a name to assign to the DDNS entry in the Profile Name field. This can be any value used to identify the entry in the Dynamic DNS Settings table. If Enable this profile is checked, the profile is administratively enabled, and the SonicWALL security appliance takes the actions defined in the Online Settings section on the Advanced tab. If Use Online Settings is checked, the profile is administratively online. Enter your dyndns.org username and password in the User Name and Password fields. Enter the fully qualified domain name (FQDN) of the hostname you registered with dyndns.org in the Domain Name field. Make sure you provide the same hostname and domain as you configured. When using DynDNS.org, select the Service Type from the drop-down list that corresponds to your type of service through DynDNS.org. The options are:
DynamicA free Dynamic DNS service.
4.
5.
6. 7. 8.
9.
182
CustomA managed primary DNS solution that provides a unified
primary/secondary DNS service and a web-based interface. Supports both dynamic and static IP addresses.
StaticA free DNS service for static IP addresses. 10. When using DynsDNS.org, you may optionally select Enable Wildcard
and/or configure an MX entry in the Mail Exchanger field. Check Backup MX if your DDNS provider allows for the specification of an alternative IP address for the MX record. this page.
11. Click the Advanced tab. You can typically leave the default settings on
12. The On-line Settings section provides control over what address is
registered with the dynamic DNS provider. The options are:

Let the server detect IP AddressThe dynamic DNS provider
determines the IP address based upon the source address of the connection. This is the most common setting.
Automatically set IP Address to the Primary WAN Interface IP
AddressThis will cause the SonicWALL device to assert its WAN IP address as the registered IP address, overriding auto-detection by the dynamic DNS server. Useful if detection is not working correctly.
Specify IP Address manuallyAllows for the IP address to be
registered to be manually specified and asserted.

13. The Off-line Settings section controls what IP Address is registered with
the dynamic DNS service provider if the dynamic DNS entry is taken off-line locally (disabled) on the SonicWALL. The options are:
Do nothingthe default setting. This allows the previously
registered address to remain current with the dynamic DNS provider.
183
Use the Off-Line IP Address previously configured at Providers
siteif your provider supports manual configuration of Off-Line Settings, you can select this option to use those settings when this profile is taken administratively offline.
Make Host UnknownUnregisters the entry. Specify IP Address manuallyManually specify the IP address. 14. When you are finished, click Update. The settings are changed for the
selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
Configuring Address Objects

Note
Address objects are only supported in SonicOS Enhanced.
SonicOS Enhanced supports Address Objects, which can be a host, network, MAC or IP address range. An Address Object Group is a group of Address Objects or other Address Object Groups. Once defined, you can quickly establish NAT Policies, VPN Security Associations (SAs), firewall rules, and DHCP settings between Address Objects and Address Object Groups without individual configuration. All SonicWALL appliances come with a group of pre-defined default network objects. These include subnets for each interface, interface IP addresses for each interface, management IP addresses, and more. For appliances running SonicOS Enhanced, GMS supports paginated navigation and sorting by column header on the Address Objects screen. In either of the tables, you can click a column header to use for sorting. An arrow is displayed to the right of the selected column header. You can click the arrow to reverse the sorting order of the entries in the table. You can perform the following tasks from the Address Object page:

Creating an Address Object Group on page 185 Creating an Address Object on page 186 Deleting a Network Address Group or Object on page 187
184
Creating an Address Object Group

To create an Address Object Group, perform the following steps:
1.
Expand the Network tree and click Address Objects. The Address Objects page displays.
2.
Scroll down and click Add New Group.
3. 4. 5.
Enter a name for the Address Object Group in the Name field. Select an object or group that will be a part of the Address Object Group and click the right arrow. Repeat for each object or group to add. When you are finished, click OK.
185
Creating an Address Object

The Network > Address Objects page allows you to create address objects. You can create various kinds of address objects, including Host, Range, and Network. For a SonicWALL appliance running SonicOS Enhanced 3.5 or 4.0(or higher), you can create Fully Qualified Domain Name (FQDN) or MAC dynamic address objects. The FQDN and MAC address objects are available in the Address Objects drop-down lists in a number of other configuration screens, including Zones, SonicPoints, and Access Rules. These dynamic address objects are resolved to an IP address when used, either by the ARP cache or the DNS server of the SonicWALL. To create an address object, perform the following steps:
1.
Scroll to the bottom of the Address Objects page and click Add New Address Object.
2. 3. 4.
Enter a name for the Address Object in the Name field. Select the zone to which this Address Object will be assigned from the Zone Assignment list box. Select from the following:
To specify an individual IP address, select Host from the Type
drop-down menu and enter the IP address.

To specify an IP address range, select Range from the Type
drop-down menu and enter the starting and ending IP addresses.

To specify a network, select Network from the Type drop-down menu
and enter the IP address and subnet mask.

To specify a MAC address, select MAC from the Type drop-down
menu and enter the MAC address.

To specify a FQDN, select FQDN from the Type drop-down menu and
enter the host name.

5. 6.
When you are finished, click OK. Repeat this procedure for each Address Object to add.
186
Modifying a Network Address Group or Object

To modify a network address group or object, perform the following steps:
1. 2. 3.
Go to the Network > Address Object page. Click the Edit icon ( ) next to the selected address group or object. Modify the settings and click OK.
Deleting a Network Address Group or Object

GMS now enables you to delete a single address group or object more conveniently as well as select multiple objects at a time. To delete network address group objects, perform the following steps:
1. 2.
Go to the Network > Address Object page. Click on the Trash can icon of the selected address group or object.
Configuring NAT Policies

Note
The NAT policies page is only supported in SonicOS Enhanced.
SonicWALL appliances support Network Address Translation (NAT). NAT is the automated translation of IP addresses between different networks. For example, a company might use private IP addresses on a LAN that are represented by a single IP address on the WAN side of the SonicWALL appliance. SonicWALL appliances support two types of NAT:
Address-to-Address Translationlocal addresses are matched to public IP addresses. For example, the private IP address 10.50.42.112 might be mapped to the public IP address 132.22.3.2. Port Translation or Network Address Port Translation (NAPT)local addresses are dynamically matched to public IP address/port combinations (standard TCP ports). For example, the private IP address 192.168.102.12 might be mapped to the public IP address 48.12.11.1 using port 2302.
187
Note
IP address/port combinations are dynamic and not preserved for new connections. For example, the first connection for IP address might use port 2302, but the second connection might use 2832.
Common Types of Mapping

SonicWALL supports several types of address mapping. These include

One-to-One Mappingone local IP address is mapped to one public IP address using Address-to-Address translation. Many-to-One Mappingmany local IP addresses are mapped to a single public IP address using NAPT. Many-to-Many Mappingmany local IP addresses are mapped to many public IP addresses. If the number of public IP addresses are greater than or equal to the number of local IP addresses, the SonicWALL appliance uses Address-to-Address translation. If the number of public IP addresses is less than the number of local IP addresses, the SonicWALL appliance uses NAPT. For example. If there are 10 private IP addresses and 5 public IP addresses, two private IP addresses will be assigned to each public IP address using NAPT.
SonicWALL NAT Policy Fields

When configuring a NAT Policy, you will configure a group of settings that specify how the IP address originates and how it will be translated. Additionally, you can apply a group of filters that allow you to apply different policies to specific services and interfaces.
Original Sourceused to remap IP addresses based on the source address, this field specifies an Address Object that can consist of an IP address or IP address range.
Note
This field can also be used as a filter.
Translated Sourcespecifies the IP address or IP address range to which the original source will be mapped. Original Destinationused to remap IP addresses based on the destination address, this field specifies an Address Object that can consist of an IP address or IP address range.
188
Note
This field can also be used as a filter.
Translated Destinationspecifies the IP address or IP address range to which the original source will be mapped. Original Serviceused to filter destination addresses by service, this field specifies a Service Object that can be a single service or group of services. Translated Service.specifies the service or port to which the original service will be remapped. Source Interfacefilters source addresses by interface. Destination Interfacefilters destination addresses by interface.
Common NAT Configuration Types

The following sections describe common NAT configuration types:

One-to-One Mapping on page 189 Many-to-One Mapping on page 190 Many-to-Many Mapping on page 190
One-to-One Mapping
To configure one-to-one mapping from the private network to the public network, select the Address Object that corresponds to the private network IP address in the Original Source field and the public IP address that it will used to reach the Internet in the Translated Source field. Leave the other fields alone, unless you want to filter by service or interface.
Note
If you map more than one private IP address to the same public IP address, the private IP addresses will automatically be configured for port mapping or NAPT.
To configure one-to-one mapping from the public network to the private network, select the Address Object that corresponds to the public network IP address in the Original Destination field and the private IP address that it will used to reach the server in the Translated Destination field. Leave the other fields alone, unless you want to filter by service or interface.
189
Note
If you map one public IP address to more than one private IP address, the public IP addresses will be mapped to the first private IP address. Load balancing is not supported. Additionally, you must set the Original Source to Any.
Many-to-One Mapping
To configure many-to-one mapping from the private network to the public network, select the select the Address Object that corresponds to the private network IP addresses in the Original Source field and the public IP address that it will used to reach the Internet in the Translated Source field. Leave the other fields alone, unless you want to filter by service or interface.
Note
You can also specify Any in the Original Source field and the Address Object of the LAN interface in the Translated Source field.
Many-to-Many Mapping
To configure many-to-many mapping from the private network to the public network, select the select the Address Object that corresponds to the private network IP addresses in the Original Source field and the public IP addresses to which they will be mapped in the Translated Source field. Leave the other fields alone, unless you want to filter by service or interface.
Note
If the IP address range specified in the Original Source is larger than the Translated Source, the SonicWALL appliance will use port mapping or NAPT. If the Translated Source is equal to or larger than the Original Source, addresses will be individually mapped.
To configure many-to-many mapping from the public network to the private network, select the Address Object that corresponds to the public network IP addresses in the Original Destination field and the IP addresses on the private network in the Translated Destination field. Leave the other fields alone, unless you want to filter by service or interface.
190
Note
If the IP address range specified in the Original Destination is smaller than the Translated Destination, the SonicWALL appliance will be individually mapped to the first translated IP addresses in the translated range. If the Translated Destination is equal to or smaller than the Original Destination, addresses will be individually mapped.
NAT Load Balancing and Probing

NAT load balancing provides the ability to balance incoming traffic across multiple, similar network resources. Load Balancing distributes traffic among similar network resources so that no single server becomes overwhelmed, allowing for reliability and redundancy. If one server becomes unavailable, traffic is routed to available resources, providing maximum uptime. With probing enabled, the SonicWALL will use one of two methods to probe the addresses in the load-balancing group, using either a simple ICMP ping query to determine if the resource is alive, or a TCP socket open query to determine if the resource is alive. Per the configurable intervals, the SonicWALL can direct traffic away from a non-responding resource, and return traffic to the resource once it has begun to respond again.
NAT Load Balancing Methods

NAT load balancing is configured on the Advanced tab of a NAT policy. SonicOS offers the following NAT methods:
Sticky IPSource IP always connects to the same Destination IP (assuming it is alive). This method is best for publicly hosted sites requiring connection persistence, such as Web applications, Web forms, or shopping cart applications. This is the default mechanism, and is recommended for most deployments. Round RobinSource IP cycles through each live load-balanced resource for each connection. This method is best for equal load distribution when persistence is not required. Block Remap/Symmetrical RemapThese two methods are useful when you know the source IP addresses/networks (e.g. when you want to precisely control how traffic from one subnet is translated to another). Random DistributionSource IP connects to Destination IP randomly. This method is useful when you wish to randomly spread traffic across internal resources.
191
For more information about NAT Load Balancing, see the SonicOS Enhanced 4.0 Administrators Guide.
Configuring NAT Policies

To configure NAT Policies on a unit running SonicOS Enhanced, perform the following steps:
1.
Expand the Network tree and click NAT Policies. The NAT Policies page displays.
192
2.
To edit an existing policy, click its Edit icon ( Add NAT Policy.
). To add a new policy, click
3.
Configure the following:

Original Sourceused to remap IP addresses based on the source
address, this field specifies an Address Object that can consist of an IP address or IP address range.
Translated Sourcespecifies the IP address or IP address range to
which the original source will be mapped.

Original Destinationused to remap IP addresses based on the
destination address, this field specifies an Address Object that can consist of an IP address or IP address range.
Translated Destinationspecifies the IP address or IP address
range to which the original source will be mapped.

Original Serviceused to filter source addresses by service, this
field specifies a Service Object that can be a single service or group of services.
Translated Serviceused to filter destination addresses by service,
this field specifies a Service Object that can be a single service or group of services.
Source Interfacefilters source addresses by interface. Destination Interfacefilters destination addresses by interface. 4. 5.
To enable the NAT policy, select the Enable check box. Add any comments to the Comments field.
193
6.
If you selected an Address Group Object for any of the drop-down lists on the General tab, you can make changes on the Advanced tab. Click the Advanced tab.
7.
Select the NAT method from the NAT Method drop-down list. For information on the available methods, see NAT Load Balancing Methods on page 191.
8.
Optionally select the Enable Probing checkbox and make desired changes to the following fields:
Probe host every ... secondsindicates how often to probe the
addresses in the load-balancing group

Probe Typespecifies to use either Ping (ICMP) or TCP (checks that
a socket is opened) for probing

Portspecifies the port that the probe will use, such as TCP port 80
for a Web server

Reply time outspecifies the number of seconds to wait for a reply
to the probe
Deactivate host after ... missed intervalsspecifies the number of
reply time outs before deciding that the host is unreachable

Reactivate host after ... successful intervalsspecifies the number
of replies received before deciding that the host is available for load balancing again
9.
When you are finished, click Update. The policy is added and you are returned to the NAT Policies screen.
194
Configuring Web Proxy Forwarding Settings

A Web proxy server intercepts HTTP requests and determines if it has stored copies of the requested Web pages. If it does not, the proxy completes the request to the server on the Internet, returning the requested information to the user and also saving it locally for future requests. Setting up a Web proxy server on a network can be cumbersome, because each computer on the network must be configured to direct Web requests to the server. If there is a proxy server on the SonicWALL appliances network, you can move the SonicWALL appliance between the network and the proxy server, and enable Web Proxy Forwarding. This will forward all WAN requests to the proxy server without requiring the computers to be individually configured. To configure Web Proxy Forwarding settings, perform the following steps:
1.
Expand the Network tree and click Web Proxy. The Web Proxy page displays.
2. 3. 4. 5. 6.
Enter the name or IP address of the proxy server in the Proxy Web Server field. Enter the proxy IP port in the Proxy Web Server Port field. To bypass the Proxy Server if a failure occurs, select the Bypass Proxy Servers Upon Proxy Server Failure check box. If you have clients configured on the DMZ, select the Forward DMZ Client Requests to Proxy Server check box. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
195
Configuring Routing in SonicOS Enhanced

If you have routers on your interfaces, you can configure the SonicWALL appliance to route network traffic to specific predefined destinations. Static routes must be defined if the network connected to an interface is segmented into subnets, either for size or practical considerations. For example, a subnet can be created to isolate a section of a company, such as finance, from network traffic on the rest of the LAN, DMZ, or WAN. To add static routes, perform the following steps:
1.
Expand the Network tree and click Routing. The Routing page displays.
196
2.
Click Add Route Policy.
3. 4. 5. 6. 7. 8. 9.
Select the source address object from the Source list box. Select the destination address object from the Destination list box. Specify the type of service that will be routed from the Service list box. Select the address object that will act as a gateway for packets matching these settings. Select the interface through which these packets will be routed from the Interface list box. Specify the RIP metric in the Metric field. Type a descriptive comment into the Comment field. select the Disable route when the interface is disconnected checkbox. Allow VPN path to take precedence checkbox to allow a matching VPN network to take precedence over the static route when the VPN tunnel is up. the selected SonicWALL appliance(s). To clear all screen settings and start over, click Reset.
10. For appliances running SonicOS Enhanced 4.0 and above, optionally
11. For appliances running SonicOS Enhanced 4.0 and above, select the
12. When you are finished, click Update. The route settings are configured for
197
Configuring RIP in SonicOS Enhanced
Probe-Enabled Policy Based Routing Configuration

For appliances running SonicOS Enhanced 5.5 and above, you can optionally configure a Network Monitor policy for the route. When a Network Monitor policy is used, the static route is dynamically disabled or enabled, based on the state of the probe for the policy.
1.
In the Probe pull-down menu select the appropriate Network Monitor object or select Create New Network Monitor object... to dynamically create a new object. For more information, see Configuring Network Monitor on page 210. Typical configurations will not check the Disable route when probe succeeds checkbox, because typically administrators will want to disable a route when a probe to the routes destination fails. This option is provided to give administrators added flexibility for defining routes and probes. Select the Probe default state is UP to have the route consider the probe to be successful (i.e. in the UP state) when the attached Network Monitor policy is in the UNKNOWN state. This is useful to control the probe-based behavior when a unit of a High Availability pair transitions from IDLE to ACTIVE, because this transition sets all Network Monitor policy states to UNKNOWN. Click Update to apply the configuration.
2.
3.
4.

Routing Information Protocol (RIP) is a distance-vector routing protocol that is commonly used in small homogeneous networks. Using RIP, a router will periodically send its entire routing table to its closest neighbor, which passes the information to its next neighbor, and so on. Eventually, all routers within the network will have the information about the routing paths. When attempting to route packets, a router will check the routing table and select the path that requires the fewest hops. SonicWALL appliances support RIPv1 or RIPv2 to advertise its static and dynamic routes to other routers on the network. Changes in the status of VPN tunnels between the SonicWALL and remote VPN gateways are also reflected in the RIPv2 advertisements. Choose between RIPv1 or RIPv2 based on your routers capabilities or configuration. RIPv1 is an earlier version of the protocol that has fewer features, and it also sends packets via broadcast instead of multicast. RIPv2 packets are backwards-compatible and can be accepted by some RIPv1 implementations that provide an option of listening for multicast
198
packets. The RIPv2 Enabled (broadcast) selection broadcasts packets instead of multicasting packets, and is for heterogeneous networks with a mixture of RIPv1 and RIPv2 routers. To configure RIP, perform the following steps:
1.
Expand the Network tree and click RIP (ENH). The RIP (ENH) page displays.
2.
Click the Edit Icon ( ) for an interface. The Edit Route Advertising Settings dialog box displays.
3.
Select the RIP version from the RIP Advertisements list box:
RIPv1 Enabledfirst version of RIP. RIPv2 Enabled (multicast)sends route advertisements using
multicasting (a single data packet to specific nodes on the network).

RIPv2 Enabled (broadcast)sends route advertisements using
broadcasting (a single data packet to all nodes on the network).
199
4. 5. 6. 7.
In the Advertise Default Route menu, select Never, or When WAN is up, or Always. To advertise static routes that you specified on the Routes page, select the Advertise Static Routes check box. To advertise remote VPN networks that you specified on the Routes page, select the Advertise Remote VPN Networks check box. To set the amount of time between a VPN tunnel state change and the time the change is advertised, enter a value in the Route Change Damp Time field (default: 30 seconds). To specify the number of advertisements that are sent after a route is deleted, enter a value in the Deleted Route Advertisements field (default: 5 advertisements). By default, the connection between this router and its neighbor counts as one hop. However, there are cases where you want to discourage or reduce the use of this route by adding additional hops. To change the hop count of this route, enter the number of hops in the Route Metric field. you can enter a value for the Route Tag. This value is implementation-dependent and provides a mechanism for routers to classify the originators of RIPv2 advertisements.
8.
9.
10. Optional. If RIPv2 is selected from the Route Advertisements list box,
11. Optional. Select from the following RIPv2 Authentication options: User DefinedEnter 4 hex digits in the Authentication Type field
and 32 hex digits in the Authentication Data field. Authentication Password field.
Cleartext PasswordEnter a password (16 characters or less) in the MD5 DigestEnter a numerical value from 0-255 in the
Authentication Key-Id field. Enter a 32 hex digit value for the Authentication Key field, or use the generated key.
12. When you are finished, click Update. The settings are changed for the
SonicWALL appliance. To clear all screen settings and start over, click Reset.
Configuring IP Helper
The IP Helper allows the SonicWALL to forward DHCP requests originating from the interfaces on a SonicWALL to a centralized DHCP server on the behalf of the requesting client. IP Helper is used extensively in routed VLAN environments where a DHCP server is not available for each interface, or
200
where the layer 3 routing mechanism is not capable of acting as a DHCP server itself. The IP Helper also allows NetBIOS broadcasts to be forwarded with DHCP client requests.
Note
IP Helper is only supported in SonicOS Enhanced.
To enable IP Helper and add an IP Helper policy, perform the following steps:
1.
Expand the Network tree and click IP Helper. The IP Helper page displays.
2.
Select the Enable IP Helper check box. For appliances running SonicOS Enhanced versions lower than 5.5, you can also configurre DHCP and NetBIOS support:
3. 4.
To enable DHCP support, select Enable DHCP Support. To enable NetBIOS support, select Enable NetBIOS Support.
Configuring Relay Protocols

Appliances running SonicOS Enhanced versions 5.5 and higher support Enhanced IP Helper that offers configurable Relay Protocols. The following built-in applications are included:
DHCPUDP port number 67/68 201
Net-Bios NSUDP port number 137 Net-Bios DatagramUDP port number 138 DNSUDP port number 53 Time ServiceUDP port number 37 Wake on LAN (WOL) mDNSUDP port number 5353; multicast address 224.0.0.251
To enable any of these protocols, select the Enable checkbox and click Update. To configure additional protocols, perform the following steps:
1.
Click Add Relay Protocol. The Add Ip Helper Application window displays.
2.
Configure the following options: NameThe name of the protocols. Note that these are case sensitive and must be unique. Port 1/2The unique UDP port number. Translate IPTranslation of the source IP while forwarding a packet. TimeoutIP Helper cache timeout in seconds at an increment of 10. Raw ModeUnidirectional forwarding that does not create an IP Helper cache. This is suitable for most of the user-defined protocols that are used for discovery, for example WOL/mDNS. Click Update.
3.
202
Configuring IP Helper Policies

1.
To add an IP Helper Policy, click Add IP Helper Policy. The Add IP Helper dialog box displays.
2. 3. 4. 5. 6. 7. 8. 9.
The policy is enabled by default. To configure the policy without enabling it, clear the Enabled check box. Select DHCP or NetBIOS from the Protocol menu. Select a source Interface or Zone from the From menu. Select a destination IP address or subnet from the To menu. Enter an optional comment in the Comment field. Click OK to add the policy to the IP Helper Policies table. Repeat this procedure for each policy to add. To delete a policy, click the trash can icon next to the policy. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
Configuring ARP
ARP (Address Resolution Protocol) maps layer 3 (IP addresses) to layer 2 (physical or MAC addresses) to enable communications between hosts residing on the same subnet. ARP is a broadcast protocol that can create excessive amounts of network traffic on your network. To minimize the broadcast traffic, an ARP cache is maintained to store and reuse previously learned ARP information. To configure ARP, perform the following steps:
203
1.
Expand the Network tree and click ARP. The ARP page displays.
Static ARP Entries

The Static ARP feature allows for static mappings to be created between layer 2 MAC addresses and layer 3 IP addresses, but also provides the following capabilities:
Publish EntryEnabling the Publish Entry option in the Add Static ARP window causes the SonicWALL device to respond to ARP queries for the specified IP address with the specified MAC address. This can be used, for example, to have the SonicWALL device reply for a secondary IP address on a particular interface by adding the MAC address of the SonicWALL. See the Secondary Subnet section that follows.
204
Bind MAC AddressEnabling the Bind MAC Address option in the Add Static ARP window binds the MAC address specified to the designated IP address and interface. This can be used to ensure that a particular workstation (as recognized by the network card's unique MAC address) can only be used on a specified interface on the SonicWALL. Once the MAC address is bound to an interface, the SonicWALL will not respond to that MAC address on any other interface. It will also remove any dynamically cached references to that MAC address that might have been present, and it will prohibit additional (non-unique) static mappings of that MAC address. Update IP Address DynamicallyThe Update IP Address Dynamically setting in the Add Static ARP window is a sub-feature of the Bind MAC Address option. This allows for a MAC address to be bound to an interface when DHCP is being used to dynamically allocate IP addressing. Enabling this option will blur the IP Address field, and will populate the ARP Cache with the IP Address allocated by the SonicWALL's internal DHCP server, or by the external DHCP server if IP Helper is in use.
Secondary Subnets with Static ARP

The Static ARP feature allows for secondary subnets to be added on other interfaces, and without the addition of automatic NAT rules.
Adding a Secondary Subnet using the Static ARP Method

1.
Add a 'published' static ARP entry for the gateway address that will be used for the secondary subnet, assigning it the MAC address of the SonicWALL interface to which it will be connected. Add a static route for that subnet, so that the SonicWALL regards it as valid traffic, and knows to which interface to route that subnet's traffic. Add Access Rules to allow traffic destined for that subnet to traverse the correct network interface. Optional: Add a static route on upstream device(s) so that they know which gateway IP to use to reach the secondary subnet.
2. 3. 4.
Flushing the ARP Cache

It is sometimes necessary to flush the ARP cache if the IP address has changed for a device on the network. Since the IP address is linked to a physical address, the IP address can change but still be associated with the
205
physical address in the ARP Cache. Flushing the ARP Cache allows new information to be gathered and stored in the ARP Cache. Click Flush ARP Cache to clear the information. To configure a specific length of time for the entry to time out, enter a value in minutes in the ARP Cache entry time out (minutes) field.
Navigating and Sorting the ARP Cache Table Entries

To view ARP cache information, click Request ARP Cache display from unit(s). The ARP Cache table provides easy pagination for viewing a large number of ARP entries. You can navigate a large number of ARP entries listed in the ARP Cache table by using the navigation control bar located at the top right of the ARP Cache table. Navigation control bar includes four buttons. The far left button displays the first page of the table. The far right button displays the last page. The inside left and right arrow buttons moved the previous or next page respectively. You can enter the policy number (the number listed before the policy name in the # Name column) in the Items field to move to a specific ARP entry. The default table configuration displays 50 entries per page. You can change this default number of entries for tables on the System > Administration page. You can sort the entries in the table by clicking on the column header. The entries are sorted by ascending or descending order. The arrow to the right of the column entry indicates the sorting status. A down arrow means ascending order. An up arrow indicates a descending order.
206
Configuring SwitchPorts
The SwitchPorts page allows you to manage the assignments of ports to PortShield interfaces. A PortShield interface is a virtual interface with a set of ports assigned to it. To configure a SwitchPort, perform the following steps:
1.
Expand the Network tree and click SwitchPorts. The SwitchPorts page displays.
2.
Click the Edit icon ( ) for the SwitchPort you want to configure. The SwitchPort Configuration window displays.
The name of the PortShield interface group will be assigned by default.

3.
Click on the Port Enable list box and click on either the Enable or Disable option to either activate or deactivate the interfaces in the PortShield interface group.
207
4. 5.
Click on the PortShield interface list box and click on the PortShield interface you created in the previous procedure. Click on the Link Speed list box and click on a throughput speed you want to assign the interface. The choices are:
Auto negotiate 100Mbps Full Duplex 100 Mbps Half Duplex 10 Mbps Full Duplex 10 Mbps Half Duplex
Note
Do not change this setting from the default of Auto negotiate unless your system requires you to do so. Also, note that for any setting involving the Full Duplex feature to work properly, be sure to configure Full Duplex on both ends of the link. By not having Full Duplex configured on both ends, a duplex mismatch occurs, causing throughput loss. Click on the Rate Limit option and Select on a value. The rate limit value enables you to throttle traffic coming into the switch. Remember, these values apply to inbound traffic only. Click Ok. Wait for a few seconds. The system then will incorporate the changes you made to the PortShield interface Group and add it back to the switch ports list.
6.
7.
Configuring PortShield Groups

On the Network > PortShield Groups page, you can manually group ports together, which allows them to share a common network subnet as well as common zone settings.
208
Note
The PortShield Groups page is supported on appliances running SonicOS Enhanced versions 5.5 or higher.
To assign an interface to a PortShield group, perform the following steps:

1. 2.
Navigate to the Network > PortShield Groups page. Click on the Configure icon for the interface you want to assign to a PortShield group. The Edit Switch Port window displays. Interfaces must be configured before being grouped with PortShield.
Note
3. 4. 5. 6.
In the Port Enabled pulldown menu, select whether you want to enabled or disable the interface. In the PortShield Interface pulldown menu, select which interface you want to assign as the master interface for the PortShield interface. In the Link Speed pulldown menu, select the link speed for the interfaces. Click OK.
209
Configuring Network Monitor

This section describes how to configure the Network Monitor feature, which provides a flexible mechanism for monitoring network path viability. The results and status of this monitoring are displayed on the Network Monitor page, and are also provided to affected client components and logged in the system log. Each custom NM policy defines a destination Address Object to be probed. This Address Object may be a Host, Group, Range, or FQDN. When the destination Address Object is a Group, Range or FQDN with multiple resolved addresses, Network Monitor probes each probe target and derives the NM Policy state based on the results.
To add a network monitor policy on the SonicWALL security appliance, perform these steps:
1.
From the Network > Network Monitor page, click the Add button. The Add Network Monitor Policy window is displayed.
2.
Enter the following information to define the network monitor policy: Name - Enter a description of the Network Monitor policy.
210
Probe Target - Select the Address Object or Address Group to be the target of the policy. Address Objects may be Hosts, Groups, Ranges, or FQDNs object. Objects within a Group object may be Host, Range, or FQDN Address Objects. You can dynamically create a new address object by selecting Create New Address Object. Probe Type - Select the appropriate type of probe for the network monitor policy:
Ping (ICMP) - This probe uses the route table to find the egress
interface and next-hop for the defined probe targets. A Ping echo-request is sent out the egress interface with the source IP address of the egress interface. An echo response must return on the same interface within the specified Response Timeout time limit for the ping to be counted as successful.
TCP - This probe uses the route table to find the egress interface and
next-hop for the defined probe targets. A TCP SYN packet is sent to the probe target with the source IP address of the egress interface. A successful response will be counted independently for each probe target when the target responds with either a SYN/ACK or RST via the same interface within the Response Timeout time window. When a SYN/ACK is received, a RST is sent to close the connection. If a RST is received, no response is returned.
Ping (ICMP) - Explicit Route - This probe bypasses the route table
and uses the source IP address of the interface specified in the Outbound Interface pull-down menu to send a Ping to the targets. If a Next Hop Gateway is not specified, the probe assumes that the targets are directly connected to the Outbound Interface's network.
TCP - Explicit Route - This probe bypasses the route table and uses
the source IP address of the interface specified in the Outbound Interface pull-down menu to send a TCP SYN packet to the targets. If a Next Hop Gateway is not specified, the probe assumes that the targets are directly connected to the Outbound Interface's network. When a SYN/ACK is received, a RST is sent to close the connection. If a RST is received, no response is returned.
Next Hop Gateway - Manually specifies the next hop that is used from
the outbound interface to reach the probe target. This option must be configured for Explicit Route policies. For non-Explicit Route policies, the probe uses the appliances route table to determine the egress interface to reach the probe target.If a Next Hop Gateway is not specified, the probe assumes that the targets are directly connected to the Outbound Interface's network.
211
Configuring Network Settings in SonicOS Standard
Outbound Interface - Manually specifies which interface is used to send the probe. This option must be configured for Explicit Route policies. For non-Explicit Route policies, the probe uses the appliances route table to determine the egress interface to reach the probe target. Port - Specifies the destination port of target hosts for TCP probes. A port is not specified for Ping probes. Optionally, you can adjust the following thresholds for the probes: Probe hosts every - The number of seconds between each probe. This number cannot be less than the Reply time out field. Reply time out - The number of seconds the Network Monitor waits for a response for each individual probe before a missed-probe will be counted for the specific probe target. The Reply time out cannot exceed the Probe hosts every field. Probe state is set to DOWN after - The number of consecutive missed probes that triggers a host state transition to DOWN. Probe state is set to UP after - The number of consecutive successful probes that triggers a host state transition to UP. All Hosts Must Respond - Selecting this checkbox specifies that all of the probe target Host States must be UP before the Policy State can transition to UP. If not checked, the Policy State is set to UP when any of the Host States are UP. Optionally, you can enter a descriptive comment about the policy in the Comment field. Click Update to submit the Network Monitor policy. Then click Update on the Network > Network Monitor page.
3.
4. 5.
When configuring a static route, you can optionally configure a Network Monitor policy for the route. When a Network Monitor policy is used, the static route is dynamically disabled or enabled, based on the state of the probe for the policy. For more information, see Probe-Enabled Policy Based Routing Configuration on page 198.

The following sections describe how to configure network settings in SonicOS Standard:
Configuring Basic Network Settings in SonicOS Standard on page 213
212
Configuring Web Proxy Forwarding on page 223 Configuring Intranet Settings on page 223 Configuring Routing in SonicOS Standard on page 225 Configuring RIP in SonicOS Standard on page 225 Configuring One-to-One NAT on page 229 Configuring Ethernet Settings on page 231 Configuring ARP on page 233
Configuring Basic Network Settings in SonicOS Standard

The Network settings page is used to configure the network addressing mode, LAN settings, WAN settings, DMZ settings, and the DNS server address(es). SonicOS Standard supports six network addressing modes. For all of these modes, first configure the universal settings:

LAN Settings for all Network Addressing Modes on page 213 Standard Mode on page 214 NAT-Enabled Mode on page 215 NAT with DHCP Client Mode on page 217 NAT With PPPoE Client on page 218 NAT With L2TP Client on page 219 NAT With PPTP Client on page 221
Then configure the settings for the appropriate network addressing mode:
Note
Making changes to this page causes the SonicWALL appliance will automatically restart. We recommend scheduling the tasks to run when network activity is low.
LAN Settings for all Network Addressing Modes

For all six of the network addressing modes supported in SonicOS Standard, complete the following basic network settings:
1.
Enter the IP address assigned to the LAN interface in the SonicWALL LAN IP Address field and the subnet the IP address belongs to in the LAN Subnet Mask field.
213
2. 3.
To add an additional subnet, enter the IP address and subnet in the Network Gateway and Subnet Mask fields and click Add Subnet. Enter the IP address of the router that provides Internet access to SonicWALL appliance in the WAN Gateway (Router) Address field. The SonicWALL WAN IP Address and WAN Subnet Mask are automatically set to the SonicWALL LAN IP Address. and LAN Subnet Mask, respectively.
Standard Mode
When you select Standard Mode (also known as Transparent Mode), Network Address Translation (NAT) is disabled. All nodes on the LAN or WorkPort that will access or be accessed from the Internet must use valid, Internet-accessible IP addresses. To configure a SonicWALL appliance for standard network addressing, perform the following steps:
1.
On the Network > Settings, select Standard from the Network Addressing Mode area.
2. 3.
Configure the LAN Settings as described in LAN Settings for all Network Addressing Modes on page 213. Enter the IP addresses of the DNS servers in the DNS Server 1-3 fields.
214
Note
SonicWALL appliances require the IP address of at least one DNS server to function properly. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
4.
NAT-Enabled Mode
NAT provides anonymity to machines on the LAN or WorkPort by connecting the entire network to the Internet using a single IP address. This provides security to the internal machines by hiding them from the outside world and conserves IP addresses. When using NAT, we recommend using internal network IP addresses from a special range. The following IP address ranges are reserved for private IP networks and are not routed on the Internet: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 If your network uses IP addresses that are not registered to your organization and are not within the private IP address ranges, the servers on the Internet to which those IP addresses belong will not be accessible from your network. For example, if an IP address on your network is 185.5.20.105 and it is not registered to your organization, the server that uses that IP address on the Internet will not be accessible from your network.
Note
If you choose to use NAT, but need to make some machines available to the outside world, use One-to-One NAT. One-to-One NAT maps external IP addresses to private IP addresses. For more information, see Configuring One-to-One NAT on page 229.
215
To configure a SonicWALL appliance for NAT, perform the following steps:

1.
On the Network > Settings page, select NAT Enabled from the Network Addressing Mode area.
2. 3.
Configure the LAN Settings as described in LAN Settings for all Network Addressing Modes on page 213. Configure the following WAN Settings:
SonicWALL WAN IP (NAT Public) AddressPublic IP address used
to access the Internet. All activity on the Internet will appear to originate from this address. This IP address must be valid and is generally supplied by your Internet Service Provider (ISP).
WAN Gateway (Router) AddressAddress of the router that
attaches the LAN to the Internet.

WAN Subnet MaskDetermines the subnet to which the public IP
address belongs. This is generally supplied by your ISP.

4.
Enter the IP addresses of the DNS servers in the DNS Server 1-3 fields. SonicWALL appliances require the IP address of at least one DNS server to function properly.
Note
216
5.
NAT with DHCP Client Mode

When you select the NAT with DHCP Client mode, the SonicWALL appliance uses DHCP to obtain a dynamic IP address from the ISP and NAT. For more information on NAT, see NAT-Enabled Mode on page 215. To configure a SonicWALL appliance for NAT with a DHCP client, perform the following steps:
1.
On the Network > Settings, page, select NAT with DHCP Client from the Network Addressing Mode area.
2. 3.
Configure the LAN Settings as described in LAN Settings for all Network Addressing Modes on page 213. The WAN settings and the DNS server IP addresses are automatically provided by the DHCP server of the service provider. You do not need to configure any parameters in the WAN Settings area. In the Other Settings area, enter the name of the DHCP server in the Host Name field. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
4. 5.
217
NAT With PPPoE Client

When you select the NAT with PPPoE Client mode, the SonicWALL appliance uses PPP over Ethernet (PPPoE) to connect to the Internet. PPPoE is required by some ISPs to authenticate users over broadband Internet access devices (e.g., DSL, cable modems, wireless). Note that when using NAT for the PPPoE client, the password appears in clear text.
Note
When this mode is selected, the SonicWALL LAN IP Address is used as the gateway address for computers on the LAN or WorkPort.
To configure a SonicWALL appliance for NAT with PPPoE, perform the following steps:
1.
On the Network > Settings, page, select NAT with PPPoE Client from the Network Addressing Mode area.
2. 3.
Configure the LAN Settings as described in LAN Settings for all Network Addressing Modes on page 213. Configure the following ISP Settings:
218
User Nameusername provided by the ISP. Passwordpassword used to authenticate the username with the
ISP. This field is case-sensitive.

4.
To specify how long the SonicWALL appliance waits before disconnecting from the Internet, select the Disconnect after minutes of inactivity checkbox and enter the amount of time in the inactivity field. Select from the following:
To configure the SonicWALL appliance(s) to dynamically obtain an IP
5.
address, select Obtain an IP Address automatically.
select Use the following IP Address and enter the IP address.
6.
NAT With L2TP Client

When you select the NAT with L2TP Client mode, the SonicWALL appliance uses Layer Two Tunneling Protocol (L2TP) to connect to the Internet.
Note
When this mode is selected, the SonicWALL LAN (WorkPort) IP Address is used as the gateway address for computers on the LAN or WorkPort.
219
To configure a SonicWALL appliance for NAT with L2TP, perform the following steps:
1.
On the Network > Settings, page, select NAT with L2TP Client from the Network Addressing Mode area.
2. 3.
Configure the LAN Settings as described in LAN Settings for all Network Addressing Modes on page 213. Select from the following WAN settings:
To configure the SonicWALL appliance to dynamically obtain an IP
address, select Obtain an IP address using DHCP.

To renew the IP address, click Renew Lease. To release the IP address, click Release.
To configure the SonicWALL appliance to use fixed settings, select
Use the specified IP address and enter the following:
SonicWALL WAN IP (NAT Public) AddressPublic IP address
used to access the Internet. All activity on the Internet will appear to originate from this address. This IP address must be valid and is generally supplied by your Internet Service Provider (ISP).


4.
Enter the IP address of the DNS server in the DNS Server 1 field.
220
5.
Configure the following ISP L2TP Settings:

L2TP Host Namethis information is provided by your ISP. L2TP Server IP Addressthis information is provided by your ISP. User Nameusername provided by the ISP. Passwordpassword used to authenticate the username with the
ISP. This field is case-sensitive.

6.
To specify how long the SonicWALL appliance waits before disconnecting from the Internet, select the Disconnect after minutes of inactivity checkbox and enter the amount of time in the inactivity field. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
7.
NAT With PPTP Client

When you select the NAT with PPTP Client mode, the SonicWALL appliance uses Point-to-Point Tunneling Protocol (PPTP) to connect to the Internet. When this mode is selected, the SonicWALL LAN (WorkPort) IP Address is used as the gateway address for computers on the LAN or WorkPort. To configure a SonicWALL appliance for NAT with PPTP, perform the following steps:
1.
On the Network > Settings, page, select NAT with PPTP Client from the Network Addressing Mode area.
2. 3.
Configure the LAN Settings as described in LAN Settings for all Network Addressing Modes on page 213. Select from the following WAN settings:
To configure the SonicWALL appliance to dynamically obtain an IP
address, select Obtain an IP address using DHCP.
221
To renew the IP address, click Renew Lease. To release the IP address, click Release. To configure the SonicWALL appliance to use fixed settings, select
Use the specified IP address and enter the following:
SonicWALL WAN IP (NAT Public) AddressPublic IP address
used to access the Internet. All activity on the Internet will appear to originate from this address. This IP address must be valid and is generally supplied by your Internet Service Provider (ISP).


4. 5.
Enter the IP address of the DNS server in the DNS Server 1 field. Configure the following ISP PPTP Settings:
PPTP Host Namethis information is provided by your ISP. PPTP Server IP Addressthis information is provided by your ISP. User Nameusername provided by the ISP. User Passwordpassword used to authenticate the username with
the ISP. This field is case-sensitive.

6.
To specify how long the SonicWALL appliance waits before disconnecting from the Internet, select the Disconnect after minutes of inactivity checkbox and enter the amount of time in the inactivity field. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
7.
Configuring Dynamic DNS

Note
Dynamic DNS forwarding settings are identical in SonicOS Standard and Enhanced. For configuration information, see Configuring Dynamic DNS on page 181 in the SonicOS Enhanced section of this chapter.
222
Configuring Web Proxy Forwarding

Note
Web proxy forwarding settings are identical in SonicOS Standard and Enhanced. For configuration information, see Configuring Web Proxy Forwarding Settings section on page 195 in the SonicOS Enhanced section of this chapter.
Configuring Intranet Settings

SonicWALLs can be installed between LAN segments of intranets to prevent unauthorized access to certain resources. For example, if the administrative offices of a school are on the same network as the student computer lab, they can be separated by a SonicWALL. Figure 3 shows how a SonicWALL appliance can be installed between two network segments on an Intranet.
Figure 3 SonicWALL Intranet Configuration
Note
Devices connected to the WAN port do not have firewall or content filter protection. To protect these units, install another SonicWALL appliance between the Internet and devices connected to the WAN port of the other SonicWALL appliance.
223
Although the systems on the WAN and LAN links are separated, they are still on the same subnet. Consequentially, you must make the systems on the larger network aware of the systems on the smaller network. To do this, perform the following steps:
1.
Expand the Network tree and click Intranet. The Intranet page displays.
2.

If the SonicWALL is not used to separate LAN segments on the
intranet, select SonicWALLs WAN link is connected to the Internet Router. addresses are attached to the LAN link.
If the smaller network is connected to the LAN, select Specified If the smaller network is connected to the WAN, select Specified
addresses are attached to the WAN link.
3.
Enter the IP address or IP address range of a system or group of systems on the smaller network:
To enter a single IP address, enter the IP address in the Addr Range
Begin field.
To enter a range of IP addresses, enter the starting IP address in the
Addr Range Begin field and the ending IP address in the Addr Range End field.
Click Add Range. 4. 5.
Repeat Step 3. for each IP address or IP address range on the smaller network. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
224
6.
To define which services can be accessed from outside the restricted network segment, see Configuring Firewall Settings in SonicOS Standard on page 269.
Configuring Routing in SonicOS Standard

If the LAN(s) have internal routers, their addresses and network information must be entered into the SonicWALL(s). To add an internal router, perform the following steps:
1.
Expand the Network tree and click Routing. The Routing page displays.
2. 3. 4. 5. 6.
Select whether the router is connected to the LAN (WorkPort), WAN, or OPT interface from the Link list box. Enter the destination network IP addresses in the Destination Network and Subnet Mask fields. Enter the IP address of the router in the Gateway field. Click Add Route. Repeat Step 2. through Step 4. for each route that you want to add. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
Configuring RIP in SonicOS Standard

RIP is a distance-vector routing protocol that is commonly used in small homogeneous networks. Using RIP, a router will periodically send its entire routing table to its closest neighbor, which passes the information to its next neighbor, and so on. Eventually, all routers within the network will have the information about the routing paths. When attempting to route packets, a router will check the routing table and select the path that requires the fewest hops. 225
RIP is not supported by all SonicWALL appliances. To configure RIP, perform the following steps:
1.
Expand the Network tree and click RIP. The RIP page displays.
2.
Select the RIP version from the RIP Advertisements list box:
RIPv1 Enabledfirst version of RIP. RIPv2 Enabled (multicast)sends route advertisements using
multicasting (a single data packet to specific nodes on the network).

RIPv2 Enabled (broadcast)sends route advertisements using
broadcasting (a single data packet to all nodes on the network).

3. 4.
To advertise static routes that you specified on the Routing page, select the Advertise Static Routes check box. To set the amount of time between a VPN tunnel state change and the time the change is advertised, enter a value in the Route Change Damp Time field (default: 30 seconds). To specify the number of advertisements that are sent after a route is deleted, enter a value in the Deleted Route Advertisements field (default: 5 advertisements). By default, the connection between this router and its neighbor counts as one hop. However, there are cases where you want to discourage or reduce the use of this route by adding additional hops. To change the hop count of this route, enter the number of hops in the Route Metric field.
5.
6.
226
7.
Optional. If RIPv2 is selected from the Route Advertisements list box, you can enter a value in the RIPv2 Route Tag field. This value is implementation-dependent and provides a mechanism for routers to classify the originators of RIPv2 advertisements. Optional. Select from the following RIPv2 Authentication options:
User DefinedEnter 4 hex digits in the Authentication Type field
8.
and 32 hex digits in the Authentication Data field. Authentication Password field.
Cleartext PasswordEnter a password (16 characters or less) in the MD5 DigestEnter a numerical value from 0-255 in the
Authentication Key-Id field. Enter a 32 hex digit value for the Authentication Key field, or use the generated key.
9.
When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
Configuring OPT Addresses

SonicWALL appliances protect users by preventing Internet users from accessing systems within the LAN (WorkPort). However, this security also prevents users from reaching servers intended for public access, such as Web and mail servers. To allow these services, many SonicWALL models have a special Demilitarized Zone (DMZ) port (also known as the HomePort) which is used for public servers. The DMZ sits between the LAN (WorkPort) and the Internet. Servers on the DMZ are publicly accessible, but are protected from denial of service attacks such as SYN Flood and Ping of Death. Although the DMZ port is optional, it is strongly recommended for public servers or when connecting the servers directly to the Internet where they are not protected.
Note
Some newer SonicWALL appliances have one or more OPT ports that can be configured as a DMZ port. For more information, see Overview of Interfaces on page 153.
Each server on the DMZ port or HomePort requires a unique, publishable Internet IP address. The ISP that provides your Internet connection should be able to provide these addresses.
227
To add OPT IP addresses, perform the following steps:

1. 2.
Expand the Network tree and click DMZ Addresses or HomePort Addresses. The DMZ/HomePort Addresses page displays.
3.

If the devices on the DMZ will use fixed IP addresses, select OPT in
Standard Mode. Then, enter the starting IP address in the Addr Range Begin field, the ending IP address in the Addr Range End field, and click Add Range. Repeat this step for each range of IP addresses. Begin field.
To enter a single IP address, enter the IP address in the Addr Range If the devices on the DMZ or HomePort will use NAT, select OPT in
NAT Mode and do the following:
Enter the private internal IP address assigned to the DMZ or
HomePort interface in the OPT Private Address field.
Assign a subnet mask in the DMZ or HomePort Subnet Mask field.
The LAN (WorkPort) and OPT can have the same subnet mask, but the subnets must be different. For instance, the LAN subnet can be 192.168.0.1 with a subnet mask of 255.255.255.0, and the DMZ subnet can be 172.16.18.1 with a subnet mask of 255.255.255.0.
To define a DMZ or HomePort public IP address that will be used to
access devices on the DMZ interface, enter an IP address in the OPT NAT Many to One Public Address field (Optional).
4.
228
Enter a single IP address in the Addr Range Begin field. Enter a range of IP addresses in the Addr Range Begin field and the
ending IP address in the Addr Range End field.
5. 6. 7.
Click Add Range. To enter additional IP addresses and IP address ranges, repeat Steps 3. and 4. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
Configuring One-to-One NAT

One-to-One NAT maps valid external IP addresses to internal addresses hidden by NAT. This enables you to hide most of your network by using internal IP addresses. However, some machines may require access. This enables you to allow direct access when necessary. To do this, assign a range of internal IP addresses to a range of external IP addresses of equal size. The first internal IP address will correspond to the first external IP address, the second internal IP address to the second external IP address, and so on. For example, if an ISP has assigned IP addresses 209.19.28.16 through 209.19.28.31 with 209.19.28.16 as the NAT public address and the address range 192.168.168.1 through 192.168.168.255 is used on the LAN (WorkPort), the following table shows how the IP addresses will be assigned.
Table 3
LAN Address WAN Address
One-to-One NAT Example

Accessed Via
192.168.168.1 192.168.168.2 192.168.168.3 [...]
209.19.28.16 209.19.28.17 209.19.28.18 [...]
Inaccessible, NAT public IP address 209.19.28.17 209.19.28.18 [...] 209.19.28.31 No corresponding IP address
192.168.168.16 209.19.28.31 192.168.168.16 No corresponding IP address
229
LAN Address
WAN Address
Accessed Via
[...]
[...]
[...] No corresponding IP address
192.168.168.16 No corresponding IP address
230
To configure One-to-One NAT, perform the following steps:

1.
Expand the Network tree and click One-to-One NAT. The One-to-One NAT page displays.
One-to-One NAT Page
Figure 4
2. 3. 4.
Select the Enable One-to-One NAT check box. Enter the first IP address of the internal IP address range in the Private Range Begin field. Enter the first corresponding external IP address in the Public Range Begin field. Enter the number of IP addresses in the range in the Range Length field. Click Add Range. To add additional IP address ranges, repeat Step 3. through 6. for each range. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
Note: Do not include the NAT Public IP Address in a range.
5. 6. 7.
Configuring Ethernet Settings

This section describes how to configure Ethernet settings on each port of the SonicWALL appliance(s). The Ethernet Settings screen is only available on SonicWALL 6.x.x.x firmware versions and SonicOS Standard firmware versions.
231
To configure Ethernet settings, perform the following steps:

1.
Expand the Network tree and click Ethernet. The Ethernet page displays.
2.
Select from the following WAN Link Settings:

To configure the WAN link to automatically negotiate Ethernet
settings, select Auto Negotiate.
To specify WAN link settings, select Force and select the speed and
duplex settings.
3.
Select from the following OPT Link Settings:

To configure the OPT to automatically negotiate Ethernet settings,
select Auto Negotiate.
To specify OPT link settings, select Force and select the speed and
duplex settings.
4.
Select from the following LAN Link Settings:

To configure the LAN link to automatically negotiate Ethernet settings,
select Auto Negotiate. duplex settings.
To specify LAN link settings, select Force and select the speed and 5.
If you are managing the Ethernet connection from the LAN (WorkPort) side of your network, select the Proxy Management Workstation Ethernet Address on WAN check box. The SonicWALL appliance will take the Ethernet address of the computer that is managing the SonicWALL appliance and will proxy the address on the WAN port of the SonicWALL.
232
If you are not managing the SonicWALL appliance from the LAN side of your network, the firmware looks for a random computer on the LAN which can be a lengthy search process.
6.
To limit the size of packets sent over the Ethernet WAN interface, select the Fragment Outbound Packets Larger than the WAN MTU check box and enter the maximum size in the WAN MTU field. If the maximum transmission unit (MTU) size is too large for a remote router, it may require more transmissions. If the packet size is too small, this could result in more packet header overhead and more acknowledgements that have to be processed. The default size is 1,500 MTU.
7. 8.
To enable bandwidth management, select the Enable check box and enter the bandwidth of the connection in the Available Bandwidth field. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
Configuring ARP
Note
ARP settings are identical in SonicOS Standard and Enhanced. For configuration information, see Configuring ARP on page 203 in the SonicOS Enhanced section of this chapter.
233
234
CHAPTER 11 Configuring UTM Appliance Settings

The UTM settings in SonicWALL GMS are different for SonicWALL security appliances running SonicOS Enhanced and Standard. The following sections describe how to configure UTM settings for each of the operating systems:

Understanding the Network Access Rules Hierarchy section on page 235 Configuring Firewall Settings in SonicOS Enhanced section on page 237 Configuring Firewall Settings in SonicOS Standard section on page 269
Understanding the Network Access Rules Hierarchy

To determine whether packets are allowed through the UTM appliance, each SonicWALL checks the destination IP address, source IP address, and port against the firewall rules.
Note
Firewall rules take precedence over the default UTM functions. Because it is possible to disable all protection or block all access to the Internet, use caution when creating or deleting network access rules. Network access rules do not disable protection from Denial of Service attacks such as SYN Flood, Ping of Death, LAND, and so on. However, it is possible to create vulnerabilities to attacks that exploit application weaknesses.
235
Understanding the Network Access Rules Hierarchy
It is important to consider the purpose and ramifications of a rule before adding it to the firewall rule list. Use the following guidelines to determine the rule logic:
What is the purpose of the rule? For example, This rule will restrict all Internet Relay Chat (IRC) access from the LAN (WorkPort) to the Internet. Or, This rule will allow a remote Lotus Notes server to synchronize with our internal Notes server via the Internet. Will the rule allow or deny traffic? What is the flow of the traffic: LAN (WorkPort) to Internet or Internet to LAN (WorkPort)? Which IP services will be affected? Which computers on the LAN (WorkPort) will be affected? Which computers on the Internet will be affected? Be as specific as possible. For example, if traffic is being allowed from the Internet to the LAN (WorkPort), it is better to only allow specific computers to access the LAN or WorkPort. Will this rule stop LAN (WorkPort) users from accessing important resources on the Internet? For example, if IRC is blocked, are there users who require this service? Can the rule be modified to be more specific? For example, if IRC is blocked for all users, will a rule that only blocks certain users be more effective? Will this rule allow Internet users to access LAN or WorkPort resources in a way that makes the LAN vulnerable? For example, if NetBIOS ports (UDP 137,138, 139) are allowed from the Internet to the LAN, Internet users may be able to connect to PCs that have file sharing enabled. Does this rule conflict with other rules? Specific rules override general rules. Equally specific Deny rules override Allow rules.
After determining the logic of the rule, consider the ramifications:
The rule hierarchy uses two basic concepts:
For example: a rule defining a specific service is more specific than the Default rule; a defined Ethernet link, such as LAN (WorkPort), or WAN, is more specific than * (all); and a single IP address is more specific than an IP address range.
236
Configuring Firewall Settings in SonicOS Enhanced
Rules are listed in the LAN (WorkPort) Interface window from most specific to the least specific, and rules at the top override rules listed below. To illustrate this, consider the rules shown below:
Table 4
# Action Service Source
Sample Rules.
Destination
1 2 3 4 5 6 7
Deny Allow Deny Allow Deny Deny Allow
Chat (IRC) Ping Web (HTTP) Lotus Notes Default Default
206.18.25.4 (LAN) 199.2.23.0 - 199.2.23.255 (WAN) 216.37.125.0 - 216.37.125.255 (WAN) WAN * LAN (WorkPort)
148.178.90.55 (WAN) 206.18.25.4 (LAN) * LAN (WorkPort) * LAN (WorkPort) *
News (NNTP) LAN (WorkPort)
The Default Allow Rule (#7) at the bottom of the page allows all traffic from the LAN (WorkPort) out to the WAN. However, Rule #5 blocks all NNTP traffic from the LAN (WorkPort). The Default Deny Rule (#6) blocks traffic from the WAN to the LAN (WorkPort). However, Rule #4 overrides part of this rule by allowing Lotus Notes into the LAN (WorkPort) from the WAN.

The following sections describe how to configure UTM settings in SonicOS Enhanced:

Configuring Firewall Rules in SonicOS Enhanced on page 238 Configuring Multicast Settings on page 247 Configuring Advanced Firewall Settings on page 245 Configuring Voice over IP Settings on page 249 Configuring TCP Settings on page 251
237
Configuring Quality of Service Mapping on page 254 Configuring SSL Control on page 265
Configuring Firewall Rules in SonicOS Enhanced

To configure rules for SonicOS Enhanced, the service or service group that the rule will apply to must first be defined. If it is not, you can define the service or service group and then create one or more rules for it. To create one or more rules for the service. See Configuring Access Rules on page 238. To configure a service or service group, see Configuring Service Objects on page 242 and Adding a Service Group on page 244.
Configuring Access Rules

The following procedure describes how to add, modify, reset to defaults, or delete firewall rules for UTM appliances running SonicOS Enhanced. For appliances running SonicOS Enhanced, GMS supports paginated navigation and sorting by column header on the Access Rules screen. In the Access Rules table, you can click the column header to use for sorting. An arrow is displayed to the right of the selected column header. You can click the arrow to reverse the sorting order of the entries in the table. By hovering your mouse over entries on the Access Rules screen, you can display information about an object, such as an Address Object or Service. To configure an access rule, perform the following steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the UTM tree and click Access Rules. The Access Rules page displays. The Firewall > Access Rules page enables you to select multiple views of Access Rules, including Drop-down boxes, Matrix, and
238
All Rules. The default view is the Matrix View which provides a matrix of source and destination nodes between LAN, WAN, VPN, Multicast, and WLAN.
3.
From the Matrix View, click the Edit icon ( ). for the source and destination interfaces for which you will configure a rule. The Access Rules table for that interface pair displays. Below the Access Rules table, click Add Rule. The Add Rule dialog box displays.
4.
5.
Select whether access to this service will be allowed or denied. If a policy has a No-Edit policy action, the Action radio buttons will not be editable.
Note
239
6. 7. 8. 9.
Select a service from the from the Service Name list box. If the service does not exist, see Configuring Service Objects on page 242. Select the source Address Object from the Source list box. Select the destination Address Object from the Destination list box. Specify if this rule applies to all users or to an individual user or group in the Users Allowed list box. Group from the Schedule list box. If the rule will always be applied, select Always on. If the schedule does not exist, see Configuring Schedules on page 141.
10. Specify when the rule will be applied by selecting a schedule or Schedule
11. To enable logging for this rule, select the Logging check box. 12. Check the Allow Fragmented Packets checkbox to allow fragmented
packets.
Caution
Fragmented packets are used in certain types of Denial of Service attacks and, by default, are blocked. You should only enable the Allow Fragmented Packets check box if users are experiencing problems accessing certain applications and the SonicWALL logs show many dropped fragmented packets.
13. Add any comments to the Comment field. 14. Click the Advanced tab.
15. Specify how long (in minutes) TCP connections may remain idle before the
connection is terminated in the TCP Connectivity Inactivity Timeout field.
16. Specify how long (in seconds) UDP connections may remain idle before
the connection is terminated in the UDP Connectivity Inactivity Timeout field. the Number of connections allowed (% of maximum connections) field.
17. Specify the percentage of the maximum connections this rule is to allow in
240
18. Click the QoS tab. For information on configuring the QoS tab, see
Configuring Quality of Service Mapping on page 254.

19. Click the Bandwidth tab. The Bandwidth page displays.
20. SonicWALL appliances can manage inbound and outbound traffic on the
primary WAN interface using bandwidth management.

21. To enable outbound bandwidth management for this service, select the
Enable Outbound Bandwidth Management check box.
Enter the amount of bandwidth that will always be available to this service in the Guaranteed Bandwidth field, and select either % or Kbps in the drop-down list. Keep in mind that this bandwidth will be permanently assigned to this service and not available to other services, regardless of the amount of bandwidth this service does or does not use. Enter the maximum amount of bandwidth that will be available to this service in the Maximum Bandwidth field. Select the priority of this service from the Bandwidth Priority list box. Select a priority from 0 (highest) to 7 (lowest).
22. To enable inbound bandwidth management for this service, select the
Enable Inbound Bandwidth Management check box.
Enter the amount of bandwidth that will always be available to this service in the Guaranteed Bandwidth field, and select either % or Kbps in the drop-down list. Keep in mind that this bandwidth will be permanently assigned to this service and not available to other services, regardless of the amount of bandwidth this service does or does not use. Enter the maximum amount of bandwidth that will be available to this service in the Maximum Bandwidth field. Select the priority of this service from the Bandwidth Priority list box. Select a priority from 0 (highest) to 7 (lowest).
241
Note
In order to configure bandwidth management for this service, bandwidth management must be enabled on the SonicWALL appliance. For information on configuring bandwidth management in SonicOS Standard, see Configuring Ethernet Settings on page 231. For SonicOS Enhanced, see Overview of Interfaces on page 153.
23. To track bandwidth usage for this service, select the Enable Tracking
Bandwidth Usage check box. Rules page.
24. To add this rule to the rule list, click OK. You are returned to the Access 25. If the network access rules have been modified or deleted, you can restore
the Default Rules. The Default Rules prevent malicious intrusions and attacks, block all inbound IP traffic and allow all outbound IP traffic. To restore the network access rules to their default settings, click Restore Rules to Defaults and then click Update. A task is scheduled to update the rules page for each selected SonicWALL appliance.
26. To modify a rule, click its Edit icon (
). The Add/Modify Rule dialog box displays. When you are finished making changes, click OK. SonicWALL GMS creates a task that modifies the rule for each selected SonicWALL appliance.
27. To enable logging for a rule, select its Logging check box. 28. To disable a rule without deleting it, deselect its Enable check box. 29. To delete a rule, click its trash can icon. SonicWALL GMS creates a task
that deletes the rule for each selected SonicWALL appliance.
Configuring Service Objects

A Service Object is a protocol/port range combination that defines a service. A Service Group is a group of services that, once defined, enable you to quickly establish firewall rules without manually configuring each service. By default, a large number of services are pre-defined. GMS supports paginated navigation and sorting by column header in the Service Objects screen. In any of the tables, you can click the column header to use for sorting. An arrow is displayed to the right of the selected column header. You can click the arrow to reverse the sorting order of the entries in the table.
242
To add a service, perform the following steps:

1. 2.
Select the global icon, a group, or a SonicWALL appliance running SonicOS Enhanced. Expand the Firewall tree and click Service Objects.
3.
To add a service in the Custom Services section, click Add Service.
4. 5. 6. 7.
Enter the name of the service in the Name field. Select the type of protocol from the Protocol drop-down list. Enter the starting and ending port for the service in the Port Range fields. For a service that uses a single port, type the port number into the first field. Click OK. The service is added and appears in the Custom Services section.
Note
Although most default services can not be edited or deleted, you can edit or delete custom services by clicking the edit or delete buttons that correspond to the desired custom service.
243
Editing Custom Services

Click the Edit icon under Configure to edit the service in the Edit Service window, which includes the same configuration settings as the Add Service window.
Deleting Custom Services

Click the Trashcan icon to delete an individual custom service. You can delete all custom services by selecting the checkboxes on the left-hand side of the rows under Custom Services, and then clicking UPDATE.
Adding a Service Group

A Service Group is a group of services that can be used to quickly apply rules to large numbers of services without individually configuring each service. By default, many Service Groups are pre-defined. To add a new Service Group, perform the following steps:
1.
To add a service group, click the Add Group button on the Service Objects page. The Add Service Group dialog box displays.
2. 3. 4. 5.
Enter a name for the service group in the Name field. To add a service, select it and click the right arrow button. To remove a service, select it and click the left arrow button. Click OK. The service group is added. Service Groups can be edited or deleted by clicking the Edit or Trashcan icons that correspond to the desired Service Group.
Note
244
Editing Custom Services Groups

Click the Edit icon under Configure to edit the custom service group in the Edit Service Group window, which includes the same configuration settings as the Add Service Group window.
Deleting Custom Services Groups

Click the Trashcan icon to delete the individual custom service group entry. You can delete all custom service groups by selecting the checkboxes on the left-hand side of the rows under Custom Service Groups, and then clicking UPDATE.
Configuring Advanced Firewall Settings

To configure advanced access settings, perform the following steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance running SonicOS Enhanced. Expand the Firewall tree and click Advanced. The Advanced page displays.
245
3.
To enable stealth mode, select the Enable Stealth Mode check box. During normal operation, SonicWALL appliances respond to incoming connection requests as either blocked or open. During stealth operation, SonicWALL appliances do not respond to inbound requests, making the appliances invisible to potential hackers. To configure the SonicWALL appliance(s) to generate random IP IDs, select the Randomize IP ID check box. This prevents hackers from using various detection tools to fingerprint IP IDs and detect the presence of a SonicWALL appliance. Select Decrement IP TTL for forwarded traffic to decrease the Time-to-live (TTL) value for packets that have been forwarded and therefore have already been in the network for some time. TTL is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. Select Never generate ICMP Time-Exceeded packets if you do not want the SonicWALL appliance to generate these reporting packets. The SonicWALL appliance generates Time-Exceeded packets to report when it has dropped a packet because its TTL value has decreased to zero. Select the dynamic ports that will be supported from the Dynamic Ports area:
Enable support for Oracle (SQLNet)Select if you have Oracle
4.
5.
6.
7.
applications on your network.

Enable support for Windows MessengerSelect this option to
support special SIP messaging used in Windows Messenger on Windows XP.

Enable RTSP TransformationsSelect this option to support
on-demand delivery of real-time data, such as audio and video. Real Time Streaming Protocol (RTSP) is an application-level protocol for control over delivery of data with real-time properties.
8.
The Drop Source Routed Packets check box is selected by default. Clear the check box if you are testing traffic between two specific hosts and you are using source routing. Select Disable Anti-Spyware, Gateway AV and IPS Engine if you want to enable more connections at the expense of the Gateway Anti-Virus and Intrusion Prevention services. This is generally not recommended because it opens the SonicWALL security appliance to possible threats. inactive TCP connections outside the LAN, enter the amount of time in the Default Connection Timeout field (default: 25 minutes). The Connection
9.
10. To specify how long the SonicWALL appliance(s) wait before closing
246
Inactivity Timeout option disables connections outside the LAN if they are idle for a specified period of time. Without this timeout, connections can stay open indefinitely and create potential security holes.
11. Select the Force inbound and outbound FTP data connections to use
default port 20 check box to specify that any FTP data connection through the SonicWALL must come from port 20 or the connection will be dropped and logged. By default, FTP connections from port 20 are allowed, but remapped to outbound traffic ports such as 1024. to force the SonicWALL to perform checksums on IP packet headers and on UDP packets. Packets with invalid checksums will be dropped. This helps to prevent attacks that involve falsification of header fields that define important characteristics of the packet.
12. Under IP, UDP Checksum Enforcement, select one or both checkboxes
13. To specify how long the SonicWALL appliance(s) wait before closing
inactive UDP connections outside the LAN, enter the amount of time in the Default UDP Connection Timeout field.
14. When you are finished, click Update. The settings are changed for each
Configuring Multicast Settings

To configure multicast settings, perform the following steps:
1.
Select the global icon, a group, or a SonicWALL appliance. At unit level, the Multicast screen is available only for UTM appliances with SonicOS Enhanced firmware version 2.5 and higher.
247
2.
Expand the Firewall tree and click Multicast. The Multicast page displays.
3. 4.
To enable multicast, select the Enable Multicast check box. Configure the following options:
Require IGMP Membership reports for multicast data
forwardingThis checkbox is enabled by default. Select this checkbox to improve performance by regulating muliticast data to be forwarded to only interfaces belonging to an enabled multicast group address. default of 5. The value range for this field is 5 to 60 (minutes). Increase the value if you have a client that is not sending reports periodically.
Multicast state table entry timeout (minutes)This field has a
5.

To receive all (class D) multicast addresses, select Enable reception
of all multicast addresses. Receiving all multicast addresses may cause your network to experience performance degradation.
Default. To enable reception for the following multicast addresses,
select Enable reception for the following multicast addresses and select Create a new multicast object or Create new multicast group from the list box.
6.
To view the IGMP State Information, click Request IGMP State Information. The following information displays:
Multicast Group AddressProvides the multicast group address the
interface is joined to.

Interface / VPN TunnelProvides the interface (such as X0) or the
VPN policy. 248

IGMP VersionProvides the IGMP version (such as V2 or V3). Time RemainingProvides the remaining time left for the multicast
session. This is calculated by subtracting the Multicast state table entry timeout (minutes) value, which has the default value of 5 minutes, and the elapsed time since the multicast address was added.
7.
Configuring Voice over IP Settings

To configure Voice over IP (VoIP) settings, perform the following steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the Firewall tree and click VoIP. The VoIP page displays.
3. 4.
To enable secure NAT, select the Use secure NAT check box. Select Enable SIP Transformations to support translation of Session Initiation Protocol (SIP) messages.
Tip
By default, NAT translates Layer 3 addresses, but does not translate Layer 5 SIP/SDP addresses. Unless there is another NAT traversal solution that requires this feature to be turned off, it is highly recommended to enable SIP transformations.
249
After enabling SIP transformations, configure the following options:

Select Permit non-SIP packets on signaling port to enable
applications such as Apple iChat and MSN Messenger, which use the SIP signaling port for additional proprietary messages. Enabling this checkbox may open your network to malicious attacks caused by malformed or invalid SIP traffic. This checkbox is disabled by default.
(SonicOS Enhanced only) Select the Enable SIP Back-to-Back User
Agent (B2BUA) support setting when the SonicWALL security appliance can see both legs of a voice call (for example, when a phone on the LAN calls another phone on the LAN). This setting should only be enabled when the SIP Proxy Server is being used as a B2BUA.
Tip
If there is not the possibility of the SonicWALL security appliance seeing both legs of voice calls (for example, when calls will only be made to and received from phones on the WAN), the Enable SIP Back-to-Back User Agent (B2BUA) support setting should be disabled to avoid unnecessary CPU usage.
SIP Signaling inactivity time out (seconds)Specifies the period of
time that must elapse before timing out an inactive SIP session if no SIP signaling occurs (default: 1800 seconds or 30 minutes).
SIP Media inactivity time out (seconds)Specifies the period of
time that must elapse before timing out an inactive SIP session if no media transfer activity occurs (default: 120 seconds or 2 minutes).
The Additional SIP signaling port (UDP) for transformations
setting allows you to specify a nonstandard UDP port used to carry SIP signaling traffic. Normally, SIP signaling traffic is carried on UDP port 5060. However, a number of commercial VoIP services use different ports, such as 1560. Using this setting, the security appliance performs SIP transformation on these non-standard ports.
Tip 5.
Tip: Vonages VoIP service uses UDP port 5061. Select Enable H.323 Transformations to allow stateful H.323 protocol-aware packet content inspection and modification by the SonicWALL. The SonicWALL performs any dynamic IP address and transport port mapping within the H.323 packets, which is necessary for communication between H.323 parties in trusted and untrusted networks/zones. Clear this check box to bypass the H.323 specific processing performed by the SonicWALL.
250
After enabling H.323 transformations, configure the following options:

Only accept incoming calls from Gatekeeperwhen selected, only
incoming calls from specified Gatekeeper IP address will be accepted.

Enable LDAP ILS Support when selected, the SonicWALL
appliance will support Lightweight Directory Access Protocol (LDAP) and Microsoft Netmeetings Internet Locator Service (ILS)
H.323 Signaling/Media inactivity time out (seconds)specifies
how long the SonicWALL appliance waits before closing a connection when no activity is occurring.
Default WAN/DMZ Gatekeeper IP Addressspecifies the IP
address of the H.323 Gatekeeper that acts as a proxy server between clients on the private network and the Internet.
6.
Configuring TCP Settings

To configure TCP settings, perform the following steps:
1.
Select the global icon, a group, or a SonicWALL appliance. At unit level, the TCP Settings screen is available only for UTM appliances with SonicOS Enhanced firmware version 3.0 and higher.
2.
Expand the Firewall tree and click TCP Settings. The TCP Settings page displays.
251
3.
Select Enforce strict TCP compliance with RFC 793 and RFC 1122 to force VoIP traffic to comply with RFC 793 (TCP) and RFC 1122 (Internet Hosts, including Link and IP layers) standards. Select Enable TCP Checksum Validation to drop any packets with invalid TCP checksums. Enter a value for the Default TCP Connection Timeout. This is the default time assigned to Access Rules for TCP traffic. If a TCP session is active for a period in excess of this setting, the TCP connection will be cleared by the SonicWALL.
4. 5.
Note
Setting excessively long connection time-outs will slow the reclamation of stale resources, and in extreme cases could lead to exhaustion of the connection cache. Specify the Maximum Segment Lifetime to set the number of seconds that any TCP packet is valid before it expires. This setting is also used to determine the amount of time (calculated as twice the Maximum Segment Lifetime, or 2MSL) that an actively closed TCP connection remains in the TIME_WAIT state to ensure that the proper FIN / ACK exchange has occurred to cleanly close the TCP connection. Configure the Layer 3 SYN Flood Protection options. Select the desired level of protection against half-opened TCP sessions and high-frequency SYN packet transmissions:
Watch and Report Possible SYN FloodsThis option enables the
6.
7.
device to monitor SYN traffic on all interfaces on the device and to log suspected SYN flood activity that exceeds a packet count threshold. The feature does not turn on the SYN Proxy on the device so the device forwards the TCP three-way handshake without modification. This is the least invasive level of SYN Flood protection. Select this option if your network is not in a high risk environment.
Proxy WAN Client Connections When Attack is SuspectedThis
option enables the device to enable the SYN Proxy feature on WAN interfaces when the number of incomplete connection attempts per second surpasses a specified threshold. This method ensures the device continues to process valid traffic during the attack and that performance does not degrade. Proxy mode remains enabled until all WAN SYN flood attacks stop occurring or until the device blacklists all of them using the SYN Blacklisting feature. This is the intermediate level of SYN Flood protection. Select this option if your network experiences SYN Flood attacks from internal or external sources.
252
Always Proxy WAN Client ConnectionsThis option sets the
device to always use SYN Proxy. This method blocks all spoofed SYN packets from passing through the device. Note that this is an extreme security measure and directs the device to respond to port scans on all TCP ports because the SYN Proxy feature forces the device to respond to all TCP SYN connection attempts. This can degrade performance and can generate a false positive. Select this option only if your network is in a high risk environment.
8.
Configure the SYN Attack Threshold. The appliance gathers statistics on WAN TCP connections, keeping track of the maximum and average maximum and incomplete WAN connections per second. Out of these statistics, the device suggests a value for the SYN flood threshold in the Suggested value calculated from gathered statistics field. Enter the desired threshold for the number of incomplete connection attempts per second before the device drops packets in the Attack Threshold field. Configure the SYN-Proxy Options:
All LAN/DMZ servers support the TCP SACK optionThis
9.
checkbox enables Selective ACK where a packet can be dropped and the receiving device indicates which packets it received. Enable this checkbox only when you know that all servers covered by the UTM appliance accessed from the WAN support the SACK option.
Limit MSS sent to WAN clients (when connections are
proxied)Enables you to enter the maximum Minimum Segment Size value. If you specify an override value for the default of 1460, this indicates that a segment of that size or smaller will be sent to the client in the SYN/ACK cookie. Setting this value too low can decrease performance when the SYN Proxy is always enabled. Setting this value too high can break connections if the server responds with a smaller MSS value. The default is 1460.
Maximum TCP MSS sent to WAN clientsThe value of the MSS.
Note
When using Proxy WAN client connections, remember to set these options conservatively since they only affect connections when a SYN Flood takes place. This ensures that legitimate connections can proceed during an attack.
Always log SYN packets receivedLogs all SYN packets received.
253
10. Configure the Layer 2 SYN/RST/FIN Flood Protection - MAC
Blacklisting options to configure how the appliance deals with devices that exceeded the SYN, RST, and FIN Blacklist attack threshold:
Threshold for SYN/RST/FIN flood blacklisting (SYNs / Sec)The
maximum number of SYN, RST, and FIN packets allowed per second. The default is 1,000. This value should be larger than the SYN Proxy threshold value because blacklisting attempts to thwart more vigorous local attacks or severe attacks from a WAN network.
Enable SYN/RST/FIN flood blacklisting on all interfacesThis
checkbox enables the blacklisting feature on all interfaces on the UTM appliance.
Never blacklist WAN machinesThis checkbox ensures that
systems on the WAN are never added to the SYN Blacklist. This option is recommended as leaving it unchecked may interrupt traffic to and from the UTM appliances WAN ports.
Always allow SonicWall management trafficThis checkbox
causes IP traffic from a blacklisted device targeting the UTM appliances WAN IP addresses to not be filtered. This allows management traffic, and routing protocols to maintain connectivity through a blacklisted device.
Configuring Quality of Service Mapping

Quality of Service (QoS) adds the ability to recognize, map, modify, and generate the industry-standard 802.1p and Differentiated Services Code Points (DSCP) Class of Service (CoS) designators. When used in combination with a QoS capable network infrastructure, SonicOS QoS features provide predictability that is vital for certain types of applications, such as Voice over IP (VoIP), multimedia content, or business-critical applications such as credit card processing. To centrally manage the 802.1p-DSCP Mappings Table, GMS now provides a new configuration found under the path Policies > Firewalls > QoS Mapping. Even the highest amounts of bandwidth ultimately are used to capacity at some point by users on the network. Being able to manage bandwidth to obtain the most efficient use from it is essential. Only QoS, when configured and implemented correctly, properly manages traffic and guarantees the desired levels of network service. Three concepts are central to the traffic management provided by QoS:
Classification Marking
254
Conditioning
The following sections describe how to understand and configure QoS:

Working with Classification on page 255 Working with Conditioning on page 257 Working with 802.1p and DSCP QoS on page 258 Working with DSCP Marking on page 259 Configuring QoS on page 261 Enabling 802.1p Tagging on page 262 Creating a QoS Rule on page 262 Configuring QoS Settings on page 263
Working with Classification

Classification is necessary as a first step to identify traffic that needs to be prioritized for optimal use. GMS uses access rules as the interface to classification of traffic. This provides fine control using combination of Address Object, Service Object, and Schedule Object elements, allowing for classification criteria as general as all HTTP traffic and as specific as SSH traffic from HostA to ServerB on Wednesdays at 2:12am. GMS provides the ability to recognize, map, modify, and generate the industry-standard external CoS designators, DSCP and 802.1p protocols. Once identified, or classified, it can be managed. Management can be performed internally by SonicWALL BWM, which is effective as long as the network is a fully contained autonomous system. Once external or intermediate elements are introduced, for example, foreign network infrastructures with unknown configurations, or other hosts contending for bandwidth (for example, the endpoints of the network and all entities in between are within your management. BWM works exactly as configured. Once external entities are introduced, the precision and efficacy of BWM configurations can begin to degrade. Once GMS classifies the traffic, it then tags it to communicate this classification to certain external systems that are capable of abiding by CoS tags. The external systems then can participate in providing QoS to traffic passing through them.
255
Note
Many service providers do not support CoS tags such as 802.1p or DSCP. Also, most network equipment with standard configurations will not be able to recognize 802.1p tags, and could drop tagged traffic.
Note
If you wish to use 802.1p or DSCP marking on your network or your service providers network, you must first establish that these methods are supported. Verify that your internal network equipment can support CoS priority marking, and that it is correctly configured to do so. Check with your service provider - some offer fee-based support for QoS using these CoS methods.
Working with Marking

Once the traffic has been classified, if it is to be handled by QoS capable external systems, it must be tagged to enable external systems to make use of the classification, and provide correct handling and Per Hop Behaviors (PHB). An example of a QoS capable external system is a CoS-aware switch or router that might be available on a premium service providers infrastructure, or on a private WAN. Originally, this was attempted at the IP layer (layer 3) with RFC 791s three precedence bits and RFC 1394 ToS (type of service) field, but this was not widely used. Its successor, RFC 2474, introduced the more widely used DSCP (Differentiated Services Code Point) which offers up to 64 classifications, in addition to user-definable classes. DSCP was further enhanced by RFC 2598 (Expedited Forwarding, intended to provide leased-line behaviors) and RFC 2697 (Assured Forwarding levels within classes, also known as Gold, Silver, and Bronze levels). DSCP is a safe marking method for traffic that traverses public networks because there is no risk of incompatibility. At the very worst, a hop along the path might disregard or strip the DSCP tag, but it will rarely mistreat or discard the packet. The other prevalent method of CoS marking is IEEE 802.1p which occurs at the MAC layer (layer 3) and is closely related to IEEE 802.1Q VLAN marking, sharing the same 16-bit field, although it is actually defined in the IEEE 802.1D standard. Unlike DSCP, 802.1p will only work with 802.1p capable equipment, and is not universally interoperable. Additionally, 802.1p, because of its different packet structure, can rarely traverse wide area networks, even private WANs. Nonetheless, 802.1p is gaining wide support among Voice and 256
Video over IP vendors, so a solution for supporting 802.1p across network boundaries (i.e., WAN links) was introduced in the form of 802.1p to DSCP mapping. 802.1p to DSCP mapping allows 802.1p tags from one LAN to be mapped to DSCP values by GMS, allowing the packets to safely traverse WAN links. When the packets arrive on the other side of the WAN or VPN, the receiving GMS appliance can then map the DSCP tags back to 802.1p tags for use on that LAN.
Working with Conditioning

Finally, the traffic can be conditioned or managed using any of the many policing, queueing, and shaping methods available. GMS provides internal conditioning capabilities with its Egress and Ingress Bandwidth Management (BWM). SonicWALL BWM is a perfectly effective solution for fully autonomous private networks with sufficient bandwidth, but can become somewhat less effective as more unknown external network elements and bandwidth, but can become somewhat less effective as more unknown external network elements and bandwidth contention are introduced. To provide end-to-end QoS, business-class service providers are increasingly offering traffic conditioning services on their IP networks. These services typically depend on the customer premise equipment to classify and tag the traffic, generally using a standard marking method such as DSCP. GMS has the ability to DSCP mark traffic after classification, as well as the ability to map 802.1p tags to DSCP tags for external network traversal and CoS preservation. For VPN traffic, GMS can DSCP mark not only the internal (payload) packets, but the external (encapsulating) packets as well so that QoS capable service providers can offer QoS even on encrypted VPN traffic. The actual conditioning method employed by service providers varies from one to the next, but it generally involves a class-based queueing method such as Weighted Fair Queuing for prioritizing traffic, in addition to a congestion avoidance method, such as tail-drop or Random Early Detection.
257
Working with 802.1p and DSCP QoS

The following sections detail the 802.1p standards and DSCP QoS. GMS supports layer 2 and layer 3 CoS methods for broad interoperability with external systems participating in QoS enabled environments. The layer 2 method is the IEEE 802.1p standard wherein 3 bits of an additional 16 bits. inserted into the header of the Ethernet frame can be used to designate the priority of the fame, as illustrated in the following figure.
TPID: Tag Protocol Identifier begins at byte 12 (after the 6-byte destination and source fields), is 2 bytes long, and has an Ethertype of 0x8100 for tagged traffic. 802.1p: The first three bits of the TCI (Tag Control Information - beginning at byte 14, and spanning 2 bytes) define user priority, giving eight (2^3) priority levels. IEEE 802.1p defines the operation for these 3 user priority bits. CFI: Canonical Format Indicator is a single-bit flag, always set to zero for Ethernet switches. CFI is used for compatibility reasons between Ethernet networks and Token Ring networks. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to an untagged port. VLAN ID: VLAN ID (starts at bit 5 of byte 14) is the identification of the VLAN. It has 12 bits and allows for the identification of 4,096 (2^12) unique VLAN IDs. Of the 4,096 possible IDs, an ID of 0 is used to identify priority frames, and an ID of 4,095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094.
802.1p support begins by enabling 802.1p marking on the interfaces which you wish to have process 802.1p tags. 802.1p can be enabled on any Ethernet interface on any SonicWALL appliance that supports VLANs, including the SonicWALL NSA Series and PRO 2040, PRO 3060, PRO 4060, PRO 4100, and PRO 5060.
258
Note
802.1p tagging is not currently supported on the SonicWALL TZ Series or PRO 1260.
Although Enable 802.1p tagging does not appear as an option on VLAN sub-interfaces, it is related to the 802.1q tags of VLAN subinterfaces. The behavior of the 802.1p field within these tags can be controlled by firewall access rules. The default 802.1p capable network Access Rule action of None resets existing 802.1p tags to 0, unless otherwise configured. Enabling 802.1p marking allows the target interface to recognize incoming 802.1p tags generated by 802.1p capable network devices, and will also allow the target interface to generate 802.1p tags, as controlled by Access Rules. Frames that have 802.1p tags inserted by GMS will bear VLAN ID 0. 802.1p tags will only be inserted according to access rules, so enabling 802.1p marking on an interface will not, at its default setting, disrupt communications with 802.1p-incapable devices. 802.1p requires the specific support by the networking devices with which you wish to use this method of prioritization. Many voice and video over IP devices provide support for 802.1p, but the feature must be enabled. Check your equipments documentation for information on 802.1p support if you are unsure. Similarly, many server and host network cards (NICs) have the ability to support 802.1p, but the feature is usually disabled by default.
Working with DSCP Marking

DSCP (Differentiated Services Code Point) marking uses six bits of the eight bit ToS field in the IP header to provide up to 64 classes (or code points) for traffic. Since DSCP is a layer 3 marking method, there is no concern about compatibility as there is with 802.1p marking. Devices that do not support DSCP will simply ignore the tags, or at worst, they reset the tag value to 0.
259
The above diagram depicts an IP packet, with a close-up on the ToS portion of the header. The ToS bits were originally used for Precedence and ToS (delay, throughput, reliability, and cost) settings, but were later reused by the RFC 2474 for the more versatile DSCP settings. The following table shows the commonly used code point as well as their mapping to the legacy Precedence and ToS settings.
Table 5 Code Points
DSCP DSCP Description 0 8 10 12 14 16 18 20 22 24 26 27 30 32 34 36 38 40 Best Effort Class 1 Class 1, Silver AF12 Class 1, Bronze AF13 Class 2 Class 2, Silver AF22 Class 2, Bronze AF23 Class 3 Class 3, Silver AF32 Class 3, Bronze AF33 Class 4 Class 4, Silver AF42 Class 4, Bronze AF43 Express Forwarding
Legacy IP Precedence 0 (Routine - 000) 1 (Priority - 001) 1 (Priority - 001) 1 (Priority - 001) 2 (Immediate - 010) 2 (Immediate - 010) 2 (Immediate - 010) 3 (Flash - 011) 3 (Flash - 011) 3 (Flash - 011)
Legacy IP ToS (D, T, R) T D D, T T D D, T T D D, T
Class 1, Gold AF11 1 (Priority - 001)
Class 2, Gold AF21 2 (Immediate - 010)
Class 3, Gold AF31 3 (Flash - 011)
4 (Flash Override - 100) 4 (Flash Override - 100) D 4 (Flash Override - 100) D, T 5 (CRITIC/ECP - 101) -
Class 4, Gold AF41 4 (Flash Override - 100) T
260
DSCP DSCP Description 46 48 56 Expedited Forwarding (EF) Control Control
Legacy IP Precedence 5 (CRITIC/ECP - 101)
Legacy IP ToS (D, T, R) D, T
6 (Internet Control - 110) 7 (Internet Control - 111) -
DSCP marking can be performed on traffic to and from any interface and to and from any zone type, without exception. DSCP marking is controlled by Access Rules, from the QoS tab, and can be used in conjunction with 802.1p marking, as well as with SonicOS internal bandwidth management.
DSCP Marking and Mixed VPN Traffic

Among the security measures and characteristics pertaining to them, IPSec VPNs employ anti-replay mechanisms based upon monotonically incrementing sequence numbers added to the ESP header. Packets with duplicate sequence numbers are dropped, as are packets that do not adhere to sequence criteria. One criterion governs the handling of out-of-order packets. GMS provides a replay window of 64 packets, i.e., if an ESP packet for a Security Association (SA) is delayed by more than 64 packets, the packet will be dropped. This should be considered when using DSCP marking to provide layer 3 QoS to traffic traversing a VPN. If you have a VPN tunnel transporting a variety of traffic, some that is being DSCP tagged high priority (for example, VoIP), and some that is DSCP tagged low-priority, or untagged/best-effort packets over the best-effort ESP packets. Under certain traffic conditions, this can result in the best-effort packets being delayed for more than 64 packets, causing them to be dropped by the receiving SonicWALLs anti-replay defenses. If symptoms of such a scenario emerge (for example, excessive retransmissions of low-priority traffic), it is recommended that you create a separate VPN policy for the high-priority and low-priority classes of traffic. This is most easily accomplished by placing the high-priority hosts (for example, the VoIP network) on their own subnet.
Configuring QoS
To configure QoS, perform the following tasks:

Enabling 802.1p Tagging on page 262 Creating a QoS Rule on page 262 261
Configuring QoS Settings on page 263 Adding a Service on page 270 Creating Rules on page 271
Enabling 802.1p Tagging

Before you begin to perform any QoS configuration tasks, you first need to enable your device to accept QoS values. To do that you have to enable the IEEE 802.1p tagging protocol. You enable protocols at the WAN interface level. To enable 802.1p tagging, perform the following steps:
1.
Click on the Interfaces option in the Network menu. GMS displays the Interfaces list.
2. 3. 4. 5.
Click on the Configuration icon for the WAN interface. GMS displays the Edit Interface dialog box. Click on the Advanced Tab. GMS displays the Advanced Tab. Click on the Enable 802.1p tagging checkbox to place a check mark in the checkbox. Click Update.
Creating a QoS Rule

The next step you must perform is you need to create a QoS rule for the WAN interface in the Access Rules dialog box. To configure a QoS rule, perform the following steps:
1.
From the Firewall menu, click on the Access Rules option. GMS displays the Access Rules dialog box that contains various interfaces for which you can create an access rule.
262
2. 3.
Select the LAN > WAN rule and click Add Rule. GMS displays the Add Rule dialog box. Click the QoS tab. The QoS page displays.
4.
Under DSCP Marking Settings select the DSCP Marking Action. You can select None, Preserve, Explicit, or Map. Preserve is the default.
None: DSCP values in packets are reset to 0. Preserve: DSCP values in packets will remain unaltered. Explicit: Set the DSCP value to the value you select in the Explicit
DSCP Value field. This is a numeric value between 0 and 63.
5. 6.
Under 802.1p Marking Settings select the 802.1p Marking Action. You can select None, Preserve, Explicit, or Map. None is the default. Click Ok. GMS configures your WAN interface to accept traffic shaping values.
Configuring QoS Settings

Now that you have enabled the 802.1p protocol and created a specific QoS rule, you can create your QoS settings. To create QoS settings, perform the following steps:
1.
Click on the QoS Settings option in the Firewall menu. GMS displays the QoS Mapping dialog box:
263
2.
Click on the Configuration icon for any of the 802.1p Class of Service objects. GMS displays the class of service Edit QoS Mapping dialog box.
3.
Configure the following 802.1p to DSCP conversion settings:

To DSCP: Indicates the value of the DSCP marking value that
indicates the priority of the traffic.

From DSCP Begin: The lower limit of the range of values for marking
that indicates the priority assigned to a packet traveling across the network.
From DSCP End: The upper limit of the range of values for marking
that indicates the priority assigned to a packet traveling across the network.
264
Configuring SSL Control

SonicWALL appliances running SonicOS Enhanced 4.0 and higher allow SSL Control, a system for providing visibility into the handshake of SSL sessions, and a method for constructing policies to control the establishment of SSL connections. SSL (Secure Sockets Layer) is the dominant standard for the encryption of TCP based network communications, with its most common and well-known application being HTTPS (HTTP over SSL). SSL provides digital certificate-based endpoint identification, and cryptographic and digest-based confidentiality to network communications.
An effect of the security provided by SSL is the obscuration of all payload, including the URL (Uniform Resource Locator, for example, https://www.mysonicwall.com) being requested by a client when establishing an HTTPS session. This is due to the fact that HTTP is transported within the encrypted SSL tunnel when using HTTPS. It is not until the SSL session is established (step 14) that the actual target resource (www.mysonicwall.com) is requested by the client, but since the SSL session is already established, no inspection of the session data by the UTM appliance or any other intermediate device is possible. As a result, URL based content filtering systems cannot consider the request to determine permissibility in any way other than by IP address. While IP address based filtering does not work well for unencrypted HTTP because of the efficiency and popularity of Host-header based virtual hosting (defined in Key Concepts below), IP filtering can work effectively for HTTPS due to the rarity of Host-header based HTTPS sites. But this trust relies on the integrity of the HTTPS server operator, and assumes that SSL is not being used for deceptive purposes.
265
For the most part, SSL is employed legitimately, being used to secure sensitive communications, such as online shopping or banking, or any session where there is an exchange of personal or valuable information. The ever decreasing cost and complexity of SSL, however, has also spurred the growth of more dubious applications of SSL, designed primarily for the purposes of obfuscation or concealment rather than security. An increasingly common camouflage is the use of SSL encrypted Web-based proxy servers for the purpose of hiding browsing details, and bypassing content filters. While it is simple to block well known HTTPS proxy services of this sort by their IP address, it is virtually impossible to block the thousands of privately-hosted proxy servers that are readily available through a simple Web-search. The challenge is not the ever-increasing number of such services, but rather their unpredictable nature. Since these services are often hosted on home networks using dynamically addressed DSL and cable modem connections, the targets are constantly moving. Trying to block an unknown SSL target would require blocking all SSL traffic, which is practically infeasible. SSL Control provides a number of methods to address this challenge by arming the security administrator with the ability to dissect and apply policy based controls to SSL session establishment. While the current implementation does not decode the SSL application data, it does allow for gateway-based identification and disallowance of suspicious SSL traffic. For more information about SSL Control, see the SonicOS Enhanced 4.0 Administrators Guide.
266
To configure SSL Control, perform the following steps:

1. 2.
Select the global icon, a group, or a SonicWALL appliance running SonicOS Enhanced 4.0 or higher. Expand the Firewall tree and click SSL Control. The SSL Control page displays.
3. 4.
Under General Settings, select the Enable SSL Control checkbox to enable SSL Control for the selected group or appliance. Under Action, select one of the following:
Log the eventIf an SSL policy violation, as defined within the
Configuration section below, is detected, the event will be logged, but the SSL connection will be allowed to continue.
Block the connection and log the eventIn the event of a policy
violation, the connection will be blocked and the event will be logged.
5.
Under Configuration, select one or more of the following:

Enable BlacklistControls detection of the entries in the blacklist, as
configured in the Custom Lists section below.

Enable WhitelistControls detection of the entries in the whitelist, as
configured in the Custom Lists section below. Whitelisted entries take precedence over all other SSL control settings.
Detect Expired CertificatesControls detection of certificates
whose start date is before the current system time, or whose end date is beyond the current system time. Date validation depends on the
267
SonicWALLs System Time. Make sure your System Time is set correctly, preferably synchronized with NTP, on the System > Time page.
Detect SSLv2Controls detection of SSLv2 exchanges. SSLv2 is
known to be susceptible to cipher downgrade attacks because it does not perform integrity checking on the handshake. Best practices recommend using SSLv3 or TLS instead of SSLv2.
Detect Self-Signed CertificatesControls the detection of
certificates where both the issuer and the subject have the same common name.
Detect Certificate signed by an Untrusted CAControls the
detection of certificates where the issuers certificate is not in the SonicWALLs System > Certificates trusted store.
Detect Weak Ciphers(< 64bits)Controls the detection of SSL
sessions negotiated with symmetric ciphers less than 64 bits, commonly indicating export cipher usage.
6.
Under Custom Lists, configure the Blacklist and Whitelist by defining strings for matching common names in SSL certificates. Entries are case-sensitive and are used with pattern-matching. For example, sonicwall.com will match https://www.sonicwall.com and https://mysonicwall.com , but not https://www.sonicwall.de. To add an entry to the Blacklist, type it into the Black List field and then click Add. To add an entry to the Whitelist, type it into the White List field and then click Add.
7.
When finished, click Update. To return to default values and start over, click Reset.
268
Configuring Firewall Settings in SonicOS Standard

The following sections describe how to configure firewall settings in SonicOS Standard:

Configuring Rules in SonicOS Standard on page 269 Configuring Advanced Firewall Settings in SonicOS Standard on page 273 Configuring Voice over IP Settings on page 275
Configuring Rules in SonicOS Standard

To configure rules for SonicOS Standard, perform the following steps:
1. 2. 3.
Determine whether the service for which you want to create a rule is defined. If not, define the service. See Adding a Service on page 270. Create one or more rules for the service. See Creating Rules on page 271. Repeat this procedure for each service for which you would like to define rules.
269
Adding a Service
By default, a large number of services are pre-defined. This section describes how to add a new or custom service. To add a service, perform the following steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the Firewall tree and click Services. The Services page displays.
3.
To add a known service (e.g., HTTP, FTP, News), select the service from the Service Name list box and click Add Known Service. Repeat this step for each service that you would like to add. A task is scheduled for each service for each selected SonicWALL appliance.
Note
Features and services vary widely depending on the managed appliances firmware type and version. Some options, including Add Known Service are only available when managing a Non-SonicOS device (such as a SonicWALL TELE3 TZX).
270
4.
To add a custom service, enter its name in the Service Name field, enter the port range it uses in the Port Begin and Port End fields, select the appropriate protocol check boxes, and click Add Custom Service. Repeat this step for each service that you would like to add. A task gets scheduled for each service for each selected SonicWALL appliance. To remove a service from the list, select its trash can check box and click Update. A task gets scheduled to update the services page for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
5.
6.
Creating Rules
This section describes how to define rules for defined services in SonicOS Standard. To create a rule, perform the following steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the Firewall tree and click Rules. The Rules page displays.
3. 4. 5. 6. 7.
Click Add Rule. The Add Rule dialog box displays. Select a service from the from the Service Name list box. If the service does not exist, see Adding a Service on page 270. Select whether access to this service will be allowed or denied. Select the SonicWALL interface to which this rule applies from the Source list box.. To apply the rule to a range of IP addresses, enter the first and last IP addresses of the range in the Addr. begin field and Addr. End fields, respectively. The rule will apply to requests originating from IP addresses within this range. For all IP addresses, enter an asterisk (*).
271
8.
Specify when the rule will be applied. By default, it is Always. To specify a time, enter the time of day (in 24-hour format) to begin and end enforcement. Then, enter the days of the week to begin and end rule enforcement. Specify how long (in minutes) the connection may remain idle before the connection is terminated in the Inactivity Timeout field.
9.
Caution
Fragmented packets are used in certain types of Denial of Service attacks and, by default, are blocked. You should only enable the Allow Fragmented Packets check box if users are experiencing problems accessing certain applications and the SonicWALL logs show many dropped fragmented packets.
10. SonicWALL appliances can manage outbound traffic using bandwidth
management. To enable bandwidth management for this service, select the Enable Outbound Bandwidth Management check box. Enter the amount of bandwidth that will always be available to this service in the Guaranteed Bandwidth field. Keep in mind that this bandwidth will be permanently assigned to this service and not available to other services, regardless of the amount of bandwidth this service does or does not use. Enter the maximum amount of bandwidth that will be available to this service in the Maximum Bandwidth field. Select the priority of this service from the Bandwidth Priority list box. Select a priority from 0 (highest) to 7 (lowest).
Note
In order to configure bandwidth management for this service, bandwidth management must be enabled on the SonicWALL appliance. To configure bandwidth management in SonicOS Standard, see Configuring Ethernet Settings on page 231. For SonicOS Enhanced, see Overview of Interfaces on page 153.
11. To add this rule to the rule list, click Update. Repeat Step 3. through
Step 11. for each rule that you will to add.

12. If the network access rules have been modified or deleted, you can restore
the Default Rules. The Default Rules prevent malicious intrusions and attacks, block all inbound IP traffic and allow all outbound IP traffic. To restore the network access rules to their default settings, click Restore Rules to Defaults and click Update. A task is scheduled to update the rules page for each selected SonicWALL appliance. 272
13. If the network access rules for a SonicWALL appliance need to be uniform
with access rules for other SonicWALL appliances in the same group, you can restore the group rules. To do this, click Restore Rules to Group Settings and click Update. A task is scheduled to overwrite the rules page for each selected SonicWALL appliance. If you want to append the group rules to the current rules, make sure the Append Services and Rules inherited from group check box is selected on the GMS Settings page of the Console Panel.
Note
This option is not available at the group or global level.
14. To modify a rule, select its notepad icon. The Add/Modify Rule dialog box
displays. When you are finished making changes, click Update. SonicWALL GMS creates a task that modifies the rule for each selected SonicWALL appliance.
15. To disable a rule without deleting it, deselect its Enable Rule check box. 16. To delete a rule, select its trash can icon and click Update.
SonicWALL GMS creates a task that deletes the rule for each selected SonicWALL appliance.
Configuring Advanced Firewall Settings in SonicOS Standard

To configure advanced access settings, perform the following steps:
1. 2. 3.
Select the global icon, a group, or a SonicWALL appliance. Expand the Firewall tree and click Advanced. The Advanced page displays. Computers running Microsoft Windows communicate with each other through NetBIOS broadcast packets. By default, SonicWALL appliances block these broadcasts. To allow NetBIOS packets to pass among the interfaces select the appropriate checkbox in the Windows Networking (NetBIOS) Broadcast Pass Through section.
273
4.
Detection prevention helps hide SonicWALL appliances from potential hackers. Select from the following Detection Prevention options:
To enable stealth mode, select the Enable Stealth Mode check box.
During normal operation, SonicWALL appliances respond to incoming connection requests as either blocked or open. During stealth operation, SonicWALL appliances do not respond to inbound requests, making the appliances invisible to potential hackers.
Hackers can use various detection tools to fingerprint IP IDs and
detect the presence of a SonicWALL appliance. To configure the SonicWALL appliance(s) to generate random IP IDs, select the Randomize IP ID check box.
5.
Select the dynamic ports that will be supported from the Dynamic Ports area:
Enable support for Oracle (SQLNet)Select if you have Oracle
applications on your network.

Enable support for Windows MessengerSelect this option to
support special SIP messaging used in Windows Messenger on the Windows XP.
Enable RTSP TransformationsSelect this option to support
on-demand delivery of real-time data, such as audio and video. Real Time Streaming Protocol (RTSP) is an application-level protocol for control over delivery of data with real-time properties.
6.
The Drop Source Routed Packets check box is selected by default. Clear the check box if you are testing traffic between two specific hosts and you are using source routing. Select Disable Anti-Spyware, Gateway AV and IPS Engine if you want to enable more connections at the expense of the Gateway Anti-Virus and Intrusion Prevention services. This is generally not recommended because it opens the SonicWALL security appliance to possible threats. The Connection Inactivity Timeout option disables connections outside the LAN if they are idle for a specified period of time. Without this timeout, connections can stay open indefinitely and create potential security holes. To specify how long the SonicWALL appliance(s) wait before closing inactive connections outside the LAN, enter the amount of time in the Default Connection Timeout field (default: 25 minutes).
7.
8.
274
9.
By default, FTP connections from port 20 are allowed, but remapped to outbound traffic ports such as 1024. If you select the Force inbound and outbound FTP data connections to use default port 20 check box, any FTP data connection through the SonicWALL must come from port 20 or the connection will be dropped and logged.
Note
To enforce IP Header, UDP, TCP, or ICMP checksums, select the appropriate option from the IP, UDP, TCP, ICMP Checksum Enforcement section.
Configuring Voice over IP Settings

VoIP settings are identical in SonicOS Enhanced and SonicOS Standard. To configure VoIP, see Configuring Voice over IP Settings on page 249.
275
276
CHAPTER 12 Configuring Log Settings

This chapter describes how to the SonicWALL Global Management System to configure where the SonicWALL appliance(s) send their logs, how often the logs are sent, and what information is included. This chapter includes the following sections:

Configuring Log Settings section on page 278 Configuring Enhanced Log Settings section on page 281 Configuring Name Resolution section on page 285
277
Configuring Log Settings

To configure log settings, perform the following steps:
1. 2.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Select the Policies tab. In the center pane, navigate to Log > Log Settings.
3. 4.
Enter the IP address or name of the mail server in the Mail Server (name or IP Address) field. Enter the name of the SonicWALL appliance in the Firewall Name field. The firewall name appears in the subject of email sent by the SonicWALL appliance. By default, the firewall name is the same as the SonicWALL appliance serial number.
Note
The name of the SonicWALL appliance cannot be configured at the group or global level.
5.
To override syslog settings with ViewPoint settings, check the Override Syslog settings with ViewPoint settings box.
278
6.
To select a syslog format, choose one of the two options from the Syslog Format drop-down menu:
DefaultThe standard SonicWALL syslog format. WebTrendsA reporting software that analyzes traffic activity,
protocol usage, security problems, resource usage, bandwidth consumption, and more. For more information, visit http://www.webtrends.com.
7.
To specify how often SonicWALL GMS logs repetitive events, enter the time period (in seconds) in the Syslog Event Redundancy Filter field (default: 60 seconds). This prevents repetitive events from being logged to the syslog. If duplicate events occur during the period, they will be logged as a single event that specifies the number of times that the event occurred.The minimum is 0 seconds and the maximum is 86,400 seconds (24 hours). If you specify 0, all events are logged. For GMS network deployments using Gen-2/Distributed Summarizer Mode, enter 0 in the Syslog Event Redundancy Filter field. Although a higher setting prevents a log file from being full of repetitive events, setting this field to anything other than 0 will result in inaccurate reporting. For information about the Distributed Summarizer, see the About the Distributed Summarizer section on page 984.
8.
To enable event rate limiting, check the Enable Event Rate Limiting box and enter a maximum number of events per second in the Maximum Events Per Second field. To enable data rate limiting, check the Enable Data Rate Limiting box and enter a maximum bytes per second in the Maximum Bytes Per Second field. SonicWALL GMS in the Heartbeat Rate field (default: 60 seconds). If SonicWALL GMS does not receive a heartbeat message within three intervals, SonicWALL GMS will consider the SonicWALL appliances offline or unavailable and its icon will turn red.
9.
10. Specify how often the SonicWALL appliance(s) send heartbeats to
Note
It is highly recommended to leave the Heartbeat Rate at the default setting of 60 seconds. Values close to zero will generate a large number of status messages. The maximum value is 86,400 seconds (24 hours).
11. Enter the complete email address (for example,
administrator@company.com) where the log will be sent in the Email Log to field. If this field is left blank, the log will not be sent.
279
Note
This address will also be used as the return address.
12. Some events, such as an attack, may require immediate attention. Enter
the complete email address or email pager address in the Email Alerts to field. If this field is left blank, alerts will not be sent.
Note
For information about alerts in the GMS Granular Event Management framework, see Configuring Granular Event Management on page 1023.
13. To email the log now, click Email Log Now. 14. To clear the log, click Clear Log Now. A confirmation displays. Click OK
to clear the log.

15. To add a syslog server, enter the IP address and port in the Syslog Server
IP Address and Port fields. Click Add.
16. For automated log delivery, specify when the log file will be sent from the
Send Log drop-down menu. Select When Full, Daily, or Weekly. If the log will be sent daily, select the time that the log will be sent (24-hour format). If the log will be sent weekly, select the day of the week and the time. problem with the mail server and the log cannot be successfully emailed. Under When Log Overflows, select Overwrite Log (SonicWALL appliances will overwrite the log and discard its contents) or Shutdown SonicWALL (this will prevent further traffic from not being logged).
17. In some cases, the log buffer may fill up. This may occur if there is a
18. Select information to log from the Categories section. To select all
categories, check the Select All box.
Note
If you are using SonicWALL GMS, make sure that it can generate all reports for each SonicWALL appliance by selecting all log category check boxes except for Network Debug.
19. When you are finished, click Update.
280
Configuring Enhanced Log Settings

1.
In the center pane, navigate to Log > Enhanced Log Settings.
2. 3. 4. 5.
Enter the IP address or name of the mail server in the Mail Server (name or IP Address) field. Enter the email address that will appear as the sender on emails in the From E-mail Address field. Select a method of authentication from the Authentication Method drop-down menu, either None or POP before SMTP. If you selected POP before SMTP, enter the POP server name or IP address in the POP Server (name or IP address) field, and the POP account user name and password in the Username and Password fields. Enter the name of the SonicWALL appliance in the Firewall Name field. The firewall name appears in the subject of email sent by the SonicWALL appliance. By default, the firewall name is the same as the SonicWALL appliance serial number.
6.
Note
The name of the SonicWALL appliance cannot be configured at the group or global level.
7.
In the Syslog Facility drop-down menu, select one of the syslog facility options.
281
8. 9.
To override syslog settings with ViewPoint settings, check the Override Syslog settings with ViewPoint settings box. To select a syslog format, choose one of the two options from the Syslog Format drop-down menu:
DefaultThe standard SonicWALL syslog format. WebTrendsA reporting software that analyzes traffic activity,
protocol usage, security problems, resource usage, bandwidth consumption, and more. For more information, visit http://www.webtrends.com.
10. To specify how often SonicWALL GMS logs repetitive events, enter the
time period (in seconds) in the Syslog Event Redundancy Filter field (default: 60 seconds). This prevents repetitive events from being logged to the syslog. If duplicate events occur during the period, they will be logged as a single event that specifies the number of times that the event occurred.The minimum is 0 seconds and the maximum is 86,400 seconds (24 hours). If you specify 0, all events are logged. and enter a maximum number of events per second in the Maximum Events Per Second field. and enter a maximum bytes per second in the Maximum Bytes Per Second field.
11. To enable event rate limiting, check the Enable Event Rate Limiting box
12. To enable data rate limiting, check the Enable Data Rate Limiting box
13. Specify how often the SonicWALL appliance(s) send heartbeats to
SonicWALL GMS in the Heartbeat Rate field (default: 60 seconds). If SonicWALL GMS does not receive a heartbeat message within three intervals, SonicWALL GMS will consider the SonicWALL appliances offline or unavailable and its icon will turn red.
Note
It is highly recommended to leave the Heartbeat Rate at the default setting of 60 seconds. Values close to zero will generate a large number of status messages. The maximum value is 86400 seconds (24 hours).
14. Enter the complete email address (for example,
administrator@company.com) where the log will be sent in the Email Log to field. If this field is left blank, the log will not be sent. This address will also be used as the return address.
Note
282
15. Some events, such as an attack, may require immediate attention. Enter
the complete email address or email pager address in the Email Alerts to field. If this field is left blank, alerts will not be sent.
Note
16. To email the log now, click Email Log Now. The scheduler displays. 17. Expand Schedule by clicking the plus icon. 18. Select Immediate or specify a future date and time. 19. Click Accept. 20. To clear the log, click Clear Log Now. A confirmation displays. Click OK
to clear the log.

21. To add a syslog server, enter the IP address and port in the Syslog Server
IP Address and Port fields. Click Add. The scheduler displays.
22. Expand Schedule by clicking the plus icon. 23. Select Immediate or specify a future date and time. 24. Click Accept. 25. For automated log delivery, specify when the log file will be sent from the
Send Log drop-down menu. Select When Full, Daily, or Weekly. If the log will be sent daily, select the time that the log will be sent (24-hour format). If the log will be sent weekly, select the day of the week and the time. problem with the mail server and the log cannot be successfully emailed. Under When Log Overflows, select Overwrite Log (SonicWALL appliances will overwrite the log and discard its contents) or Shutdown SonicWALL (this will prevent further traffic from not being logged).
26. In some cases, the log buffer may fill up. This may occur if there is a
27. From the Logging Level drop-down menu, select one of the logging level
options.
28. From the Alert Level drop-down menu, select one of the alert level
options.
29. Enter a period of time, in seconds, in the Log Redundancy Filter
(seconds) field.
30. Enter a period of time, in seconds, in the Alert Redundancy Filter
(seconds) field.
31. For each category in the Categories table, select a combination of Log,
Alerts, and Syslog.
283
Note
If you are using SonicWALL GMS, make sure that it can generate all reports for each SonicWALL appliance by selecting all log category check boxes.
32. When you are finished, click Update. The scheduler displays. 33. Expand Schedule by clicking the plus icon. 34. Select Immediate or specify a future date and time. 35. Click Accept.
Heartbeat Settings on the Enhanced Log Settings Page

A heartbeat is a message generated by the UTM appliance sent out at various intervals to a connected management server to determine whether the management server connected to the UTM appliance is active. You can now set a threshold value for how often a heartbeat message is generated. You can do this on the Log Settings page. To specify the Heartbeat Rate, perform the following:
1. 2. 3.
Navigate to the Policies Panel. Click the Log menu to display logging options. Click the Log Settings option. GMS displays the Log Settings dialog box.
284
Configuring Name Resolution
4.
In the Heartbeat Rate field in the General region, type a value that represents the number of seconds that is the interval between heartbeat tests. Note that the default interval is 60 seconds.

To configure name resolution, perform the following steps:
1. 2.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Select the Policies tab.
285
3.
In the center pane, navigate to Log > Name Resolution.
4. 5.
From the Name Resolution Method drop-down menu, select none, DNS, NetBios or DNS then NetBios. For DNS and DNS then NetBios, configure the following DNS settings:
Specify DNS Servers ManuallySelect this radio button to manually
configure the DNS servers and specify the IP address(es) in the Log Resolution DNS Server 1 - 3 fields. button to inherit the DNS settings from the WAN.
Inherit DNS Settings Dynamically from WANSelect this radio 6.
Click Update.
286
CHAPTER 13 Viewing Diagnostic Information

SonicWALL appliances store information about all devices with which they have communicated. When you generate diagnostic information, only one report can be generated at a time and the information is only maintained during the current session. For example, if you run a firewall log report and then log off or generate another report, the firewall log report data will be lost until you run the report again. This chapter includes the following sections:

Viewing Network Diagnostic Settings section on page 288 Viewing Connections Monitor section on page 290 Viewing CPU Monitor section on page 292 Viewing Process Monitor section on page 293
287
Viewing Network Diagnostic Settings

To view network settings, perform the following steps:
1. 2.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Diagnostics > Network.
3. 4. 5. 6. 7. 8. 9.
To refresh the diagnostic data, click Refresh Diagnostic Data display. To delete the diagnostic data, click Delete Diagnostic Data display. To view the log file for the selected SonicWALL appliance(s), click Request Log file display from unit(s). To test the RADIUS server, enter the username and password of a valid user in the User and Password fields and click Radius Client Test. To perform a DNS lookup from the SonicWALL appliance(s), enter a hostname or IP address in the Host field and click DNS Lookup. To find a network path from the SonicWALL appliance(s), enter an IP address in the Host field and click Find Network Path. To ping a host from the SonicWALL appliance(s), enter a hostname or IP address in the Host field and click Ping. hostname or IP address in the Host field and click TraceRoute Lookup. (SonicOS 2.5 Enhanced or later).
10. To perform a Traceroute from the SonicWALL appliance(s), enter a
11. To view dynamic routing information, click Fetch Default Route Policies
288
12. To perform a reverse name resolution, enter an IP address in the Reverse
Lookup the IP Address field and click Reverse Name Resolution.
13. To perform a real-time black list lookup, enter an IP address in the IP
Address field, a FQDN for the RBL in the RBL Domain field, and DNS server information in the DNS Server field. Click Real-time Black List Lookup. report options:
VPN KeysSaves shared secrets, encryption, and authentication
14. To generate a Tech Support Report, select any of the following four
keys to the report.

ARP CacheSaves a table relating IP addresses to the
corresponding MAC or physical addresses.

DHCP BindingsSaves entries from the SonicWALL security
appliance DHCP server.

IKE InfoSaves current information about active IKE
configurations.
15. Click Fetch Tech Support Report. 16. To request a packet trace, enter the IP address of the remote host in the
Host field, and click Start. You must enter an IP address in the Host field; do not enter a host name, such as www.yahoo.com. Click Stop to terminate the packet trace and Query to query the trace. To reset a host, enter the IP address in the Host field and click Reset.
289
Viewing Connections Monitor

The Connections Monitor displays real-time, configurable views of all connections to and through a SonicWALL security appliance. To view connections monitor data, perform the following steps:
1. 2.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Diagnostics > Connections Monitor.
3.
Select the filters values to sort by.
You can filter the results to display only connections matching certain criteria. You can filter by Source IP, Destination IP, Destination Port, Protocol, Source Interface, and Destination Interface. Enter your filter criteria in the Active Connections Monitor Settings table. The fields you enter values into are combined into a search string with a logical AND. For example, if you enter values for Source IP and Destination IP, the search string will look for connections matching: Source IP AND Destination IP Check the Group Filters box next to any two or more criteria to combine them with a logical OR. For example, if you enter values for Source IP, Destination IP, and Protocol, and check Group Filter next to Source IP and Destination IP, the search string will look for connections matching: (Source IP OR Destination IP) AND Protocol
4. 5. 6.
Click Fetch Active Connections Monitor to apply the filter immediately to the Active Connections Monitor table. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time.
290
7.
Click Accept. The updated Connections Monitor page displays.
291
Viewing CPU Monitor
Viewing CPU Monitor

For GMS managed SonicWALL UTM appliances running SonicOS 3.0 and higher, the CPU Monitor displays real-time CPU utilization in second, minute, hour, and day intervals. To view CPU utilization data, perform the following steps:
1. 2.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Diagnostics > CPU Monitor.
3. 4. 5.
To refresh the CPU diagnostic display, click Refresh Diagnostic Data display. To delete the CPU diagnostic display, click Delete Diagnostic Data display. To modify the time period for the CPU data, select one of the following periods from the Chart for drop-down menu:
CPU History for the last 60 secondsDisplays CPU history for the
last minute.
CPU History for the last 60 minutesDisplays CPU history for the
last hour.
CPU History for the last 24 hoursDisplays CPU history for the last
day.
CPU History for the last 30 daysDisplays CPU history for the last
30 days. 292
Viewing Process Monitor
6. 7. 8. 9.
Click Fetch CPU Information to display CPU information from the SonicWALL appliance. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept.

For GMS managed SonicWALL UTM appliances running SonicOS 3.0 and higher, the Process Monitor displays individual system processes, their CPU utilization, and their system time. To view diagnostic data, perform the following steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the Diagnostics tree and click Process Monitor. The Process Monitor page displays.
3. 4.
To refresh the process diagnostic display, click Refresh Diagnostic Data display. To delete the process diagnostic display, click Delete Diagnostic Data display.
293
5. 6. 7. 8.
Click Fetch Process Information to display Process Monitor information. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept.
294
CHAPTER 14 Configuring Website Blocking

This chapter describes how to use SonicWALL GMS to configure website blocking options for one or more SonicWALL appliances. This functionality can be used to deny access to material supplied by the active content filtering subscription, specific domains, domains by keyword, and Web features such as ActiveX, Java, and cookies. To configure website blocking features, select from the following: This Chapter includes the following sections:

Configuring General Website Blocking section on page 296 Configuring the CFS Exclusion List section on page 308 Blocking Web Features section on page 315 Configuring Access Consent section on page 316 N2H2 and Websense Content Filtering section on page 318
Note
SonicWALL appliances are entitled to a one-month content filter trial subscription.
295
Configuring General Website Blocking

The general page is used to configure whether access to restricted content, sites, and features is blocked or logged, if and when users can access blocked material, and the message that will be displayed when users attempt to access blocked material. SonicWALL offers two types of content filtering and supports two third-party content filtering packages: N2H2 and Websense Enterprise. To configure filtering options for N2H2 or Websense, view the documentation that came with the software package. To configure general blocking options, perform the following steps:
1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > General. The Website Blocking General page displays.
296
4.
Select the content filtering package that you will use:

SonicWALL CFSEnables the CFS SonicWALL filtering package
based on the firmware version of the SonicWALL appliance. To configure SonicWALL content filtering, see Selecting the Content to Block on page 298.
N2H2To use N2H2, you must have the N2H2 software package
running on a server in your network. For more information, visit www.n2h2.com.

WebsenseTo use Websense, you must have the Websense
Enterprise software package running on a server in your network. For more information, visit www.websense.com.
Note
If you select N2H2 or Websense, make sure to configure the appropriate filtering options. For more information, see N2H2 and Websense Content Filtering on page 318.
5.
A trusted domain is a domain that is allowed to use Web features such as Java, ActiveX, and cookies. To create a list of trusted domains, select the Don't block Java/ActiveX/Cookies to Trusted Domains check box. Enter one or more domains name in the Trusted Domains field and click Add. The scheduler displays. Multiple domains should be separated by a ; semicolon.
6.
Timesaver Importing a .txt file with one domain name per line is the easiest way
to add multiple domains to a Trusted Domains list. Click the Import... button to add multiple domains from a text file.
7. 8. 9.
Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept.
10. Repeat steps 5 - 10 for other domains you would like to add.
Note
Enter the domain name only. For example, yahoo.com. Do not include http://. Entering yahoo.com will also allow access to www.yahoo.com, my.yahoo.com, sports.yahoo.com, and so on.
297
Selecting the Content to Block
Note
This feature will only enable Web features for the selected domains. To make the domain available for unrestricted browsing, add it to the Allowed Domains list. For more information, see Customizing Access by Domain on page 309.
11. To delete a domain from the Trusted Domain list, click the checkbox in the
trash can column for the domain and click Update. (WorkPort), select LAN/WorkPort.
12. To apply content filtering and Web feature restrictions to the LAN port 13. To apply content filtering and Web feature restrictions to the DMZ port
(HomePort), select DMZ/HomePort/WLAN/OPT. For SonicWALL wireless appliances, the DMZ/HomePort/WLAN/OPT option also applies content filtering and Web feature restrictions to the WLAN interface. restricted content, sites, and features. For example, This Web site is blocked is restricted. Get back to work.
14. Enter the message that will be displayed when users attempt to access

Depending on the version of the firmware, you will use either the CFL Filter List or the CFS Filter List page. If a SonicWALL appliance uses CFL, it will periodically download a filter list that will be used to block objectionable sites. If a SonicWALL appliance uses CFS, it will send a request to the SonicWALL site each time a request for potentially objectionable material is made.
Note
You must activate a service licence to use CFL or CFS content blocking.
298
Content Filter List

The CFL Filter List page defines categories of website content that will be blocked and when the SonicWALL appliance(s) will download the content filter list.
Note
This page does not affect N2H2 or Websense content filtering. For information on configuring filtering options for these software packages, refer to their documentation.
To configure the filter list, perform the following steps:

1. 2. 3.
In the left pane, select the global icon, a group or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > CFL Filter List.
4.
Select the content to block by checking the box next to any of the following categories (to select all categories, check the Select All box):
Violence/ProfanityIncludes pictures or text depicting extreme
cruelty, or physical or emotional acts against any animal or person that are primarily intended to hurt or inflict pain. Obscene words, phrases,
299
and profanity are defined as text that uses, but is not limited to, George Carlins seven censored words, more often than once every 50 messages (Newsgroups) or once a page (Web sites).
Partial NudityPictures exposing the female breast or full exposure
of either male or female buttocks, except when exposing genitalia. Excludes all swimsuits, including thongs.
Full NudityPictures exposing any or all portions of the human
genitalia. Excludes sites containing nudity or partial nudity of a wholesome nature. For example, Web sites hosted by publications such as National Geographic or Smithsonian Magazine and museums such as the Guggenheim, the Louvre, or the Museum of Modern Art are not blocked.
Sexual Acts (graphics or text)Pictures or text exposing anyone or
anything involved in explicit sexual acts and or lewd and lascivious behavior, including masturbation, copulation, pedophilia, and intimacy involving nude or partially nude people in heterosexual, bisexual, lesbian or homosexual encounters. This also includes phone sex ads, dating services, adult personals, CD-ROMs, and videos.
Gross Depictions (graphics or text)Pictures or descriptive text of
anyone or anything that are crudely vulgar or grossly deficient in civility or behavior, or that show scatological impropriety. For example, maiming, bloody figures, or indecent depiction of bodily functions.
Intolerance (graphics or text)Pictures or text advocating prejudice
or discrimination against any race, color, national origin, religion, disability or handicap, gender, or sexual orientation. Includes any picture or text that elevates one group over another. Also includes intolerant jokes or slurs.
Satanic/Cult (graphics or text)Pictures or text advocating devil
worship, an affinity for evil or wickedness, or the advocacy to join a cult. A cult is defined as a closed society headed by a single individual where loyalty is demanded and leaving is punishable.
Drug Culture (graphics or text)Pictures or text advocating the
illegal use of drugs for entertainment. Includes substances used for other than their primary purpose to alter the individuals state of mind, such as glue sniffing. Excludes currently illegal drugs legally prescribed for medicinal purposes (e.g., drugs used to treat glaucoma or cancer).
Militant/Extremist (graphics or text)Pictures or text advocating
extremely aggressive and combative behaviors, or unlawful political measures. Topics include groups that advocate violence as a means
300
to achieve their goals. Includes how to information on weapons making, ammunition making, or the making or use of pyrotechnic materials. Also includes the use of weapons for unlawful reasons.
Sex Education (graphics or text)Pictures or text advocating the
proper use of contraceptives. This topic includes condom use, the correct way to wear a condom and how to put a condom in place. Also included are sites relating to discussion about the use of the Pill, IUDs, and other types of contraceptives. In addition to the above, this includes discussion sites on discussing diseases with a partner, pregnancy, and respecting boundaries. Excluded from this category are commercial sites selling sexual paraphernalia.
Gambling/Questionable/Illegal (graphics or text)Pictures or text
advocating materials or activities of a dubious nature which that be illegal in any or all jurisdictions, such as illegal business schemes, chain letters, copyright infringement, computer hacking, phreaking (using someones phone lines without permission), and software piracy..
Alcohol/Tobacco (graphics or text)Pictures or text advocating the
sale, consumption, or production of alcoholic beverages and tobacco products.

5.
To configure the SonicWALL appliance(s) to download the content list weekly, select the Automatically Download List Every check box and select the day of the week and time when the download will occur.
Tip
If you select this option, configure the SonicWALL appliance(s) to download the list at a time when network activity is low.
Note
This option requires a subscription to the Content Filter List updates.
6. 7. 8. 9.
To download a new content filter list now, click the Download Filter List Now button. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept.
Log and Block AccessBlocks access to restricted content, sites,
10. Select one of the following Logging options:
and features and logs access attempts.

301
Log OnlyDoes not block access to restricted content, sites, and
features, but logs access. This enables organizations to monitor appropriate usage without restricting access.
11. Select from the following filter list expiration options: To block access to all Web sites except trusted domains thirty days
after the filter list expires, select Block traffic to all websites except for Allowed Domains. select Allow traffic access to all websites.
To allow access to all Web sites thirty days after the filter list expires, 12. When you are finished, click Update. The scheduler displays. 13. Expand Schedule by clicking the plus icon. 14. Select Immediate or specify a future date and time. 15. Click Accept.
CFS Filter List

The CFS Filter List allows you to block objectionable content. You must have a license for the CFS Filter List. To configure the Content Filter Service, perform the following steps:

Configuring the General CFS Filter List Settings on page 302. Configuring the CFS Standard Page on page 303. Configuring the CFS Premium Page on page 306.
Configuring the General CFS Filter List Settings

The CFS Filter List page defines categories of Web site content that will be blocked in real time. Each time a request for potentially objectionable material is made, CFS sends a request to the SonicWALL site.
Note

1. 2.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab.
302
3.
In the center pane, navigate to Website Blocking > CFS Filter List.
4.
Specify how long the SonicWALL appliance will wait if the CFS server is unavailable before blocking Web traffic in the If Server is unavailable for field. Specify the action the SonicWALL appliance will take if the server is unavailable. To block access to all Web sites, select Block traffic to all Web sites. To allow access to all Web sites, select Allow traffic to all Web sites. Specify how the SonicWALL appliance will respond to blocked URLs in the If Server marks URL as blocked section:
Block Access to URLBlocks access to restricted content, sites,
5.
6.
and features.
Log Access to URLDoes not block access to restricted content,
sites, and features, but logs access. This enables organizations to monitor appropriate usage without restricting access.
7. 8. 9.
Specify the size of the URL cache in the Cache Size field. For information on valid ranges, click the Click here for valid ranges link. When you are finished, click Update. The scheduler displays. Expand Schedule by clicking the plus icon.
10. Select Immediate or specify a future date and time. 11. Click Accept.
Configuring the CFS Standard Page

The CFS Standard page defines categories of Web site content that will be blocked in real time. 303
Note

1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to the Website Blocking > CFS Standard.
4.
Select the content to block by checking the box next to one of the following categories (to select all categories, check the Select all box):
Violence/Hate/RacismIncludes pictures or text exposing extreme
cruelty, or physical or emotional acts against any animal or person that are primarily intended to hurt or inflict pain. Includes pictures or text advocating prejudice or discrimination against any race, color, national origin, religion, disability or handicap, gender, or sexual orientation. Includes any picture or text that elevates one group over another. Also includes intolerant jokes or slurs.
Cult/Occult (graphics or text)Pictures or text advocating devil
worship, an affinity for evil or wickedness, or the advocacy to join a cult. A cult is defined as a closed society headed by a single individual where loyalty is demanded and leaving is punishable.
Intimate Apparel/Swimsuit Partial NudityPictures exposing
males or females in lingerie, swimsuits, or other intimate apparel.

Drugs/Illegal Drugs (graphics or text)Pictures or text advocating
the illegal use of drugs for entertainment. Includes substances used for other than their primary purpose to alter the individuals state of
304
mind, such as glue sniffing. Excludes currently illegal drugs legally prescribed for medicinal purposes (e.g., drugs used to treat glaucoma or cancer).
Nudism (graphics or text)Pictures or text advocating nudism,
providing information, or advertising related resorts or services.

Illegal Skills/Questionable Skills (graphics or text)Pictures or
text advocating materials or activities of a dubious nature which that be illegal in any or all jurisdictions, such as illegal business schemes, chain letters, copyright infringement, computer hacking, phreaking (using someones phone lines without permission), and software piracy.
Pornography (graphics or text)Pictures of any or all portions of
the human genitalia and pictures or text exposing anyone or anything involved in explicit sexual acts and or lewd and lascivious behavior, including masturbation, copulation, pedophilia, and intimacy involving nude or partially nude people in heterosexual, bisexual, lesbian or homosexual encounters. Excludes sites containing nudity or partial nudity of a wholesome nature and all swimsuits, including thongs.
Sex Education (graphics or text)Pictures or text advocating the
proper use of contraceptives. This topic includes condom use, the correct way to wear a condom and how to put a condom in place. Also included are sites relating to discussion about the use of the Pill, IUDs, and other types of contraceptives. In addition to the above, this includes discussion sites on discussing diseases with a partner, pregnancy, and respecting boundaries. Excluded from this category are commercial sites selling sexual paraphernalia.
Weapons (graphics or text)Pictures or text advocating the legal or
illegal use of weapons, providing weapons for sale, or advocating extremely aggressive and combative behaviors, or unlawful political measures.
Gambling (graphics or text)Pictures or text providing or
advocating gambling services relating to lotteries, casinos, betting, numbers games, on-line sports, and financial betting, including non-monetary dares
Adult/Mature Content (graphics or text)Pictures or text such as
phone sex ads, dating services, adult personals, CD-ROMs, and videos. Excludes sites containing nudity or partial nudity of a wholesome nature and all swimsuits, including thongs.
Alcohol & Tobacco (graphics or text)Pictures or text advocating
the sale, consumption, or production of alcoholic beverages and tobacco products.

305
5. 6. 7. 8. 9.
When you are finished, click Update. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept. If you believe that a website is rated incorrectly, or to submit a new URL for blocking, click the here link in the sentence If you believe that a Web site is rated incorrectly or you wish to submit a new URL, click here.
Configuring the CFS Premium Page

The CFS Premium service enables you to add advanced content filtering functionality to one or more SonicWALL appliances by choosing specific content to filter from 64 different content categories. This section describes how to configure the CFS Premium service.
Note
To configure the CFS Premium service, perform the following steps:

1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > CFS Premium.
306
4.
Click Add CFS Policy.
5. 6.
Enter a name for the policy. Click the URL List tab.
7. 8.
Check the boxes of the categories to block. To select all categories, check the Select all Categories box. Click the Settings tab.
a. To disable the allowed domains list, select the Disable Allowed
Domains check box.
307
Configuring the CFS Exclusion List
b. To prevent access to domains specified in the Forbidden Domain list,
select the Enable Forbidden Domains check box. Blocking check box.
c. To enable the keyword blocking feature, select the Enable Keyword
9.
From the drop-down menu, select when the forbidden URLs will be blocked.
10. When you are finished, click OK. The scheduler displays. 11. Expand Schedule by clicking the plus icon. 12. Select Immediate or specify a future date and time. 13. Click Accept. 14. Repeat this procedure for each filter that you would like to add.
Configuring the CFS Exclusion List

The CFS exclusion list allows you to specify an IP address or IP address range that is excluded from Website blocking. To enable and configure a CFS exclusion list, perform the following tasks:
1.
In the left pane, select the global icon, a group, or a SonicWALL appliance.
308
Customizing Access by Domain
2.
Click the Policies tab. In the center pane, navigate to Website Blocking > CFS Exclusion List.
3. 4.
Check the Enable CFS Exclusion List box to enable CFS block list exclusions. Enter an IP address or IP address range to exclude. For a single IP address, enter the same IP address in the IP Address From and IP Address To fields. For a range, enter the beginning IP address in the IP Address From field and the ending IP address in the IP Address To field. Click Add IP Range Entry. Repeat steps 5 and 6 to add more IP addresses or IP address ranges. To delete an IP address or IP address range from the CFS exclusion list, click the checkbox in the trashcan column for the addresses.a truste4d Click Update. The scheduler displays. Expand Schedule by clicking the plus icon.
5. 6. 7. 8. 9.

The Customization page is used to block or allow access to specific domain names. This enables an organization to block access to domains that are not in the content filter list, allow access to domains in the content filter list, or only allow access to specific domains. Allowed domains are domains that users can access, regardless of whether they appear in the content filter list. Allowed domains are particularly useful for dedicated systems that are only allowed to access specific websites. Up to 256 entries are supported in the Allowed Domains list.
309
Timesaver Importing a .txt file with one domain per line is the easiest way to add
multiple domains to a forbidden/allowed list. See the Adding Multiple Domains From a List section on page 311 for more. Forbidden domains are domains that users will not be allowed to access. This is useful when a website disrupts a corporate or educational environment. To find out which websites are most frequently accessed, refer to the Top Web Site Hits section of the log report. Up to 256 entries are supported in the Forbidden Domains list.
Note
This feature is not available if you select N2H2 or Websense content filtering. For information on configuring filtering options for these software packages, refer to their documentation.
Enabling Website Blocking Customization

To configure list customization options:
1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > Customization.
4.
Enable list customization by checking the Enable Allowed/Forbidden Domains box.
310
5.
To disable Web traffic except for allowed domains, check the Disable all Web traffic except for Allowed Domains box. (This option is available only on appliances running SonicOS Standard, or other non-Enhanced firmware.)
Adding Individual Forbidden/Allowed Domains

To add one or more allowed/forbidden domains:
1.
To add a small number of domains, enter the domain name in the Allowed Domains field and click Add. The scheduler displays.You can add several domains at once by separating your entries with a semicolon ;.
Note
Enter the domain name only. For example, yahoo.com. Do not include http://. Entering yahoo.com will also allow access to www.yahoo.com, my.yahoo.com, sports.yahoo.com, and so on. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept. Repeat this step for each domain you would like to add.
2. 3. 4. 5.
Adding Multiple Domains From a List

To add a large number of domains from a text-based list:
1.
Click the Import... button, the upload file window displays.
2. 3. 4.
Click the Browse... button to upload a text-based (.txt) file containing the URL list. The URLs in this text file must be separated by line breaks. In the Schedule window, select Immediate or specify a future date and time. Click Accept.
311
Timing Options in SonicOS Standard

To configure timing options for SonicOS Standard appliances:
1.
Select one of the following Timing options. (This option is available only on appliances running SonicOS Standard, or other non-Enhanced firmware.)
Always BlockAlways blocks access to all restricted content, sites,
and features.
Block FromBlocks access to restricted content, sites, and features
between the selected hours. Select the from and to hours and the day range from the pull-down menus.
2. 3. 4. 5.
When you are finished, click Update. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept.
Deleting Domains from the Domain Lists

To delete one or more domains from the Allowed Domain or Forbidden Domain lists, perform the following steps:
1. 2.
Navigate to Website Blocking > Customization. Check the box below the trash can icon and next to the item you want to delete. Repeat this step for each domain that you want to remove from the domain lists. When you are finished, click Update. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept.
3. 4. 5. 6.
312
Blocking Access to Domains by Keywords

The URL Keywords page is used to block access to domain names by keyword. This provides a second line of defense against objectionable material. For example, if the keyword xxx was included in the list, the site www.new-site.com/xxx.html would be blocked.
Note
Be careful when using this feature. For example, blocking the word breast can prevent access to both pornographic or objectionable sites, but will also block sites on breast cancer.
Note
To configure domain blocking by keyword, perform the following steps:

1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > URL Keywords.
4.
Enable keyword blocking by checking the Enable Keyword Blocking box.
313
5. 6. 7. 8. 9.
Click Update. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept. To add one or more keywords, enter them in the URL Keyword field and click Add. The scheduler displays. Multiple keywords should be separated by a ; semicolon.
Timesaver Importing a .txt file with one keyword per line is the easiest way to
add multiple keywords. Click the Import... button to add multiple keywords from a text file.
10. Expand Schedule by clicking the plus icon. 11. Select Immediate or specify a future date and time. 12. Click Accept. Repeat these steps for each keyword you would like to add. 13. To remove a keyword, select its check box below the trash can icon.
Repeat this step for each keyword that you want to remove from the keyword lists.
314
Blocking Web Features
Blocking Web Features

The Web Features page is used to block ActiveX Controls, Java, cookies, Web proxy, and known fraudulent certificates. To block these features, perform the following steps:
1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > Web Features.
4.
Check the boxes next to the objects to block:

ActiveXBlocks ActiveX controls. ActiveX is a programming
language used to imbed small programs in Web pages. It is generally considered insecure because it is possible for malicious programmers to write controls that can delete files, compromise security, or cause other damage.
JavaBlocks Java applets. Java applets are downloadable Web
applications that are used on many websites. Selecting this option will block all Java applets, regardless of their function.
CookiesPrevents websites from placing information on user hard
drives. Cookies are used by Web servers to track Web usage and remember user identity. Cookies can compromise users' privacy by tracking Web activities.
Note
Blocking cookies on the public Internet creates a large number of accessibility problems. Most sites make extensive use of cookies to generate Web pages and blocking cookies will make most e-commerce applications unusable.
315
Configuring Access Consent
Access to HTTP Proxy ServersBlocks users from accessing Web
proxy servers on the Internet to circumvent content filtering by pointing their computers to the proxy servers.
Known Fraudulent CertificatesBlocks access to Web content that
originated from a known fraudulent certificate. Digital certificates help verify that Web content originated from an authorized party.
5. 6. 7. 8.
When you are finished, click Update. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept.

The consent feature allows organizations to specify computers that are always filtered and computers that are filtered by user request. This feature is popular in libraries, Internet cafes, and other public Internet systems.
Note
To configure the consent feature, perform the following steps:

1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > Consent.
316
4. 5. 6.
Check the Require Consent check box to require consent. Users can choose if they want filtering or not. Enter the maximum time (in minutes) a user can access the Internet in the Maximum Web Usage field. Specify the maximum amount of time (in minutes) a connection may remain idle before the user is logged out and must agree to the consent agreement again in the User Idle Timeout field. Enter the URL of the Web page from which users choose to enable filtering in the Consent Page URL (Optional Filtering) field. This page displays when users first attempt to access the Internet and must contain a link for choosing unfiltered access and a link for choosing filtered access. The link for unfiltered access is IPaddress/iAccept.html. The link for filtered access is IPaddress/iAcceptFilter.html. IPaddress is the LAN (WorkPort) IP address of the SonicWALL appliances. Enter the URL of the page that displays when users choose to access the Internet without content filtering in the Consent Accepted URL (Filtering Off) field. This page must be accessible on the LAN (WorkPort). Enter the URL of the page that displays when users access the Internet with content filtering enabled in the Consent Accepted URL (Filtering On) field. This page must be accessible on the LAN (WorkPort). filtering they will be shown a consent page. Enter the URL for the consent page in the Consent Page URL (Mandatory Filtering) field. You will need to create this Web page. It usually contains an Acceptable Use Policy and a notification that violations will be logged or blocked. This Web page must reside on a Web server that is accessible as a URL by LAN (WorkPort) users. This page must also contain a link that tells the SonicWALL appliance that the user agrees to having filtering enabled. To do this, create the following link: IPaddress/iAcceptFilter.html where IPaddress is the LAN (WorkPort) IP address of the SonicWALL appliance.
7.
8.
9.
10. When a user opens a Web browser on a computer with mandatory content
11. To enforce content filtering for a specific computer on the LAN, enter the
IP address in the IP Addresses field of the Mandatory Filtered IP Addresses section and click Add. Up to 128 IP addresses can be entered. checkbox in the trash can column for the IP address.
12. To remove a computer from the list of computers to be filtered, click the 13. When you are finished, click Update. The scheduler displays.
317
N2H2 and Websense Content Filtering
14. Expand Schedule by clicking the plus icon. 15. Select Immediate or specify a future date and time. 16. Click Accept.

This following sections describes additional filtering configuration options for N2H2 and Websense content filtering:

N2H2 on page 318 Websense on page 320
N2H2
To configure N2H2 content filtering options, perform the following steps:
1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab In the center pane, navigate to Website Blocking > N2H2.
4. 5.
Enter the N2H2 server name or IP address in the Server Host Name or IP Address field. Enter the port that the N2H2 server listens for N2H2 requests in the Listen Port field (default: 4005).
318
6. 7. 8. 9.
Enter the port that the N2H2 server uses to send packets to the SonicWALL appliances in the Reply Port field (default: 4005). Enter the username associated with the N2H2 account in the User Name field. Enter the size of the URL cache in the URL Cache Size field. A larger URL cache can improve browser response times. Select the action that the SonicWALL appliance(s) will take if the N2H2 server is unavailable beyond a specified period of time. First, enter the time period (in seconds) in the If user is unavailable for field. Then, select one of the options:
To block traffic to all Web sites, select Block traffic to all Web sites. To allow access to all Web sites, select Allow traffic to all Web sites.
10. If a server marks a URL as blocked, select one of the following actions: Block Access to URLBlocks access to restricted sites and logs
access attempts.
Log Access to URLDoes not block access to restricted sites, but
logs access. This enables organizations to monitor appropriate usage without restricting access.
319
Websense
To configure Websense content filtering options, perform the following steps:
1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Website Blocking > Websense.
4. 5. 6. 7. 8.
Enter the Websense server name or IP address in the Server Host Name or IP Address field. Enter the port used for Websense packets in the Server Port field (default: 15868). Enter the username associated with the Websense account in the User Name field. Enter the size of the URL cache in the URL Cache Size field. A larger URL cache can improve browser response times. The default cache size is 50. Enter a time period (in seconds) in the If user is unavailable for field. Then, select the action that the SonicWALL appliance(s) will take after that period of time:
To block traffic to all Web sites, select Block traffic to all Web sites. To allow access to all Web sites, select Allow traffic to all Web sites.
9.
When you are finished, click Update. The scheduler displays.
10. Expand Schedule by clicking the plus icon. 11. Select Immediate or specify a future date and time. 12. Click Accept.
320
CHAPTER 15 Configuring Dynamic Host Configuration Protocol

This chapter describes how to use the SonicWALL Global Management System (SonicWALL GMS) to configure SonicWALL appliances as DHCP servers. Dynamic Host Configuration Protocol (DHCP) enables network administrators to automate the assignment of IP addresses from a centralized DHCP server. This conserves IP addresses and make it easy for mobile users to move among different segments of the network without having to manually enter new IP addresses. This chapters includes the following sections:

DHCP Server Options Overview section on page 322 Configuring DHCP Over VPN section on page 322 Configuring Dynamic DHCP IP Address Ranges section on page 325 Configuring Static IP Addresses section on page 329 Configuring DHCP Option Objects section on page 333 Configuring DHCP Option Groups section on page 334 Configuring General DHCP Settings section on page 334
321
DHCP Server Options Overview
DHCP Server Options Overview

For SonicWALL appliances running SonicOS Enhanced 4.0 and above, the SonicWALL DHCP server options feature provides support for DHCP options, also known as vendor extensions, as defined primarily in RFCs 2131 and 2132. DHCP options allow you to specify additional DHCP parameters in the form of pre-defined, vendor-specific information that is stored in the options field of a DHCP message. When the DHCP message is sent to clients on the network, it provides vendor-specific configuration and service information. The SonicOS Enhanced 4.0 Administrators Guide provides a list of DHCP options by RFC-assigned option number. SonicWALL GMS provides a way to define DHCP options using a drop down list based on RFC-defined option numbers, allowing administrators to easily create DHCP objects and object groups, and configure DHCP generic options for dynamic and static DHCP lease scopes. Once defined, the DHCP option is included in the options field of the DHCP message, which is then passed to DHCP clients on the network, describing the network configuration and service(s) available.
Configuring DHCP Over VPN

Note
This screen is available at the unit/appliance level only.
DHCP over VPN enables clients of the SonicWALL appliance to obtain IP addresses from a DHCP server at the other end of the VPN tunnel or a local DHCP server.
322
To configure DHCP over VPN, perform the following steps:

1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the DHCP tree and click DHCP over VPN. The DHCP over VPN page displays
3.

To configure the SonicWALL appliance to forward DHCP requests
through a VPN tunnel, select Remote Gateway from the DHCP Relay Mode list box and do the following:
Select the security association (SA) through which the DHCP server
resides from the Obtain using DHCP through this SA list box.
Enter the IP address that will be inserted by the SonicWALL
appliance as the IP address of the DHCP Relay Agent in the Relay IP Address field. tunnel from behind the Central Gateway, enter the management IP address in the Remote Management IP Address field.
To manage this SonicWALL appliance remotely through the VPN
If you enable Block traffic through tunnel when IP spoof
detected, the SonicWALL blocks any traffic across the VPN tunnel that is spoofing an authenticated users IP address. If you have any static devices, however, you must ensure that the correct Ethernet address is entered for the device. obtained from the local SonicWALL appliance. Once the tunnel is active, it will stop issuing leases. To enable this option, select the Obtain temporary lease from local DHCP server if tunnel is down check box.
If the VPN tunnel is disrupted, temporary DHCP leases can be
323
When you enable this option, clients will be able to obtain IP addresses if the tunnel is unavailable. To ensure that clients use the remote DHCP server shortly after it becomes available, enter a short lease time in the Temporary Lease Time field. The default value is two minutes. Make sure to enable DHCP and enter an IP address range on the DHCP Setup page. Otherwise, the SonicWALL appliance will be unable to act as a DHCP server.
To specify static IP addresses on the LAN (WorkPort), enter the IP
address and MAC address and click Add. Repeat this step for each device that uses a static IP address.
To specify a device that is not allowed to obtain an IP address
through the SA, enter its MAC address and click Add. Repeat this step for each device that will not be allowed to obtain an IP address through the SA.
To configure the SonicWALL appliance to forward DHCP requests to
local servers, select Central Gateway from the DHCP Relay Mode list box and do the following:
To configure the SonicWALL appliance to send DHCP requests to
specific DHCP servers, select the Send DHCP requests to the server addresses listed below check box. Then, enter the IP address of a DHCP server and click Add. Repeat this step for DHCP server that you want to add.
To configure the SonicWALL appliance to broadcast DHCP
requests, deselect the Send DHCP requests to the server addresses listed below check box and leave the DHCP Servers field blank. some clients, select the Use Internal DHCP Server check box. To use the internal DHCP server for Global VPN clients, select the For Global VPN Client check box. To use the internal DHCP server for remote firewalls, select the For Remote Firewalls check box.
To use the DHCP server built into the SonicWALL appliance for
4.
324
Configuring Dynamic DHCP IP Address Ranges

Note
This section describes how to configure dynamic IP address ranges. To configure one or more dynamic IP address ranges, perform the following steps:
1. 2.
Select a SonicWALL appliance. Expand the DHCP tree and click Dynamic Ranges. The Dynamic Ranges page displays.
3.
Do one of the following:

To enable the DHCP server, select the Enable DHCP Server check
box.
To disable the DHCP server, deselect the Enable DHCP Server check
box.
4.
Select Enable Conflict Detection to turn on automatic DHCP scope conflict detection on each zone.
325
5.
To add or edit a dynamic range, do one of the following:

To add a dynamic range, click Add Dynamic Range. To edit an existing dynamic range, click the icon in the Edit Dynamic
Range column.
The DHCP Setup dialog for Dynamic Ranges is displayed.
6.
In the DHCP Setup dialog box, on the General tab, complete the following fields:
Select the Enable this DHCP Scope check box to enable the DHCP
range. Deselect it to disable the range.

Enter the start of the range in the Range Start field. Enter the end of the range in the Range End field. In the Lease Time field, type the number of minutes that an IP address
is used before another IP address is issued (or the same one is re-issued). 1440 minutes (24 hours) is the default value.
Specify the IP address and subnet mask of the default gateway for this
IP address range in the Default Gateway and Subnet Mask fields. By default, these fields will use the settings on the Network Settings page. BootP clients on this network. BootP stands for bootstrap protocol, which is a TCP/IP protocol and service that allows diskless workstations to obtain their IP address, other TCP/IP configuration information, and their boot image file from a BootP server.
Select the Allow BootP clients to use range check box if you have
326
7.
Click the DNS/WINS tab.
8.
In the DHCP Setup dialog box, on the DNS/WINS tab, complete the following fields:
Optionally enter the domain name associated with this IP address
range in the Domain Name field. following:
To configure one or more DNS servers for this range, do one of the To use the DNS servers specified on the Network Settings page, To specify the DNS servers manually for this IP address range,
select Set DNS Servers using SonicWALLs Network settings.
select Specify Manually and then type the IP address of your DNS Server in the DNS Server 1 field. You can specify two additional DNS servers.
If you have WINS running on your network, type the WINS server IP
address in the WINS Server 1 field. You can add an additional WINS server.
327
9.
For units running SonicOS Enhanced 4.0 and above, click the Advanced tab. This tab allows you to configure the SonicWALL DHCP server to send Cisco Call Manager information to VoIP clients on the network, and to configure DHCP generic options for lease scopes.
10. Enter the IP address or FQDN of your VoIP Call Manager in the Call
Manager 1 field. You can add two additional VoIP Call Manager addresses. For more information about configuring VoIP, see Configuring Voice over IP Settings on page 249. in the DHCP Generic Option Group drop-down menu. Send Generic options always checkbox.
11. To configure a DHCP lease scope, select a DHCP option or option group 12. To always use DHCP options for this DHCP server lease scope, select the 13. When you are finished, click OK. The settings are saved. To clear all
screen settings and start over, click Cancel.
328
Configuring Static IP Addresses

Static entries are IP addresses assigned to servers requiring permanent IP settings.
Note
To configure one or more static IP addresses, perform the following steps:

1. 2.
Select a SonicWALL appliance. Expand the DHCP tree and click Static Entries. The Static Entries page displays
3.

box.
box.
4.
Select Enable Conflict Detection to turn on automatic DHCP scope conflict detection on each zone.
329
5.
To add or edit a static entry, do one of the following:

To add a static entry, click Add Static Entry. To edit an existing static entry, click the icon in the Edit Static Entry
column. The DHCP Setup dialog for Static Entries is displayed.
6.
In the DHCP Setup dialog box, on the General tab, complete the following fields:
Select the Enable this DHCP Scope check box to enable this static
DHCP scope. Deselect it to disable the scope.

Type a descriptive name for this static DHCP entry in the Entry Name
field.
Type the IP address of the device in the Static IP Address field. Enter the Ethernet (MAC) address of the device in the Ethernet
Address field.
In the Lease Time field, type the number of minutes that an IP address
is used before it is re-issued. 1440 minutes (24 hours) is the default value.
IP address in the Default Gateway and Subnet Mask fields. By default, these fields will use the settings on the Network Settings page.
7.
To add a static IP address, click Add Static Entry and complete the following fields:
330
IP address in the Default Gateway and Subnet Mask fields. By default, these fields will use the settings on the Network Settings page.
Enter the lease time for this IP address in the Lease Time field. 8.
Click the DNS/WINS tab.
9.
In the DHCP Setup dialog box, on the DNS/WINS tab, complete the following fields:
If you have a domain name associated with this IP address, enter it in
the Domain Name field. following:
To configure one or more DNS servers for this range, do one of the To use the DNS servers specified on the Network Settings page, To specify the DNS servers manually for this IP address, select
select Set DNS Servers using SonicWALLs Network settings.
Specify Manually and then type the IP address of your DNS Server in the DNS Server 1 field. You can specify two additional DNS servers.
If you have WINS running on your network, type the WINS server IP
address in the WINS Server 1 field. You can add an additional WINS server.
331
10. For units running SonicOS Enhanced 4.0 and above, click the Advanced
tab. This tab allows you to configure the SonicWALL DHCP server to send Cisco Call Manager information to VoIP clients on the network, and to configure DHCP generic options for lease scopes.
11. Enter the IP address or FQDN of your VoIP Call Manager in the Call
Manager 1 field. You can add two additional VoIP Call Manager addresses. For more information about configuring VoIP, see Configuring Voice over IP Settings on page 249. in the DHCP Generic Option Group drop-down menu. Send Generic options always checkbox.
12. To configure a DHCP lease scope, select a DHCP option or option group 13. To always use DHCP options for this DHCP server lease scope, select the 14. When you are finished, click OK. The settings are saved. To clear all
screen settings and start over, click Cancel.
332
Configuring DHCP Option Objects
Configuring DHCP Option Objects

Note
This screen is available at the unit/appliance level only for units running SonicOS Enhanced 4.0 and above.
This section describes how to configure DHCP Option Objects. DHCP Option Objects can be used when setting DHCP Generic Options for DHCP Dynamic Ranges or Static Entries. For more information about DHCP Options, see DHCP Server Options Overview on page 322.
To configure DHCP Option Objects:

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Expand the DHCP tree and click Option Objects. Click Add New Object or the Configure icon for an existing object. The Add/Edit DHCP Option Objects page displays. Type a name for the option in the Option Name field. From the Option Number drop-down list, select the option number that corresponds to your DHCP option. Optionally check the Option Array checkbox to allow entry of multiple option values in the Option Value field. The option type displays in the Option Type drop-down menu. The drop-down menu will be functional only if multiple option numbers are available. Type the option value, for example, an IP address, in the Option Value field. If Option Array is checked, multiple values may be entered, separated by a semi-colon (;). Click the OK button. The object will display in the DHCP Option Object Settings list.
Step 7
Step 8
333
Configuring DHCP Option Groups
Configuring DHCP Option Groups

Note
This screen is available at the unit/appliance level only for units running SonicOS Enhanced 4.0 and above.
This section describes how to configure DHCP Option Groups. For more information about DHCP Options, see DHCP Server Options Overview on page 322. To configure DHCP Option Groups:
Step 1 Step 2 Step 3 Step 4 Step 5
Expand the DHCP tree and click Option Groups. Click Add New Group or the Configure icon for an existing group. The Add/Edit DHCP Option Group page displays. Type a name for the group in the Name field. To add DHCP Option Objects to the group, select one or more objects on the left side and click the arrow to move them to the right. To remove DHCP Option Objects from the group, select one or more objects on the right side and click the arrow to move them to the left. Or, click Remove All to remove all objects from the group. When finished, click OK.
Step 6
Configuring General DHCP Settings

Note
This screen is available at the Group level only.
This section describes how to configure general DHCP settings for a group of appliances. The settings in the Policies > DHCP > Setup page apply to all appliances in the selected group, depending on their inheritance settings. To configure general IP, perform the following steps:
1.
Select the global icon or a group name.
334
Configuring General DHCP Settings
2.
Expand the DHCP tree and click Setup. The Static Entries page displays.
3.

box.
box.
To disable the DHCP server and configure computers on the LAN
(WorkPort) to use a DHCP server outside the firewall, deselect the Enable DHCP Server check box and select the Allow DHCP Pass Through check box.
Enter the lease time for this IP address in the Lease Time field. Optional. Enter the domain name associated with this IP address in
the Domain Name field.
To use the DNS and WINS servers specified on the Network Settings
page, select Set DNS Servers using SonicWALLs Network settings.
To specify the DNS servers manually for this IP address, select
Specify Manually and enter the IP addresses of the DNS and WINS servers.
4.
When you are finished, click Update. The settings are saved. To clear all screen settings and start over, click Reset.
335
Configuring Trusted DHCP Relay Agents
Configuring Trusted DHCP Relay Agents

This section describes how to configure trusted DHCP relay agents. The settings for this feature are configured in the Policies > DHCP > Trusted Agents page. To configure a trusted DHCP relay agent, perform the following steps:
1.
Navigate to the Policies > DHCP > Trusted Agents screen in the SonicWALL GMS user interface.
2. 3.
Click the Enable Trusted DHCP Relay Agent List checkbox to enable this feature. Choose a Trusted Relay Agent List from the dropdown menu. The default selection for the trusted agent list is the Default Trusted Relay Agent List address group. The entries for this address group are defined in the Network > Address Objects page. Click the Update button to confirm your changes.
Note
4.
336
CHAPTER 16 Configuring User Settings

This chapter describes how to use the SonicWALL GMS to configure user and user access settings. Included in this chapter are the following sections:

Configuring Users in SonicOS Enhanced on page 337 Configuring Users in SonicOS Standard on page 370
Configuring Users in SonicOS Enhanced

The following sections describe how to configure user settings in SonicOS Enhanced:

Configuring User Login Settings on page 338 Configuring LDAP and Active Directory on page 340 Global User Settings on page 352 Configuring an Acceptable Use Policy on page 353 Configuring Local Users on page 354 Configuring Local Groups on page 356 Configuring ULA Settings on page 359 Configuring HTTP URL-Based ULA Settings on page 359 Configuring RADIUS for SonicOS Enhanced on page 360 Configuring Single Sign-On on page 362 Configuring Guest Services on page 366 Configuring Guest Accounts on page 368
337
Configuring User Login Settings

In addition to the authentication methods available in SonicOS Standard, SonicOS Enhanced allows you to use Lightweight Directory Access Protocol (LDAP) to authenticate users. LDAP is compatible with Microsofts Active Directory. For SonicWALL appliances running SonicOS Enhanced 4.0 and higher, you can select the SonicWALL Single Sign-On Agent to provide Single Sign-On functionality. Single Sign-On (SSO) is a transparent user authentication mechanism that provides privileged access to multiple network resources with a single workstation login. SonicWALL PRO and TZ series security appliances running SonicOS Enhanced 4.0 provide SSO functionality using the SonicWALL Single Sign-On Agent (SSO Agent) to identify user activity based on workstation IP address when Active Directory is being used for authentication. The SonicWALL SSO Agent must be installed on a computer in the same domain as Active Directory. The Policies > Users > Settings page for SonicOS Enhanced is shown below.
338
To configure User Login Settings:

Step 1
Select one of the following authentication methods from the Authentication method for login drop-down list:
Local UsersTo configure users in the local database using the
Users > Local Users and Users > Local Groups pages. For information on configuring local users and groups, see Configuring Local Users on page 354 and Configuring Local Groups on page 356. layer of security for authenticating the user to the SonicWALL. If you select Use RADIUS for user authentication, users must log into the SonicWALL using HTTPS in order to encrypt the password sent to the SonicWALL. If a user attempts to log into the SonicWALL using HTTP, the browser is automatically redirected to HTTPS. For information on configuring RADIUS, see Configuring RADIUS for SonicOS Enhanced on page 360.
RADIUSIf you have more than 1,000 users or want to add an extra
RADIUS + Local UsersIf you want to use both RADIUS and the
SonicWALL local user database for authentication. For information on configuring RADIUS, see Configuring RADIUS for SonicOS Enhanced on page 360.
LDAPIf you use a Lightweight Directory Access Protocol (LDAP)
server or Microsoft Active Directory (AD) server to maintain all your user account data. For information about configuring LDAP, see Configuring LDAP and Active Directory on page 340.
LDAP + Local UsersIf you want to use both LDAP and the
SonicWALL local user database for authentication. For information about configuring LDAP, see Configuring LDAP and Active Directory on page 340.
Step 2
In the Single-sign-on method drop-down list, select SonicWALL SSO Agent if you are using Active Directory for authentication and the SonicWALL SSO Agent is installed on a computer in the same domain. Otherwise, select None. For information on configuring SSO, see Configuring Single Sign-On on page 362. To require that user names are treated as case-sensitive, select the Case-sensitive user names checkbox. To prevent a user from logging in from more than one location at a time, select the Enforce login uniqueness check box. Enter the number of minutes that the login authentication page is displayed in the Show authentication page for field.
Step 3 Step 4 Step 5
339
Step 6
Select Redirect users from HTTPS to HTTP on completion of login if the session does not need to be encrypted.
Configuring LDAP and Active Directory

In addition to RADIUS and the local user database, SonicOS Enhanced can support LDAP and Microsoft Active Directory (AD) directory services for user authentication. The following sections describe how to configure LDAP and Active Directory:

LDAP Terms on page 340 Prerequisites for LDAP Configuration on page 342 Configuring LDAP on page 343 Further Information on LDAP Schemas on page 352
Active Directory support on SonicOS Enhanced is not a single-sign on mechanism by itself, but rather the ability for SonicOS Enhanced to act as an LDAP client against an Active Directorys LDAP interface using Microsofts implementation of an LDAP schema. SonicOS Enhanced provides extremely flexible schema interoperability, with support for the Microsoft AD schema, the LDAP core schema, the RFC2798 inetOrgPerson schema, and even user-defined schemas. Connectivity to LDAP servers is also flexible, with support for following protocols:

LDAPv2 (RFC3494) LDAPv3 (RFC2251-2256, RFC3377) LDAPv3 over TLS (RFC2830) LDAPv3 with STARTTLS (RFC2830) LDAP Referrals (RFC2251)
LDAP Terms
The following terms are useful when working with LDAP and its variants:
AttributeA data item stored in an object in an LDAP directory. Object can have required attributes or allowed attributes. For example, the dc attribute is a required attribute of the dcObject (domain component) object. cnThe common name attribute is a required component of many object classes throughout LDAP.
340
dcThe domain component attribute is commonly found at the root of a distinguished name, and is commonly a required attribute. dnA distinguished name, which is a globally unique name for a user or other object. It is made up of a number of components, usually starting with a common name (cn) component and ending with a domain specified as two or more domain components (dc). For example, cn=john,cn=users,dc=domain,dc=com EntryThe data that is stored in the LDAP directory. Entries are stored in attribute/value (or name/value) pairs, where the attributes are defined by object classes. A sample entry would be cn=john where cn (common name) is the attribute, and john is the value. ObjectIn LDAP terminology, the entries in a directory are referred to as objects. For the purposes of the SonicOS implementation of the LDAP client, the critical objects are User and Group objects. Different implementations of LDAP can refer to these object classes in different fashions, for example, Active Directory refers to the user object as user and the group object as group, while RFC2798 refers to the user object as inetOrgPerson and the group object as groupOfNames. Object classObject classes define the type of entries that an LDAP directory may contain. A sample object class, as used by AD, would be user or group. ouThe organizational unit attribute is a required component of most LDAP schema implementations. SchemaThe schema is the set of rules or the structure that defines the types of data that can be stored in a directory, and how that data can be stored. Data is stored in the form of entries. TLSTransport Layer Security is the IETF standardized version of SSL (Secure Sockets Layer). TLS 1.0 is the successor to SSL 3.0.
Microsoft Active Directorys Classes can be browsed at <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/a dschema/classes_all.asp> LDAP / AD Configuration is performed from the User > Settings page. Selecting either LDAP or LDAP+Local Users and clicking Apply at the top of the page will enable LDAP support, the former using an LDAP directory server exclusively, and the latter using a combination of the LDAP server and the local user database. Upon applying these settings, an informational alert will be presented. Because the SonicWALL will be receiving sensitive username and password information from authenticating clients, HTTPS logins will automatically be enabled to secure the credential exchanges.
341
Prerequisites for LDAP Configuration

Before beginning your LDAP configuration, you should prepare your LDAP server and your SonicWALL for LDAP over TLS support. This will involve installing a server certificate and your LDAP server, and a CA (Certificate Authority) certificate for the issuing CA on your SonicWALL. Assuming this has not already been done, the steps for performing these tasks in an Active Directory environment follow:
Configuring the CA on the Active Directory server:

1. 2.
Navigate to Start > Settings > Control Panel > Add/Remove Programs. Select Add/Remove Windows Components. Skip step numbers 3 through 7 if Certificate Services are already installed. Select Certificate Services. Select Enterprise Root CA when prompted. Enter the requested information. For detailed information on CA setup, see http://www.microsoft.com/windows2000/techinfo/planning/security/casetu psteps.asp Launch the Domain Security Policy application: Start > Run > dompol.msc. Open Security Settings > Public Key Policies. Right click on Automatic Certificate Request Settings.
Note
3. 4. 5.
6. 7. 8. 9.
10. Select New > Automatic Certificate Request. 11. Step through the wizard, and select Domain Controller from the list.
Exporting the CA certificate from the AD server:

1. 2. 3. 4. 5.
Launch the Certification Authority application: Start > Run > certsrv.msc. Right click on the CA you created, select properties. On the General tab, click the View Certificate button. From the Details tab, select Copy to File. Step through the wizard, select the Base-64 Encoded X.509 (.cer) format.
342
6.
Specify a path and filename to which to save the certificate.
Importing the CA certificate onto the SonicWALL:

1. 2. 3.
Browse to System > CA Certificates. Select Add new CA certificate. Browse to and select the certificate file you just exported Click the Import certificate button.
Note
Should installation of Certificate Services on the Active Directory server be undesirable for some reason, secure operation can be achieved without TLS by using LDAP with RADIUS see RADIUS with LDAP for user groups section later.
Configuring LDAP
Perform the following steps to configure LDAP authentication.
1. 2.
Browse to the User > Settings page and select either LDAP or LDAP + Local Users. Click the Configure LDAP button to launch the LDAP configuration window:
343
3.
Configure the following options in the LDAP settings window:

Name or IP AddressEnter the FQDN or the IP address of the LDAP
server against which you wish to authenticate. If using a name, be certain it can be resolved by your DNS server. Also, if using TLS with the Require valid certificate from server option, the name provided here must match the name to which the server certificate was issued (i.e. the CN) or the TLS exchange will fail.
Port NumberThe default LDAP over TLS port number is TCP 636.
The default LDAP (unencrypted) port number is TCP 389. If you are using a custom listening port on your LDAP server, specify it here.
Server timeoutThe amount of time, in seconds, that the
SonicWALL will wait for a response from the LDAP server before timing out. Allowable ranges are 1 to 99999 (in case youre running your LDAP server on a VIC-20 located on the moon), with a default of 10 seconds.
Anonymous LoginSome LDAP servers allow for the tree to be
accessed anonymously. If your server supports this (MS AS generally does not), then you may select this option.
Login nameSpecify a user name which has rights to log in to the
LDAP directory. The login name will automatically be presented to the LDAP server in full dn notation. This can be any account with LDAP read privileges (essentially any user account) Administrative privileges are not required. Note that this is the users name, not their login ID (e.g. John Smith rather than jsmith).
Login passwordThe password for the user account specified
above.
Protocol versionSelect either LDAPv3 or LDAPv2. Most modern
implementations of LDAP, including AD, employ LDAPv3.

Use TLSUse Transport Layer Security (SSL) to log in to the LDAP
server. It is strongly recommended that TLS be used to protected the username and password information that will be sent across the network. Most modern implementations of LDAP server, including AD, support TLS. Deselecting this default setting will provide an alert which must be accepted to proceed.
Send LDAP Start TLS RequestSome LDAP server
implementations support the Start TLS directive rather than using native LDAP over TLS. This allows the LDAP server to listen on one port (normally 389) for LDAP connections, and to switch to TLS as directed by the client. AD does not use this option, and it should only be selected if required by your LDAP server.
344
Require valid certificate from serverValidates the certificate
presented by the server during the TLS exchange, matching the name specified above to the name on the certificate. Deselecting this default option will present an alert, but exchanges between the SonicWALL and the LDAP server will still use TLS only without issuance validation.
Local certificate for TLSOptional, to be used only if the LDAP
server requires a client certificate for connections. Useful for LDAP server implementations that return passwords to ensure the identity of the LDAP client (AD does not return passwords). This setting is not required for AD. If your network uses multiple LDAP/AD servers with referrals, then select one as the primary server (probably the one that holds the bulk of the users) and use the above settings for that server. It will then refer the SonicWALL on to the other servers for users in domains other than its own. For the SonicWALL to be able to log in to those other servers, each server must have a user configured with the same credentials (user name, password and location in the directory) as per the login to primary server. This may entail creating a special user in the directory for the SonicWALL login. Note that only read access to the directory is required.
4.
Select the Schema tab:
LDAP SchemaSelect Microsoft Active Directory, RFC2798
inetOrgPerson, RFC2307 Network Information Service, Samba SMB, Novell eDirectory, or user-defined. Selecting any of the predefined schemas will automatically populate the fields used by that
345
schema with their correct values. Selecting user-defined will allow you to specify your own values use this only if you have a specific or proprietary LDAP schema configuration.
Object classThis defines which attribute represents the individual
user account to which the next two fields apply.

Login name attributeThis defines which attribute is used for login
authentication:
sAMAccountName for Microsoft Active Directory inetOrgPerson for RFC2798 inetOrgPerson posixAccount for RFC2307 Network Information Service sambaSAMAccount for Samba SMB inetOrgPerson for Novell eDirectory Qualified login name attribute if not empty, this specifies an
attribute of a user object that sets an alternative login name for the user in name@domain format. This may be needed with multiple domains in particular, where the simple login name may not be unique across domains. This is set to mail for Microsoft Active Directory and RFC2798 inetOrgPerson.
User group membership attribute this attribute contains the
information in the user object of which groups it belongs to. This is memberOf in Microsoft Active Directory. The other pre-defined schemas store group membership information in the group object rather than the user object, and therefore do not use this field.
Framed IP address attribute this attribute can be used to retrieve
a static IP address that is assigned to a user in the directory. Currently it is only used for a user connecting via L2TP with the SonicWALLs L2TP server In future this may also be supported for Global VPN Client. In Active Directory the static IP address is configured on the Dial-in tab of a users properties.
346
5.
Select the Directory tab.
Primary Domain specify the user domain used by your LDAP
implementation. For AD, this will be the Active Directory domain name, e.g. yourADdomain.com. Changes to this field will, optionally, automatically update the tree information in the rest of the page. This is set to mydomain.com by default for all schemas except Novell eDirectory, for which it is set to o=mydomain.
User tree for login to server The tree in which the user specified in
the Settings tab resides. For example, in AD the administrator accounts default tree is the same as the user tree.
Trees containing users The trees where users commonly reside in
the LDAP directory. One default value is provided which can be edited, an up to a total of 64 DN values may be provided, and the SonicWALL search the directory using them all until a match is found, or the list is exhausted. If you have created other user containers within your LDAP or AD directory, you should specify them here.
Trees containing user groups Same as above, only with regard to
user group containers, and a maximum of 32 DN values may be provided. These are only applicable when there is no user group membership attribute in the schema's user object, and are not used with AD. All the above trees are normally given in URL format but can alternatively be specified as distinguished names (e.g. myDom.com/Sales/Users could alternatively be given as the DN ou=Users,ou=Sales,dc=myDom,dc=com). The latter form will be necessary if the DN does not conform to the normal formatting rules
347
as per that example. In Active Directory the URL corresponding to the distinguished name for a tree is displayed on the Object tab in the properties of the container at the top of the tree.
Note
AD has some built-in containers that do not conform (e.g. the DN for the top level Users container is formatted as cn=Users,dc=, using cn rather than ou) but the SonicWALL knows about and deals with these, so they can be entered in the simpler URL format. Ordering is not critical, but since they are searched in the given order it is most efficient to place the most commonly used trees first in each list. If referrals between multiple LDAP servers are to be used, then the trees are best ordered with those on the primary server first, and the rest in the same order that they will be referred.
Note
When working with AD, to locate the location of a user in the directory for the User tree for login to server field, the directory can be searched manually from the Active Directory Users and Settings control panel applet on the server, or a directory search utility such as queryad.vbs in the Windows NT/2000/XP Resource Kit can be run from any PC in the domain.
Auto-configure This causes the SonicWALL to auto-configure the
Trees containing users and Trees containing user groups fields by scanning through the directory/directories looking for all trees that contain user objects. The User tree for login to server must first be set, and clicking the Auto-configure button then brings up the following dialog:
348
6.
Select whether to append new located trees to the current configuration, or to start from scratch removing all currently configured trees first, and then click OK. Note that it will quite likely locate trees that are not needed for user login and some tidying up afterwards, manually removing such entries, is worth while. If using multiple LDAP/AD servers with referrals, this process can be repeated for each, replacing the Domain to search accordingly and selecting Append to existing trees on each subsequent run.
7.
Select the LDAP Users tab.
Allow only users listed locally Requires that LDAP users also be
present in the SonicWALL local user database for logins to be allowed.

User group membership can be set locally by duplicating LDAP
user names Allows for group membership (and privileges) to be determined by the intersection of local user and LDAP user configurations. which LDAP users will belong in addition to group memberships configured on the LDAP server.
Default LDAP User Group A default group on the SonicWALL to
Group memberships (and privileges) can also be assigned simply with LDAP. By creating user groups on the LDAP/AD server with the same name as SonicWALL built-in groups (such as Guest Services, Content Filtering Bypass, Limited Administrators) and assigning users to these groups in the directory, or creating user groups on the
349
SonicWALL with the same name as existing LDAP/AD user groups, SonicWALL group memberships will be granted upon successful LDAP authentication. The SonicWALL appliance can retrieve group memberships more efficiently in the case of Active Directory by taking advantage of its unique trait of returning a memberOf attribute for a user.
8.
Select the LDAP Relay tab.
The RADIUS to LDAP Relay feature is designed for use in a topology where there is a central site with an LDAP/AD server and a central SonicWALL, with remote satellite sites connected into it via low-end SonicWALL security appliances that may not support LDAP. In that case the central SonicWALL can operate as a RADIUS server for the remote SonicWALLs, acting as a gateway between RADIUS and LDAP, and relaying authentication requests from them to the LDAP server. Additionally, for remote SonicWALLs running non-enhanced firmware, with this feature the central SonicWALL can return legacy user privilege information to them based on user group memberships learned via LDAP. This avoids what can be very complex configuration of an external RADIUS server such as IAS for those SonicWALLs.
9.
Configure the following LDAP Relay options:

Enable RADIUS to LDAP Relay Enables this feature. Allow RADIUS clients to connect via - Check the relevant
checkboxes and policy rules will be added to allow incoming Radius requests accordingly.
350
RADIUS shared secret - This is a shared secret common to all
remote SonicWALLs.
User groups for legacy users These define the user groups that
correspond to the legacy Access to VPNs, Access from VPN client with XAUTH, Access from L2TP VPN client and Allow Internet access (when access is restricted) privileges respectively. When a user in one of the given user groups is authenticated, the remote SonicWALL will be informed that the user is to be given the relevant privilege.
Note
The Bypass filters and Limited management capabilities privileges are returned based on membership to user groups named Content Filtering Bypass and Limited Administrators these are not configurable.
10. Select the Test tab.
The Test page allows for the configured LDAP settings to be tested by attempting authentication with specified user and password credentials. Any user group memberships and/or framed IP address configured on the LDAP/AD server for the user will be displayed.
351
Further Information on LDAP Schemas
Microsoft Active Directory: Schema information is available at <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsche ma/adschema/active_directory_schema.asp> and <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/lda p/ldap_reference.asp> RFC2798 InetOrgPerson: Schema definition and development information is available at <http://rfc.net/rfc2798.html> RFC2307 Network Information Service: Schema definition and development information is available at <http://rfc.net/rfc2307.html> Samba SMB: Development information is available at <http://us5.samba.org/samba/> Novell eDirectory: LDAP integration information is available at <http://www.novell.com/documentation/edir873/index.html?page=/docum entation/edir873/edir873/data/h0000007.html> User-defined schemas: See the documentation for your LDAP installation. You can also see general information on LDAP at <http://rfc.net/rfc1777.html>
Global User Settings

The settings listed below apply to all users when authenticated through the SonicWALL. To configure global user settings, expand the Users tab and click on the Settings tab.
352
The following options are configured in the User Session Settings section:
Inactivity timeout (minutes): users can be logged out of the SonicWALL after a preconfigured inactivity time. Enter the number of minutes in this field. The default value is 5 minutes. Enable login session limit: you can limit the time a user is logged into the SonicWALL by selecting the check box and typing the amount of time, in minutes, in the Login session limit (minutes) field. The default value is 30 minutes. Login page timeout (minutes): defines how much time a user has to log in before the login page times out. If it times out, a message displays saying they must click before attempting to log in again. Show user login status window with logout button: causes a status window to display with a Log Out button during the users session. The user can click the Log Out button to log out of their session. User's login status window refreshes every (minutes): determines how often the users status display is updated. User's login status window sends status heartbeat every (seconds): determines how often a heartbeat is sent back to the SonicWALL. This heartbeat notifies the SonicWALL of a users connection status and continues to be sent as long at the status window is open. Enable disconnected user detection: causes the SonicWALL to detect when a users connection is no longer valid and end the session. Timeout on heartbeat from user's login status window (minutes): sets the time needed without a reply from the heartbeat before ending the user session. LDAP read from server options: are available when the LDAP option is active. The options are:
Automatically update the schema configuration Export details of the schema
Configuring an Acceptable Use Policy

An acceptable use policy (AUP) is a policy users must agree to follow in order to access a network or the Internet. It is common practice for many businesses and educational facilities to require that employees or students agree to an acceptable use policy before accessing the network or Internet through the SonicWALL.
353
The Acceptable Use Policy section allows you to create the AUP message window for users. You can use HTML formatting in the body of your message. Clicking the Example Template button creates a preformatted HTML template for your AUP window. Perform the following steps to configure an AUP:
1. 2.
Expand the Users tree and click on the Settings tab. Select which users will see the AUP page by selecting the Display on login from checkboxes. For SonicOS Enhanced, select the zones that will display the AUP page. For SonicOS Standard, select the network interfaces. Configure the dimensions of the AUP window in pixels in the Window size (pixels) fields. Check the Enable scroll bars on the window to allow users to scroll through the AUP window contents. Enter the text for the AUP in the Acceptable use policy page content. The content can include HTML formatting. The page that is displayed to the user includes an I Accept button or Cancel button for user confirmation. Click the Example Template button to create a preformatted HTML template for your AUP window. Clicking the Example Template button will overwrite the existing content in the AUP window.
3. 4. 5.
6.
Caution
7. 8.
Click the Preview button to display your AUP message as it will appear for the user. Click Update.
Configuring Local Users
354
SonicOS Enhanced uses a Group/User hierarchy for organizing users. This section describes how to configure new users and groups. To add or edit a user, perform the following steps:
1.
Expand the Users tree and click Local Users. The Local Users page displays.
2.
To add a local group, click Add New Local User. To edit the settings of an existing user, click its Configure icon.
3.
Configure the following options:

Namename of the user. Passwordpassword of the user. Bypass Filtersselect Bypass Filters if the user will have unlimited
access to the Internet from the LAN, bypassing Web, News, Java, and ActiveX blocking.
Limited Management Capabilitiesselect this option to provide the
user limited local management access to the SonicWALL Management interface. The access is limited to the following pages:
GeneralStatus, Network, Time LogView Log, Log Settings, Log Reports ToolsRestart, Diagnostics minus Tech Support Report
355
4.
Click the Groups tab.
5. 6.
Select a user group to which this user will be a member and click the right arrow button (->). Repeat this step for each group to add. Click the VPN Access tab.
7.
Select a network to which this user will be able to access through the VPN client software and click the right arrow button (->). Repeat this step for each network to add. When you are finished, click OK. The settings are saved. Repeat this procedure for each user to add or modify.
8.
Configuring Local Groups

By default, SonicOS Enhanced has five groups. These include:

Everyone Guest Services Trusted Users Content Filtering Bypass
356
Limited Administrators
The permissions of these groups will automatically be applied to its members unless you manually modify a users settings. To add or edit a group, perform the following steps:
1.
Expand the Users tree and click Local Groups. The Local Groups page displays.
2.
To add a local group, click Add New Local Group. To edit the settings of an existing group, click its Configure icon.
3.
Configure the following options:

Bypass Filtersselect Bypass Filters if the users within the group will
have unlimited access to the Internet from the LAN, bypassing Web, News, Java, and ActiveX blocking.
Limited Management Capabilitiesselect this option to provide
users within the group limited local management access to the SonicWALL Management interface. The access is limited to the following pages:
GeneralStatus, Network, Time LogView Log, Log Settings, Log Reports
357
ToolsRestart, Diagnostics minus Tech Support Report 4.
Click the Members tab.
5. 6.
Select the members or groups that will belong to this group and click the right arrow button (->). Click the VPN Access tab.
7. 8.
Select the networks to which users within this group will be able to access through their VPN client software and click the right arrow button (->). Click the CFS Policy tab.
358
9.
Select a CFS policy to apply to the group in the Policy drop-down menu.
10. When you are finished, click OK. The settings are saved.
Configuring ULA Settings

ULA Settings are only available in SonicOS Standard. See Configuring ULA Settings, page 374.
Configuring HTTP URL-Based ULA Settings

This section describes how to configure HTTP URL-Based ULA settings. This feature enables users to access specific URLs without requiring authentication. To configure HTTP URL ULA settings, perform the following steps:
1.
Expand the Users tree and click HTTP URL ULA. The HTTP URL ULA page displays.
2. 3. 4.
Enter the fully qualified URL of the site that users will be allowed to access without being authenticated in the ULA HTTP URLs field. Click Add. Click Update.
359
Configuring RADIUS for SonicOS Enhanced

If you selected Use RADIUS for user authentication or Use RADIUS but also allow locally configured users, you must now configure RADIUS information. To configure RADIUS, perform the following steps.
1.
Expand the Users tree and click on RADIUS.
2.
Define the number of times the SonicWALL attempts to contact the RADIUS server in the RADIUS Server Retries field. If the RADIUS server does not respond within the specified number of retries, the connection is dropped. This field can range between 0 and 10, however 3 RADIUS server retries is recommended. Define the RADIUS Server Timeout in Seconds. The allowable range is 1-60 seconds with a default value of 5.
3.
RADIUS Servers
1.
Specify the following setting for the primary RADIUS server in the Primary Server section:
Type the IP address of the RADIUS server in the IP Address field. Type the Port Number for the RADIUS server.
360
Type the RADIUS server administrative password or shared secret
in the Shared Secret field. The alphanumeric Shared Secret can range from 1 to 31 characters in length. The shared secret is case sensitive.
2.
If there is a secondary RADIUS server, type the appropriate information in the Secondary Server section.
RADIUS Users
1. 2.
To only allow users that are configured locally, but to still use RADIUS to authenticate them, select the Allow only users listed locally check box. Select the mechanism used for setting user group memberships for RADIUS users from the following list:
Use SonicWALL vendor-specific attribute on RADIUS server:
select to tell the RADIUS server to send vendor-specific attributes back to the SonicWALL appliance.
Use RADIUS Filter-ID attribute on RADIUS server: select to tell the
RADIUS server to send Filter-ID user attributes back to the SonicWALL appliance. Filter-ID attributes include the names of user groups that a user belongs to.
Enter duplicate RADIUS user names locally on the SonicWALL: select
when the RADIUS server contains user names and passwords, but has no user group information. The SonicWALL appliance contains the user group configuration for each user, while RADIUS simply authenticates the password.
3.
For a shortcut for managing RADIUS user groups, check Memberships can be set locally by duplicating RADIUS user names. When you create users with the same name locally on the security appliance and manage their group memberships, the memberships in the RADIUS database will automatically change to mirror your local changes. If you have previously configured User Groups on the SonicWALL, select the group from the Default user group to which all RADIUS user belong menu. You can create a new group by choosing Create a new user group... from the list. The Add Group window displays.
4.
5.
361
RADIUS Client Test

To test your RADIUS Client user name and password, perform the following steps:
1. 2. 3.
Navigate to the Diagnostics > Network page. Enter a valid user name in the User field, and the password in the Password field. Click the RADIUS Client Test button.
If the validation is successful, the Status messages changes to Success. If the validation fails, the Status message changes to Failure. Once the SonicWALL has been configured, a VPN Security Association requiring RADIUS authentication prompts incoming VPN clients to type a User Name and Password into a dialogue box.
Configuring Single Sign-On

SonicWALL SSO Agent identifies users by IP address using a SonicWALL ADConnector compatible protocol and automatically determines when a user has logged out to prevent unauthorized access. Based on data from SonicWALL SSO Agent, the SonicWALL security appliance queries LDAP or the local database to determine group membership. Memberships are matched against policy, and based on user privileges, access is granted or denied. The configured inactivity and session limit timers apply with SSO, though users who are logged out are automatically and transparently logged back in when they send further traffic. To configure SSO settings:
Step 1
On the User > Settings page, if you are using Active Directory for authentication select SonicWALL SSO Agent from the Single sign-on method drop-down list, and then click the Configure button.
362
Step 2
In the Transparent Authentication Configuration screen, in the Name or IP Address field, enter the name or IP Address of the workstation on which SonicWALL SSO Agent is installed.
Step 3 Step 4
In Port Number, enter the port number of the workstation on which SonicWALL SSO Agent is installed. The default port is 2258. In the Shared Key field, enter the shared key that you created or generated in the SonicWALL SSO Agent. The shared key must match exactly. Re-enter the shared key in the Confirm Shared Key field. In the Timeout (seconds) field, enter a number of seconds before the authentication attempt times out. In the Retries field, enter the number of authentication attempts.
Step 5 Step 6
363
Step 7
Click the Users tab. The User Settings page displays.
Step 8 Step 9
Check the box next to Allow only users listed locally to allow only users listed locally to be authenticated. Check the box next to Simple user names in local database to use simple user names. This setting ignores the domain component of a user name. If this box is not checked, user names in the local database must match exactly the full names returned from the agent, including the domain component. allow limited access to users who are logged in to a computer but not into a domain. These users will not be given access to the Trusted Users user group. They are identified in logs as computer-name/user-name. When performing local authentication and the Simple user names in local database option is disabled, user names must be configured in the local database using the full computer-name/user-name identification.
Step 10 Check the box next to Allow limited access for non-domain users to
Step 11 To use LDAP to retrieve user information, select the Use LDAP to
retrieve user group information radio button.
Step 12 To use local configuration, select the Local configuration radio button. Step 13 In the Polling rate (minutes) field, enter a polling interval, in minutes,
that the security appliance will poll the workstation running SSO Agent to verify that users are still logged on.
Step 14 In the Hold time after (minutes) field, enter a time, in minutes, that the
security appliance will wait before trying again to identify traffic after an initial failure to do so. This feature rate-limits requests to the agent.
Step 15 Click on the Content Filter tab if you are using the SonicWALL Content
Filtering Service (CFS) and there is a proxy server in your network. 364
Note
The Content Filter tab is only displayed if Premium CFS is enabled on the SonicWALL security appliance.
Step 16 To bypass SSO for content filtering traffic and apply the default content
filtering policy to the traffic, select the appropriate address object or address group from the drop-down list. This setting should be used where traffic that would be subject to content filtering can emanate from a device other than a user's workstation (such as an internal proxy web server). It prevents the SonicWALL from attempting to identify such a device as a network user in order to select the content filtering policy to apply. The default content filtering policy will be used for all traffic from the selected IP addresses.
Step 17 You can test the Transparent Authentication Configuration settings on
the Policies > Diagnostics > Network page. For more information, click the Test tab.
Step 18 When finished, click OK.
365
Configuring Guest Services

Guest Services determine the limits and configuration of the guest accounts. Guest accounts are temporary accounts set up for users to log into your network. You can create guest accounts manually as needed or generate them in batches. Guest accounts are typically limited to a pre-determined life-span. After their life span, by default, the accounts are removed. To configure Guest Services, perform the following steps:
1.
Expand the Users tree and click on Guest Services
2.
Check Show guest login status window with logout button to display a user login window on the userss workstation whenever the user is logged in. Users must keep this window open during their login session. The window displays the time remaining in their current session. Users can log out but clicking the Logout button in the login status window.
366
3.
To create a guest profile, click Add below the Guest Profile list. The Add Guest Profile page displays.
4.
In the Add Guest Profile window, configure the following options:

Profile Name: Enter the name of the profile. User Name Prefix: Enter the first part of every user account name
generated from this profile.

Auto-generate user name: Check this to allow guest accounts
generated from this profile to have an automatically generated user name. The user name is usually the prefix plus a two- or three-digit number.
Auto-generate password: Check this to allow guest accounts
generated from this profile to have an automatically generated password. The generated password is an eight-character unique alphabetic string.
Enable Account: Check this for all guest accounts generated from
this profile to be enabled upon creation.

Auto-Prune Account: Check this to have the account removed from
the database after its lifetime expires.

Enforce login uniqueness: Check this to allow only a single instance
of an account to be used at any one time. By default, this feature is enabled when creating a new guest account. If you want to allow multiple users to login with a single account, disable this enforcement by clearing the Enforce login uniqueness checkbox.
367
Account Lifetime: This setting defines how long an account remains
on the security appliance before the account expires. If Auto-Prune is enabled, the account is deleted when it expires. If the Auto-Prune checkbox is cleared, the account remains in the list of guest accounts with an Expired status, allowing easy reactivation. active after it has been activated. By default, activation occurs the first time a guest user logs into an account. Alternatively, activation can occur at the time the account is created by clearing the Activate account upon first login checkbox. The Session Lifetime cannot exceed the value set in the Account Lifetime
Session Lifetime: Defines how long a guest login session remains
Idle Timeout: Defines the maximum period of time when no traffic is
passed on an activated guest services session. Exceeding the period defined by this setting expires the session, but the account itself remains active as long as the Account Lifetime hasn't expired. The Idle Timeout cannot exceed the value set in the Session Lifetime.
Comment: Any text can be entered as a comment in the Comment
field.
5.
Click OK to add the profile.
Configuring Guest Accounts

To view statistics on a guest account, move your mouse over the Statistics icon in the line of the guest account. The statistics window will display the cumulative total bytes and packets sent and received for all completed sessions. Currently active sessions will not be added to the statistics until the guest user logs out. To create a guest account, perform the following steps:
1.
Expand the Users tree and click on Guest Accounts.
368
2.
Under the list of accounts, click Add Guest.
3.
Configure the following parameters for the guest account:

Profile: Select the Guest Profile to generate this account from. Name: Enter a name for the account or click Generate. The generated
name is the prefix in the profile and a random two or three digit number.
Comment: Enter a descriptive comment. Password: Enter the user account password or click Generate. The
generated password is a random string of eight alphabetic characters.

Confirm Password: If you did not generate the password, re-enter it. Enable Guest Services Privilege: Check this for the account to be
enabled upon creation.

Enforce login uniqueness: Check this to allow only one instance of
this account to log into the security appliance at one time. Leave it unchecked to allow multiple users to use this account at once.
Automatically prune account upon account expiration: Check this
to have the account removed from the database after its lifetime expires.
Account Lifetime: This setting defines how long an account remains
on the security appliance before the account expires. If Auto-Prune is enabled, the account is deleted when it expires. If the Auto-Prune checkbox is cleared, the account remains in the list of guest accounts with an Expired status, allowing easy reactivation. This setting overrides the account lifetime setting in the profile.
369
Configuring Users in SonicOS Standard
Session Lifetime: Defines how long a guest login session remains
active after it has been activated. By default, activation occurs the first time a guest user logs into an account. Alternatively, activation can occur at the time the account is created by clearing the Activate account upon first login checkbox. The Session Lifetime cannot exceed the value set in the Account Lifetime. This setting overrides the session lifetime setting in the profile.
Idle Timeout: Defines the maximum period of time when no traffic is
passed on an activated guest services session. Exceeding the period defined by this setting expires the session, but the account itself remains active as long as the Account Lifetime hasn't expired. The Idle Timeout cannot exceed the value set in the Session Lifetime. This setting overrides the idle timeout setting in the profile.
4.
Click Update.

The following sections describe how to configure users in SonicOS Standard:

Configuring User Settings on page 370 Global User Settings on page 372 Configuring an Acceptable Use Policy on page 373 Configuring ULA Settings on page 374 Configuring HTTP URL-Based ULA on page 374 Configuring RADIUS for SonicOS Standard on page 375
Configuring User Settings

SonicWALL appliances can be configured to authenticate users through a Remote Authentication Dial-In User Service (RADIUS) server, a local user list, or a combination of both. If authenticated locally or a combination of locally and through RADIUS, SonicWALL appliances can also control user access privileges.
Note
In order for changes on this page to take effect, the SonicWALL(s) will automatically be restarted. We recommend configuring these options when network activity is low.
370
To add a user, perform the following steps:

1.
Expand the Users tree and click Settings. The User Settings page displays.
2.
Select the authentication method in the User Login Settings section:

To use RADIUS for all user authentication, select RADIUS from the
Authentication method for login drop-down menu.
To only allow users that are configured locally, but to still use
RADIUS to authenticate them, select the Allow only users listed below check box. use RADIUS for authentication, select the Include privileges from users listed locally checkbox.
To grant users the privileges that are configured locally, but to still
To bypass RADIUS and only authenticate using the local user
database, select Local Users from the Authentication method for login drop-down menu.
3.
To add a user, do the following:

Enter the user name in the User Name field. Select from the following user privileges: Remote Accessenables the users to access LAN resources from
the Internet. This option is only available in Standard mode.
371
Bypass Filtersenables Bypass Filters if the user can bypass
Content Filtering settings.

Access to VPNsenables the users to send information over the
VPN Security Associations.

Access from VPN Client with XAUTHuse if a VPN client is using
XAUTH for authentication.

Access Internet Accessenables the users to access the
Internet.
L2TP Clientenables the user to connect using an L2TP client. Wireless Guest Serviceenables Wireless Guest Services for this
user.
Easy WGS MAC Filteringenables (and enforces) MAC address
filtering for wireless guest service-enabled connections.

Limited Managementallows authorized users limited local
management access to the SonicWALL interface. Access is limited to the General page (Status, Network, Time), the Log page (View Log, Log Settings, Log Reports), and the Tools page (Restart, Diagnostics minus Tech Support).
Enter the password in the New Password field and reenter it in the
Confirm Password field.
Note
Passwords are case-sensitive. When you are finished, click Add. SonicWALL GMS creates a task that adds these users for each selected SonicWALL appliance. Repeat this step for each user that you want to add (up to 100 users).
Global User Settings

The settings listed below apply to all users when authenticated through the SonicWALL. To configure global user settings, expander the Users tab and click on the Settings tab. The following options are configured in the User Session Settings section:
Inactivity timeout (minutes): users can be logged out of the SonicWALL after a preconfigured inactivity time. Enter the number of minutes in this field. The default value is 5 minutes.
372
Enable login session limit: you can limit the time a user is logged into the SonicWALL by selecting the check box and typing the amount of time, in minutes, in the Login session limit (minutes) field. The default value is 30 minutes. Login session timeout: defines how much time a user has to log in before the login page times out. If it times out, a message displays saying they must click before attempting to log in again. Show user login status window with logout button: causes a status window to display with a Log Out button during the users session. The user can click the Log Out button to log out of their session. User's login status window refreshes every: determines how often the users status display is updated. Enable disconnected user detection: causes the SonicWALL to detect when a users connection is no longer valid and end the session. User's login status window sends heartbeat every (seconds): sets the frequency of the heartbeat signal used to detect whether the user still has a valid connection Allow unauthenticated VPN users to access DNS: allows unauthenticated users access to DNS servers across a VPN tunnel with authentication enforcement.
Configuring an Acceptable Use Policy

The Acceptable Use Policy (AUP) configuration is identical for SonicOS Standard and SonicOS Enhanced. For information on configuring an AUP, see Configuring an Acceptable Use Policy on page 353.
373
Configuring ULA Settings

This section describes how to configure User Level Authentication (ULA) settings. ULA settings are not available on Enhanced firmware. To configure ULA settings, perform the following steps:
1.
Expand the Users tree and click User ULA Settings. The User ULA Settings page displays.
2. 3.
To only allow authenticated users to access the Internet, select the Allow only authenticated users to access the Internet check box. To allow unauthenticated users to access a service, select the service in the Always allow these services area and click Add. Repeat this step for each service to add. To specify a range of IP addresses that will always be allowed to access the Internet, enter the IP address in the Begin field and the size of the range in the Length field. Repeat this step for each range to add. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
4.
5.
Configuring HTTP URL-Based ULA

The HTTP URL-based ULA configuration is identical for SonicOS Standard and SonicOS Enhanced. For information on configuring HTTP URL-based ULA, see Configuring HTTP URL-Based ULA Settings on page 359.
374
Configuring RADIUS for SonicOS Standard

If you selected Use RADIUS for user authentication, you must now configure RADIUS information. To configure RADIUS, perform the following steps.
1.
Expand the Users tab and click on RADIUS.
2.
Define the number of times the SonicWALL attempts to contact the RADIUS server in the RADIUS Server Retries field. If the RADIUS server does not respond within the specified number of retries, the connection is dropped. This field can range between 0 and 10, however 3 RADIUS server retries is recommended. Define the RADIUS Server Timeout in Seconds. The allowable range is 1-60 seconds with a default value of 5.
3.
RADIUS Servers
1.
Specify the following setting for the primary RADIUS server in the Primary Server section:
Type the IP address of the RADIUS server in the IP Address field. Type the Port Number for the RADIUS server. Type the RADIUS server administrative password or shared secret
in the Shared Secret field. The alphanumeric Shared Secret can range from 1 to 31 characters in length. The shared secret is case sensitive.
2.
If there is a secondary RADIUS server, type the appropriate information in the Secondary Server section.
375
RADIUS Users
1.
Configure the following privileges for all RADIUS users:

Allow Internet Access (when access is restricted)enables the
users to access the Internet when Internet access is restricted to authorized users only.
Bypass Filtersenables Bypass Filters if the user can bypass
Content Filtering settings.

Access to VPNsenables the users to send information over the
VPN Security Associations.

Access from VPN Client with XAUTHuse if a VPN client is using
XAUTH for authentication.

Access L2TP Client from VPN Clientenables the user to connect
using an L2TP client through a secure VPN tunnel.

Wireless Guest Serviceallows access (after RADIUS
authentication) for Wireless Guest Services users.

Easy WGS MAC Filteringenables (and enforces) MAC address
filtering for wireless guest service-enabled connections.

Limited Managementallows authorized users limited local
management access to the SonicWALL interface. Access is limited to the General page (Status, Network, Time), the Log page (View Log, Log Settings, Log Reports), and the Tools page (Restart, Diagnostics minus Tech Support).
Allow Only Users Listed LocallyDisallows access to RADIUS
users, except for those with duplicate local credentials.

RADIUS Client Test
To test your RADIUS Client user name and password, perform the following steps:
1. 2. 3.
Navigate to the Diagnostics > Network page. Enter a valid user name in the User field, and the password in the Password field. Click the RADIUS Client Test button.
If the validation is successful, the Status messages changes to Success. If the validation fails, the Status message changes to Failure. Once the SonicWALL has been configured, a VPN Security Association requiring RADIUS authentication prompts incoming VPN clients to type a User Name and Password into a dialogue box.
376
CHAPTER 17 Configuring Anti-Spam Settings

Activating Anti-Spam
To activate the Comprehensive Anti-Spam Service, perform the following steps:
Step 1
Navigate to the Policies > Anti-Spam > Settings page.
Step 2
Select the Enable Anti-Spam Service checkbox to activate the Anti-Spam service.
377
The Comprehensive Anti-Spam Service is now activated.
Configuring Anti-Spam Settings

You can configure the Comprehensive Anti-Spam Service on the Anti-Spam > Settings page, including installing the Junk Store and configuring email threat categories. See the following sections:

Configuring the Email Threat Categories on page 378 Configuring Email Domains on page 380 Configuring User Defined Access Lists on page 380 Configuring Advanced Options on page 381 Configuring Anti-Spam Real-Time Black List Filtering on page 383
Configuring the Email Threat Categories

The Email Threat Categories section enables the administrator to configure the settings for users messages. Choose settings for messages that contain spam, phishing, and virus issues. The default settings are:

Likely Spam Store in Junk Box Definite Spam Permanently Delete Likely Phishing Tag with [LIKELY PHISHING] Definite Phishing Store in Junk Box
378
Likely Virus Store in Junk Box Definite Virus Permanently Delete
Use the drop-down options to choose how to to handle messages in each threat category. Your options are: Response Filtering off Effect SonicWALL Anti-Spam service will not scan and filter any email, so all email messages in this category are delivered to the recipients without modification. The email is tagged with a term in the subject line, for example, [JUNK] or [Possible Junk?]. Selecting this option allows the user to have control of the email and junk it if it is unwanted. The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. The email message is returned to sender with a message indicating that it was not deliverable. The email message is permanently deleted. CAUTION: If you select this option, your organization risks losing wanted email.
Tag With
Store in Junk Box
Reject Mail Permanently Delete
379
Configuring Email Domains

The Comprehensive Anti-Spam Service supports up to 5 domains. If you are using more than one domain, choose the Multiple Domains option and contact SonicWALL or your SonicWALL reseller for more information.
Configuring User Defined Access Lists

User-defined Access Lists designate which clients are allowed to connect to deliver email. You can also set clients to be automatically rejected.
380
Configuring Advanced Options

Click the down-arrow next to Advanced Options to expand this section.
Advanced options allow you to set the following: Setting Allow / Reject delivery of unprocessed mails when Comprehensive Anti-Spam Service is unavailable Description If the Anti-Spam service is not enabled or unavailable for some other reason, you can choose Allow to let all unprocessed emails go through. Spam messages will be delivered to users, as well as good email. If the setting is Reject, no email will be delivered until the Anti-Spam service is re-enabled. If the SonicWALL Junk Store cannot accept spam messages, you can choose to delete them, reject them, or deliver them with cautionary subject lines such as [Phishing]Please renew your account Set the number of minutes between messages to the monitoring service.
Tag and Deliver / Reject / Delete emails when SonicWALL Junk Store is unavailable Probe Interval
381
Setting Success Count Threshold Failure Count Threshold Server Public IP Address Server Private IP Address Inbound Email Port Enable Email System Detection
Description Set the number of successes required to report a success to the monitoring service. Set the number of failures required to report a failure to the monitoring service. The IP address of the server that is available for external connections. The IP address of the server for internal traffic.
The port your SonicWALL UTM appliance has open to receive email from outside sources. Enables the detection of other anti-spam solutions in the network perimeter.
Policies_Anti-Spam_RBLFilter_Snwls
382
Configuring Anti-Spam Real-Time Black List Filtering

The Policies > Anti-Spam > RBL Filter page only allows configuration of Real-Time Black List filtering if the Anti-Spam Service is not enabled.
SMTP Real-Time Black List (RBL) is a mechanism for publishing the IP addresses of SMTP spammers use. There are a number of organizations that compile this information both for free: http://www.spamhaus.org, and for profit: http://www.mail-abuse.com. A well-maintained list of RBL services and their efficacy can be found at: http://www.sdsc.edu/~jeff/spam/cbc.html
Note
SMTP RBL is an aggressive spam filtering technique that can be prone to false-positives because it is based on lists compiled from reported spam activity. The SonicOS implementation of SMTP RBL filtering provides a number of fine-tuning mechanisms to help ensure filtering accuracy.
RBL list providers publish their lists using DNS. Blacklisted IP addresses appear in the database of the list provider's DNS domain using inverted IP notation of the SMTP server in question as a prefix to the domain name. A response code from 127.0.0.2 to 127.0.0.9 indicates some type of undesirability:

127.0.0.2 - Open Relay 127.0.0.3 - Dialup Spam Source
383
127.0.0.4 - Spam Source 127.0.0.5 - Smart Host 127.0.0.6 - Spamware Site 127.0.0.7 - Bad List Server 127.0.0.8 - Insecure Script 127.0.0.9 - Open Proxy Server
For example, if an SMTP server with IP address 1.2.3.4 has been blacklisted by RBL list provider sbl-xbl.spamhaus.org, then a DNS query to 4.3.2.1.sbl-xbl.spamhaus.org will provide a 127.0.0.4 response, indicating that the server is a known source of spam, and the connection will be dropped.
Note
Most spam today is known to be sent from hijacked or zombie machines running a thin SMTP server implementation.Unlike legitimate SMTP servers, these zombie machines rarely attempt to retry failed delivery attempts. Once the delivery attempt is blocked by the SonicWALL RBL filter, no subsequent delivery attempts for that same piece of spam will be made.
384
When Enable Real-time Black List Blocking is enabled on the Anti-Spam > RBL Filter page, inbound connections from hosts on the WAN, or outbound connections to hosts on the WAN are checked against each enabled RBL service with a DNS request to the DNS servers configured under RBL DNS Servers.
The RBL DNS Servers menu allows you to specify the DNS servers. You can choose Inherit Settings from WAN Zone or Specify DNS Servers Manually. If you select Specify DNS Servers Manually, enter the DNS server addresses in the DNS Server fields.
385
The DNS responses are collected and cached. If any of the queries result in a blacklisted response, the server will be filtered. Responses are cached using TTL values, and non-blacklisted responses are assigned a cache TTL of 2 hours. If the cache fills up, then cache entries are discarded in a FIFO (first-in-first-out) fashion. The IP address check uses the cache to determine if a connection should be dropped. Initially, IP addresses are not in the cache and a DNS request must be made. In this case the IP address is assumed innocent until proven guilty, and the check results in the allowing of the connection. A DNS request is made and results are cached in a separate task. When subsequent packets from this IP address are checked, if the IP address is blacklisted, the connection will be dropped.
Adding RBL Services

You can add additional RBL services in the Real-time Black List Services section.
386
To add an RBL service, click the Add button. In the Add RBL Domain window, you specify the RBL domain to be queried, enable it for use, and specify its expected response codes. Most RBL services list the responses they provide on their Web site, although selecting Block All Responses is generally acceptable.
Statistics are maintained for each RBL Service in the RBL Service table, and can be viewed with a mouseover of the (statistics) icon to the right on the service entry.
User-Defined SMTP Server Lists

The User Defined SMTP Server Lists section allows for Address Objects to be used to construct a white-list (explicit allow) or black-list (explicit deny) of SMTP servers. Entries in this list will bypass the RBL querying procedure. For example, to ensure that you always receive SMTP connections from a partner site's SMTP server, create an Address Object for the server using the Add
387
button, click the edit icon in the Configure column of the RBL User White List row, and add the Address Object. The table will be updated, and that server will always be allowed to make SMTP exchanges. The System > Diagnostics page also provides a Real-time Black List Lookup feature that allows for SMTP IP addresses (or RBL services, or DNS servers) to be specifically tested.
388
CHAPTER 18 Configuring Virtual Private Networking

A Virtual Private Network (VPN) is a private data network that uses encryption technologies to operate over public networks. This chapter contains the following sections:

VPN SA Management Overview section on page 389 Viewing the VPN Summary section on page 391 Configuring VPN Settings section on page 392 Configuring ULA Settings for VPNs section on page 395 Configuring VPNs in SonicOS Enhanced section on page 396 Configuring VPNs in SonicOS Standard section on page 403 Setting up the L2TP Server section on page 436 Monitoring VPN Connections section on page 437 Management of VPN Client Users section on page 437 VPN Terms and Concepts section on page 439 Using OCSP with SonicWALL Security Appliances section on page 442
VPN SA Management Overview

Each node in a network can exchange data by establishing a VPN tunnel or a Security Association (SA) with one or more other nodes. Once a tunnel is established, the SA uses encryption and authentication keys to ensure data security and integrity.
389
VPN SA Management Overview
A security key string is an encryption key that is used to encrypt and decrypt secure data. Both nodes must have the key to exchange data. For example, the announcer of the Little Orphan Show used the same key to encode the secret messages that the kids used to decode the messages. Although an encrypted message cannot be read, it can be tampered with externally. Using an authentication key prevents external tampering. An authentication key is a hash function that is applied to the message content and is checked by the message recipient to verify the message was not modified in transit. In order to ensure message security, it is very important that the security and authentication keys are not discovered by outside parties. Otherwise, the messages could be read in transit.
Deployment Caveats
When managing one or more VPNs through GMS, be aware of the following caveats:

Because of the individual nature of deployment, VPN SA configurations are not inheritable. If updates are completed at the group node, separate tasks must be created for each individual unit within that node.
Authentication Methods
SonicWALL appliances can use the following methods to exchange security and authentication keys:
SonicWALL certificateseach SonicWALL appliance obtains a certificate from the SonicWALL Certificate Authority (CA). Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the SonicWALL CA. After the SA expires, the SonicWALL appliances will reestablish an SA using the same public keys, but the security and authentication keys will be different. If one set of security and authentication keys is compromised by an outside party, that party will be unable to compromise the next set of keys.
Third-party certificatesthe SonicWALL appliance and peer device obtain certificates from the third-party certificate authorities. Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the third-party CA.
390
Viewing the VPN Summary
After the SA expires, the peers will reestablish an SA using the same public keys, but will not use the same security and authentication keys.
Pre-shared secreteach SonicWALL appliance has a shared secret that is used to establish an SA. After the SA expires, the SonicWALL appliances will reestablish an SA using the same public keys, but will not use the same security and authentication keys.
Pre-exchanged security and authentication keyskeys are exchanged in advance. The SA will always use the same encryption and authentication keys. If the keys are compromised by an outside party, they will remain compromised until the keys are changed.
Note
For an explanation of VPN terms, see VPN Terms and Concepts on page 439.
Viewing the VPN Summary

To view the VPN summary, perform the following steps:
1.
Expand the VPN tree and click Summary. The VPN Summary page displays.
Note
If VPN is already configured for the SonicWALL appliance, a list of current SAs displays. The unique firewall identifier also displays.
2.
Note the improved navigation for managing VPNs through use of page navigation arrows within the Current IPSec Security Associations. To navigate through the pages, click on the navigation arrow buttons in the upper right corner of the VPN Summary Page as shown in the figure here.
391
Configuring VPN Settings
When managing VPNs, the VPN Summary Window sometimes can have too many VPNs listed for you to easily find the VPN entry you want to view. To make VPN searching and viewing more easy, GMS now provides a pagination feature in the VPN Summary screen which breaks the list of VPNs into multiple pages. Each page can display up to 50 VPNs. To display the next page of VPNs, simply click the Next button. GMS displays the succeeding page of the VPN Summary Window.

To configure VPN settings, perform the following steps:
1.
Expand the VPN tree and click Settings. The VPN Settings page displays.
2. 3.
Under Global IPSec Settings, select the Enable VPN check box. To disable all NetBIOS broadcasts, select the Disable all VPN Windows Networking (NetBIOS) broadcast check box.
392
4.
To improve interoperability with other VPN gateways and applications that use a large data packet size, select the Enable Fragmented Packet Handling check box. Packet fragmentation overburdens a network router by resending data packets and causes network traffic to slow down between networks. The Enable Fragmented Packet Handling option configures the SonicWALL appliance to listen to the intermediate router and, if necessary, send Internet Control Message Protocol (ICMP) messages to the router to decrease the size of the data packets. Enabling this option is recommended if the VPN tunnel logs contain many Fragmented IPSec packets dropped messages.
5. 6.
To ignore Dont Fragment (DF) bits from routers connected to the SonicWALL appliance, select the Ignore DF Bit check box. NAT Traversal is an Internet Engineering Task Force (IETF) draft standard that wraps an IPsec packet into a UDP/IP header, allowing NAT devices to change IP addresses without affecting the integrity of the IPsec packet. To enable NAT traversal, select the Enable NAT Traversal check box. Specify how often the SonicWALL appliance issues a Keepalive in the Keep alive time field. To enable detection of a dead peer, select the Enable IKE Dead peer detection. Then, specify how often the SonicWALL appliance attempt to detect a peer in the Dead peer detection Interval field and specify the number of failed attempts that must occur before closing the VPN tunnel in the Failure Trigger Level field. Select Enable Dead Peer Detection for Idle vpn sessions if you want idle VPN connections to be dropped by the SonicWALL security appliance after the time value defined in the Dead Peer Detection Interval for Idle VPN Sessions (seconds) field. appliance to act as a stand-alone VPN gateway, using the WAN port as the VPN tunnel termination point.
7. 8.
9.
10. Select VPN Single Armed mode to use single armed mode, allowing the
11. Select Clean up Active Tunnels when Peer Gateway DNS names
resolves to a different IP address to break down SAs associated with old IP addresses and reconnect to the peer gateway. UDP 500/4500 source port and IP address information for pass-through VPN connections.
12. Select Preserve IKE Port for Pass-Through Connections to preserve
13. Select Enable OCSP Checking and enter the OCSP Responder URL to
enable use of Online Certificate Status Protocol (OCSP) to check VPN certificate status and specifies the URL where to check certificate status. 393
14. Select Send vpn tunnel traps only when tunnel status changes to send
tunnel traps when the tunnel status changes. By default, the firewall sends traps for VPN up/down status. To minimize email alerts based on VPN traps, check this box.
15. Select Use RADIUS in and then select either MSCHAP or MSCHAPv2
mode for XAUTH to allow VPN client users to change expired passwords at login time. to IKEv2 peers as an authentication tool.
16. Under IKEv2 Settings, select Send IKEv2 Cookie Notify to send cookies
17. Use the IKEv2 Dynamic Client Proposal settings to configure the Internet
Key Exchange (IKE) attributes rather than using the default settings. Previously, only the default settings were supported: Diffie-Hellman (DH) Group 2, the 3DES encryption algorithm, and the SHA1 authentication method. Appliances running SonicOS Enhanced 4.0 and higher can now be configured with the following IKE Proposal settings:
DH GroupSelect Group 1, Group 2, or Group 5 from the
drop-down list. This sets DH group in the global IPsec policy for a zero(0.0.0.0) gateway, IKEv2 mode tunnel with dynamic peer gateways.
EncryptionSelect DES, 3DES, AES-128, AES-192, or AES-256
from the drop-down list. This sets the encryption algorithm in the global IPsec policy for a zero(0.0.0.0) gateway, IKEv2 mode tunnel with dynamic peer gateways whose IP addresses are not static.
AuthenticationSelect MD5 or SHA1 from the drop-down list. This
sets the authentication algorithm in the global IPsec policy for a zero(0.0.0.0) gateway, IKEv2 mode tunnel with dynamic peer gateways whose IP addresses are not static. If a VPN Policy with IKEv2 exchange mode and a 0.0.0.0 IPSec gateway is defined, you cannot configure these IKE Proposal settings on an individual policy basis.
394
Configuring ULA Settings for VPNs
Note
The VPN policy on the remote gateway must also be configured with the same settings.
18. When you are finished, click Update. To clear all screen settings and start
over, click Reset.
Configuring ULA Settings for VPNs

To configure User Level Authentication settings for VPNs, perform the following steps:
Note 1.
ULA settings are only available in SonicOS Standard. Expand the VPN tree and click ULA Settings.
2.
To allow unauthenticated users to access a service, select the service in the Allow these services to bypass user authentication on VPN SAs area and click Add. Repeat this step for each service to add. To specify a range of IP addresses that will always be allowed to access the Internet, enter the IP address in the Begin field and the size of the range in the Length field. Click Add. The scheduler displays. Expand Schedule by clicking the plus button. Select Immediate or specify a future date and time. Click Accept. When you are finished, click Update.
3.
4. 5. 6. 7. 8.
395
Configuring VPNs in SonicOS Enhanced
9.
Repeat steps 3 through 8 to add more ranges. range and click Update.
10. To delete an entry, select the checkbox the left of the service or IP address

SonicOS uses Address Objects and Address Object Groups to simplify network configuration and interconnection. Address objects are network addresses or hosts. Address object groups are groups of address objects and/or address object groups. When you configure VPN between Address Object Groups on two SonicWALL appliances, SonicWALL GMS will automatically establish VPN connections between every network within those groups. This saves a lot of configuration time and dramatically simplifies VPN configuration. Select from the following:

Configuring VPNs in Interconnected Mode on page 396For VPNs between two SonicWALL appliances. Configuring VPNs in Non-Interconnected Mode on page 399For VPN between a SonicWALL appliance and another device.
When you have completed the interconnected or non-interconnected configuration procedure, continue on to the following section:
Generic VPN Configuration in SonicOS Enhanced on page 401
Configuring VPNs in Interconnected Mode

Establishing a VPN between two SonicWALL appliances that are being managed by SonicWALL GMS is easy. Because SonicWALL GMS is aware of the configuration settings, it will automatically configure most of the VPN
396
settings without any user intervention. To establish VPNs between two SonicWALL appliances that are being managed by SonicWALL GMS, perform the following steps:
1.
Expand the VPN tree and click Configure 2.0. The VPN Configure page displays with the General tab selected.
2. 3. 4.
To establish a new SA, select Add New SA from the Security Association list box. Select the Interconnected check box. To configure SonicWALL GMS to convert the SAs to non-interconnected mode VPN tunnels, select the Make SAs viewable in Non-Interconnected Mode check box.
Note
Making an SA viewable in Non-Interconnected mode is not reversible. Select the destination SonicWALL appliance by clicking Select Destination Node and selecting the node from the dialog box that displays. To initially disable the SA upon creation, select the Disable SA check box. This option can always be unchecked at a later time. Select from the following keying modes from the IPSec Keying Mode list box:
5.
6. 7.
397
Note
SonicWALL GMS automatically creates a pre-shared key, SPI, encryption key, authentication key, or certificate information as applicable, for each mode described below.
Manual Keykeys are exchanged in advance. The SA will always
use the same encryption and authentication keys. If the keys are compromised by an outside party, they will remain compromised until the keys are changed.
IKE Using Pre-Shared Secreteach SonicWALL appliance has a
shared secret that is used to establish an SA. After the SA expires, the SonicWALL appliances will reestablish an SA using the same public keys, but will not use the same security and authentication keys. Configure the following:
Local IKE IDspecifies whether the IP address or SonicWALL
Identifier will be used as the IKE ID for the local SonicWALL appliance.
Peer IKE IDspecifies whether the IP address or SonicWALL
Identifier will be used as the IKE ID for the peer SonicWALL appliance.
IKE Using 3rd Party Certificatesthe SonicWALL appliance and
peer device obtain certificates from the third-party certificate authorities. Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the third-party CA. After the SA expires, the peers will reestablish an SA using the same public keys, but will not use the same security and authentication keys.
8.
Continue to Generic VPN Configuration in SonicOS Enhanced on page 401.
398
Configuring VPNs in Non-Interconnected Mode

To establish VPNs between two SonicWALL appliances that are being managed by SonicWALL GMS, perform the following steps:
1.
Expand the VPN tree and click Configure 2.0. The VPN Configure page displays with the General tab selected.
2. 3. 4. 5.
To establish a new SA, select Add New SA from the Security Association list box. Deselect the Interconnected check box. Select the Disable SA check box to initially disable the SA upon creation. This option can be unchecked at a later time. Select from the following keying modes from the IPSec Keying Mode list box:
Manual Keykeys are exchanged in advance.
The SA will always use the same encryption and authentication keys. If the keys are compromised by an outside party, they will remain compromised until the keys are changed. If you select this option, configure the following:
Namespecifies the name of the SA. IPSec Gateway Name or Addressspecifies the name or IP
address of the gateway.

399
IKE Using Pre-Shared Secreteach SonicWALL appliance has a
shared secret that is used to establish an SA. After the SA expires, the SonicWALL appliances will reestablish an SA using the same public keys, but will not use the same security and authentication keys. Configure the following:
Namespecifies the name of the SA. IPSec Primary Gateway Name or Addressspecifies the name or
IP address of the primary gateway.

IPSec Secondary Gateway Name or Addressspecifies the
name or IP address of the secondary gateway.

Shared Secretspecifies the shared secret used to negotiate the
VPN tunnel.
Local IKE IDspecifies the whether the IP address or SonicWALL
Identifier will be used as the IKE ID for the local SonicWALL appliance.
Peer IKE IDspecifies the whether the IP address or SonicWALL
Identifier will be used as the IKE ID for the peer SonicWALL appliance.
IKE Using 3rd Party Certificatesthe SonicWALL appliance and
peer device obtain certificates from the third-party certificate authorities. Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the third-party CA. After the SA expires, the peers will reestablish an SA using the same public keys, but will not use the same security and authentication keys. If you select this option, configure the following:
Namespecifies the name of the SA. IPSec Primary Gateway Name or Addressspecifies the name or
IP address of the primary gateway.

IPSec Secondary Gateway Name or Addressspecifies the
name or IP address of the secondary gateway.

Third Party Certificatespecifies the certificate used to establish
the SAs.
Peer Certificate's ID Typespecifies the ID type of the peer
certificate.
ID string to matchspecifies the string used to establish the SAs.
400
Generic VPN Configuration in SonicOS Enhanced

To configure the additional options for VPNs in SonicOS Enhanced, perform the following steps:
1.
Click the Network tab. Select which local networks will be establishing VPN connections with the destination networks:
Choose local network from listspecifies an Address Object that
contains one or more networks. For information on creating address objects, refer to the documentation that accompanied the SonicWALL appliance.
Local network obtains IP addresses using DHCP through this
VPN Tunnelindicates that the computers on the local network will obtain their IP addresses from the destination network. with the specified destination networks.
Any addressconfigures all networks to establish VPN connections 2.
Select the destination networks with which the local networks will connect:
Use this VPN Tunnel as default route for all Internet
trafficconfigures all networks on the destination network to use this VPN for all Internet traffic. this VPN Tunnelindicates that the computers on the destination network will obtain their IP addresses from the local network. that contains one or more networks. For information on creating address objects, refer to the documentation that accompanied the SonicWALL appliance.
Destination network obtains IP addresses using DHCP through
Choose destination network from listspecifies an Address Object
3. 4.
(Optional) Click the Proposals tab. Select the IKE Phase 1 Proposal Options (Certificates and Pre-Shared Secret only):
ExchangeSelect the exchange mode from the Exchange list box.
Aggressive mode improves the performance of IKE SA negotiation by only requiring three packet exchanges. However, it provides no identity protection. Otherwise, select Main Mode.
DH Groupspecifies the Diffie-Hellman group to use when the VPN
devices are negotiating encryption and authentication keys.
401
Note
Group 1 specifies a 768-bit Diffie-Hellman value, Group 2 specifies a more secure 1024-bit Diffie-Hellman value, and Group 5 specifies the currently most secure 1536-bit Diffie-Hellman value.
Encryptionspecifies the type of encryption key to use when the
VPN devices are negotiating encryption keys.

Authenticationspecifies the type of authentication key to use when
the VPN devices are negotiating authentication keys.

Life Time (seconds)specifies how long a tunnel will remain active
before being renegotiated. We recommend a value of 28,800 seconds (8 hours).

5.
Select the IKE Phase 2 Proposal Options:

Protocolspecifies the type of protocol to use for VPN
communications (AH or ESP).

Encryptionspecifies the type of encryption key to use when the
VPN devices after negotiating encryption keys.

Authenticationspecifies the type of authentication key to use when
the VPN devices after negotiating authentication keys.

Enable Perfect Forward Secrecywhen selected, this option
prevents repeated compromises of the same security key when reestablishing a tunnel.
DH Groupspecifies the Diffie-Hellman group to use when the VPN
devices after negotiating encryption and authentication keys.

Life Time (seconds)specifies how long a tunnel will remain active
before being renegotiated. We recommend a value of 28,800 seconds (8 hours).

6. 7.
(Optional) Click the Advanced tab. Configure the following Advanced settings:
Enable Keep Aliveconfigures the VPN tunnel to remain open as
long as there is network traffic on the SA.

Enable Windows Networking Broadcastenables NetBIOS
broadcasts across the SA.

Apply NAT Policiesenables NAT for the selected networks. Management via this SAspecifies which protocols can be used to
manage the SonicWALL appliance through this SA. In addition to HTTP and HTTPS, you can enable the SSH management of the
402
Configuring VPNs in SonicOS Standard
device through the IPsec tunnel. When the SSH check box is selected in an IPsec Policy, an SSH session can be initiated to the device using the IPsec tunnel for the policy.
User login via this SAspecifies the protocols that users can use to
login to the SonicWALL appliance through this SA.

Default LAN Gatewayspecifies the default gateway when routing
all traffic through this tunnel (required for Enhanced-to-Standard configuration, optional for Enhanced-to-Enhanced).
VPN Policy bound tospecifies the zone or interface to which the
VPN tunnel will terminate.

Preempt Secondary Gateway enables preemption of a secondary
gateway to the primary gateway in the IPsec policy. If a secondary gateway is configured in the IPsec Policy, an IPsec tunnel is established with the secondary gateway when the primary gateway is unreachable. If this option is enabled in the policy, a periodic discovery is attempted for the primary gateway and if discovered successfully, tunnels are switched back to the primary gateway from the secondary gateway.
Primary Gateway Detection Interval specifies the time interval in
seconds for the discovery of the primary IPsec gateway if it is unreachable. The minimum value is 120 and the maximum value is 28800.
Enable Windows Networking Broadcastenables NetBIOS
broadcasts across the SA.

8.
When you are finished, click OK. SonicWALL GMS begins establishing VPN tunnels between all specified networks.

This section describes how to configure VPN version 1.0 for SonicOS Standard. To configure VPN for SonicOS Enhanced, see Configuring VPNs in SonicOS Enhanced on page 396. SonicWALL GMS supports several methods for establishing and maintaining security associations (SAs). These include:

IKE Using SonicWALL Certificates on page 404 IKE Using Third-Party Certificates on page 412 IKE Using Pre-Shared Secret on page 421 Manual Keying on page 429
403
IKE Using SonicWALL Certificates

The following sections describe how to configure SAs for Internet Key Exchange (IKE) using SonicWALL certificates:

When All Appliances are Managed by SonicWALL GMS on page 405 When One Appliance Is Not Managed by SonicWALL GMS on page 409
Note
A digital certificate is an electronic means to verify identity by using a trusted third party known as a Certificate Authority (CA). SonicWALL certificates are the easiest certificate solution for establishing the identity of peer VPN devices and users. Internet Key Exchange (IKE) is an important part of IPSec VPN solutions, and it can use digital signatures to authenticate peer devices before setting up security associations. Without digital signatures, VPN users must authenticate by manually exchanging shared secrets or symmetric keys. Devices using digital signatures do not require configuration changes every time a new device is added to the network.
Note
Although SAs can be established with most IPSec-compliant devices, SonicWALL Certificates can only be used between SonicWALL appliances.
This section describes how to establish SAs between SonicWALL appliances that are managed by SonicWALL GMS and SonicWALL appliances that are not managed by SonicWALL GMS.
Note
Before establishing SAs using SonicWALL certificates, you must obtain a Public Key Infrastructure (PKI) administrator certificate and apply it to each SonicWALL appliance. For more information, see Registering and Upgrading SonicWALL Appliances on page 591.
404
When All Appliances are Managed by SonicWALL GMS

To enable VPN using certificates, perform the following steps:
1.
Expand the VPN tree and click Configure. The VPN Configure page displays.
2. 3. 4.
Select the Use Interconnected Mode check box. For the IPSec Keying Mode, Select IKE using SonicWALL Certificates. Select from the following:
To add a new SA, select Add a new Security Association. To delete an existing SA, select Delete an existing Security
Association. Association.
To edit an existing SA, select Modify an existing Security 5.
Click Select Destination. A dialog box that contains all SonicWALL appliances managed by this SonicWALL GMS displays.
405
6.
Select the SonicWALL appliance or group to which you will establish SAs and click the Select button. The name of the target displays in the Target SonicWALL Group/Node field. Aggressive mode improves the performance of IKE SA negotiation by only requiring three packet exchanges. However, it provides no identity protection. To enable aggressive mode, select Aggressive Mode from the Exchange list box. Otherwise, select Main Mode. Select the Diffie-Hellman (DH) group that will be used when the VPN devices are negotiating encryption and authentication keys from the Phase 1 DH Group list box. Group 1 specifies a 768-bit Diffie-Hellman value, Group 2 specifies a more secure 1024-bit Diffie-Hellman value, and Group 5 specifies the currently most secure 1536-bit Diffie-Hellman value. Select the Diffie-Hellman group that will be used when the VPN devices have established an SA from the Phase 2 DH Group list box. devices are negotiating encryption and authentication keys from the Phase 1 Encryption/Authentication list box.
7.
8.
Note
9.
10. Select the type of encryption and authentication keys used when the VPN
11. Select the type of encryption and authentication keys used for the SAs
from the Phase 2 Encryption/Authentication list box. in the Default LAN Gateway field.
12. To specify the default LAN gateway, enter the IP address of the gateway
A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all Internet traffic through this destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming Internet Protocol Security (IPSec) packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
13. To specify how long the tunnel is active before being renegotiated, enter
a value in the SA Lifetime field. We recommend a value of 28,800 seconds (8 hours).
406
14. To prevent repeated compromises of the same security key when
reestablishing a tunnel, select the Enable Perfect Forward Secrecy check box. traffic on the SA, select the Enable Keep Alive check box.
15. To configure the VPN tunnel to remain open as long as there is network 16. To configure the SonicWALL appliance to establish the VPN tunnel before
users generate any VPN traffic, select the Try to bring up all possible SAs check box.
17. To disable this SA, select Disable This SA. 18. Select Enable Wireless Secure Bridging Mode to enable wireless
secure bridging mode, a feature that allows two or more physically separated networks to be joined using a secure wireless connection.
19. To enable NetBIOS broadcasts across the SA, select the Enable
Windows Networking Broadcast check box.
20. To allow the remote VPN tunnel to be included in the routing table, select
the Forward Packets to Remote VPNs check box.
Normally, inbound traffic is decrypted and only forwarded to the local LAN or a manually specified route (see Configuring Routing in SonicOS Enhanced on page 196). This option enables you to create a hub and spoke network configuration where all traffic is routed among branch offices via the corporate office.
Note
To create a hub and spoke network, make sure to select the Forward Packets to Remote VPNs check box for each SA. select the Route all Internet traffic through destination unit check box. When this option is selected, all traffic that is not destined for another SA is forwarded through this VPN tunnel. If this option is not specified and the destination does not match any SA, the packet is forwarded unencrypted to the WAN.
21. To force all network traffic to the WAN through a VPN to a central site,
Note
Only one SA can have this option enabled.
22. Select one the following VPN termination options: To configure the VPN tunnel to terminate at the LAN or WorkPort,
select LAN. Users on the other side of the SA will be able to access the LAN, but not the OPT.
407
To configure the VPN tunnel to terminate at the OPT or DMZ, select
OPT. Users on the other side of the SA will be able to access the OPT, but not the LAN. DMZ, select LAN/OPT.
To allow users on the other side of the SA to access both the LAN and 23. Select from the following NAT and Firewall Rules: To disable NAT and not apply firewall rules to traffic coming through
this SA, select Disabled.
To enable NAT and firewall rules for the selected SonicWALL
appliance, select Source. If NAT is enabled, all traffic originating from this appliance will appear to originate from a single IP address and network firewall rules will be applied to all traffic on this SA.
appliance and its peer, select Source and Destination. If NAT is enabled, all traffic originating from this appliance will appear to originate from a single IP address and all traffic originating from its peer will appear to originate from a single IP address. Network firewall rules will be applied to all traffic on this SA.
Note
Applying firewall rules can dramatically affect services that run between the networks. For more information, see Configuring UTM Appliance Settings on page 235.
24. Select how local users are authenticated: To disable authentication for local users, select Disabled. To configure local users to be authenticated locally, either through the
SonicWALL device or the RADIUS server, select Source.
To configure local users to be authenticated on the destination
network, either through the SonicWALL device or the RADIUS server, select Destination.
To authenticate local users both locally and on the destination
network, select Source and Destination.
25. Similarly, select how remote users are authenticated. 26. When you are finished, click Update. The settings are changed for each
408
When One Appliance Is Not Managed by SonicWALL GMS

Although SAs can be established with most IPSec-compliant devices, Certificates can only be used between SonicWALL appliances. This section describes how to establish SonicWALL certificate-based SAs between SonicWALL appliances that are managed by SonicWALL GMS and SonicWALL appliances that are not managed by SonicWALL GMS. To create SAs using certificates, perform the following steps:
1.
2. 3. 4. 5.
Deselect the Use Interconnected Mode check box. Select IKE using SonicWALL Certificates. Select the appropriate option to add, delete or modify a Security Association. Enter the name of the remote firewall/VPN gateway in the Security Association Name field. This name must match exactly if the device has a dynamic IP address.
409
6.
Enter the IP address of the remote firewall/VPN gateway in the IPSec Gateway Address field. This address must be valid and will be the public IP address if the remote LAN has NAT enabled. If the remote VPN gateway has a dynamic IP address, this field can be left blank if the name matches. To specify how long the tunnel is active before being renegotiated, enter a value in the SA Lifetime field. We recommend a value of 28,800 seconds (8 hours). To specify the default LAN gateway, enter the IP address of the gateway in the Default LAN Gateway field. A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all internet traffic through destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming IPSec packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
7.
8.
9.
To disable this SA, select Disable This SA. reestablishing a tunnel, select the Enable Perfect Forward Secrecy check box. secure bridging mode, a feature that allows two or more physically separated networks to be joined using a secure wireless connection
11. Select Enable Wireless Secure Bridging Mode to enable wireless
12. To enable NetBIOS broadcasts across the SA, select the Enable
Windows Networking Broadcast check box. the Apply NAT and firewall rules check box.
13. To apply NAT and firewall rules to all traffic coming through this SA, select
This feature is useful for hiding the LAN subnet from the corporate site. All traffic will appear to originate from a single IP address.
410
This will enable the SonicWALL appliance to receive VPN traffic, decrypt it, and forward it to another VPN tunnel. This feature can be used to create a hub and spoke network configuration by routing traffic among SAs. To do this, make sure to enable this option for all SAs.
15. To configure the VPN tunnel to remain open as long as there is network
traffic on the SA, select the Enable Keep Alive check box.
16. To configure the SonicWALL appliance to establish the VPN tunnel before
users generate any VPN traffic, select the Try to bring up all possible SAs check box. select the Require authentication of local users check box.
17. To require local users to authenticate locally before accessing the SA, 18. To require remote users to authenticate with this SonicWALL appliance or
the local RADIUS server before accessing resources, select the Require authentication of remote users check box. SonicWALL Serial # field.
19. Enter the serial number of the target SonicWALL appliance in the Peer 20. Aggressive mode improves the performance of IKE SA negotiation by only
requiring three packet exchanges. However, it provides no identity protection. To enable aggressive mode, select Aggressive Mode from the Exchange list box. Otherwise, select Main Mode.
21. Select the Diffie-Hellman group that will be used when the VPN devices
are negotiating encryption and authentication keys from the Phase 1 DH Group list box.
Note
Group 1 specifies a 768-bit Diffie-Hellman value, Group 2 specifies a more secure 1024-bit Diffie-Hellman value, and Group 5 specifies the currently most secure 1536-bit Diffie-Hellman value.
have established an SA from the Phase 2 DH Group list box.
devices are negotiating encryption and authentication keys from the Phase 1 Encryption/Authentication list box.
from the Phase 2 Encryption/Authentication list box.
25. Specify the destination networks by selecting from the following: To allow this SA to be used as the default route for all Internet traffic,
select Use this SA as default route for all Internet traffic.
411
If the destination network will receive its IP addresses on this network
using DHCP, select Destination network obtains IP addresses using DHCP.
To specify destination networks, select Specify destination
networks below. Then, click Add Networks and enter the destination network IP addresses and subnet masks.
IKE Using Third-Party Certificates

Note
A digital certificate is an electronic means to verify identity by using a trusted third party known as a Certificate Authority (CA). SonicWALL now supports third party certificates in addition to the existing Authentication Service. The difference between third party certificates and the SonicWALL Authentication Service is the ability to select the source for your CA certificate. Using Certificate Authority Certificates and Local Certificates is a more manual process than using the SonicWALL Authentication Service; therefore, experience with implementing Public Key Infrastructure (PKI) is necessary to understand the key components of digital certificates. Internet Key Exchange (IKE) is an important part of IPSec VPN solutions, and it can use digital signatures to authenticate peer devices before setting up security associations. Without digital signatures, VPN users must authenticate by manually exchanging shared secrets or symmetric keys. Devices using digital signatures do not require configuration changes every time a new device is added to the network. SonicWALL has implemented X.509v3 as its certificate form and CRLv2 for its certificate revocation list. SonicWALL supports the following two vendors of Certificate Authority Certificates: VeriSign Entrust
412
Obtaining a Certificate
To obtain a certificate, see Generating a Certificate Signing Request on page 150. After you have obtained certificates for both devices, continue to configure the VPN.


Setting up a VPN tunnel between appliances requires you to configure several parameters on both appliances. When setting up VPN tunnels between SonicWALL appliances managed by SonicWALL GMS, all selected appliances are automatically configured based on the settings that you entered. To enable VPN using third-party certificates when both devices are managed by SonicWALL GMS, perform the following steps:
1.
413
2. 3.
Select the Use Interconnected Mode check box. Select IKE using 3rd Party Certificates. SonicWALL GMS automatically creates a pre-shared key, SPI, encryption key, authentication key, or certificate information as applicable. Select the appropriate option to add, delete, or modify a security association. Click Select Destination. A dialog box that contains all SonicWALL appliances managed by this SonicWALL GMS displays. Select the SonicWALL appliance or group to which you will establish SAs and click the Select button. The name of the target displays in the Target SonicWALL Group/Node field. Aggressive mode improves the performance of IKE SA negotiation by only requiring three packet exchanges. However, it provides no identity protection. To enable aggressive mode, select Aggressive Mode from the Exchange list box. Otherwise, select Main Mode. Select the Diffie-Hellman (DH) group that will be used when the VPN devices are negotiating encryption and authentication keys from the Phase 1 DH Group list box. Group 1 specifies a 768-bit Diffie-Hellman value, Group 2 specifies a more secure 1024-bit Diffie-Hellman value, and Group 5 specifies the currently most secure 1536-bit Diffie-Hellman value.
Note
4. 5. 6.
7.
8.
Note
9.
Select the Diffie-Hellman group that will be used when the VPN devices have established an SA from the Phase 2 DH Group list box. devices are negotiating encryption and authentication keys from the Phase 1 Encryption/Authentication list box.
414
A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all Internet traffic through this destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming Internet Protocol Security (IPSec) packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
users generate any VPN traffic, select the Try to bring up all possible SAs check box. Mode check box.
17. To enable wireless secure bridging, select the Wireless Secure Bridging 18. To enable NetBIOS broadcasts across the SA, select the Enable
Note
To create a hub and spoke network, make sure to select the Forward Packets to Remote VPNs check box for each SA.
415
select the Route all Internet traffic through destination unit check box. When this option is selected, all traffic that is not destined for another SA is forwarded through this VPN tunnel. If this option is not specified and the destination does not match any SA, the packet is forwarded unencrypted to the WAN.
Note
21. If the remote side of this VPN connection is to obtain its addressing from
a DHCP server on this side of the tunnel, select Enable "Destination network obtains IP addresses using DHCP through this SA" on Target.
To configure the VPN tunnel to terminate at the LAN, select LAN.
22. Select one the following VPN termination options:
Users on the other side of the SA will be able to access the LAN, but not the DMZ.
OPT. Users on the other side of the SA will be able to access the OPT, but not the LAN. OPT, select LAN/OPT.
416
Note
417

This section describes how to configure VPN when the target appliance is not managed by SonicWALL GMS. To create SAs using third-party certificates, perform the following steps:
1.
Expand the VPN tree and click Configure. The VPN Configure page di
2. 3. 4. 5.
Deselect the Use Interconnected Mode check box. Select IKE using 3rd Party Certificates. Select the appropriate option to add, delete or modify a security association. Enter the name of the remote firewall/VPN gateway in the Security Association Name field. This name must match exactly if the device has a dynamic IP address. Select the certificate to use from the Select Certificate list box. Enter the IP address of the remote firewall/VPN gateway in the IPSec Gateway Address field. This address must be valid and will be the public IP address if the remote LAN has NAT enabled. If the remote VPN gateway has a dynamic IP address, this field can be left blank if the name matches. Optionally, you can specify a IPSec Secondary Gateway Name or Address. To specify how long the tunnel is active before being renegotiated, enter a value in the SA Lifetime field. We recommend a value of 28,800 seconds (8 hours).
6. 7.
8.
418
9.
To specify the default LAN gateway, enter the IP address of the gateway in the Default LAN Gateway field. A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all internet traffic through destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming IPSec packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
reestablishing a tunnel, select the Enable Perfect Forward Secrecy check box. Mode check box.
the Apply NAT and firewall rules check box. This feature is useful for hiding the LAN subnet from the corporate site. All traffic will appear to originate from a single IP address.
the Forward Packets to Remote VPNs check box. This will enable the SonicWALL appliance to receive VPN traffic, decrypt it, and forward it to another VPN tunnel.This feature can be used to create a hub and spoke network configuration by routing traffic among SAs. To do this, make sure to enable this option for all SAs. traffic on the SA, select the Enable Keep Alive check box.
17. To require local users to authenticate locally before accessing the SA,
419
18. To require remote users to authenticate with this SonicWALL appliance or
the local RADIUS server before accessing resources, select the Require authentication of remote users check box.
19. Aggressive mode improves the performance of IKE SA negotiation by only
are negotiating encryption and authentication keys from the Phase 1 DH Group list box. Group 1 specifies a 768-bit Diffie-Hellman value, Group 2 specifies a more secure 1024-bit Diffie-Hellman value, and Group 5 specifies the currently most secure 1536-bit Diffie-Hellman value.
Note
24. Select whether the peer device uses a distinguished name, email ID, or 25. Enter the peer devices certificate ID in the Peer Certificates ID field. 26. Select from the following:
domain name as its certificate ID from the Peer Certificates ID list box.
To allow this SA to be used as the default route for all Internet traffic,
networks below. Then, click Add Networks and enter the destination network IP addresses and subnet masks.
420
Note
To disable this SA without deleting it, select the Disable this SA check box and click Update.
IKE Using Pre-Shared Secret

When using IKE with a pre-shared secret, two VPN devices establish encryption and authentication keys using a shared secret. After the SA expires, the SonicWALL appliances will reestablish an SA using the same shared secret, but will not use the same security and authentication keys.


Setting up a VPN tunnel between appliances requires you to configure several parameters on both appliances. When setting up VPN tunnels between SonicWALL appliances managed by SonicWALL GMS, all selected appliances are automatically configured based on the settings that you entered.
421
To configure an SA using IKE with pre-shared secrets, perform the following steps:
1.
2. 3. 4. 5. 6.
Select the Use Interconnected Mode check box. Select IKE using Pre-shared Secret. Select the appropriate option to add, delete, or modify a security association. Click Select Destination. A dialog box that contains all SonicWALL appliances managed by this SonicWALL GMS displays. Select the SonicWALL appliance or group to which you will establish SAs and click the Select button. The name of the target displays in the Target SonicWALL Group/Node field. Aggressive mode improves the performance of IKE SA negotiation by only requiring three packet exchanges. However, it provides no identity protection. To enable aggressive mode, select Aggressive Mode from the Exchange list box. Otherwise, select Main Mode.
7.
422
8.
Select the Diffie-Hellman group that will be used when the VPN devices are negotiating encryption and authentication keys from the Phase 1 DH Group list box. Group 1 specifies a 768-bit Diffie-Hellman value, Group 2 specifies a more secure 1024-bit DiffieHellman value, and Group 5 specifies the currently most secure 1536-bit Diffie-Hellman value.
Note
9.
Select the Diffie-Hellman group that will be used when the VPN devices have established an SA from the Phase 2 DH Group list box. devices are negotiating encryption and authentication keys from the Phase 1 Encryption/Authentication list box.
A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all internet traffic through destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming IPSec packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
423
users generate any VPN traffic, select the Try to bring up all possible SAs check box. Mode check box.
Note
To create a hub and spoke network, make sure to select the Forward Packets to Remote VPNs check box for each SA. select the Route all internet traffic through destination unit check box. When this option is selected, all traffic that is not destined for another SA is forwarded through this VPN tunnel. If this option is not specified and the destination does not match any SA, the packet is forwarded unencrypted to the WAN.
Note
21. If the remote side of this VPN connection is to obtain its addressing from
a DHCP server on this side of the tunnel, select Enable "Destination network obtains IP addresses using DHCP through this SA" on Target.
To configure the VPN tunnel to terminate at the LAN or WorkPort,
22. Select one the following VPN termination options:
select LAN. Users on the other side of the SA will be able to access the LAN, but not the OPT. OPT. Users on the other side of the SA will be able to access the OPT, but not the LAN.
424
To allow users on the other side of the SA to access both the LAN and
OPT, select LAN/OPT.
23. Select from the following NAT and Firewall Rules: To disable NAT and not apply firewall rules to traffic coming through
Note
25. Similarly, select how remote users are authenticated. 26. Select either Remote users behind VPN gateway or Remote VPN clients
with XAUTH.
Note
To disable this SA, select the Disable this SA check box and click Update.
425

This section describes how to configure VPN when the target appliance is not managed by SonicWALL GMS. To enable VPN using IKE with a pre-shared secret, perform the following steps:
1.
2. 3. 4. 5.
Deselect the Use Interconnected Mode check box. Select IKE using Pre-Shared Secret in the IPSec Keying mode section. Select the appropriate option to add, delete, or modify a security association. Enter the name of the remote firewall/VPN gateway in the Security Association Name field. This name must match exactly if the device has a dynamic IP address.
426
6.
Enter the IP address of the remote firewall/VPN gateway in the IPSec Gateway Address field. This address must be valid and will be the public IP address if the remote LAN has NAT enabled. If the remote VPN gateway has a dynamic IP address, this field can be left blank if the name matches. Enter the amount of time before an IKE SA will automatically negotiate (120 to 2,499,999 seconds) in SA Lifetime. To specify the default LAN gateway, enter the IP address of the gateway in the Default LAN Gateway field. A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all Internet traffic through destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming IPSec packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
7. 8.
9.
To prevent repeated compromises of the same security key when reestablishing a tunnel, select the Enable Perfect Forward Secrecy check box. Mode check box.
10. To enable wireless secure bridging, select the Wireless Secure Bridging 11. To access remote resources within the Windows Network Neighborhood,
select the Enable Windows Networking (NetBIOS) Broadcast check box. the Apply NAT and firewall rules check box.
427
traffic on the SA, select the Enable Keep Alive check box.
16. To require local users to authenticate locally before accessing the SA, 17. To require remote users to authenticate with this SonicWALL appliance or
the local RADIUS server before accessing resources, select the Require authentication of remote users check box. with XAUTH.
18. Select either Remote users behind VPN gateway or Remote VPN clients
Note
Only SonicWALL VPN clients can authenticate to a RADIUS server. Users tunneling from another VPN gateway will not be able to complete the VPN tunnel if this check box is selected.
19. Enter the shared secret in the Shared Secret field. 20. Aggressive mode improves the performance of IKE SA negotiation by only
are negotiating encryption and authentication keys from the Phase 1 DH Group list box. Group 1 specifies a 768-bit Diffie-Hellman value, Group 2 specifies a more secure 1024-bit Diffie-Hellman value, and Group 5 specifies the currently most secure 1536-bit Diffie-Hellman value.
Note
25. Select from the following:
428
networks below. Then, click Add Network and enter the destination network IP addresses and subnet masks.
27. Create an SA in the remote VPN device for each SonicWALL appliance
that you have configured.

Note
To disable this SA without deleting it, select the Disable this SA check box and click Update.
Manual Keying
Manual keying involves exchanging keys in encryption and authentication keys in advance. Although this is the simplest method of establishing an SA between two VPN devices, the SA will always use the same encryption and authentication keys. If the keys are compromised by an outside party, they will remain compromised until the keys are changed.


Setting up a VPN tunnel between appliances requires you to configure several parameters on both appliances. When setting up VPN tunnels between SonicWALL appliances managed by SonicWALL GMS, all selected appliances are automatically configured based on the settings that you entered.
429
To enable VPN using manual keying, perform the following steps:

1.
2. 3. 4. 5. 6.
Select the Use Interconnected Mode check box. Select Manual Key. Select the appropriate option to add, delete, or modify a security association. Click Select Destination. A dialog box that contains all SonicWALL appliances managed by this SonicWALL GMS displays. Select the SonicWALL appliance or group to which you will establish SAs and click the Select button. The name of the target displays in the Target SonicWALL Group/Node field. Select one of the encryption methods from the Encryption Method list box. To specify the default LAN gateway, enter the IP address of the gateway in the Default LAN Gateway field.
7. 8.
430
A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all Internet traffic through destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming IPSec packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
9.
To enable wireless secure bridging, select the Wireless Secure Bridging Mode check box. Windows Networking (NetBIOS) Broadcast check box. the Forward Packets to Remote VPNs check box.
10. To enable NetBIOS broadcasts across the SA, select the Enable 11. To allow the remote VPN tunnel to be included in the routing table, select
Note
To create a hub and spoke network, make sure to select the Forward Packets to Remote VPNs check box for each SA. select the Route all Internet traffic through destination unit check box. When this option is selected, all traffic that is not destined for another SA is forwarded through this VPN tunnel. If this option is not specified and the destination does not match any SA, the packet is forwarded unencrypted to the WAN.
13. Select one the following VPN termination options: To configure the VPN tunnel to terminate at the LAN, select LAN.
Users on the other side of the SA will be able to access the LAN, but not the DMZ.
431
OPT. Users on the other side of the SA will be able to access the OPT, but not the LAN. OPT, select LAN/OPT.
Note
Applying firewall rules can dramatically affect services that run between the networks. For more information, see Configuring UTM Appliance Settings on page 235
432

This section describes how to configure VPN when the target appliance is not managed by SonicWALL GMS. To enable VPN using manual keying, perform the following steps:
1.
2. 3. 4. 5. 6.
Deselect the Use Interconnected Mode check box. Select Manual Key in the IPSec Keying mode section. Select the appropriate option to add, delete or modify a security association. Enter a descriptive name for the SA in the Security Association Name field. Enter the IP address of the remote firewall in the IPSec Gateway Address field. This address must be valid and will be the public IP address if the remote LAN has NAT enabled. To specify the default LAN gateway, enter the IP address of the gateway in the Default LAN Gateway field.
7.
433
A Default LAN Gateway is used at a central site in conjunction with a remote site using the Route all Internet traffic through destination unit check box. The Default LAN Gateway field allows the network administrator to specify the IP address of the default LAN route for incoming IPSec packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static routes configured in the SonicWALL. Since packets can have any IP address destination, it is impossible to configure enough static routes to handle the traffic. For packets received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise, the packet is dropped.
8. 9.
To enable wireless secure bridging, select the Wireless Secure Bridging Mode check box. To access remote resources within the Windows Network Neighborhood, select the Enable Windows Networking (NetBIOS) Broadcast check box. the Apply NAT and firewall rules check box.
12. To require local users to authenticate locally before accessing the SA,
select the Require authentication of local users check box.
13. To require remote users to authenticate with this SonicWALL appliance or
the local RADIUS server before accessing resources, select the Require authentication of remote users check box.
14. Select one of the encryption methods from the Encryption Method list
box.
15. Enter the key used for encryption in the Encryption Key field. The DES
and ARCFour Keys must be exactly 16 characters long and be composed of hexadecimal characters. Encryption keys less than 16 characters will not be accepted; keys longer than 16 characters will be truncated.
434
Note
Valid hexadecimal characters are 0 to 9, and a to f (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef. This key must match the encryption key of the remote VPN gateway or client. If encryption is not used, this field is ignored.
16. Enter the key used for authentication in the Authentication Key field. The
authentication key must be exactly 32 characters long and be composed of hexadecimal characters. Authentication keys less than 32 characters will not be accepted; keys longer than 32 characters will be truncated.
Note
Valid hexadecimal characters are 0 to 9, and a to f (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef1234567890abcdef. This key must match the authentication key of the remote VPN gateway or client. If authentication is not used, this field is ignored.
17. Enter the Security Parameter Index (SPI) that the remote location will
send to identify the Security Association used for the VPN Tunnel in the Incoming SPI field.
Note
The SPI may be up to eight characters long and be composed of hexadecimal characters. Valid hexadecimal characters are 0 to 9, and a to f (e.g., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). The hexadecimal characters 0 to ff inclusive are reserved by the Internet Engineering Task Force (IETF) and are not allowed for use as an SPI. For example, a valid SPI would be 1234abcd.
Note
The SPI for an SA must be unique when compared to SPIs for other SAs. However, the Incoming SPI can be the same as the Outgoing SPI on the same SA.
18. Enter the Security Parameter Index (SPI) that the local SonicWALL VPN
will transmit to identify the Security Association used for the VPN Tunnel in the Outgoing SPI field.
19. Select from the following:
435
Setting up the L2TP Server
networks below. Then, click Modify and enter the destination network IP addresses and subnet masks.
21. Create an SA in the remote VPN device for each SonicWALL appliance
that you have configured.
Setting up the L2TP Server

To support secure LT2P connections from remote clients, perform the following steps:
1.
Expand the VPN tree and click L2TP. The L2TP page displays.
2. 3. 4. 5. 6.
Select the Enable L2TP Server check box. Specify how often the SonicWALL appliance issues a Keepalive in the Keep alive time field. Enter the IP addresses of the DNS Servers in the DNS Server fields. Enter the IP addresses of the WINS Servers in the WINS Server fields. Select from the following:
To assign IP addresses to L2TP clients that are provided by the
RADIUS server, select IP address provided by RADIUS Server.
436
Monitoring VPN Connections
To use IP addresses from a local L2TP IP address pool, select Use the
Local L2TP IP pool and enter the starting and ending IP addresses in the Start IP and End IP fields.
7.
When you are finished, click Update. To clear all screen settings and start over, click Reset.
Monitoring VPN Connections

To monitor VPN connections, perform the following steps:
1.
Expand the VPN tree and click Monitor. The Monitor page displays.
2.
Select the category of tunnels to display the Display Options section and click Refresh. You can select Show Up Tunnels, Show Down Tunnels, or Show All Tunnels. To synchronize the tunnel status information, click Synchronize Tunnel Status Information. To refresh the statistics, click Refresh Selected Tunnel Statistics. To view the tunnel statistics, select one or more tunnels and click View Selected Tunnel Statistics. To renegotiate selected tunnels, select one or more tunnels and click Renegotiate Selected Tunnels.
3. 4. 5. 6.
Management of VPN Client Users

To configure VPN Clients on SonicWALL appliances, perform the following procedures:

Registering and Upgrading SonicWALL Appliances on page 591 Enabling the VPN Client on page 438
437
Management of VPN Client Users
Enabling the VPN Client

After applying a VPN Client license to one or more SonicWALL appliances, perform the following steps:
1. 2.
Navigate to Policies > VPN > Summary. Click the Export button next to the SA.
3.
To email the SPD file to the SonicWALL GMS administrator or the VPN Client user, click Email SPD file. The file is attached to the email. A task is scheduled for each email.
Note
A copy of the SPD file is also stored in the SonicWALL Agent's <gms_directory\etc directory.
4. 5.
Once the SPD file is received, it can be loaded by the VPN Client software on the VPN Client user's computer. If the user does not have the VPN Client software, you can send both the SPD file and the email the client software by clicking Email SPD File and VPN Client. In SonicOS Standard only, VPN clients use RCF files to import data used to communicate with SonicWALL appliances. To send an RCF File to an email address, enter the following information:
Enter the email address in the Email Address field. Enter and reenter the RCF File password in the RCF File Export
6.
Password and Confirm Password fields.
Select whether the file will be used for WAN or wireless connections. Select from the following: To email the file, click Email RCF File. To email the file with the Global VPN Client software, click Email
RCF File and Global VPN Client.
438
VPN Terms and Concepts
Note
Before the VPN client can be emailed to users, it must be downloaded to the <gms_directory>\etc directory from mysonicwall.com.
Downloading VPN Client Software

To download the VPN Client software from mysonicwall.com, perform the following steps:
1. 2. 3. 4. 5. 6.
Click the Console Panel tab at the top of the SonicWALL GMS UI. Expand the Licenses tree and click GMS License. Click Login in a new window. This will open a new browser into the GMS account on mysonicwall.com. Download the VPN Client software from mysonicwall.com to a local directory. Copy the VPN Client software to SonicWALL Agent's <gms_directory>\etc directory. Rename the file to SWVpnClient.zip.

Before installing and SonicWALL VPN, it is important to understand the following basic terms and concepts.
Asymmetric vs. Symmetric CryptographyAsymmetric and symmetric cryptography refer to the keys used to authenticate, or encrypt and decrypt the data. Asymmetric cryptography, or public key cryptography, uses two keys for verification. Organizations such as RSA Data Security and VeriSign support asymmetric cryptography. With symmetric cryptography, the same key is used to authenticate on both ends of the VPN. Symmetric cryptography, or secret key cryptography, is usually faster than asymmetric cryptography. Therefore symmetric algorithms are often used when large quantities of data need to be exchanged. SonicWALL VPN uses symmetric cryptography. As a result, the key on both ends of the VPN tunnel must match exactly.
439
ARCFourARCFour is used for communications with secure Web sites using the SSL protocol. Many banks use a 40-bit key ARCFour for online banking, while others use a 128-bit key. SonicWALL VPN uses a 56-bit key for ARCFour. The ARCFour key must be exactly 16 characters long and is composed of hexadecimal characters. Valid hexadecimal characters are 0 to 9, and a to f (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef.
Authentication Header (AH)The authentication header is a mechanism for providing strong integrity and authentication for IP packets. The Authentication Header does not offer confidentiality and protection from traffic analysis. The IP authentication header provides security by adding authentication information to an IP packet. This authentication information is calculated using all header and payload data in the IP packet. This provides significantly more security than is currently present in IP. Use of an AH will increase the processing requirements of SonicWALL VPN and will also increase the communications latency. The increased latency is primarily due to the calculation of the authentication data by the sender and the calculation and comparison of the authentication data by the receiver for each IP packet.
Data Encryption Standard (DES)When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to generate and verify a message authentication code. The SonicWALL DES encryption algorithm uses a 56-bit key. The DES Key must be exactly 16 characters long and is composed of hexadecimal characters. Valid hexadecimal characters are 0 to 9, and a to f inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef.
Encapsulating Security Payload (ESP)ESP provides confidentiality and integrity of data by encrypting the data and encapsulating it into IP packets. Encryption may be in the form of ARCFour (similar to the popular RC4 encryption method), DES, etc. The use of ESP typically increases the processing requirements and communications latency. The increased latency is primarily due to the encryption and decryption required for each IP packet containing an ESP. ESP typically involves encryption of the packet payload using standard encryption mechanisms, such as RC4, ARCFour, DES, or 3DES.
440
ESP has no mechanism for providing strong integrity and authentication of the data.
EncryptionEncryption is a mathematical operation that transforms data from clear text (something that a human or a program can interpret) to cipher text (something that cannot be interpreted). Usually the mathematical operation requires that an alphanumeric key be supplied along with the clear text. The key and clear text are processed by the encryption operation, which leads to the data scrambling that makes encryption secure. Decryption is the opposite of encryption: it is a mathematical operation that transforms cipher text to clear text. Decryption also requires a key. Shared SecretA shared secret is a predefined field that the two endpoints of a VPN tunnel use to set up an IKE SA. This field can be any combination of alphanumeric characters with a minimum length of 4 characters and a maximum of 128 characters. Precautions should be taken when delivering/exchanging this shared secret to assure that a third party cannot compromise the security of a VPN tunnel. Internet Key Exchange (IKE)IKE is a negotiation and key exchange protocol specified by the Internet Engineering Task Force (IETF). An IKE SA automatically negotiates encryption and authentication keys. With IKE, an initial exchange authenticates the VPN session and automatically negotiates keys that will be used to pass IP traffic. KeyA key is an alphanumeric string that is used by the encryption operation to transform clear text into cipher text. A key is composed of hexadecimal characters (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). A valid key would be 1234567890abcdef. Keys used in VPN communications can vary in length, but are typically 16 or 32 characters. The longer the key, the more difficult it is to break the encryption. The reason for this is that most methods used to break encryption involve trying every possible combination of characters, similar to trying to find someones telephone number by dialing every possible combination of phone numbers. Manual KeyManual keying allows the SonicWALL administrator to specify the encryption and authentication keys. SonicWALL VPN supports the ability to manually set up a security association as well as the ability to automatically negotiate an SA using IKE. Security Association (SA)An SA is the group of security settings needed to create a VPN tunnel. All SAs require an encryption method, an IPSec gateway address, and a destination network address. IKE includes a shared secret. manual keying includes two SPIs and an encryption and authentication key.
441
Using OCSP with SonicWALL Security Appliances
SonicWALL PRO appliances supports up to 100 SAs. SonicWALL SOHO2 and SonicWALL XPRS2 appliances support 10 and 25 SAs, respectively. Different SAs may be created to connect branch offices, allow secure remote management, and pass unsupported traffic.
Security Parameter Index (SPI)The SPI is used to establish a VPN tunnel. The SPI is transmitted from the remote VPN gateway to the local VPN gateway. The local VPN gateway then uses the network, encryption, and key values that the administrator associated with the SPI to establish the tunnel. The SPI must be unique, is from one to eight characters long, and is composed of hexadecimal characters. Valid hexadecimal characters are 0 to 9, and a to f (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, valid SPIs would be 999 or 1234abcd.
Triple Data Encryption Standard (3DES)3DES is the same as DES, except that it applies three DES keys in succession and is significantly more secure. However, 3DES has significantly more processing requirements than DES. The 3DES Key must be exactly 16 characters long and is composed of hexadecimal characters. Valid hexadecimal characters are 0 to 9, and a to f inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef.
VPN TunnelTunneling is the encapsulation of point-to-point transmissions inside IP packets. A VPN Tunnel is a term that is used to describe a connection between two or more private nodes or LANs over a public network, typically the Internet. Encryption is often used to maintain the confidentiality of private data when traveling over the Internet.

Online Certificate Status Protocol (OCSP) allows you to check VPN certificate status without CRLs. This allows timely updates regarding the status of the certificates used on your SonicWALL. OCSP is designed to augment or replace Certificate Revocation Lists (CRL) in your Public Key Infrastructure (PKI) or digital certificate system. The CRL is used to validate the digital certificates comprised by the PKI. This allows the Certificate Authority (CA) to revoke certificates before their scheduled expiration date and is useful in protecting the PKI system against stolen or invalid certificates.
442
Certificate Revocation Lists main disadvantage is the need for frequent updates to keep the CRL of every client current. These frequent updates greatly increase network traffic when the complete CRL is downloaded by every client. Depending on the frequency of the CRL updates, a period of time can exist when a certificate is revoked by the CRL but the client has not received the CRL update and permits the certificate to be used. Online Certificate Status Protocol determines the current status of a digital certificate without using a CRL. OCSP enables the client or application to directly determine the status of an identified digital certificate. This provides more timely information about the certificate than is possible with CRLs. In addition, each client typically only checks a few certificates and does not incur the overhead of downloading an entire CRL for only a few entries. This greatly reduces the network traffic associated with certificate validation. OCSP transports messages over HTTP for maximum compatibility with existing networks. This requires careful configuration of any caching servers in the network to avoid receiving a cached copy of an OCSP response that might be out of date. The OCSP client communicates an OCSP responder. The OCSP responder can be a CA server or another server that communicates with the CA server to determine the certificate status. The OCSP client issues a status request to an OCSP responder and suspends the acceptance of the certificate until the responder provides a response. The client request includes data such as protocol version, service request, target certificate identification and optional extensions. These optional extensions may or may not be acknowledged by the OCSP responder. The OCSP responder receives the request from the client and checks that the message is properly formed and if the responder is able to respond to the service request. Then it checks if the request contains the correct information needed for the service desired. If all conditions are satisfied, the responder returns a definitive response to the OCSP client. The OCSP responder is required to provide a basic response of GOOD, REVOKED, or UNKNOWN. If both the OCSP client and responder support the optional extensions, other responses are possible. The GOOD state is the desired response as it indicates the certificate has not been revoked. The REVOKED state indicates that the certificate has been revoked. The UNKNOWN state indicates the responder does not have information about the certificate in question. OCSP servers typically work with a CA server in push or pull setup. The CA server can be configured to push a CRL list (revocation list) to the OCSP server. Additionally the OCSP server can be configured to periodically download (pull) the CRL from the CA server. The OCSP server must also be configured with an OCSP response signing certificate issued by the CA server. The signing certificate must be properly formatted or the OCSP client will not accept the response from the OSCP server.
443
OpenCA OCSP Responder

Using OCSP requires the OpenCA (OpenSource Certificate Authority) OpenCA OCSP Responder as it is the only supported OCSP responder. OpenCA OCSP Responder is available at <http://www.openca.org/ocspd/>. The OpenCA OCSP Responder is an rfc2560 compliant OCSP responder that runs on a default port of 2560 in homage to being based on rfc2560.
Note
For SonicOS to act as an OCSP client to a responder, the CA certificate must be loaded onto the SonicWALL system.
Using OCSP with VPN Policies

The SonicWALL OCSP settings can be configured on a policy level or globally. To configure OCSP checking for individual VPN policies. Then click on the VPNs page.
1. 2.
Select the radio button next to Enable OCSP Check Specify the OCSP Responder URL of the OCSP server, for example <http://192.168.168.220:2560> where 192.168.168.220 is the IP address of your OCSP server and 2560 is the default port of operation for the OpenCA OCSP responder service.
444
CHAPTER 19 Configuring SSL-VPN Settings

SSL VPN NetExtender Overview
This section provides an introduction to the SonicOS Enhanced SSL VPN NetExtender feature as managed within GMS. This section contains the following subsections:

What is SSL VPN NetExtender? section on page 445 Benefits section on page 445 NetExtender Concepts section on page 446
What is SSL VPN NetExtender?

SonicWALLs SSL VPN NetExtender feature is a transparent software application for Windows, Mac, and Linux users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection.
Benefits
NetExtender provides remote users with full access to your protected internal network. The experience is virtually identical to that of using a traditional IPSec VPN client, but NetExtender does not require any manual client installation. Instead, the NetExtender Windows client is automatically installed on a remote users PC by an ActiveX control when using the Internet Explorer
445
browser, or with the XPCOM plugin when using Firefox. On MacOS systems, supported browsers use Java controls to automatically install NetExtender from the Virtual Office portal. Linux systems can also install and use the NetExtender client. After installation, NetExtender automatically launches and connects a virtual adapter for secure SSL-VPN point-to-point access to permitted hosts and subnets on the internal network.
NetExtender Concepts
The following sections describe advanced NetExtender concepts:

Stand-Alone Client section on page 446 Client Routes section on page 446 Tunnel All Mode section on page 447 Connection Scripts section on page 447 Proxy Configuration section on page 447
Stand-Alone Client
NetExtender is a browser-installed lightweight application that provides comprehensive remote access without requiring users to manually download and install the application. The first time a user launches NetExtender, the NetExtender stand-alone client is automatically installed on the users PC or Mac. The installer creates a profile based on the users login information. The installer window then closes and automatically launches NetExtender. If the user has a legacy version of NetExtender installed, the installer will first uninstall the old NetExtender and install the new version. Once the NetExtender stand-alone client has been installed, Windows users can launch NetExtender from their PCs Start > Programs menu and configure NetExtender to launch when Windows boots. Mac users can launch NetExtender from their system Applications folder, or drag the icon to the dock for quick access. On Linux systems, the installer creates a desktop shortcut in /usr/share/NetExtender. This can be dragged to the shortcut bar in environments like Gnome and KDE.
Client Routes
NetExtender client routes are used to allow and deny access for SSL VPN users to various network resources. Address objects are used to easily and dynamically configure access to network resources. 446
Tunnel All Mode

Tunnel All mode routes all traffic to and from the remote user over the SSL VPN NetExtender tunnelincluding traffic destined for the remote users local network. This is accomplished by adding the following routes to the remote clients route table: IP Address 0.0.0.0 0.0.0.0 128.0.0.0 Subnet mask 0.0.0.0 128.0.0.0 128.0.0.0
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user is has the IP address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel. Tunnel All mode is configured on the SSL VPN > Client Routes page.
Connection Scripts
SonicWALL SSL VPN provides users with the ability to run batch file scripts when NetExtender connects and disconnects. The scripts can be used to map or disconnect network drives and printers, launch applications, or open files or Web sites. NetExtender Connection Scripts can support any valid batch file commands.
Proxy Configuration
SonicWALL SSL VPN supports NetExtender sessions using proxy configurations. Currently, only HTTPS proxy is supported. When launching NetExtender from the Web portal, if your browser is already configured for proxy access, NetExtender automatically inherits the proxy settings. The proxy settings can also be manually configured in the NetExtender client preferences. NetExtender can automatically detect proxy settings for proxy servers that support the Web Proxy Auto Discovery (WPAD) Protocol.
447
NetExtender provides three options for configuring proxy settings:
Automatically detect settings - To use this setting, the proxy server must support Web Proxy Auto Discovery Protocol (WPAD)), which can push the proxy settings script to the client automatically. Use automatic configuration script - If you know the location of the proxy settings script, you can select this option and provide the URL of the script. Use proxy server - You can use this option to specify the IP address and port of the proxy server. Optionally, you can enter an IP address or domain in the BypassProxy field to allow direct connections to those addresses and bypass the proxy server. If required, you can enter a user name and password for the proxy server. If the proxy server requires a username and password, but you do not specify them, a NetExtender pop-up window will prompt you to enter them when you first connect.
When NetExtender connects using proxy settings, it establishes an HTTPS connection to the proxy server instead of connecting to the SonicWALL security appliance. server directly. The proxy server then forwards traffic to the SSL VPN server. All traffic is encrypted by SSL with the certificate negotiated by NetExtender, of which the proxy server has no knowledge. The connecting process is identical for proxy and non-proxy users.
448
SSL VPN > Portal Settings

The Policies > SSL VPN > Portal Settings page is used to configure the appearance and functionality of the SSL VPN Virtual Office web portal. The Virtual Office portal is the website that uses log in to launch NetExtender. It can be customized to match any existing company website or design style
.
The following settings configure the appearance of the Virtual Office portal:

Portal Site Title - The text displayed in the top title of the web browser. Portal Banner Title - The the text displayed next to the logo at the top of the page. Home Page Message - The HTML code that is displayed above the NetExtender icon. Login Message - The HTML code that is displayed when users are prompted to log in to the Virtual Office. Example Template - Resets the Home Page Message and Login Message fields to the default example template. Preview - Launch a pop-up window that displays the HTML code. Launch NetExtender after login - Automatically launches NetExtender after a user logs in.
The following options customize the functionality of the Virtual Office portal:
449
Display Import Certificate Button - Displays an Import Certificate button on the Virtual Office page. This initiates the process of importing the SonicWALL security appliances self-signed certificate onto the web browser. This option only applies to the Internet Explorer browser on PCs running Windows 2000 or Windows XP. Enable HTTP meta tags for cache control - Inserts HTTP tags into the browser that instruct the web browser not to cache the Virtual Office page. SonicWALL recommends enabling this option.
The Customized Logo field is used to display a logo other than the SonicWALL logo at the top of the Virtual Office portal. Enter the URL of the logo in the Customized Logo field. The logo must be in GIF format of size 155 x 36, and a transparent or light background is recommended.
SSL VPN > Client Settings

The Policies > SSL VPN > Client Settings page allows the administrator to enable SSL VPN access on zones and configure the client address range information and NetExtender client settings. It also displays which zones have SSL VPN access enabled.
The following tasks are configured on the SSL VPN > Client Settings page:

Configuring Zones for SSL VPN Access section on page 451 Configuring the SSL VPN Client Address Range section on page 451
450
Configuring NetExtender Client Settings section on page 452
Configuring Zones for SSL VPN Access

All of the zones on the SonicWALL security appliance are displayed in the SSL VPN Status on Zones section of the SSL VPN > Client Settings page. SSL VPN access must be enabled on a zone before users can access the Virtual Office web portal. A green button to the left of the name of the zone indicates that SSL VPN access is enabled. A red button indicates that SSL VPN access is disabled. To change the SSL VPN access for a zone, simply click the name of the zone on the SSL VPN > Client Settings page. SSL VPN Access can also be configured on the Network > Zones page by clicking the configure icon for the zone.
Note
WAN management must be enabled on the zone to terminate SSL VPN sessions. Even though the zone has SSL VPN enabled, if the management interface is disabled, SSL VPN will not work correctly.
Configuring the SSL VPN Client Address Range

The SSL VPN Client Address Range defines the IP address pool from which addresses will be assigned to remote users during NetExtender sessions. The range needs to be large enough to accommodate the maximum number of concurrent NetExtender users you wish to support plus one (for example, the range for 15 users requires 16 addresses, such as 192.168.200.100 to 192.168.200.115).
Note
The range must fall within the same subnet as the interface to which the SSL VPN appliance is connected, and in cases where there are other hosts on the same segment as the SSL VPN appliance, it must not overlap or collide with any assigned addresses.
451
To configure the SSL VPN Client Address Range, perform the following steps:
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Navigate to the SSL VPN > Client Settings page. In the NetExtender Start IP field, enter the first IP address in the client address range. In the NetExtender End IP field, enter the last IP address in the client address range. In the DNS Server 1 field, enter the IP address of the primary DNS server, or click the Default DNS Settings to use the default settings. (Optional) In the DNS Server 2 field, enter the IP address of the backup DNS server. (Optional) In the DNS Domain field, enter the domain name for the DNS servers. In the User Domain field, enter the domain name for the users. The value of this field must match the domain field in the NetExtender client. (Optional) In the WINS Server 1 field, enter the IP address of the primary WINS server. (Optional) In the WINS Server 2 field, enter the IP address of the backup WINS server. VPN services.
Step 10 In the Interface pull-down menu, select the interface to be used for SSL
Note
The IP address range must be on the same subnet as the interface used for SSL VPN services.
Step 11 Click the Zone name at the top of the page to enable SSL VPN access
on it with these settings. The indicator should be green for the Zone you want to enable.
Step 12 Click Accept.
Configuring NetExtender Client Settings

NetExtender client settings are configured on the bottom of the SSL VPN > Client Settings page. The following settings to customize the behavior of NetExtender when users connect and disconnect.
Default Session Timeout (minutes) - The default timeout value for client inactivity, after which the clients session is terminated.
452
Enable NetBIOS Over SSLVPN - Allows NetExtender clients to broadcast NetBIOS to the SSL VPN subnet. Enable Client Autoupdate - The NetExtender client checks for updates every time it is launched. Exit Client After Disconnect - The NetExtender client exits when it becomes disconnected from the SSL VPN server. To reconnect, users will have to either return to the SSL VPN portal or launch NetExtender from their Programs menu. Uninstall Client After Disconnect - The NetExtender client automatically uninstalls when it becomes disconnected from the SSL VPN server. To reconnect, users will have to return to the SSL VPN portal. Create Client Connection Profile - The NetExtender client will create a connection profile recording the SSL VPN Server name, the Domain name and optionally the username and password. Communication Between Clients - Enables NetExtender clients that are connected to the same server to communicate. User Name & Password Caching - Provide flexibility in allowing users to cache their usernames and passwords in the NetExtender client. The three options are Allow saving of user name only, Allow saving of user name & password, and Prohibit saving of user name & password. These options enable administrators to balance security needs against ease of use for users.
453
SSL VPN > Client Routes

The Policies > SSL VPN > Client Routes page allows the administrator to control the network access allowed for SSL VPN users. The NetExtender client routes are passed to all NetExtender clients and are used to govern which private networks and resources remote user can access via the SSL VPN connection.
The following tasks are configured on the SSL VPN > Client Routes page:

Configuring Tunnel All Mode section on page 454 Adding Client Routes section on page 455
Configuring Tunnel All Mode

Select Enabled from the Tunnel All Mode drop-down list to force all traffic for NetExtender users over the SSL VPN NetExtender tunnelincluding traffic destined for the remote users local network. This is accomplished by adding the following routes to the remote clients route table: IP Address 0.0.0.0 0.0.0.0 128.0.0.0 Subnet mask 0.0.0.0 128.0.0.0 128.0.0.0
454
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user is has the IP address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.
Adding Client Routes

The Add Client Routes pull-down menu is used to configure access to network resources for SSL VPN users. Select the address object to which you want to allow SSL VPN access. Select Create new address object to create a new address object. Creating client routes causes access rules to automatically be created to allow this access. Alternatively, you can manually configure access rules for the SSL VPN zone on the Firewall > Access Rules page. For more information, see Firewall > Access Rules on page 359.
455
456
CHAPTER 20 Configuring Security Services

SonicWALL security appliances offer several services for protecting networks against viruses and attacks. This chapter provides concept overviews and configuration tasks for deploying these services. This chapter contains the following sections:

Configuring SonicWALL Network Anti-Virus section on page 458 SonicWALL Network Anti-Virus Email Filter section on page 461 Configuring the SonicWALL Content Filter Service section on page 463 Configuring the SonicWALL Intrusion Prevention Service section on page 463 Configuring the SonicWALL RBL Filter section on page 472 Configuring the SonicWALL Gateway Anti-Virus section on page 473 Configuring the SonicWALL Anti-Spyware Service section on page 478
457
Configuring SonicWALL Network Anti-Virus

SonicWALL Network Anti-Virus is a distributed, gateway-enforced solution that ensures always-on, always-updated anti-virus software for every client on your network. The SonicWALL constantly monitors the version of the virus definition file and automatically triggers download and installation of new virus definition files to each users computer. In addition, the SonicWALL restricts each users access to the Internet until they are protected, therefore acting as an automatic enforcer of the companys virus protection policy. This new approach ensures the most current version of the virus definition file is installed and active on each PC on the network, preventing a rogue user from disabling the virus protection and potentially exposing the entire organization to an outbreak. And most importantly, SonicWALL Network Anti-Virus offloads the costly and time-consuming burden of maintaining and updating anti-virus software across the entire network. SonicWALL Network Anti-Virus also includes Network Anti-Virus Email Filter to selectively manage inbound Email attachments as they pass through the SonicWALL to control the flow of executable files, scripts, and applications into your network.
Configuring Anti-Virus Settings

SonicWALL Global Management System (SonicWALL GMS) offers anti-virus protection on a subscription-basis through a partnership with McAfee. This section describes how to configure Anti-Virus settings for SonicWALL appliances.
Note
SonicWALL appliances are entitled to a one-month anti-virus trial subscription. To enable the trial subscription, see Registering and Upgrading SonicWALL Appliances on page 591.
458
Anti-Virus Settings
To configure Anti-Virus settings for one or more SonicWALL appliances, follow these steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the Security Services tree and click AV Configure. The AV Configure page appears.
3. 4.
Select the Enable Anti-Virus Client Automated Installation, Updates and Enforcement check box. To enforce Anti-Virus protection on the DMZ port or HomePort (if available), select the Enable DMZ/HomePort/WLAN/OPT Policing check box. To disable policing from the LAN to the DMZ, select the Disable policing from LAN/WorkPort to DMZ/HomePort/WLAN/OPT check box. To configure the SonicWALL appliance(s) to only check for updates once a day, select the Reduce AV Traffic for ISDN connections check box. This is useful for low bandwidth connections or connections that are not always on. SonicWALL GMS automatically downloads the latest virus definition files. To configure the maximum number of days that can pass before SonicWALL GMS downloads the latest files, select the number of days from the Maximum Days Allowed Before Forcing Update list box. Significant virus events can occur without warning (e.g., Melissa, ILOVEYOU, and others). When these occur, SonicWALL GMS can be configured to block network traffic until the latest virus definition files are
5. 6.
7.
8.
459
downloaded. To configure this feature, determine which types of events will require updating. Then, select the Low Risk, Medium Risk, or High Risk check boxes.
Exempt Computers
The Exempt Computers section allows the GMS administrator to specify address ranges which should be explicitly included or excluded in Anti-Virus enforcement.
1.
Select the Enforce Anti-Virus policies for all computers radio button to enforce Anti-Virus policies across your entire network. Selecting this option forces computers to install VirusScan ASaP in order to access the Internet or the DMZ. This is the default configuration Select the Include specific address ranges in the Anti-Virus enforcement radio button to force a specified range of addresses to adhere to Anti-Virus enforcement. Choosing this option allows the administrator to define ranges of IP addresses to receive Anti-Virus enforcement. If you select this option, specify a range of IP addresses to be enforced. Any computer requiring enforcement needs a static IP address within the specified range of IP addresses. Up to 64 IP address ranges can be entered for enforcement.
2.
3.
Select the Exclude specific address ranges in the Anti-Virus enforcement radio button to exempt a specified range of addresses from Anti-Virus enforcement. Selecting this option allows the administrator to define ranges of IP addresses that are exempt from Anti-Virus enforcement. If you select this option, specify the range of IP addresses are exempt. Any computer requiring unrestricted Internet access needs a static IP address within the specified range of IP addresses. Up to 64 IP address ranges can be entered.
460
SonicWALL Network Anti-Virus Email Filter

The Network Anti-Virus Email Filter allows the administrator to selectively delete or disable inbound Email attachments as they pass through the SonicWALL. This feature provides control over executable files and scripts, and applications sent as Email attachments. This feature is available only with the purchase of an Email Filter subscription.
Email Filtering
During an outbreak, Email filtering allows for preemptive blocking of known filenames and newly discovered viruses before the Anti-Virus signature (DAT) files are actually available. This feature also provides full filename blocking of virus files, allowing SonicWALL to block only malicious attachments, while enabling all other attachments through. For example, during a virus outbreak, only the virus file is blocked while other productive files (such as Word documents and Excel spreadsheets) are allowed through. To configure email filter settings for one or more SonicWALL appliances, follow these steps:
1. 2.
Select the global icon, a group, or a SonicWALL appliance. Expand the Security Services tree and click EMail Filter. The EMail Filter screen displays.
461
Email Attachment Filtering

This section allows the administrator to specify file extensions to filter. By default, common executable files.vbs and .exe are blocked.
To enable infected email attachment blocking on inbound SMTP and POP3 Email protocols, select the Enable Email Attachment Filtering Alert Service check box. Only files that were discovered to be infected will be blocked. If a message contains uninfected attachments, those will be forwarded to the recipient. To specify file extensions to filter, select the Enable Email Attachment FIltering of Forbidden File Extensions checkbox. If choosing to specify forbidden file extensions, enter the file extensions (one at a time) in the Forbidden File Extensions box and click the Add button. Remove extensions from the list by selecting the checkbox to the left of the file extension and clicking the Update button at the bottom of the page. Click the Update button to save your changes.
Email Attachment Filtering Options

This section allows the administrator to handle forbidden file extensions in the following two ways:
Select the Disable the forbidden file by altering the file extension and attach warning text radio button to alter the file extension by replacing the third character of file extensions with _. If the email attachment is a valid file, the message recipient may return the attachment to its original file extension without damaging the file. Select Delete forbidden file and attach warning text to remove the forbidden file from the Email message entirely and attach warning text to the message. In the Warning Message Text field (maximum 256 characters), enter the text you wish to attach to messages containing forbidden files. Click the Update button to save your changes. Only infected files will be blocked. If a message contains uninfected attachments, those will be forwarded to the recipient.
Note
462
Configuring the SonicWALL Content Filter Service
Email Blocking
This option allows the administrator to block fragments of Email messages.

Check the Block Email fragments (Content-Type message\partial) to block fragmented messages from being delivered. Click the Update button to save your changes. Select from the following:
When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset. The SonicWALL appliance will block viruses that are discovered by the virus signature files and filenames that are known to be infected during an outbreak.
Configuring the SonicWALL Content Filter Service

The default SonicWALL Content Filtering Service (CFS) policy is available with or without a CFS subscription. With a valid CFS subscription, you can create custom CFS policies and apply them to network zones or to groups of users. For example, a school could create one policy for teachers and another for students. The settings for SonicWALL CFS are configured on the Policies > Website Blocking page in SonicWALL GMS. See Configuring General Website Blocking on page 296.
Configuring the SonicWALL Intrusion Prevention Service

The Intrusion Prevention Service (IPS) is a subscription-based service that is frequently updated to protect your networks from new attacks and undesired uses that expose your network to potential risks such as Instant Messaging (IM) or Peer-to-Peer (P2P) applications. For information on adding the IPS to SonicWALL appliances, see Registering and Upgrading SonicWALL Appliances on page 591 This section contains the following subsections:
463
Overview of IPS section on page 464 SonicWALL Deep Packet Inspection section on page 464 Enabling Intrusion Prevention Services section on page 466 Configuring IPS Policies section on page 469 Manual Upload of Keyset and Signature Files section on page 470
Overview of IPS
SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high performance Deep Packet Inspection engine for extended protection of key network services such as Web, Email, file transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The extensible signature language used in SonicWALLs Deep Packet Inspection engine also provides proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker attacks through SonicWALLs industry-leading Distributed Enforcement Architecture (DEA). Signature granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or per-signature basis to provide maximum flexibility and control false positives.
SonicWALL Deep Packet Inspection

Deep Packet Inspection looks at the data portion of the packet. The Deep Packet Inspection technology includes intrusion detection and intrusion prevention. Intrusion detection finds anomalies in the traffic and alerts the administrator. Intrusion prevention finds the anomalies in the traffic and reacts to it, preventing the traffic from passing through. Deep Packet Inspection is a technology that allows a SonicWALL Security Appliance to classify passing traffic based on rules. These rules include information about layer 3 and layer 4 content of the packet as well as the information that describes the contents of the packets payload, including the application data (for example, an FTP session, an HTTP Web browser session, or even a middleware database connection). This technology allows the administrator to detect and log intrusions that pass through the SonicWALL Security Appliance, as well as prevent them (i.e. dropping the packet or resetting the TCP connection). SonicWALLs Deep Packet Inspection technology also correctly handles TCP fragmented byte stream inspection as if no TCP fragmentation has occurred. 464
How SonicWALLs Deep Packet Inspection Architecture Works

Deep Packet Inspection technology enables the UTM appliance to investigate farther into the protocol to examine information at the application layer and defend against attacks targeting application vulnerabilities. This is the technology behind SonicWALL Intrusion Prevention Service. SonicWALLs Deep Packet Inspection technology enables dynamic signature updates pushed from the SonicWALL Distributed Enforcement Architecture. The following steps describe how the SonicWALL Deep Packet Inspection Architecture works:
1.
Pattern Definition Language Interpreter uses signatures that can be written to detect and prevent against known and unknown protocols, applications and exploits. TCP packets arriving out-of-order are reassembled by the Deep Packet Inspection framework. Deep Packet Inspection engine preprocessing involves normalization of the packets payload. For example, a HTTP request may be URL encoded and thus the request is URL decoded in order to perform correct pattern matching on the payload. Deep Packet Inspection engine postprocessors perform actions which may either simply pass the packet without modification, or could drop a packet or could even reset a TCP connection. SonicWALLs Deep Packet Inspection framework supports complete signature matching across the TCP fragments without performing any reassembly (unless the packets are out of order). This results in more efficient use of processor and memory for greater performance.
2. 3.
4.
5.
465
If TCP packets arrive out of order, the SonicWALL IPS engine reassembles them before inspection. However, SonicWALLs IPS framework supports complete signature matching across the TCP fragments without having to perform complete reassembly. SonicWALLs unique reassembly-free matching solution dramatically reduces CPU and memory resource requirements.
Enabling Intrusion Prevention Services

To configure IPS settings for one or more SonicWALL appliances, perform the following steps:
1.
466
2.
Expand the Security Services tree and click Intrusion Prevention. The Intrusion Prevention page appears.
3. 4. 5.
Check the Enable IPS checkbox to enable the service. Select the check boxes of the interface ports to monitor. Configure the following settings for High Priority Attacks in the IPS Settings area:
To to detect, log, and prevent all high priority attacks, select the
Prevent All check box.
To detect and log all high priority attacks, select the Detect All check
box.
To prevent the log from becoming overloaded with entries for the same
attack, enter a value in the Log Redundancy Filter field. For example, if you entered a value of 30 seconds and there were 100 SubSeven attacks during that period of time, only one attack would be logged during that 30 second period.
6.
Repeat Step 3 for the remaining categories as applicable, including Medium Priority Attacks, Low Priority Attacks, IM (Instant Messaging) Applications, and P2P (Peer-to-Peer) Applications. Click Configuring IPS Settings to choose one of the following options:
If Enable IP Reassembly is enabled, the SonicWALL security
7.
appliance reassembles fragmented packets for full application layer inspection.
467
If Prevent Invalid Checksum is enabled, the SonicWALL security
appliance automatically drops and resets the connection, to prevent the traffic from reaching its destination.
If Detect Invalid Checksum is enabled, the SonicWALL security
appliance logs and alerts any traffic, but does not take any action against the traffic. The connection proceeds to its intended destination.
If Enable IPS Exclusion List is enabled, this SonicWALL security
appliance bypasses IPS enforcement for a specified IP range. This requires the addition of an IPS Range (below).
8. 9.
To force the firmware to download all signatures, click Update IPS Signature Database. To reset your IPS settings to the defaults, click Reset IPS Settings & Policies. selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
468
Configuring IPS Policies

This section allows the administrator to configure settings for individual attacks.
1.
Locate the type of attack that you would like to view. To sort by category, select a category from the Categories list box. To sort by priority, select a priority level from the Priority list box. After locating a type of attack to configure, click its Configure Icon ( The Configure IPS dialog box appears. ).
2.
469
3.
Select whether attack detection for this type of attack is enabled, disabled, or uses the default global settings for the attack category from the Prevention list box. Select whether attack prevention for this type of attack is enabled, disabled, or uses the default global settings for the attack category from the Detection list box. Select which users or groups to include for this attack type in the Included Users/Groups list box Select which users or groups to exclude for this attack type in the Excluded Users/Groups list box. Select an IP address range to include for this attack type in the Included IP Address Range list box Select an IP address range to exclude for this attack type in the Excluded IP Address Range list box Select a time range to enforce attack protection on this attack type from the Schedule list box. (seconds) field, or select the checkbox to Use Category Settings. Prevention page.
4.
5. 6. 7. 8. 9.
10. Enter a timespan (in seconds) to run the Log Redundancy Filter
11. When you are finished, click Update. You are returned to the Intrusion 12. Repeat Steps 2. through 16 for each attack to edit. 13. To reset all attacks to their default settings, click Reset ALL IPS Settings
and Policies.
Manual Upload of Keyset and Signature Files

GMS now enables you to manually upload signature files in instances when the Internet is not active on your system. This is useful for SonicWALL security appliances that do not have direct Internet connectivity such as those deployed in high-security environments. In these situations, GMS retrieves the new signatures and then uploads them to the SonicWALL security appliance. To enable manual upload signature files, perform the following steps:
1. 2.
Navigate to the Console Panel. Click on the Management menu.
470
3.
Click on the GMS Settings option. The GMS Settings dialog box displays.
4.
Check the following checkbox: Firewalls managed by this GMS do not have Internet Access - This indicates that the SonicWALL appliances managed by GMS cannot directly reach the Internet.
Note
Note that keyset files will be uploaded at the time of registering a unit or when there is a change in the user license.
471
Configuring the SonicWALL RBL Filter
5.
.
In the Policies tab, navigate to the System > Tools page to upload keyset and signature files.
6.
Click the Upload Signatures Now button.
Configuring the SonicWALL RBL Filter

The Real-time Black List (RBL) section allows the administrator to block sources of spam, malware and other unscrupulous infestations by way of black-listing. In addition, SMTP servers may also be specified as allowed by way of white-listing. RBL list providers publish their lists via DNS. Blacklisted IP addresses appear in the database of the list provider's DNS domain using inverted IP notation of the SMTP server in question as a prefix to the domain name. A response code from 127.0.0.2 to 127.0.0.9 indicates some type of undesirability. To configure Real-time Black Listing.
1.
472
Configuring the SonicWALL Gateway Anti-Virus
2.
Expand the Security Services tree and click RBL Filter. The Global Security Client screen displays.
3. 4. 5. 6. 7.
Check the Enable Real-time Black List Blocking checkbox to enable the service. In the RBL DNS Servers drop-down list, choose to Inherit Settings from WAN Zone or Specify DNS Servers Manually. If choosing to specify your DNS servers manually, enter the server names in the DNS Server (1, 2, 3) fields below. Click the Add RBL Service link to add a new RBL domain. Enter the RBL Domain you wish to block and check the appropriate responses in the RBL Blocked Responses section below. You also have the option to Block All Responses. Click the OK button to save this new RBL Service. Click the Update button to update these settings.
8. 9.

To configure SonicWALL Gateway Anti-Virus to begin protecting your network, you need to perform the following steps:
1.
473
2.
Expand the Security Services tree and click Gateway AntiVirus. The Gateway AntiVirus screen displays).
3.
You can manually update your SonicWALL GAV database at any time by clicking the Update button. However, by default, the SonicWALL security appliance running SonicWALL GAV automatically checks for new signatures once an hour. Check the Enable Gateway Anti-Virus checkbox. If you have GMS managed UTM appliances running SonicOS Standard, select the interface you want to enable Gateway Anti-Virus on. You can select from WAN, LAN/WorkPort, DMZ/HomePort/WLAN/OPT. Check the boxes corresponding to the Protocols you wish to enforce Inbound and Outbound inspection on.
4. 5.
6.
Note
If your SonicWALL UTM appliance is running SonicOS Enhanced, you must enable Gateway Anti-Virus on the appropriate zone in the Network > Zones page before continuing.
474
Configuring GAV Settings

Perform the following steps to configure SonicWALL Gateway Anti-Virus settings and notification preferences:
1. 2. 3.
Select Enable Client Notification Alerts to send relevant blocked file notifications to users of the SonicWALL Desktop Anti-Virus client. Select Disable SMTP Responses to suppress the sending of email notifications when viruses are blocked at the gateway. Select Disable detection of EICAR test virus to ignore this test file. The EICAR file is a small file (but not actually a read virus) often used to test how virus protection mechanisms respond to a threat. It is not recommended to check the options for Enable HTTP Byte-Range requests with Gateway AV or Enable FTP REST requests with Gateway AV unless directed to do so by a SonicWALL representative. Select Enable HTTP Clientless Notification Alerts to enable alerts about blocked content for clients who do not have SonicWALL Client Anti-Virus installed. These alerts are delivered by way of a standard HTML browser window. You may also enter a message below if using this notification type. If Enable Gateway AV Exclusion List is enabled, the SonicWALL security appliance bypasses AV enforcement for a specified IP range. This requires the addition of an IPS Range.
4.
5.
6.
475
Configuring GAV Protocols

Application-level awareness of the type of protocol that is transporting the violation allows SonicWALL GAV to perform specific actions within the context of the application to gracefully handle the rejection of the payload.
1. 2. 3.
Select which types of traffic to Enable Inbound Inspection for. To scan outgoing SMTP mail, select to Enable Outbound Inspection on SMTP. For more granular control over protocol traffic inspection, click the settings icon for each of the protocols you choose. The settings window displays and allows you to restrict transfer of the following possibly dangerous file types:
Table 6 Gateway AV File Restrictions
File Type Password protected ZIP files MS-Office type files containing macros Packed executable files (UPX, FSG, etc.)
Security Issues This option only functions on protocols (e.g. HTTP, FTP, SMTP) that are enabled for inspection. Transfers of any MS Office 97 and above files that contain VBA macros. Disables the transfer of packed executable files. Packers are utilities which compress and sometimes encrypt executables. Although there are legitimate applications for these, they are also sometimes used with the intent of obfuscation, so as to make the executables less detectable by anti-virus applications. The packer adds a header that expands the file in memory, and then executes that file.
4.
Click the Configure Gateway AV Settings link. The Gateway AV settings window displays. This window allows you to configure client notification alerts and create a SonicWALL GAV exclusion list. To download the latest signature database from mysonicwall.com, click the Update Gateway AV Signature Database link. Click the Update button when you are ready to save your changes.
5. 6.
476
Viewing SonicWALL GAV Signatures

The Gateway Anti-Virus Signatures section allows you to view the contents of the SonicWALL GAV signature database. All the entries displayed in the Gateway Anti-Virus Signatures table are from the SonicWALL GAV signature database downloaded to your SonicWALL security appliance.
Note
Signature entries in the database change over time in response to new threats.
Displaying Signatures
You can display the signatures in a variety of views using the View Style menu. Use Search String - Allows you to display signatures containing a specified string entered in the Lookup Signatures Containing String field. All Signatures - Displays all the signatures in the table, 50 to a page. 0 - 9 - Displays signature names beginning with the number you select from the menu. A-Z - Displays signature names beginning with the letter you select from menu.
Navigating the Gateway Anti-Virus Signatures Table

The SonicWALL GAV signatures are displayed fifty to a page in the Gateway Anti-Virus Signatures table. The Items field displays the table number of the first signature. If youre displaying the first page of a signature table, the entry might be Items 1 to 50 (of 58). Use the navigation buttons to navigate the table.
Searching the Gateway Anti-Virus Signature Database

You can search the signature database by entering a search string in the Lookup Signatures Containing String field, then clicking the edit (Notepad) icon. The signatures that match the specified string are displayed in the Gateway Anti-Virus Signatures table.
477
Configuring the SonicWALL Anti-Spyware Service

SonicWALL Anti-Spyware is included within the SonicWALL Gateway Anti-Virus (GAV), Anti-Spyware and Intrusion Prevention Service (IPS) unified threat management solution. SonicWALL GAV, Anti-Spyware and IPS delivers a comprehensive, real-time gateway security solution for your entire network. Activating the SonicWALL Anti-Spyware license on your SonicWALL security appliance does not automatically enable the protection. To configure SonicWALL Anti-Spyware to begin protecting your network, you need to perform the following steps:
1. 2. 3.
Enable SonicWALL Anti-Spyware Specify Spyware Danger Level Protection Apply SonicWALL Anti-Spyware Protection to Zones
Note
For complete instructions on setting up SonicWALL Anti-Spyware Service, refer to the SonicWALL Anti-Spyware Service Administrators Guide available on the SonicWALL Web site http://www.sonicwall.com/us/Support.html
Once you configured these basic anti-spyware protection settings, you can perform additional configuration options to tailor SonicWALL Spyware protection for your network environment.
478
Selecting Security Services > Anti-Spyware displays the configuration settings for SonicWALL Anti-Spyware on your SonicWALL security appliance.
The Anti-Spyware page for the SonicOS Enhanced is divided into three sections:
Anti-Spyware Status - displays status information on the state of the signature database, your SonicWALL Anti-Spyware license, and other information. Anti-Spyware Global Settings - provides the key settings for enabling SonicWALL Anti-Spyware on your SonicWALL security appliance, specifying global SonicWALL Anti-Spyware protection based on three classes of spyware, and other configuration options. Anti-Spyware Signatures - shows the status and contents of your signature database.
479
Warning
After activating your SonicWALL Anti-Spyware license, you must enable and configure SonicWALL Anti-Spyware on the SonicWALL management interface before anti-spyware policies are applied to your network traffic.
Enabling SonicWALL Anti-Spyware

SonicWALL Anti-Spyware must be globally enabled on your SonicWALL security appliance. Select the Enable Anti-Spyware check box (a checkmark is displayed), and then click Configure Anti-Spyware Settings to apply the settings.
.
Checking the Enable Anti-Spyware check box does not automatically start SonicWALL Anti-Spyware protection. You must also specify a Prevent All action in the Signature Groups table to activate anti-spyware on the SonicWALL security appliance, and then specify the zones you want to protect on the Network > Zones page. You can also select Detect All for spyware event logging and alerting.
480
Specifying Spyware Danger Level Protection

SonicWALL Anti-Spyware allows you to globally manage your network protection against attacks by simply selecting the class of attacks: High Danger Level Spyware, Medium Danger Level Spyware and Low Danger Level Spyware.
Selecting the Prevent All and Detect All check boxes for High Danger Level Spyware and Medium Danger Level Spyware in the Signature Groups table, and then clicking Apply protects your network against the most dangerous spyware.
Caution
SonicWALL recommends enabling Prevent All for High Danger Level Spyware and Medium Danger Level Spyware signature groups to provide anti-spyware protection against the most damaging and disruptive spyware applications. You can also enable Detect All for spyware logging and alerting.
SonicWALL Anti-Spyware also allows you to configure anti-spyware policies at the category and signature level to provide flexible granularity for tailoring SonicWALL Anti-Spyware protection based on your network environment requirements. If you are running SonicOS Enhanced, you can apply these custom SonicWALL Anti-Spyware policies to Address Objects, Address Groups, and User Groups, as well as create enforcement schedules. For more information, refer to the SonicWALL Anti-Spyware Administrators Guide available on the SonicWALL Web site http://www.sonicwall.com/us/Support.html
481
Applying SonicWALL Anti-Spyware Protection to Zones (Enhanced)

For SonicWALL security appliances running SonicOS Enhanced 3.0, you apply SonicWALL Anti-Spyware to Zones on the Network > Zones page to enforce SonicWALL Anti-Spyware not only between each network zone and the WAN, but also between internal zones. For example, enabling SonicWALL Anti-Spyware on the LAN zone enforces SonicWALL Anti-Spyware on all incoming and outgoing LAN traffic. In the Anti-Spyware Status section of the Security Services > Anti-Spyware page, click the Network > Zones link to access the Network > Zones page or select the Network > Zones page. You apply SonicWALL Anti-Spyware policies to a zone listed on the Network > Zones page. To enable SonicWALL Anti-Spyware on a zone, perform these steps:
1.
In the SonicWALL security appliance management interface, select Network > Zones or from the Anti-Spyware Status section, on the Security Services > Anti-Spyware page, click the Network > Zones link. The Network > Zones page is displayed.
482
2.
In the Configure column in the Zone Settings table, click the Edit icon for the zone you want to apply SonicWALL IPS. The Edit Zone window is displayed.
3. 4.
Click the Enable Anti-Spyware Service checkbox. A checkmark appears. To disable SonicWALL Anti-Spyware Service, uncheck the box. Click OK.
You can also enable SonicWALL IPS protection for new zones you create on the Network > Zones page. Clicking the Add button displays the Add Zone window, which includes the same settings as the Edit Zone window.
Configuring the Anti-Spyware Category

SonicWALL Anti-Spyware also allows you to configure anti-spyware policies at the category and signature level to provide flexible granularity for tailoring SonicWALL Anti-Spyware protection based on your network environment requirements. If you are using GMS to configure a device that runs SonicOS Enhanced, you can apply these custom SonicWALL Anti-Spyware policies to Address Objects, Address Groups, and User Groups, as well as create
483
enforcement schedules. For more information, refer to the SonicWALL Anti-Spyware Administrators Guide available on the SonicWALL Web site http://www.sonicwall.com/us/Support.html.
Configure the fields in the Anti-Spyware Product Settings dialog box as described in the following table.
Table 7 Anti-Spyware Product Settings
Field
Prevention Detection Included Users/Groups
Description
Allows you to enable and disable intrusion prevention for the device. Allows you to enable and disable intrusion detection for the device. Applies the anti-spyware settings to members of the following group types: All, Administrators, Everyone, Guest Services, Trusted Users, Content Filtering Bypass, and Limited Administrators. Does not apply the anti-spyware settings to members of the following group types: All, Administrators, Everyone, Guest Services, Trusted Users, Content Filtering Bypass, and Limited Administrators.
Excluded Users/Groups
Included IP Address Range Allows you to apply the anti-spyware settings to all users that fall within a specified IP address range of a specified category. For more details on the categories, see the table below.
484
For a birds eye view of the categories, refer to the following figure:
485
486
CHAPTER 21 Configuring High Availability

This chapter describes how to use SonicWALL GMS to configure High Availability, which allows the administrator to specify a primary and backup (secondary) SonicWALL appliance. In the case that the connection to the primary device fails, connectivity will transfer to the backup device. In addition, GMS can utilize the same device pairing technology to implement different forms of load balancing. Load balancing helps regulate the flow of network traffic by splitting that traffic between primary and secondary SonicWALL devices. This chapter includes the following sections:

Configuring High Availability Settings section on page 488 Configuring Advanced High Availability Settings section on page 489 Monitoring High Availability section on page 492 Verifying High Availability Status section on page 493
Note
High Availability is available at the appliance level, it cannot be configured at the group level.
487
Configuring High Availability Settings
Configuring High Availability Settings

The High Availability feature configures a pair of SonicWALL appliances as a primary and backup. The backup monitors the primary through a series of heartbeats. If the backup detects that the primary is unavailable or has failed, it will replace the primary. The High Availability feature is available on the following SonicWALL appliances:
1. 2.
SonicWALL NSA Series SonicWALL NSA E-Class Series SonicWALL PRO 2040/3060/4060/4100/5060 Select a SonicWALL appliance and click the Policies tab. Expand the High Availability tree and click Settings. The High Availability page displays.
To configure High Availability settings:
3.
Select the Enable High Availability check box. When a SonicWALL appliance becomes active after startup, it looks for an active SonicWALL appliance that is configured for High Availability. If the other appliance is active, it transitions to Idle mode. Sometimes, due to network latency and other issues, it may take a while to find the other SonicWALL appliance.
4. 5.
Enter the Serial Number of the Backup SonicWALL security appliance to be used in the High Availability pair. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
488
Configuring Advanced High Availability Settings

The High Availability > Advanced page is used to configure the stateful synchronization and Active/Active UTM features. The Advanced page also provides the ability to fine tune a number of High Availability options that manage the settings that trigger the High Availability pair to fail over from the primary to the backup appliance. To configure advanced High Availability settings, perform the following steps:
1.
Select a SonicWALL appliance and click the Policies tab. Expand the High Availability tree and click Advanced.
2.
Select the Enable Stateful Synchronization check box to configure stateful High Availability. With Stateful High Availability, the primary unit actively communicates with the backup on a per connection and VPN level. As the primary creates and updates connection cache entries or VPN tunnels, the backup unit is informed of such changes. The backup unit remains in a continuously synchronized state so that it can seamlessly assume the network responsibilities upon failure of the primary unit with no interruption to existing network connections.
Note
Stateful High Availability requires an additional license for the primary SonicWALL appliance. The license is shared between the primary and backup appliances. To configure Active/Active UTM select the Enable Active/Active UTM checkbox.
3.
489
Note
Active/Active UTM is available on SonicWALL NSA series appliances running SonicOS Enhanced 5.5 or higher. In an active/active model, both UTM appliances share the processing of Deep Packet Inspection (DPI) UTM services When Active/Active UTM is enabled on a Stateful HA pair, these DPI UTM services can be processed concurrently with firewall, NAT, and other modules on both the active and idle UTM appliances. Processing of all modules other than DPI UTM services is restricted to the active unit.
4.
If enabling Active/Active UTM, select an interface in the HA Data Interface drop-down list. This interface will be used for transferring data between the two units during Active/Active UTM processing. Only unassigned, available interfaces appear in the drop-down list. Select the Enable Preempt Mode check box to configure the primary SonicWALL appliance to take over from the backup SonicWALL appliance when it becomes available. Otherwise, the backup SonicWALL appliance will remain active. Select the Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware check box to overwrite the current firmware backup settings when upgrading. With this option, the current settings at the time of upgrade will be saved as backup settings. Select the Enable Virtual MAC check box. When the Stateful High Availability Upgrade is licensed, Virtual MAC capability is also licensed. Virtual MAC allows the backup unit in an HF pair to use the MAC address of the primary unit when a failover occurs. Alternatively, you can manually set a virtual MAC address for both units to use. Virtual MAC addressing contributes to network continuity and efficiency during a failover in the same way as the use of virtual IP addresses. During a failover, the backup unit uses the same virtual IP address that was used by the primary unit. The Virtual MAC feature avoids the need to update the whole network to associate the virtual IP address with the actual physical MAC address of the backup unit. Optionally, you can fine tune the following options:
Enter the heartbeat interval (in seconds) in the Heartbeat Interval
5.
6.
7.
8.
field.
Specify how long the backup waits before replacing the primary (in
seconds) in the Failover Trigger Level field.
490
To specify how long the SonicWALL appliance will look, enter the
number of seconds in the Election Delay Time field. You can enter a value between 0 and 300 seconds, but the default value of 0 seconds is sufficient in most cases. field. This setting is used when a failover occurs on a High Availability pair that is using either RIP or OSPF dynamic routing. When a failover occurs, Dynamic Route Hold-Down Time is the number of seconds the newly-active appliance keeps the dynamic routes it had previously learned in its route table. During this time, the newly-active appliance relearns the dynamic routes in the network. When the Dynamic Route Hold-Down Time duration expires, it deletes the old routes and implements the new routes it has learned from RIP or OSPF. The default value is 45 seconds. In large or complex networks, a larger value may improve network stability during a failover.
Optionally, change the value in the Dynamic Route Hold-Down Time
9.
When changes are made to the Primary or Backup UTM appliance, the changes are automatically synchronized between the two UTM appliances. To cause the synchronization to occur now, click Synchronize Settings. Additionally, selecting the Include Certificates/Keys will synchronize certificates and keys between devices. primary device, click the Synchronize Firmware link.
10. To force the backup device to load and reboot to current firmware from the 11. When you are finished, click Update. The settings are changed for each
491
Monitoring High Availability
Monitoring High Availability

On the High Availability > Monitoring page, you can specify IP addresses that the SonicWALL security appliance performs an ICMP ping on to determine link viability. When using logical monitors, the SonicWALL will ping the defined Probe IP Address target from the Primary as well as the Backup SonicWALL. If both can successfully ping the target, no failover occurs. If both cannot successfully ping the target, no failover occurs, as the SonicWALLs will assume that the problem is with the target, and not the SonicWALLs. But, if one SonicWALL can ping the target but the other SonicWALL cannot, it will failover to the SonicWALL that can ping the target. To configure interface monitoring between the primary and backup appliances, perform the following steps:
1.
Expand the High Availability tree and click Monitoring. The Monitoring Settings page displays.
2.
Click on the configure icon for the X0 interface. The Interface X0 Monitoring Settings window displays.
3. 4.
Enter the LAN management IP address for the primary appliance in the Primary IP Address field. Enter the LAN management IP address for the backup appliance in the Backup IP Address field.
492
Verifying High Availability Status
5.
(Optional) Check the Enable Interface Monitoring checkbox and enter the IP address of a reliable device on the LAN network in the Probe IP Address field. This should be a downstream router or server. The primary and backup appliances will regularly ping this probe IP address. If both can successfully ping the target, no failover occurs. If neither can successfully ping the target, no failover occurs, because it is assumed that the problem is with the target, and not the SonicWALL appliances. But, if one appliance can ping the target but the other appliance cannot, failover will occur to the appliance that can ping the target. (Optional) To manually specify the virtual MAC address, check the Manual Virtual MAC checkbox and enter a MAC address. SonicWALL recommends that you manually configure the virtual MAC address only if the appliances do not have Internet access (for example, in secure network environments). Allowing the appliances to retrieve the virtual MAC address from the SonicWALL backend eliminates the possibility of configuration errors and ensures the uniqueness of the virtual MAC address, which prevents possible conflicts. Click OK. Click on the configure icon for the X1 interface and repeat steps 3 through 7 for the WAN IP addresses on the primary and backup appliances.
6.
7. 8.

Under the unit view, GMS displays whether an appliance is the primary or secondary unit on the System>Status page under the Management heading. For more information, see Viewing System Status on page 122. Another method to determine which SonicWALL is active is to check the High Availability Settings Status indicator on the High Availability > Settings page. If the primary SonicWALL is active, the first line in the page indicates that the primary SonicWALL is currently Active. It is also possible to check the status of the backup SonicWALL by logging into the LAN IP Address of the backup SonicWALL. If the primary SonicWALL is operating normally, the status indicates that the backup SonicWALL is currently Idle. If the backup has taken over for the primary, the status indicates that the backup is currently Active. Using the GEM framework, you can also configure GMS to send email alerts when there is a change in the status of the High Availability pair. You can configure an alert using the Unit HF Status alert type. For information on how to configure alerts, see the Granular Event Management chapter.
493
You can also view details on High Availability events in the GMS log, which is available on the Console tab under the Log tree. See Configuring Log Settings on page 277 for more information.
494
CHAPTER 22 Configuring SonicPoints

This chapter describes how to configure SonicPoint managed secure wireless access points. This chapter includes the following sections:

Managing SonicPoints section on page 496 Viewing Station Status section on page 511 Using and Configuring SonicPoint IDS section on page 513 Using and Configuring Virtual Access Points section on page 516
495
Managing SonicPoints
The SonicPoint section of GMS lets you manage the SonicPoints connected to your system.
Before Managing SonicPoints

Before you can manage SonicPoints in GMS, you must first:

Configure your SonicPoint Provisioning Profiles Configure a Wireless zone Assign profiles to wireless zones This step is optional. If you do not assign a default profile for a zone, SonicPoints in that zone will use the first profile in the list.
Assign an interface to the Wireless zone Attach the SonicPoints to the interfaces in the Wireless zone Test SonicPoints
496
SonicPoint Provisioning Profiles

SonicPoint Provisioning Profiles provide a scalable and highly automated method of configuring and provisioning multiple SonicPoints across a Distributed Wireless Architecture. SonicPoint Profile definitions include all of the settings that can be configured on a SonicPoint, such as radio settings for the 2.4GHz and 5GHz radios, SSIDs, and channels of operation. Once you have defined a SonicPoint profile, you can apply it to a Wireless zone. Each Wireless zone can be configured with one SonicPoint profile. Any profile can apply to any number of zones.
Table 8 Default SonicPoint Profile
802.11a Radio Enable 802.11a Radio SSID Yes - Always on sonicwall
802.11g Radio Enable 802.11g Radio SSID Yes - Always on sonicwall
802.11n Radio Enable 802.11n Radio SSID Yes - Always on
sonicwall-D790 (where D790 is an example; this is determined by the hardware address) 2.4 GHz 802.11n/g/b Mixed AutoChannel
Radio Mode
54Mbps 802.11a AutoChannel
Radio Mode
2.4 GHz 54Mbps 802.11g Disabled
Radio Mode
Channel
Channel ACL Enforcement
AutoChannel Channel
ACL Disabled Enforcement
ACL Disabled Enforceme nt Authentica WEP - Both tion Open System & Type Shared Key Schedule IDS Scan Data Rate Antenna Diversity Disabled Best Best
Authenticatio WEP - Both Authenticatio n Open System n Type & Shared Key Type Schedule IDS Scan Data Rate Antenna Diversity Disabled Best Best
WEP - Both Open System & Shared Key
Schedule IDS Disabled Scan Data Rate Antenna Diversity Best Best
497
Configuring a SonicPoint Profile

The SonicPoint profile configuration process for 802.11n slightly different than for 802.11a or 802.11g. The following sections describe how to configure SonicPoint profiles:

Configuring a SonicPointN Profile for 802.11n on page 498 Configuring a SonicPoint Profile for 802.11a or 802.11g on page 504
Configuring a SonicPointN Profile for 802.11n

You can add any number of SonicPoint profiles. To configure a SonicPoint provisioning profile:
Step 1
To add a new profile click Add SonicPointN below the list of SonicPoint 802.11n provisioning profiles. To edit an existing profile, select the profile and click the Configure icon in the same line as the profile you are editing.
Step 2
In the General tab of the Add Profile window, specify:

Enable SonicPoint: Check this to automatically enable each
SonicPoint when it is provisioned with this profile.

Retain Settings: Check this to have the SonicPointNs provisioned by
this profile retain these settings until the appliance is rebooted.

Name Prefix: Enter a prefix for the names of all SonicPointNs
connected to this zone. When each SonicPointN is provisioned it is given a name that consists of the name prefix and a unique number, for example: SonicPoint 126008.
Country Code: Select the country where you are operating the
SonicPointNs. The country code determines which regulatory domain the radio operation falls under.
498
Step 3
In the 802.11n tab, configure the radio settings for the 802.11n radio:
Enable Radio: Check this to automatically enable the 802.11n radio
bands on all SonicPoints provisioned with this profile.

Radio Mode: Select your preferred radio mode from the Radio Mode
menu. The wireless security appliance supports the following modes:

2.4GHz 802.11n Only - Allows only 802.11n clients access to your
wireless network. 802.11a/b/g clients are unable to connect under this restricted radio mode.
2.4GHz 802.11n/g/b Mixed - Supports 802.11b, 802.11g, and
802.11n clients simultaneously. If your wireless network comprises multiple types of clients, select this mode.
Tip
For optimal throughput speed solely for 802.11n clients, SonicWALL recommends the 802.11n Only radio mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication compatibility.
499
2.4GHz 802.11g Only - If your wireless network consists only of
802.11g clients, you may select this mode for increased 802.11g performance. You may also select this mode if you wish to prevent 802.11b clients from associating.
5 GHz 802.11n Only - Allows only 802.11n clients access to your
wireless network. 802.11a/b/g clients are unable to connect under this restricted radio mode.
5 GHz 802.11n/a Mixed - Supports 802.11n and 802.11a clients
simultaneously. If your wireless network comprises both types of clients, select this mode.
5 GHz 802.11a Only - Select this mode if only 802.11a clients
access your wireless network.

SSID: Enter a recognizable string for the SSID of each SonicPoint
using this profile. This is the name that will appear in clients lists of available wireless connections.
Note
If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint to another.
When the wireless radio is configured for a mode that supports 802.11n, the following options are displayed: Radio Band (802.11n only): Sets the band for the 802.11n radio:
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. This is the default setting. Standard - 20 MHz Channel - Specifies that the 802.11n radio will use only the standard 20 MHz channel. When this option is selected, the Standard Channel pull-down menu is displayed.
Standard Channel - This pull-down menu only displays when the 20
MHz channel is selected. By default, this is set to Auto, which allows the appliance to set the optimal channel based on signal strength and integrity. Optionally, you can select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area.
Wide - 40 MHz Channel - Specifies that the 802.11n radio will use only the wide 40 MHz channel. When this option is selected, the Primary Channel and Secondary Channel pull-down menus are displayed:
500
Primary Channel - By default this is set to Auto. Optionally, you can
specify a specific primary channel.

Secondary Channel - The configuration of this pull-down menu is
controlled by your selection for the primary channel:

If the primary channel is set to Auto, the secondary channel is also
set to Auto.
If the primary channel is set to a specific channel, the secondary
channel is set to to the optimum channel to avoid interference with the primary channel. Enable Short Guard Interval: Specifies the short guard interval of 400ns (as opposed to the standard guard interval of 800ns). The guard interval is a pause in transmission intended to avoid data loss from interference or multipath delays. Enable Aggregation: Enables 802.11n frame aggregation, which combines multiple frames to reduce overhead and increase throughput.
Tip
The Enable Short Guard Interval and Enable aggregation options can slightly improve throughput. They both function best in optimum network conditions where users have strong signals with little interference. In networks that experience less than optimum conditions (interference, weak signals, etc.), these options may introduce transmission errors that eliminate any efficiency gains in throughput.
ACL Enforcement: Select this to enforce Access Control by allowing or denying traffic from specific devices. Select a MAC address group from the Allow List to automatically allow traffic from all devices with MAC address in the group. Select a MAC address group from the Deny List to automatically deny traffic from all devices with MAC address in the group. The deny list is enforced before the Allow list.
Step 4
In the Wireless Security section of the 802.11n Radio tab, configure the following settings:
Authentication Type: Select the method of authentication for your
wireless network. You can select WEP - Both (Open System & Shared Key), WEP - Open System, WEP - Shared Key, WPA - PSK, WPA - EAP, WPA2-PSK, WPA2-EAP, WPA2-AUTO-PSK, and WPA2-AUTO-EAP.
WEP Configuration
WEP Key Mode: Select the size of the encryption key.
501
Default Key: Select which key in the list below is the default key,
which will be tried first when trying to authenticate a user.

Key Entry: Select whether the key is alphanumeric or hexadecimal. Key 1 - Key 4: Enter the encryptions keys for WEP encryption. Enter
the most likely to be used in the field you selected as the default key.
WPA or WPA2 Configuration:
Cipher Type: The cipher that encrypts your wireless data. Choose
either TKIP (older, more compatible), AES (newer, more secure), or Both (backward compatible).
Group Key Interval: The time period for which a Group Key is valid.
The default value is 86400 seconds. Setting to low of a value can cause connection issues.
Passphrase (PSK only): This is the passphrase your network users
must enter to gain network access.

RADIUS Server Settings (EAP Only): Configure settings for your
RADIUS authentication server.

Step 5
In the Advanced tab, configure the performance settings for the 802.11n radio. For most 802.11n advanced options, the default settings give optimum performance.
502
Hide SSID in Beacon: Check this option to have the SSID broadcast
as part of the wireless beacon, rather than as a separate broadcast.

Schedule IDS Scan: Select a time when there are fewer demands on
the wireless network to schedule an Intrusion Detection Service (IDS) scan to minimize the inconvenience of dropped wireless connections.
Data Rate: Select the speed at which the data is transmitted and
received. Best automatically selects the best rate available in your area given interference and other factors. Or you can manually select a data rate. effects the range of the SonicPoint. You can select: Full Power, Half (-3 dB), Quarter (-6 dB), Eighth (-9 dB), or Minimum.
Transmit Power: Select the transmission power. Transmission power
Antenna Diversity: The Antenna Diversity setting determines which
antenna the SonicPoint uses to send and receive data. When Best is selected, the SonicPoint automatically selects the antenna with the strongest, clearest signal. between sending out a wireless beacon.
Beacon Interval (milliseconds): Enter the number of milliseconds DTIM Interval: Enter the interval in milliseconds. Fragmentation Threshold (bytes): Enter the number of bytes of
fragmented data you want the network to allow.

RTS Threshold (bytes): Enter the number of bytes. Maximum Client Associations: Enter the maximum number of
clients you want the SonicPoint to support on this radio at one time.
Preamble Length: Select the length of the preamble--the initial
wireless communication send when associating with a wireless host. You can select Long or Short.
Protection Mode: Select the CTS or RTS protection. Select None,
Always, or Auto. None is the default. Mbps, 2 Mbps, 5 Mbps, or 11 Mbps.
Protection Rate: Select the speed for the CTS or RTS protection, 1 Protection Type: Select the type of protection, CTS-only or
RTS-CTS.
Enable Short Slot Time: Allow clients to disassociate and
reassociate more quickly.

Allow Only 802.11g Clients to Connect: Use this if you are using
Turbo G mode and therefore are not allowing 802.11b clients to connect.
503
When a SonicPoint unit is first connected and powered up, it will have a factory default configuration (IP address 192.168.1.20, username: admin, password: password). Upon initializing, it will attempt to find a SonicOS device with which to peer. If it is unable to find a peer SonicOS device, it will enter into a stand-alone mode of operation with a separate stand-alone configuration allowing it to operate as a standard Access Point. If the SonicPoint does locate, or is located by a peer SonicOS device, via the SonicWALL Discovery Protocol, an encrypted exchange between the two units will ensue wherein the profile assigned to the relevant Wireless zone will be used to automatically configure (provision) the newly added SonicPoint unit. As part of the provisioning process, SonicOS will assign the discovered SonicPoint device a unique name, and it will record its MAC address and the interface and zone on which it was discovered. It can also automatically assign the SonicPoint an IP address, if so configured, so that the SonicPoint can communicate with an authentication server for WPA-EAP support. SonicOS will then use the profile associated with the relevant zone to configure the 2.4GHz and 5GHz radio settings. Modifications to profiles will not affect units that have already been provisioned and are in an operational state. Configuration changes to operational SonicPoint devices can occur in two ways:
Via manual configuration changes Appropriate when a single, or a small set of changes are to be affected, particularly when that individual SonicPoint requires settings that are different from the profile assigned to its zone.
Via un-provisioning Deleting a SonicPoint unit effectively un-provisions the unit, or clears its configuration and places it into a state where it will automatically engage the provisioning process anew with its peer SonicOS device. This technique is useful when the profile for a zone is updated or changed, and the change is set for propagation. It can be used to update firmware on SonicPoints, or to simply and automatically update multiple SonicPoint units in a controlled fashion, rather than changing all peered SonicPoints at once, which can cause service disruptions.
Configuring a SonicPoint Profile for 802.11a or 802.11g

You can add any number of SonicPoint profiles. To configure a SonicPoint provisioning profile:
Step 1
To add a new profile click Add below the list of SonicPoint provisioning profiles. To edit an existing profile, select the profile and click the edit icon in the same line as the profile you are editing. In the General tab of the Add Profile window, specify:
Step 2
504
Enable SonicPoint: Check this to automatically enable each
SonicPoint when it is provisioned with this profile.

Retain Settings: Check this to have the SonicPoints provisioned by
this profile retain these settings until the appliance is rebooted.

Enable RF Monitoring: Check this to enable RF monitoring on the
SonicPoints.
Name Prefix: Enter a prefix for the names of all SonicPoints
connected to this zone. When each SonicPoint is provisioned it is given a name that consists of the name prefix and a unique number, for example: SonicPoint 126008.
Country Code: Select the country where you are operating the
SonicPoints. The country code determines which regulatory domain the radio operation falls under.
Step 3
In the 802.11g tab, Configure the radio settings for the 802.11g (2.4GHz band) radio:
Enable 802.11g Radio: Check this to automatically enable the
802.11g radio bands on all SonicPoints provisioned with this profile.

SSID: Enter a recognizable string for the SSID of each SonicPoint
using this profile. This is the name that will appear in clients lists of available wireless connections.
Note
If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint to another.
Radio Mode: Select the speed of the wireless connection. You can
choose 11Mbps - 802.11b, 54 Mbps - 802.11g, or 108 Mbps - Turbo G mode. If you choose Turbo mode, all users in your company must use wireless access cards that support turbo mode. AutoChannel, which automatically selects the channel with the least interference. Use AutoChannel unless you have a specific reason to use or avoid specific channels.
Channel: Select the channel the radio will operate on. The default is
ACL Enforcement: Select this to enforce Access Control by allowing
or denying traffic from specific devices. Select a MAC address group from the Allow List to automatically allow traffic from all devices with MAC address in the group. Select a MAC address group from the Deny List to automatically deny traffic from all devices with MAC address in the group. The deny list is enforced before the Allow list.
505
Authentication Type: Select the method of authentication for your
wireless network. You can select WEP - Both (Open System & Shared Key), WEP - Open System, WEP - Shared Key, WPA - PSK, WPA - EAP, WPA2-PSK, WPA2-EAP, WPA2-AUTO-PSK, and WPA2-AUTO-EAP.
WEP Key Mode: Select the size of the encryption key. Default Key: Select which key in the list below is the default key,
which will be tried first when trying to authenticate a user.

Key Entry: Select whether the key is alphanumeric or hexadecimal. Key 1 - Key 4: Enter the encryptions keys for WEP encryption. Enter
the most likely to be used in the field you selected as the default key.
Step 4
In the 802.11g Advanced tab, configure the performance settings for the 802.11g radio. For most 802.11g advanced options, the default settings give optimum performance.
Hide SSID in Beacon: Check this option to have the SSID broadcast
as part of the wireless beacon, rather than as a separate broadcast.

Schedule IDS Scan: Select a time when there are fewer demands on
the wireless network to schedule an Intrusion Detection Service (IDS) scan to minimize the inconvenience of dropped wireless connections.
Data Rate: Select the speed at which the data is transmitted and
received. Best automatically selects the best rate available in your area given interference and other factors. Or you can manually select a data rate. effects the range of the SonicPoint. You can select: Full Power, Half (-3 dB), Quarter (-6 dB), Eighth (-9 dB), or Minimum.
Transmit Power: Select the transmission power. Transmission power
Antenna Diversity: The Antenna Diversity setting determines which
antenna the SonicPoint uses to send and receive data. You can select:
Best: This is the default setting. When Best is selected, the
SonicPoint automatically selects the antenna with the strongest, clearest signal. In most cases, Best is the optimal setting.
1: Select 1 to restrict the SonicPoint to use antenna 1 only. Facing
the rear of the SonicPoint, antenna 1 is on the left, closest to the power supply.
2: Select 2 to restrict the SonicPoint to use antenna 2 only. Facing
the rear of the SonicPoint, antenna 2 is on the right, closest to the console port.
506
Beacon Interval (milliseconds): Enter the number of milliseconds
between sending out a wireless beacon.

DTIM Interval: Enter the interval in milliseconds. Fragmentation Threshold (bytes): Enter the number of bytes of
fragmented data you want the network to allow.

RTS Threshold (bytes): Enter the number of bytes. Maximum Client Associations: Enter the maximum number of
clients you want the SonicPoint to support on this radio at one time.
Preamble Length: Select the length of the preamble--the initial
wireless communication send when associating with a wireless host. You can select Long or Short.
Protection Mode: Select the CTS or RTS protection. Select None,
Always, or Auto. None is the default. Mbps, 2 Mbps, 5 Mbps, or 11 Mbps.
Protection Rate: Select the speed for the CTS or RTS protection, 1 Protection Type: Select the type of protection, CTS-only or
RTS-CTS.
CCK OFDM Power Delta: Select the difference in radio transmit
power you will allow between the 802.11b and 802.11g modes: 0 dBm, 1 dBm, or 2 dBm.
Enable Short Slot Time: Allow clients to disassociate and
reassociate more quickly.

Allow Only 802.11g Clients to Connect: Use this if you are using
Turbo G mode and therefore are not allowing 802.11b clients to connect.
Step 5
Configure the settings in the 802.11a Radio and 802.11a Advanced tabs. These settings affect the operation of the 802.11a radio bands. The SonicPoint has two separate radios built in. Therefore, it can send and receive on both the 802.11a and 802.11g bands at the same time.
The settings in the 802.11a Radio and 802.11a Advanced tabs are similar to the settings in the 802.11g Radio and 802.11g Advanced tabs. Follow the instructions in step 3 and step 4 in this procedure to configure the 802.11a radio. When a SonicPoint unit is first connected and powered up, it will have a factory default configuration (IP address 192.168.1.20, username: admin, password: password). Upon initializing, it will attempt to find a SonicOS device with which to peer. If it is unable to find a peer SonicOS device, it will enter into a stand-alone mode of operation with a separate stand-alone configuration allowing it to operate as a standard Access Point.
507
If the SonicPoint does locate, or is located by a peer SonicOS device, via the SonicWALL Discovery Protocol, an encrypted exchange between the two units will ensue wherein the profile assigned to the relevant Wireless zone will be used to automatically configure (provision) the newly added SonicPoint unit. As part of the provisioning process, SonicOS will assign the discovered SonicPoint device a unique name, and it will record its MAC address and the interface and zone on which it was discovered. It can also automatically assign the SonicPoint an IP address, if so configured, so that the SonicPoint can communicate with an authentication server for WPA-EAP support. SonicOS will then use the profile associated with the relevant zone to configure the 2.4GHz and 5GHz radio settings. Modifications to profiles will not affect units that have already been provisioned and are in an operational state. Configuration changes to operational SonicPoint devices can occur in two ways:
Via manual configuration changes Appropriate when a single, or a small set of changes are to be affected, particularly when that individual SonicPoint requires settings that are different from the profile assigned to its zone. Via un-provisioning Deleting a SonicPoint unit effectively un-provisions the unit, or clears its configuration and places it into a state where it will automatically engage the provisioning process anew with its peer SonicOS device. This technique is useful when the profile for a zone is updated or changed, and the change is set for propagation. It can be used to update firmware on SonicPoints, or to simply and automatically update multiple SonicPoint units in a controlled fashion, rather than changing all peered SonicPoints at once, which can cause service disruptions.
Updating SonicPoint Settings

You can change the settings of any individual SonicPoint list on the SonicPoint > SonicPoints page.
Edit SonicPoint settings

To edit the settings of an individual SonicPoint:
1. 2.
Under SonicPoint Settings, click the Edit icon SonicPoint you want to edit.
in the same line as the
In Edit SonicPoint screen, make the changes you want. The Edit SonicPoint screen has the following tabs:
General
508
802.11a Radio 802.11a Advanced 802.11g Radio 802.11g Advanced
The options on these tabs are the same as the Add SonicPoint Profile screen. See SonicPoint Provisioning Profiles for instructions on configuring these settings.
3.
Click OK to apply these settings.
Synchronize SonicPoints
Click Synchronize SonicPoints at the top of the SonicPoint > SonicPoints page to update the settings for each SonicPoint reported on the page. When you click Synchronize SonicPoints, SonicOS polls all connected SonicPoints and displays updated settings on the page.
Enable and Disable Individual SonicPoints

You can enable or disable individual SonicPoints on the SonicPoint > SonicPoints page:
1. 2. 3. 4.
Check the box under Enable to enable the SonicPoint, uncheck the box to disable it. Click Apply at the top of the SonicPoint > SonicPoints page to apply this setting to the SonicPoint. Click the SonicPoints option. GMS displays the SonicPoints dialog box. Click Add. GMS displays the Add SonicPoint Profile dialog box containing a series of tabs.
SonicPoint WLAN Scheduling

GMS now supports scheduling activation of both 802.11a Radio and 802.11g Radio devices. To schedule these devices, perform the following steps:
1. 2.
Navigate to the Policies Panel. Select either a SonicPoint G or SonicPoint A device in the unit list.
509
3. 4. 5. 6. 7.
In the Navigation Bar, click the SonicPoint menu to display SonicPoint options. Click the SonicPoints option. GMS displays the SonicPoints dialog box. Click on an existing SonicPoint device in the device list or click Add. GMS displays the SonicPoint Profile dialog box containing a series of tabs. Click either the 802.11g Radio or 802.11a Radio Tab, depending on which device you want to schedule. Click on the Schedule list box at the top of the screen to the right of the Enable checkbox. The following figure is an example of a scheduling list box (for 802.11g).
Updating SonicPoint Firmware

SonicOS Enhanced 2.5 (or greater) contains an image of the SonicPoint firmware. When you connect a SonicPoint to a security appliance running SonicOS Enhanced 2.5 (or greater), the appliance checks the version of the SonicPoints firmware, and automatically updates it, if necessary.
Automatic Provisioning (SDP & SSPP)

The SonicWALL Discovery Protocol (SDP) is a layer 2 protocol employed by SonicPoints and devices running SonicOS Enhanced 2.5 and higher. SDP is the foundation for the automatic provisioning of SonicPoint units via the following messages:
Advertisement SonicPoint devices without a peer will periodically and on startup announce or advertise themselves via a broadcast. The advertisement will include information that will be used by the receiving SonicOS device to ascertain the state of the SonicPoint. The SonicOS device will then report the state of all peered SonicPoints, and will take configuration actions as needed.
510
Viewing Station Status
Discovery SonicOS devices will periodically send discovery request broadcasts to elicit responses from L2 connected SonicPoint units. Configure Directive A unicast message from a SonicOS device to a specific SonicPoint unit to establish encryption keys for provisioning, and to set the parameters for and to engage configuration mode. Configure Acknowledgement A unicast message from a SonicPoint to its peered SonicOS device acknowledging a Configure Directive. Keepalive A unicast message from a SonicPoint to its peered SonicOS device used to validate the state of the SonicPoint.
If via the SDP exchange the SonicOS device ascertains that the SonicPoint requires provisioning or a configuration update (e.g. on calculating a checksum mismatch, or when a firmware update is available), the Configure directive will engage a 3DES encrypted, reliable TCP based SonicWALL Simple Provisioning Protocol (SSPP) channel. The SonicOS device will then send the update to the SonicPoint via this channel, and the SonicPoint will restart with the updated configuration. State information will be provided by the SonicPoint, and will be viewable on the SonicOS device throughout the entire discovery and provisioning process.

Station Status allows the administrator to view status and individual statistics for all SonicPoint devices connected to the currently selected UTM appliance.
Event and Statistics Reporting

The SonicPoint > Station Status page reports on the statistics of each SonicPoint. The table lists entries for each wireless client connected to each SonicPoint. The sections of the table are divided by SonicPoint. Under each SonicPoint, is the list of all clients currently connected to it. Click the Refresh button in the top right corner to refresh the list. By default, the page displays the first 50 entries found. Click the First Page , Previous Page , Next Page , and Last Page icons to navigate if you need to view more than 50 entries. Each SonicPoint device reports for both radios, and for each station, the following information to its SonicOS peer:
MAC Address The clients (Stations) hardware address

511
Station State The state of the station. States can include:

None No state information yet exists for the station Authenticated The station has successfully authenticated. Associated The station is associated. Joined The station has joined the ESSID. Connected The station is connected (joined, authenticated or
associated).
Up An Access Point state, indicating that the Access Point is up and
running.
Down An Access Point state, indicating that the Access Point is not
running.

Associations Total number of Associations since power up. Dis-Associations Total number of Dis-Associations. Re-Associations Total number of Re-Associations. Authentications Number of Authentications. De-Authentications Number of De-Authentications. Good Frames Received Total number of good frames received. Good Frames Transmitted Total number of good frames transmitted. Error in Receive Frames Total number of error frames received. Error in Transmit Frames Total number of error frames transmitted. Discarded Frames Total number of frames discarded. Discarded frames are generally a sign of network congestion. Total Bytes received Total number of bytes received. Total Bytes Transmitted Total number of bytes transmitted. Management Frames Received Total number of Management frames received. Management Frames include:
Association request Association response Re-association request Re-association response Probe request Probe response Beacon frame
512
Using and Configuring SonicPoint IDS
ATIM message Disassociation Authentication De-authentication
Management Frames Transmitted Total number of Management frames transmitted. Control Frames Received Total number of Control frames received. Control frames include:
RTS Request to Send CTS Clear to Send ACK Positive Acknowledgement
Control Frames Transmitted Total number of Control frames transmitted. Data Frames Received Total number of Data frames received. Data Frames Transmitted Total number of Data frames transmitted.

Intrusion Detection Services should be configured before using wireless access points.
Detecting SonicPoint Access Points

You can have many wireless access points within reach of the signal of the SonicPoints on your network. The SonicPoint > IDS page reports on all access points the TZ 170 Wireless can find by scanning the 802.11a and 802.11g radio bands.
Wireless Intrusion Detection Services

Intrusion Detection Services (IDS) greatly increase the security capabilities of the TZ 170 with SonicOS Enhanced by enabling it to recognize and even take countermeasures against the most common types of illicit wireless activity. IDS consists of three types of services, namely, Sequence Number Analysis, Association Flood Detection, and Rogue Access Point Detection. IDS logging and notification can be enabled under Log > Enhanced Log Settings by selecting the WLAN IDS checkbox under Log Categories and Alerts.
513
Intrusion Detection Settings

Rogue Access Points have emerged as one of the most serious and insidious threats to wireless security. In general terms, an access point is considered rogue when it has not been authorized for use on a network. The convenience, affordability and availability of non-secure access points, and the ease with which they can be added to a network creates a easy environment for introducing rogue access points. Specifically, the real threat emerges in a number of different ways, including unintentional and unwitting connections to the rogue device, transmission of sensitive data over non-secure channels, and unwanted access to LAN resources. So while this doesn't represent a deficiency in the security of a specific wireless device, it is a weakness to the overall security of wireless networks. The security appliance can alleviate this weakness by recognizing rogue access points potentially attempting to gain access to your network. It accomplishes this in two ways: active scanning for access points on all 802.11a and 802.11g channels, and passive scanning (while in Access Point mode) for beaconing access points on a single channel of operation.
Scanning for Access Points

Active scanning occurs when the security appliance starts up, and at any time Scan Now is clicked on the SonicPoint > IDS page. When the security appliance performs a scan, a temporary interruption of wireless clients occurs for no more than a few seconds. This interruption manifests itself as follows:

Non-persistent, stateless protocols (such as HTTP) should not exhibit any ill-effects. Persistent connections (protocols such as FTP) are impaired or severed. WiFiSec connections should automatically re-establish and resume with no noticeable interruption to the client.
If service disruption is a concern, it is recommended that the Scan Now feature not be used while the TZ 170 Wireless is in Access Point mode until such a time that no clients are active, or the potential for disruption becomes acceptable.
Warning
Discovered Access Points

The Discovered Access points displays information on every access point that can be detected by the SonicPoint radio:
514
SonicPoint: The SonicPoint that detected the access point. MAC Address (BSSID): The MAC address of the radio interface of the detected access point. SSID: The radio SSID of the access point. Type: The range of radio bands used by the access point, 2.4 GHz or 5 GHz. Channel: The radio channel used by the access point. Manufacturer: The manufacturer of the access point. SonicPoints will show a manufacturer of either SonicWALL or Senao. Signal Strength: The strength of the detected radio signal Max Rate: The fastest allowable data rate for the access point radio, typically 54 Mbps. Authorize: Click the Authorize icon to add the access point to the address object group of authorized access points.
If you have more than one SonicPoint, you can select an individual device from the SonicPoint list to limit the Discovered Access Points table to display only scan results from that SonicPoint. Select All SonicPoints to display scan results from all SonicPoints.
Authorizing Access Points on Your Network

Access Points detected by the security appliance are regarded as rogues until they are identified to the security appliance as authorized for operation. To authorize an access point, it can be manually added to the Authorized Access Points list by clicking the Edit icon in the Authorize column and specifying its MAC address (BSSID) along with an optional comment. Alternatively, if an access point is discovered by the security appliance scanning feature, it can be added to the list by clicking the Authorize icon. When a SonicPoint detects a non-SonicPoint access point, a table with the following information displays:
Table 9 Discovered Access Points
Column SonicPoint MAC Address (BSSID) SSID
Description The SonicPoint that detected the access point. The MAC address of the radio interface of the detected access point. The radio SSID of the access point.
515
Using and Configuring Virtual Access Points
Column Type Channel Manufacturer
Signal Strength Max Rate Authorize
Description The range of radio bands used by the access point, 2.4 GHz or 5 GHz The radio channel used by the access point. The manufacturer of the access point. SonicPoints will show a manufacturer of either SonicWALL or Senao. The strength of the detected radio signal. The strength of the detected radio signal. Adds the access point to the address object group of authorized access points.

A Virtual Access Point (VAP) is a multiplexed instantiation of a single physical Access Point (AP) so that it presents itself as multiple discrete Access Points. To wireless LAN clients, each Virtual AP appears to be an independent physical AP, when there is actually only a single physical AP. Before Virtual AP feature support, wireless networks were relegated to a one-to-one relationship between physical Access Points and wireless network security characteristics, such as authentication and encryption. For example, an Access Point providing WPA-PSK security could not simultaneously offer Open or WPA-EAP connectivity to clients. If Open or WPA-EAP were required, they would need to have been provided by a separate, distinctly configured APs. This forced WLAN network administrators to find a solution to scale their existing wireless LAN infrastructure to provide differentiated levels of service. With the Virtual APs (VAP) feature, multiple VAPs can exist within a single physical AP in compliance with the IEEE 802.11 standard for the media access control (MAC) protocol layer that includes a unique Basic Service Set Identifier (BSSID) and Service Set Identifier (SSID). This allows segmenting wireless network services within a single radio frequency footprint of a single physical access point device. In SonicOS Enhanced 3.5, VAPs allow the network administrator to control wireless user access and security settings by setting up multiple custom configurations on a single physical interface. Each of these custom configurations acts as a separate (virtual) access point, and can be grouped and enforced on single or multiple physical SonicPoint access points simultaneously. 516
In GMS, you can configure VAPs on the Policies panel, SonicPoint > Virtual Access Point screen.
Configuring Virtual Access Point Groups

To add or configure VAP Groups:
1. 2.
On the Policies panel, navigate to the SonicPoint > Virtual Access Point screen. Click Add Group. The Add Virtual Access Point Group dialog box displays.
3.
Enter the VAP group name in the Virtual AP Group Name field.
517
4.
In Available Virtual AP Objects, select the objects that should be in the VAP group, and then click the arrow button to move them to Member of Virtual AP Group. To remove objects from the group, select them in the Member of Virtual AP Group field and then click the left arrow button to move back to the Available list. Click OK. In the SonicPoint > Virtual Access Point screen, click Update.
5.
6. 7.
Configuring Virtual Access Points

To add or configure Virtual Access Points:
1. 2.
On the Policies panel, navigate to the SonicPoint > Virtual Access Point screen. Click Add Virtual Access Point. The Add Virtual Access Point dialog box displays.
3.
On the General tab, enter the SSID associated with the VAP. You can create a service set identifier (SSID) when creating a SonicPoint profile. See SonicPoint Provisioning Profiles on page 497. Select Enable Virtual Access Point. You can also deselect this checkbox to disable the VAP without deleting it completely. To suppress the SSID, select Enable SSID Suppress. Click the Advanced tab. On the Advanced tab, configure the following:
Profile Name: Select the VAP profile from the drop-down list. Radio Type: Select the radio type from the drop-down list. Authentication Type: Select the authentication type from the
4. 5. 6. 7.
drop-down list. 518

Unicast Cipher: Select the unicast cipher from the drop-down list. Multicast Cipher: Select the multicast cipher from the drop-down list. Maximum Clients: Enter the maximum number of clients. 8. 9.
Click OK. In the SonicPoint > Virtual Access Point screen, click Update.
Configuring Virtual Access Point Profiles

To add or configure VAP profiles:
1. 2.
On the Policies panel, navigate to the SonicPoint > Virtual Access Point screen. Click Add Virtual Access Point Profile. The Add Virtual Access Point Profile dialog box displays.
3.
Configure the following:

Radio Type: Select the radio type from the drop-down list. Profile Name: Select the VAP profile from the drop-down list. Authentication Type: Select the authentication type from the
drop-down list.
Unicast Cipher: Select the unicast cipher from the drop-down list. Multicast Cipher: Select the multicast cipher from the drop-down list. Maximum Clients: Enter the maximum number of clients. 4. 5.
Click OK. In the SonicPoint > Virtual Access Point screen, click Update.
519
520
CHAPTER 23 Configuring Wireless Options

This chapter describes how to configure wireless connectivity options for wireless SonicWALL appliances. Included in this chapter are the following sections:

Configuring General Wireless Settings section on page 522 Configuring Wireless Security Settings section on page 525 Configuring Advanced Wireless Settings section on page 530 Configuring MAC Filter List Settings section on page 533 Configuring Intrusion Detection Settings section on page 535
521
Configuring General Wireless Settings

This section describes how to configure general wireless settings. To do this, perform the following steps:
1. 2.
Select a wireless SonicWALL appliance. Expand the Wireless tree and click Settings. The Settings page displays. The Wireless > Settings page provides different options for SonicOS Enhanced and SonicOS Standard.
Note
The page for SonicOS Standard is shown below:
522
The page for SonicOS Enhanced is shown below:
3. 4. 5.
Select whether the SonicWALL appliance will act as an Access Point or a Wireless Bridge from the Radio Role list box. To enable Wireless networking on this device, select the Enable WLAN Radio check box. For SonicOS Standard, configure Use Time Constraints to set hours of operation for this wireless device. For SonicOS Enhanced, select the schedule from the Schedule list box. For SonicOS Standard only, optionally select SSL-VPN Enforcement and configure the Server Address and Server Port fields to add SSL-VPN enforcement to this wireless device. For SonicOS Standard only, select WiFiSec Enforcement to enable WiFiSec security over this wireless device. For SonicOS Standard only, if using WiFiSec Enforcement, you can choose to Require WiFiSec for Site-to-Site VPN Tunnel Traversal. This option is selected by default when enabling both SSL-VPN and WiFiSec simultaneously. For SonicOS Standard only, if using WPA encryption, you can choose to Trust WPA traffic as WiFiSec. choose Enable WiFiSec Service Exception List. With this checkbox selected, select a service from the list and click the Add button.
6.
7. 8.
9.
10. For SonicOS Standard only, if using WiFiSec enforcement, you can
523
11. Enter the IP address and subnet mask of the Wireless LAN port in the
WLAN IP Address and WLAN Subnet Mask fields. SSID field (maximum: 32 characters).
12. Enter the Service Set Identifier (SSID) or wireless network name in the 13. Select an applicable wireless Radio Mode form the list-box. 14. Select an applicable Country Code from the list-box. 15. Select a wireless channel to use from the Channel list box. 16. When you are finished, click Update. The settings are changed for the
Wireless Radio Operating Schedule

Wireless Schedule allows you to specify time periods of operation for the WLAN. This feature is available in the Wireless > Settings screen. In SonicOS Standard, it is available under the section Use Time Constraints, and in SonicOS Enhanced, it is available as Schedule drop-down list and at unit Level this section is displayed depending on whether it is SonicOS Standard or Enhanced. At group level, both options are shown with text in italics indicating which section applies to SonicOS Standard and SonicOS Enhanced.
524
Configuring Wireless Security Settings

This section describes how to configure wireless security settings. To configure the security settings, perform the following steps:
1. 2.
Select a wireless SonicWALL appliance. Expand the Wireless tree and click Security. The fields on this screen will change depending on the Authentication Type that you select.
WEP Encryption Settings

Open-system authentication is the only method required by 802.11b. In open-system authentication, the SonicWALL allows the wireless client access without verifying its identity. Shared-key authentication uses Wired Equivalent Privacy (WEP) and requires a shared key to be distributed to wireless clients before authentication is allowed. The SonicWALL TZ 170 Wireless and later TZ Series security appliances provide the option of using Open System, Shared Key, or both when WEP is used to encrypt data. If Both Open System & Shared Key is selected, the Default Key assignments are not important as long as the identical keys are used each field. If Shared Key is selected, then the key assignment is important. To configure WEP on the SonicWALL, perform the following tasks:
1.
On the Policies panel, click Wireless, then Security.

525
2.
Select a WEP authentication type from the Authentication Type list. Shared Key is selected by default.
WEP Encryption Keys

If you selected Both (Open System & Shared Key) or Shared Key above, you must configure one or more keys and select the default. SonicOS supports the 802.11a and 802.11g standards, which includes 64-bit, 128-bit, and 152-bit encryption for WEP.
1. 2.
Select the default key to use, 1,2,3, or 4, from the Default Key drop-down list Select the key type to be either Alphanumeric or Hexadecimal. The number of characters you enter is different for each because an alphanumeric (or ASCII) character contains 8 bits, and a hexadecimal character contains only 4 bits.
Table 10 WEP Encryption Key Types
WEP - 64-bit
Alphanumeric - 5 characters (0-9, A-Z) Hexadecimal - 10 characters (0-9, A-F) 3. 4. 5.
WEP - 128-bit
Alphanumeric - 13 characters (0-9, A-Z) Hexadecimal - 26 characters (0-9, A-F)
WEP - 152-bit
Alphanumeric - 16 characters (0-9, A-Z) Hexadecimal - 32 characters (0-9, A-F)
Type your keys into each field. For each key, select 64-bit, 128-bit, or 152-bit from the drop-down list next to the Key field. 152-bit is the most secure. Click Update.
WPA and WPA2 Encryption Settings

You can configure Wi-Fi Protected Access as WPA or WPA2 in GMS. Either of these provides better security than WEP. WPA and WPA2 support two protocols for storing and generating keys:
Extensible Authentication Protocol (EAP): EAP allows WPA/WPA2 to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.
526
Pre-Shared Key (PSK): PSK allows WPA/WPA2 to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.
WPA and WPA2 support is only available in Access Point Mode. WPA and WPA2 support is not available in Bridge Mode.
To configure WPA or WPA2 security on the SonicWALL, perform the following tasks:
1. 2.
On the Policies panel, click Wireless, then Security. Under Encryption Mode, select a WPA or WPA2 authentication type from the Authentication Type list. You can choose from the following authentication types:
WPA-PSK WPA-EAP WPA2-PSK WPA2-EAP WPA2-AUTO-PSK WPA2-AUTO-EAP
The screen changes to display the configurable fields. The same configuration fields are displayed for all authentication types that employ PSK, and the same configuration fields are displayed for all authentication types that employ EAP.
527
WPA and WPA2 Settings

For both PSK and EAP authentication types, the fields under WPA Settings are the same. To configure the WPA Settings fields:
1.
Select one of the following in the Cipher Type drop-down list:

TKIP -Temporal Key Integrity Protocol (TKIP) is a protocol for
enforcing key integrity on a per-packet basis.

AES - Advanced Encryption Standard (AES) is a block cipher adopted
as an encryption standard in 2002. It is widely used in symmetric key cryptography.

Auto - Allows the SonicWALL to automatically select either TKIP or
AES.
2.
Select one of the following to determine when to update the key in the Group Key Update drop-down list:
By Timeout - Generates a new group key after an interval specified in
seconds.
Disabled - Uses a static key that is never regenerated. 3.
If you selected By Timeout, enter the number of seconds before WPA or WAP2 automatically generates a new group key into the Interval field.
Preshared Key Settings (PSK)

For all authentication types involving PSK, do the following:
1. 2.
Type the passphrase from which the key is generated into the Passphrase field. Do one of the following:
To apply the settings, click Update. To clear all screen settings and start over, click Reset.
528
Extensible Authentication Protocol (EAP) Settings

For all authentication types involving EAP, the lower part of the screen displays fields for RADIUS configuration.
For all authentication types involving EAP, do the following:

1. 2. 3. 4. 5. 6. 7.
Type the IP address of the primary RADIUS server into the Radius Server 1 IP field. Type the port number used to communicate with the primary RADIUS server into the Port field. Type the password for access to the primary Radius Server into the Radius Server 1 Secret field. Type the IP address of the secondary RADIUS server into the Radius Server 2 IP field. Type the port number used to communicate with the secondary RADIUS server into the Port field. Type the password for access to the secondary Radius Server into the Radius Server 2 Secret field. Do one of the following:
To apply the settings, click Update. To clear all screen settings and start over, click Reset.
529
Configuring Advanced Wireless Settings

This section describes how to configure advanced wireless settings for both SonicOS Standard and SonicOS Enhanced. To do this, perform the following steps:
1. 2.
Select a wireless SonicWALL appliance. Expand the Wireless tree and click Advanced. The Advanced screen displays. The Wireless > Advanced page provides different options for SonicOS Standard and SonicOS Enhanced. Also, SonicOS Standard 3.8 displays six more fields than earlier versions of SonicOS Standard.
Note
SonicOS Standard:
530
The SonicOS Enhanced page has different fields than those in SonicOS Standard.
3.
Select Hide SSID in Beacon. If you select Hide SSID in Beacon, your wireless network is invisible to anyone who does not know your SSID. This is a good way to prevent drive by hackers from seeing your wireless connection.
Note
This provides marginal security as Probe Responses and other 802.11 frames contain the SSID.
4.
Enter how often (in milliseconds) a beacon will be sent in the Beacon Interval field. Decreasing the interval time makes passive scanning more reliable and faster because Beacon frames announce the network to the wireless connection more frequently. To specify the maximum number of wireless clients, enter the limit in the Maximum Client Associations field. Wireless clients are devices that attempt to access the wireless SonicWALL appliance.
5.
531
6.
Select the following Advanced Radio Settings:

The Antenna Diversity setting determines which antenna the
SonicWALL Wireless uses to send and receive data. You can select:
Best: This is the default setting. When Best is selected, the
SonicWALL Wireless automatically selects the antenna with the strongest, clearest signal. In most cases, Best is the optimal setting.
1: Select 1 to restrict the SonicWALL Wireless to use antenna 1
only. Facing the rear of the SonicWALL, antenna 1 is on the left, closest to the console port. You can disconnect antenna 2 when using only antenna 1.
2: Select 2 to restrict the SonicWALL Wireless to use antenna 2
only. Facing the rear of the SonicWALL, antenna 2 is on the right, closest to the power supply. You can disconnect antenna 1 when using only antenna 2.
Select High from the Transmit Power menu to send the strongest
signal on the WLAN. For example, select High if the signal is going from building to building. Medium is recommended for office to office within a building, and Low or Lowest is recommended for shorter distance communications.
Select Short or Long from the Preamble Length menu. Short is
recommended for efficiency and improved throughput on the wireless network.

The Fragmentation Threshold (bytes) is 2346 by default. Increasing
the value means that frames are delivered with less overhead but a lost or damaged frame must be discarded and retransmitted.
The RTS Threshold (bytes) is 2432 by default. If network throughput
is slow or a large number of frame retransmissions is occurring, decrease the RTS threshold to enable RTS clearing.
The default value for the DTIM Interval is 3. Increasing the DTIM
Interval value allows you to conserve power more effectively.

The Station Timeout (seconds) is 300 seconds by default. If your
network is very busy, you can increase the timeout by increasing the number of seconds in this field.
For SonicOS Standard 3.8 and above, select the wireless
transmission rate from the Data Rate drop-down list. You can select Best or a value between 1 and 54 megabits per second (Mbps). The default is 48 Mbps.
532
Configuring MAC Filter List Settings
For SonicOS Standard 3.8 and above, in the Protection Mode
drop-down list, select None, Always or Auto. Use Always or Auto to prevent transmission frame collisions when you have multiple wireless nodes.
For SonicOS Standard 3.8 and above, in the Protection Rate
drop-down list, select 1 Mbps, 2 Mbps, 5 Mbps or 11 Mbps. The Protection Rate specifies the transmission rate for the Request-To-Send (RTS) and Clear-To-Send (CTS) frames. The default is 5 Mbps. drop-down list, select RTS-CTS or CTS-only. RTS-CTS is the mechanism used by the 802.11 wireless networking protocol to reduce frame collisions. The node wishing to transmit data sends an RTS frame. The destination node replies with a CTS frame. Other wireless nodes within range refrain from sending data for a specified time to avoid collisions. The default is RTS-CTS. drop-down list, select 0 dBm, 1dBm or 2 dBm. Complementary Code Keying (CCK) and Orthogonal Frequency Division Multiplexing (OFDM) are digital modulation techniques used in wireless networks using the 802.11 specifications. This field specifies the change in power used in the modulation, expressed in decibels per milliwatt (dBm). Zero dBm equals one milliwatt. Two dBm is less than two milliwatts. Time checkbox to minimize the time to wait before transmitting. Slot time is the time required for a transmission to reach the destination. The default is to enable a short slot time.
For SonicOS Standard 3.8 and above, in the Protection Type
For SonicOS Standard 3.8 and above, in the CCK OFDM Power Delta
For SonicOS Standard 3.8 and above, select the Enable Short Slot
7.

Wireless SonicWALL appliances can allow or block wireless devices based on their MAC addresses. To configure the MAC filter list, perform the following steps:
1. 2.
Select a wireless SonicWALL appliance, a group, or the global icon. Expand the Wireless tree and click MAC Filter List. The MAC Filter List screen displays.
533
Note
The MAC Filter List provides different options in SonicOS Standard and SonicOS Enhanced.
SonicOS Enhanced provides drop-down lists for the Allow and Deny lists.
3. 4.
To enable the MAC filter list for the selected device(s), select the Enable MAC Filter List check box. For SonicOS Standard, to add a MAC address to the filter list, enter the address in the MAC Address List field, check either Allow or Block, add any comments to the Comment field. Click Add MAC Address. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept. Repeat these step for each MAC address that you want to add in SonicOS Standard. selected SonicWALL appliance(s). To clear all screen settings and start over, click Reset.
5. 6. 7. 8. 9.
534
Configuring Intrusion Detection Settings
11. For SonicOS Enhanced only, select one of the options from the Allow List
and Deny List list boxes.
12. Click Update. The scheduler displays. 13. Expand Schedule by clicking the plus icon. 14. Select Immediate or specify a future date and time. 15. Click Accept.

This section describes how to configure intrusion detection settings (IDS) for wireless SonicWALL appliances. To configure the IDS, perform the following steps:
1. 2. 3. 4.
Select a wireless SonicWALL appliance, a group, or the global icon. Expand the Wireless tree and click IDS. The IDS screen displays. Select Enable Client Null Probing Detection to enable client null probe detection. Hackers can cause a Denial-of-Service (DoS) attack by flooding a wireless network with association requests. To combat this, select the Enable Association Flood Detection check box. The default association flood threshold is 10 association attempts within 5 seconds. To change this setting, enter new flood threshold values. To block the MAC address of a computer or device attempting this attack, select the Block station's MAC address in response to an association flood field.
5.
To access a network, hackers can set up a rogue access point that will intercept communications with legitimate users attempting to access a legitimate access point. This man-in-the-middle attack can expose passwords and other network resources. To enable detection of rogue access points, select the Enable Rogue Access Point Detection check box. In SonicOS Standard only, to prevent rogue access points, you must specify each authorized access point within the network. To do so, enter the MAC address of an access point in the MAC Address (BSSID) field and click Add. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time.
6.
7. 8.
535
9.
Click Accept. Information from Firewall.
10. For SonicOS Standard only, click Request Discovered Access Points 11. For SonicOS Standard only, click Scan Now... 12. For SonicOS Enhanced only, to authorize access points, select one of the
options from the Authorized Access Points list box.
selected SonicWALL appliance(s). To clear all screen settings and start over, click Reset.
536
CHAPTER 24 Configuring Wireless Guest Services

This chapter describes how to configure Wireless Guest Services (WGS) enabled appliances running SonicOS Standard. For appliances running SonicOS Standard, these configuration options are available at the unit level. Wireless Guest Services allows the administrator to configure wireless access points for guest access. Wireless Guest Services is configured with optional custom login pages, user accounts and is compatible with several different authentication methods including those which require external authentication. Included in this chapter are the following sections:

Configuring Wireless Guest Services Settings section on page 538 Configuring the URL Allow List section on page 541 Denying Access to Networks with the IP Deny List section on page 542 Configuring the Custom Login Screen section on page 543 Configuring External Authentication section on page 544
537
Configuring Wireless Guest Services Settings

This section describes how to configure wireless settings for Wireless Guest Services. To do this, perform the following steps:
1. 2.
In the TreeControl pane, select a wireless SonicWALL appliance. In the center pane, navigate to WGS > Settings. The Settings page displays.
3. 4.
To enable Wireless Guest Services on this device, select the Enable Wireless Guest Services check box. Check the Bypass Guest Authentication checkbox to allow a SonicPoint running WGS to integrate into environments which are already using some form of user-level authentication. This feature automates the WGS authentication process, allowing wireless users to reach WGS resources without requiring authentication. The Bypass Guest Authentication feature should only be used when unrestricted WGS access is desired, or when another device upstream of the SonicPoint is enforcing authentication. Check the Bypass Filters for Guest Accounts check box to disable filtering for guest accounts.
Note
5.
538
6.
Check the Dynamic Address Translation (DAT) checkbox to enable DAT. This option saves wireless clients the hassle of reconfiguring their IP address and network settings. If this option is disabled (un-checked), wireless guest users must either have DHCP enabled, or an IP addressing scheme compatible with the SonicPoints network settings. Check the Enable SMTP Redirect checkbox and enter the following information:
Server IPenter an SMTP Server IP address to which to redirect
7.
SMTP traffic incoming on this zone

Server Portenter the port number for SMTP traffic on the Server. This
is available at the group and global level, and for units running SonicOS Standard 3.8 and above. The default is port is 25.
8.
Check the Custom Post Authentication Redirect page checkbox and enter a URL to redirect wireless guests to a custom page after successful login To limit the number of concurrent guests, enter the maximum number in the Maximum Concurrent Guests field. Guest on page 540.
9.
10. To add a new guest, click Add New Wireless Guest. See Adding a 11. When you are finished, click Update. The settings are changed for the
539
Adding a Guest
You can add a new guest to Wireless Guest Services from the WGS > Settings page. To add a guest:
1. 2.
Select a wireless SonicWALL appliance and navigate to WGS > Settings. Click Add New Wireless Guest. The Add New Wireless Guest dialog box displays.
3.
In the Account Profile drop-down list, select the WGS account profile to use for this account. This field is only visible when one or more WGS profiles have been created in the current view. Views that provide the WGS Profiles screen include the global and group levels, and unit level for appliances running SonicOS Standard 3.8 and above. Select the Enable Account checkbox to enable the guest account. Select the Auto-Prune Account checkbox to automatically remove the account when its lifetime expires. Select the Enforce login uniqueness checkbox to prevent more than one guest from logging in with the account at the same time. In the Account Name field, enter the username for the guest account. In the Account Password field, enter the password for the guest account. In the Confirm Password field, re-enter the password for the guest account.
4. 5. 6. 7. 8. 9.
540
Configuring the URL Allow List
10. In the Account Lifetime field, select the maximum lifetime of the guest
account.
11. In the Session Timeout field, set the time limit for a guest login session. 12. In the Idle Timeout field, enter a number and select a time period that the
guest can be idle at the computer before the session times out.
13. In the Comment field, add any comments. 14. Click Update.
Configuring the URL Allow List

The URL allow list specifies URLs that can be accessed by unauthenticated users. To configure this list, perform the following steps:
Note 1. 2.
The URL Allow list is not supported in SonicOS Enhanced. Select a wireless SonicWALL appliance. Expand the WGS tree and click URL Allow List. The URL Allow List page displays.
3.
To enable the URL Allow List, select the Enable URL Allow List for Unauthenticated Users check box.
541
Denying Access to Networks with the IP Deny List
4.
To add a URL to the URL Allow List, enter a URL in the Allowed URLs text field and click Add. Repeat this step for each URL that you would like to add. To delete a URL in the URL Allow List, check the box next to the URL to delete and click the trash can icon. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
5.
Denying Access to Networks with the IP Deny List

To specify networks that authenticated users will not be allowed to access, perform the following steps:
Note 1. 2.
The IP Deny List is not supported in SonicOS Enhanced. Select a wireless SonicWALL appliance. Expand the WGS tree and click IP Deny List. The IP Deny List page displays.
3.
To enable the IP Deny List, select the Enable IP Address Deny List for Authenticated Users check box.
542
Configuring the Custom Login Screen
4.
To add a URL to the IP Deny List, enter an IP address and subnet mask and click Add IP Deny Entry. Repeat this step for each URL that you would like to add. To delete a URL from the IP Deny List, check the box next to the URL to delete and click the trash can icon. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
5.
Configuring the Custom Login Screen

The Custom Login page is used to configure the login page that will be accessed by guest users attempting to connect to the wireless SonicWALL appliance. To configure the Custom Login page, perform the following steps:
Note 1. 2.
The Custom Login screen is not supported in SonicOS Enhanced. Select a wireless SonicWALL appliance running SonicOS Standard. Expand the WGS tree and click Custom Login. The Custom Login page displays.
3. 4.
To customize the login page, select the Customize Login Page check box. To display the custom login page only when the connection is made through the Wireless LAN, select the Display Custom Login Page on WLAN Only check box.
543
Configuring External Authentication
5.
The body of the login page will contain the username and password fields that the user must access to authenticate with the SonicWALL appliance. To configure the header and footer text, select from the following:
To display custom header and footer URLs, enter the URLs in the
Custom Header URL and Custom Footer URL fields. Custom Header Text and Custom Footer Text fields.
To enter custom text for the header and footer, enter the text in the 6.

External Guest Authentication allows the administrator to specify an external database for wireless guest authentication. This authentication requires guests connecting from the device or network you select to authenticate before gaining access. This feature, based on Lightweight Hotspot Messaging (LHM) is used for authenticating Hotspot users and providing them parametrically bound network access. To configure external authentication, perform the following steps:
Note 1.
External Authentication is not supported in SonicOS Enhanced. Select a wireless SonicWALL appliance running SonicOS Standard.
544
2.
Expand the WGS tree and click External Authentication. The External Authentication page displays.
3.
Check the Enable External Guest Authentication checkbox to enable the external authentication feature and configure the tabs as follows:
Configuring General Settings

1.
Enter a Secure Communications Port and select a Client Redirect Protocol for client redirect. This port and protocol (HTTP or HTTPS) is used by the SonicWALL security appliance when performing the initial internal client redirect via the Please wait while you are being redirected page, prior to redirection to the LHM server. Select the Web Server Protocol (HTTP or HTTPS) running on your LHM server from the drop-down list. Enter the IP or resolvable FQDN of the LHM server in the Host field. Enter the TCP port of operations for the selected protocol on the LHM server in the Port field. Enter the duration of time, in seconds, before the LMH server is considered unavailable in the Connection Timeout field. On timeout the client will be presented with the Server Down message configured on the Web Content tab.
2. 3. 4. 5.
545
6.
Select the Enable Message Authentication checkbox to use HMAC digest and embedded querystring in communication with the LHM server. This option is useful if you are concerned about message tampering when HTTP is used to communicate with the LHM server. When using Message Authentication, select the Authentication Method from the drop-down menu. You can select from MD5 or SHA1. When using Message Authentication enter a Shared Secret. The shared secret for the hashed MAC, if used, also needs to be configured on the LHM server scripts.
7. 8.
Configuring Settings for Auth Pages

To configure the session and idle timeout settings, perform the following steps:
Note
These pages may each be a unique page on the LHM server, or they may all be the same page with a separate event handler for each status message. Click the Auth Pages tab.
1.
2. 3.
Enter a Login Page. This is the first page to which the client is redirected (e.g. lhm/accept/default.aspx). Enter a Session Expiration Page. This is the page to which the client is redirected when the session expires (e.g. lhm/accept/default.aspx?cc=2). After a session expires, the user must create a new LHM session.
546
4.
Enter an Idle Timeout Page. This is the page to which the client is redirected when the idle timer is exceeded (e.g.lhm/accept/default.aspx?cc=3). After the idle timer is exceeded, the user can log in again with the same credentials as long as there is time left of the session. Enter a Max Session Page. This is the page to which the client is redirected when the maximum number of sessions has been reached (e.g. lhm/accept/default.aspx?cc=4).
5.
Configuring Web Content Settings

To configure the Web content for external authentication:
1.
Click the Web Content tab.
2.
Select Use Default or select Customize and enter a Redirect Message in the text box. This is the message that will be presented to the client (usually for no more than one second) explaining that the session is being redirected to the LHM server. This interstitial page is used (rather than going directly to the LHM server) so that the SonicWALL security appliance can verify the availability of the LHM server. Select Use Default or select Customize and enter a Server Down Message in the text box. This is the message that will be presented to the client if the Redirector determines that the LHM server in unavailable.
3.
547
Configuring Advanced Settings

To configure the advanced settings for external authentication:
1.
Click the Advanced tab.
2.
Check Enable Auto-Session Logout checkbox and configure the two corresponding fields to set the time increment and the page to which the SonicWALL security appliance will POST when a session is logged out (either automatically or manually). Check the Enable Server Status Check Checkbox and configure the two corresponding fields to set the time increment and the page to which the SonicWALL will POST to determine the availability of components on or behind (e.g. a back-end database) the LHM server. Check the Session Synchronization checkbox and configure the two corresponding fields to set the time increment and the page to which the SonicWALL will POST the entire Guest Services session table. This allows the LHM server to synchronize the state of Guest Users for the purposes of accounting, billing, or mere curiosity. When you are finished configuring External Authentication, click the Update button to apply your changes.
3.
4.
5.
548
Configuring WGS Account Profiles

At the global or group level, and for SonicWALL appliances running SonicOS Standard 3.8 and above, GMS supports the configuration of WGS account profiles. You can set up different profiles that accommodate the need for guest accounts with specific account lifetimes, session time limits, idle timeouts and so forth. This screen also provides an Enable/Disable setting so that you can disable a profile without deleting it and losing the configuration.
To add or edit a WGS Account Profile:

1. 2. 3. 4. 5. 6. 7. 8.
Select a wireless SonicWALL appliance running SonicOS Standard. Expand the WGS tree and click Profiles. On the WGS Account Profiles page, click Add New WGS Profile. The Add Profile page displays. In the WGS Account Profile Settings dialog box, type a descriptive name into the Profile Name field. In the User Name Prefix field, type the user name that the guest will log in with. Do not include the domain. Select Enable Account to activate the account for immediate use. Select Auto-Prune Account if you want the account to be removed after its lifetime expires. Select Enforce Login Uniqueness to prevent multiple logins at the same time for this account.
549
9.
For Account Lifetime, enter a number in the first field and then select Days, Hours, or Minutes from the drop-down list. The account will expire after this time period. Days, Hours, or Minutes from the drop-down list. The guests login session will expire after this time period.
10. For Session Lifetime, enter a number in the first field and then select
11. For Idle Timeout, enter a number in the first field and then select Days,
Hours, or Minutes from the drop-down list. The guest will be logged out after being idle for this amount of time.
12. Optionally type a descriptive comment into the Comment field. 13. Click Update. Clicking Reset repopulates all fields with the default values
and allows you to start over.
550
CHAPTER 25 Configuring Modem Options

This chapter describes how to configure the dialup settings for SonicWALL SmartPath (SP) and SmartPath ISDN (SPi) appliances. SonicWALL SP appliances have a WAN Failover feature that enables automatic use of a built-in modem to establish Internet connectivity when the primary broadband connection becomes unavailable. This is ideal when the SonicWALL appliance must remain connected to the Internet, regardless of network speed. This chapter contains the following subsections:

Configuring the Modem Profile section on page 551 Configuring Modem Settings section on page 555 Configuring Advanced Modem Settings section on page 558
Configuring the Modem Profile

Note
For information on configuring WWAN connection profiles, see Configuring the Connection Profile, page 560 in the Configuring Wireless WAN Options chapter.
A profile is a list of dialup connection settings that can be used by a SonicWALL SP or SonicWALL SPi appliance. To configure a profile, perform the following steps:
1.
In the left pane, select the SonicWALL appliance to manage.
551
2. 3.
Click the Policies tab. In the center pane, navigate to the Modem > Connection Profiles. The profile configuration page displays.
4.
To create a new profile, enter the name of the profile in the Profile Name field under ISP User Settings. To edit an existing profile or use an existing profile as a template, select a profile from the Current Profile drop-down menu. If you are editing an existing profile, the name in the Current Profile field must match the existing profile name. If there are no existing profiles, the Current Profile will display the static message No profiles available. Enter the primary ISP phone number in the Primary Phone number field. Enter the backup ISP phone number in the Secondary Phone number field. Enter the user name associated with the account in the User Name field. Enter the password associated with the account in the User Password and Confirm User Password fields. Enter a chat script (optional).
Note
5. 6. 7. 8. 9.
10. Select one of the following IP address options:
552
If the account obtains an IP address dynamically, select Obtain an IP
Address Automatically.
If the account uses a fixed IP address, select Use the following IP
Address and type the IP address in the field.
11. Select from the following DNS server options: If the account obtains DNS server information from the ISP, select
Obtain an IP Address Automatically.
If the account uses a specific DNS servers, select Use the following
IP Address and type the IP address in the field.
12. For SPi appliances, you can configure MSN/EAZ and bandwidth on
demand. To configure MSN/EAZ, enter a phone number in the MSN/EAZ field. To enable bandwidth on demand, click the Bandwidth on Demand box.
If the SonicWALL appliance(s) will remain connected to the Internet
13. Select from the following connection options:
until the broadband connection is restored, select Persistent Connection. data is being sent, select Dial On Data. select Manual Dial.
If the SonicWALL appliance(s) will only connect to the Internet when If the SonicWALL appliance(s) will connect to the Internet manually, 14. To enable the modem to disconnect after a period of inactivity, check the
Inactivity Disconnect box and specify how long (in minutes) the modem waits before disconnecting from the Internet in the Inactivity Timeout field. speed from the Max connection speed drop-down menu. The default is Auto.
15. For SP appliances, specify a maximum connection speed by selecting the
16. To specify the maximum connection time, check the Max Connection
Time box and enter the maximum connection time (in minutes) in the Max Connection Time field. To configure the SonicWALL device to allow indefinite connections, enter 0. number of minutes in the Delay Before Reconnect fields.
17. To specify a time (in minutes) before the connection reconnects, enter the 18. For SP appliances, disable call waiting by checking the Disable Call
Waiting box and select the radio button next to the touch tone disabling code. To enter a custom touch done disabling code, select the radio button next to Other and specify the code.
553
19. To allow the modem to attempt a connection multiple times, check the Dial
Retries per Phone Number box and specify the number of retries. Between Retries box and specify the delay (in seconds).
20. To specify how long the modem waits between retries, check the Delay 21. To disable VPN when dialed, check the Disable VPN when dialed box. 22. For SP appliances, enable the network modem by checking the Enable
Network Modem box.
23. To specify the time periods when the modem can connect, check the Limit
Times for Dialup Profile box and click Configure. The Edit Schedule String pop-up displays.
24. In the Edit Schedule String pop-up, check the box next to the day(s) you
want to allow dial-up connections. Next to the day(s) you select, enter the start and end times between which dial-up connections will be allowed. Enter the hour and minute in 24-hour format.
25. Click Apply. 26. When you are finished, click Add Profile. The profile is added. To clear all
screen settings and start over, click Reset.
554
Configuring Modem Settings

Select SonicWALL appliances are equiped to use analog modem, and/or wireless WAN (WWAN) devices for alternative or primary Internet connectivity.
Note
For information on configuring WWAN settings, see Configuring Advanced Settings, page 565 in the Configuring Wireless WAN Options chapter.
To configure the modem settings for one or more SonicWALL SP or SonicWALL SPi appliances, perform the following steps:
1. 2. 3.
In the left pane, select the SonicWALL appliance to manage. Click the Policies tab. In the center pane, navigate to Modem > Settings.
4. 5.
For SP appliances, select the Speaker volume drop-down box to configure the speaker volume On or Off. For SP appliances, modem initialization has two options:
To initialize the modem for use in a specific country, select the radio
button next to Initialize Modem for use in and select the country in the drop-down menu. 555
To initialize the modem using AT commands, select the radio button
next to Initialize Modem using AT Command and enter the AT command(s) the modem needs to establish a connection in the text box.
6.
For SPi appliances, you can specify the ISDN protocol by selecting the protocol from the ISDN Protocol drop-down menu. To connect immediately, click the Connect/Disconnect button and schedule the connection. For appliances running SonicOS Enhanced, select the check boxes for any combination of the following dial on data categories:
NTP packets GMS Heartbeats System log emails AV Profile Updates SNMP Traps Licensed Updates Firmware Update requests Syslog traffic
7.
8.
For appliances running SonicOS Enhanced, select the check boxes for any combination of the following Management methods:
HTTP HTTPS Ping SNMP SSH
9.
For appliances running SonicOS Enhanced, select the check boxes for any combination of the following User Login methods:
HTTP HTTPS For HTTPS, check the box next to Add rule to enable redirect from
HTTP to HTTPs to redirect an HTTP address to HTTPS.
10. Select a primary profile from the Primary Profile drop-down menu.
Optionally, select alternate profiles from Alternate Profile 1 and, for SP appliances, Alternate Profile 2.
556
Note
To configure modem profiles, navigate to Modem > Dialup Profiles.
11. For non-SonicOS Enhanced appliances, you can configure the following
modem failover settings:

To enable dialup WAN failover, check the Enable Dialup WAN
Failover box.
To enable preempt mode, check the Enable Preempt Mode box. To enable probing, check the Enable Probing box. Select a method for probing using the Probe through drop-down
menu.
Enter the IP address that the SonicWALL appliance will use to test
Internet connectivity in the Probe Target (IP Address) field. We recommend using the IP address of the WAN Gateway.
Select the Probe Type, either ICMP Probing or TCP Probing. Enter the TCP port for probing in the TCP Port for Probing field. Specify how often the IP address will be tested (in seconds) in the
Probe Interval field.
Specify how many times the probe target must be unavailable before
the SonicWALL appliance fails over to the modem in the Failover Trigger Level field.
Specify how many times the SonicWALL appliance must successfully
reach the probe target to reactivate the broadband connection in the Successful probes to reactivate Primary field.
12. When you are finished, click Update.
557
Configuring Advanced Modem Settings
Configuring Advanced Modem Settings

To configure advanced modem settings, perform the following steps:
1. 2. 3.
In the left pane, select the SonicWALL appliance to manage. Click the Policies tab. In the center pane, navigate to Modem > Advanced.
4. 5.
To enable remotely triggered dial-out, check the Enable Remotely Triggered Dial-out box. If your remotely triggered dial-out requires authentication, check the Requires Authentication box and enter your password in the Password and Confirm Password fields. To enable RIP advertisements through the modem, check the Enable LAN to WAN RIP during dialup box. When you are finished, click Update. For information on configuring WWAN settings, see Configuring Advanced Settings, page 565 in the Configuring Wireless WAN Options chapter.
6. 7.
Note
558
CHAPTER 26 Configuring Wireless WAN Options

This chapter describes how to configure the Wireless Wide Area Network (WWAN) settings for SonicWALL security appliances that use 3G and other Wireless WAN functionality to utilize data connections over cellular networks. This chapter contains the following subsections:

About Wireless WAN section on page 559 Configuring the Connection Profile section on page 560 Configuring WWAN Settings section on page 564 Configuring Advanced Settings section on page 565
About Wireless WAN

SonicWALL appliances such as the TZ 190, TZ 200, and TZ 210 have a WWAN capability that can be used for the following:

WAN Failover to a connection that is not dependent on wire or cable. Temporary networks where a pre-configured connection may not be available, such as trade-shows and kiosks. Mobile networks, where the SonicWALL appliance is based in a vehicle. Primary WAN connection where wire-based connections are not available and cellular is.
559
Configuring the Connection Profile
Wireless WAN support requires a wireless card and a contract with a wireless network provider. See the SonicWALL documentation that comes with the security appliance for more information. GMS provides for complete management of SonicWALL security appliances that are WWAN/3G-capable, and running SonicOS Enhanced 3.6 and above.

A profile is a list of connection settings that can be used by a SonicWALL appliance. To configure a connection profile, perform the following steps:
1.
In the TreeControl pane, select a group view or a SonicWALL appliance to manage. The appliance must be running SonicOS Enhanced 3.6 or higher, and must support WWAN functionality. Click the Policies tab. In the center pane, navigate to the 3G/Modem > Connection Profiles. The profile configuration page displays. For a group view, the page is slightly different to accommodate both Modem and WWAN settings.
2. 3.
560
4.
Perform the following procedures to configure the Connection Configuration, General Settings, IP Address Settings, Parameters, and Data Usage Limiting sections in the 3G/Modem > Connection Profiles screen. See the following procedures:
To Configure the Connection Configuration and General settings: on
page 561.
To Configure the IP Address Settings: on page 562 To Configure Parameters: on page 562 To Configure Data Usage Limiting: on page 563 5. 6. 7.
Click Delete Profile to delete the profile specified in the Profile Name field. Click RESET to clear all fields and start over. Click UPDATE to save the settings to the specified connection profile.
To Configure the Connection Configuration and General settings:

1.
To edit an existing profile or use an existing profile as a template, select a profile from the Current Profile drop-down menu.
Note
If you are editing an existing profile, the name in the Current Profile field must match the existing profile name. If there are no existing profiles, the Current Profile will display the static message No profiles available.
2. 3.
To create a new profile, enter the name of the profile in the Profile Name field. In the Country drop-down list, select the country where the SonicWALL TZ 190 appliance is deployed.
561
4.
In the Service Provider drop-down list, select the service provider that you have a cellular account with. Note that only service providers supported in the country you selected are displayed in the drop-down list. In the Plan Type window, select the WWAN plan you have subscribed to with the service provider, or select Other. If your specific plan type is listed in the drop-down menu, the rest of the fields in the General section are automatically provisioned. Verify that these fields are correct and continue in the Parameters section. Verify that the appropriate Connection Type is selected. Note that this field is automatically provisioned for most service providers. Verify that the Dialed Number is correct. Note that the dialed number is *99# for most service providers. Enter your username and password in the User Name, User Password, and Confirm User Password fields, respectively. Enter the Access Point Name in the APN field. APNs are required only by GPRS devices and will be provided by the service provider.
5.
6. 7. 8. 9.
To Configure the IP Address Settings:

1.
Under IP Address Settings, select one of the following IP Address options:

If the account obtains an IP address dynamically, select Obtain an IP
Address Automatically. By default, WWAN connection profiles are configured to obtain IP addresses automatically. and type the IP address in the field.
To specify a static IP address, select Use the following IP Address 2.
Select from the following DNS Server options:

If the account obtains DNS server information from the ISP, select
Obtain an IP Address Automatically. By default, WWAN connection profiles are configured to obtain DNS server addresses automatically.
If the account uses a specific DNS servers, select Use the following
IP Address and type the IP addresses of the primary and secondary DNS servers in the fields.
To Configure Parameters:
1.
Select from the following Dial Type options:

If the SonicWALL appliance(s) will continuously use the WWAN to stay
connected to the Internet, select Persistent Connection.
562
If the SonicWALL appliance(s) will only connect to the Internet when
data is being sent, select Dial On Data. To configure the SonicWALL appliance for remotely triggered dial-out, the Dial Type must be Dial on Data. See Configuring Advanced Settings on page 565 select Manual Dial.
If the SonicWALL appliance(s) will connect to the Internet manually, 2.
Select the Enable Inactivity Disconnect checkbox and enter the number of minutes of inactivity during which the WWAN connection stays alive before disconnecting from the Internet. Note that this option is not available if the Dial Type is Persistent Connection. Select the Enable Max Connection Time checkbox and enter the number of minutes after which the WWAN connection disconnects, regardless of whether the session is inactive or not. Enter a value in the Delay Before Reconnect to have the SonicWALL appliance automatically reconnect after the specified number of minutes. Select the Dial Retries per Phone Number checkbox and enter a number in the field to specify the number of times the SonicWALL appliance can attempt to reconnect. Select the Delay Between Retries checkbox and enter a number in the field to specify the number of seconds between retry attempts. Select the Disable VPN when Dialed checkbox to disable VPN connections over the WWAN interface.
3.
4.
5. 6.
To Configure Data Usage Limiting:

1.
Select the Enable Data Usage Limiting checkbox to have the WWAN interface become automatically disabled when the specified data or time limit has been reached for the month.
Tip
If your WWAN account has a monthly data or time limit, it is strongly recommended that you enable Data Usage Limiting. Select the day of the month to start tracking the monthly data or time usage in the Billing Cycle Start Date drop-down menu. Enter a value in the Limit field and select the appropriate limiting factor: either GB, MB, KB, or Minutes.
2. 3.
563
Configuring WWAN Settings
Configuring WWAN Settings

To configure the WWAN settings for one or more SonicWALL appliances, perform the following steps:
1.
In the left pane, select the SonicWALL appliance to manage. The appliance must be running SonicOS Enhanced 3.6 or higher, and must support WWAN functionality. Click the Policies tab. In the center pane, navigate to 3G/Modem > Settings.
2. 3.
4.
In the Connect On Data Categories section, select the check boxes for any combination of the following dial on data categories:
NTP packets GMS Heartbeats System log emails AV Profile Updates SNMP Traps Licensed Updates Firmware Update requests Syslog traffic
564
The Connect on Data Categories settings allow you to configure the WWAN interface to automatically connect to the WWAN service provider when the SonicWALL appliance detects specific types of traffic. To configure the SonicWALL appliance for Connect on Data operation, you must select Dial on Data as the Dial Type for the Connection Profile. See To Configure Parameters: on page 562.
5.
In the Management/User Login section, select the check boxes for any combination of the following Management methods:
HTTP HTTPS Ping SNMP SSH
6.
Select the check boxes for any combination of the following User Login methods:
HTTP HTTPS Select Add rule to enable redirect from HTTP to HTTPS to have the
SonicWALL automatically convert HTTP requests to HTTPS requests for added security.
7.
Under Profile Settings, select a primary profile from the Primary Profile drop-down menu. Optionally, select alternate profiles from Alternate Profile 1 and Alternate Profile 2. To set up WWAN Interface Monitoring for this unit, go to the Network > WAN Failover & LB screen. To return all fields to their default settings and start over, click RESET. To save settings, click UPDATE.
Note
8. 9.

The 3G/Modem > Advanced page is used to configure the Remotely Triggered Dial-Out feature on the SonicWALL appliance. The Remotely Triggered Dial-Out feature enables network administrators to remotely initiate a WWAN connection to a SonicWALL appliance.
565
Before configuring the Remotely Triggered Dial-Out feature, ensure that your configuration meets the following prerequisites:

The WWAN profile is configured for dial-on-data. The SonicWALL Security Appliance is configured to be managed using HTTPS, so that the device can be accessed remotely. It is recommended that you enter a value in the Enable Max Connection Time field. This field is located in the 3G/Modem > Connection Profiles screen in the Parameters section. See To Configure Parameters: on page 562 for more information. If you do not enter a value in this field, dial-out calls will remain connected indefinitely, and you will have to manually terminate sessions by clicking the Disconnect button.
To configure advanced WWAN settings, perform the following steps:

1.
In the left pane, select the SonicWALL appliance to manage. The appliance must be running SonicOS Enhanced 3.6 or higher, and must support WWAN functionality. Click the Policies tab. In the center pane, navigate to 3G/Modem > Advanced.
2. 3.
4. 5.
To enable remotely triggered dial-out, check the Enable Remotely Triggered Dial-out box. If your remotely triggered dial-out requires authentication, check the Requires Authentication box and enter your password in the Password and Confirm Password fields.
566
6.
Under WWAN Connection Limit, type the number of simultaneous connections that are allowed, or enter zero for no limit in the Max Hosts field. To return all fields to their default settings and start over, click RESET. When you are finished, click UPDATE.
7. 8.
567
568
CHAPTER 27 Managing Inheritance in GMS

Inheritance in GMS specifies the process by which a nodes settings can be inherited to and from unit, group and parent nodes. Previously, GMS users could inherit settings down the hierarchy. This ability can be understood as forward inheritance. Starting in GMS 6.0, users can now also reverse inherit settings back up the hierarchy, from a unit or group node to its parent node. This chapter contains the following sections:

Configuring Inheritance Filters section on page 569 Applying Inheritance Settings section on page 570
Configuring Inheritance Filters

The Inheritance Filters screen, under Console > Management > Inheritance Filters, is used to create inheritance filters by selecting screens available under the Inheritance Filter Detail panel.
569
Applying Inheritance Settings
To create a new filter, the user enters a name for this filter in the Name field. The user then checks boxes next to the screens, or screen groups, they wish to inherit. This screen is enhanced to automatically select or deselect dependent data screens, based upon the related screens chosen by the user.
The user must then select the appropriate Access for each user type: Administrators, Operators, End Users, and Guest users. These selections are made using the corresponding drop down menus. Once the user has made the desired screen and access selections, they must click the Add button to finish creating the new inheritance filter. This new filter will now be available in the Filter drop down menu on the UTM > System > Tools screen.

Administrators often work to define and test policies at the appliance level, and then painstakingly attempt to replicate those policies on other appliances. Using this simple process for inheritance, administrators can capitalize on the valuable time spent building a units well-configured firewall policies, by then seamlessly replicating those policies through the hierarchy.
570
Step 1 To inherit some or all of an appliances settings, go to the UTM > System > Tools screen within the GMS 6.0 Management Interface.
Step 2 In the left pane, the user clicks on the appliance whose settings they wish to inherit.
Step 3 Under the screen section heading, Inherit Settings at Unit, the user selects either forward or reverse inheritance by clicking on the respective radio button.
571
Step 4 From the Filter drop down menu, the user selects the inheritance filter to apply. If a desired filter is not listed and must be created, see Configuring Inheritance Filters, page 569
Step 5 Once the desired inheritance filter is selected, the user clicks the Preview button. A Preview panel opens to allow the user to review the settings to be inherited. Users may continue with all of the default screens selected for inheritance or select only specific screens for inheritance by checking boxes next to the desired settings.
Note
The Preview panel footer states, All referring objects should also be selected as part of the settings picked, to avoid any dependency errors while inheriting. If the user deselects dependent screen data, the settings will not inherit properly.
572
Step 6 If the user is attempting forward inheritance, they may click Update to proceed. If the user is attempting to reverse inherit settings, an additional selection must be made at the bottom of the Preview panel. The user must select either to update the chosen settings to only the target parent node, or to update the target parent node along with all unit nodes under it. Once the user makes this selection, they may click Update to proceed, or Reset to edit previous selections.
Step 7 If the user selects to update the target parent node and all unit nodes, a Modify Task Description and Schedule panel opens in place of the Preview panel. (This panel will not appear if the user selects Update only target parent node). If the Modify Task Description and Schedule panel opens, the user can edit the task description in the Description field. They may also adjust the schedule for inheritance, or continue with the default scheduling. If the user chooses to edit the timing by clicking on the arrow next to Schedule, a calendar expands allowing the user to click on a radio button for Immediate execution, or to select an alternate day and time for inheritance to occur. Once the user has completed any edits, they select either Accept or Cancel to execute or cancel the scheduled inheritance, respectively.
573
Once the inheritance operation begins, a progress bar appears, along with text stating the operation may take a few minutes, depending on the volume of data to be inherited, as shown below:
Once the inheritance operation is complete, the desired settings from the unit or group node should now be updated and reflected in the parent nodes settings, as well as in the settings of all other units, if selected.
574
CHAPTER 28 Configuring Web Filters with CSM

SonicWALL Content Security Manager (CSM) CF provides appliance-based Internet filtering that enhances security and employee productivity, optimizes network utilization, and mitigates legal liabilities by managing access to objectionable and unproductive Web content. This chapter provides configuration tasks for deploying these services. This chapter contains the following sections:

Configuring Web Filter Settings section on page 575 Configuring Web Filter Policies section on page 578 Configuring Custom Categories section on page 582 Configuring Miscellaneous Web Filters section on page 584 Configuring the Custom Block Page section on page 586
Configuring Web Filter Settings

Web Filters includes settings for configuring Internet filtering on the SonicWALL CSM CF. Web filters settings provides information on the status of filtering subscription service updates, settings for enabling filtering, managing the behavior of the Dynamic Rating engine, adding IP addresses to exclude from filtering, and access to URL ratings with the SonicWALL Content Filtering Service database. To configure Web Filters perform the following steps:
1. 2.
In the left pane, select a SonicWALL CSM appliance. Click the Policies tab.
575
3.
In the center pane, navigate to the Web Filters > Settings.
4. 5.
To enable web filtering using SonicWALL CSM, check the Enable Web Filtering box. Enter a URL cache size in the URL Cache Size (KBs) field. This specifies the URL cache size on the SonicWALL CSM. The default value is 5120 KBs.
Note
A larger URL cache size can provide noticeable improvements in Internet browsing response times.
Check the Use Dynamic Rating box to enable the use of the CSM
integrated dynamic rating engine that allows an unrated URL to be dynamically rated in real-time. Select either Optimize for speed, which instructs the dynamic rating engine to process less information for faster ratings and lower accuracy, or Optimize for accuracy, which instructs the dynamic rating engine to process more information, resulting in slower ratings and higher accuracy.
Check the Server Responses box to block URLs from Web sites that
have compressed content.

6.
Enter the session limit in minutes in the Session Limit (Minutes) for Continue option field.
576
7.
To specify an IP address or IP address range on your network to be excluded from any SonicWALL CSM filtering, enter a single IP address in the IP Address Begin and in the IP Address End fields (for a single IP address), or enter the starting IP address in the IP Address Begin field and the ending IP address in the IP Address End field (for an IP address range). Click Add. The scheduler displays. Expand Schedule by clicking the plus icon.
8. 9.
10. Select Immediate or specify a future date and time. 11. Click Accept. 12. When you are finished, click Update. The scheduler displays. 13. Expand Schedule by clicking the plus icon. 14. Select Immediate or specify a future date and time. 15. Click Accept. 16. If you believe that a Web site is rated incorrectly or you wish to submit a
new URL, click the here link in the sentence If you believe that a Web site is rated incorrectly or you wish to submit a new URL, click here. The CFS URL Rating Review Request page displays.
577
Configuring Web Filter Policies

The Policies page is where you define policy groups by assembling default content filter and custom categories into unique policies that are applied to users and groups. The Policies page allows you create and edit policies that are used to create policy groups, which in turn are applied to user groups.
The Web Filters > Policies page displays a category sets table. The Policies table initially lists the default 12 predefined policy groups. Clicking the plus button expands the list to display every policy under the policy group. Policies with an asterisk are part of the *Default policy group. The Policies table lists the following information about *Default and custom policy groups:

Name - The name of the policy group. Clicking the plus button expands the policy group and displays the policies included in the group. Type - Displays the type of policy, for example: Policy, Default Category, Forbidden Keywords, Forbidden URLs or Trusted URLs. Action - Displays the action to be performed when a URL or keyword is accessed that fits the category, for example, Block, Log, or Allow. Comment - Displays a caption icon with comments about the policy. When you move the pointer over the icon, the comment text is displayed. The comment text is entered in the Add Category Set window. Configure - Includes the Configure icon, which displays the Edit Web Filter Category Set window, and the Delete icon for removing the policy group. The Delete icon is greyed out for the *Default policy.
578
Clicking the Restore Defaults button removes all custom policies and any policies you added to the *Default policy group. Clicking Add Policy Group window displays the Add Web Filter Policy Group window for adding new policies. This section contains the following subsections:

Modifying the *Default Policy Group on page 579 Adding Category Sets on page 580 Restoring Defaults on page 581
Modifying the *Default Policy Group

To modify the *Default policy group category:
1.
Click the configure icon under Configure in Policies table next to the category you want to configure. The Edit Web Filter Category Set window is displayed. The Name field displays the *Default entry, which can be renamed. You must add descriptive text up to 63 characters in length in the Comment field. Click the Predefined tab. Select the policy categories you want to add to the *Default policy group. Check the box next to the category you want to add. If you want to remove a policy, uncheck the box next to the policy. Click OK. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a date and time in the future. Click Accept.
2.
3. 4.
5. 6. 7. 8.
579
Adding Category Sets

To add category sets, perform the following steps:
1.
Click Add Category Set. The Add Web Filter Category Set window displays.
2. 3.
Enter a name in the Name field and a comment in the Comment field. Click the Predefined tab and check the predefined categories you want to add to your category set. For each category, select the action to be performed, either Block, Log, or Allow. Click the Custom tab and check the custom categories you want to add to your category set. For each category, select the action to be performed, either Block, Log, or Allow.
4.
Note
To learn how to add custom categories, refer to Configuring Custom Categories on page 582. Click the Miscellaneous tab and select the miscellaneous actions to add to the category set. For each action, select the action to be performed, either Block, Log, or Allow. When you are finished, click OK. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time.
5.
6. 7. 8.
580
9.
Click Accept.
Restoring Defaults
The Restore Defaults button removes all custom policies and any policies you added to the *Default policy. To restore defaults, perform the following tasks:
1.
Click the Restore Defaults button at the bottom of the screen. A confirmation message displays.
2.
Click OK.
581
Configuring Custom Categories

The Custom Categories page allows you to create custom policies that can incorporate untrusted urls and domains, untrusted keywords, and trusted URLs and domains. To configure custom categories, perform the following steps:
1. 2. 3.
In the left pane, select the appliance to manage. Click the Policies tab. Navigate to Web Filters > Custom Categories.
4.
To configure Forbidden URLs to selectively block or allow with logging of the action by the CSM, click Add Forbidden URLs. The Add Forbidden URLs page displays. Enter a name in the Name field. Enter a comment in the Comment field. Enter the URL in the Entry field and click Add. Your entry will appear in the List. To delete an entry, click Delete. Click Update. The scheduler displays. Expand Schedule by clicking the plus icon.
5. 6. 7. 8. 9.
582
12. To edit Forbidden URLs, click the Configure icon next to the forbidden URL
you want to configure.

13. To delete Forbidden URLs, click the delete icon next to the forbidden URL
you want to delete.

14. To configure Forbidden Keywords to specify keywords that are substrings
of URLs (to allow stricter filtering), click Add Forbidden Keywords.
15. Enter a name in the Name field. 16. Enter a comment in the Comment field. 17. Enter the keyword in the Entry field and click Add. Your entry will appear
in the List. To delete an entry, click Delete.
18. Click Update. The scheduler displays. 19. Expand Schedule by clicking the plus icon. 20. Select Immediate or specify a future date and time. 21. Click Accept. 22. To edit Forbidden Keywords, click the Configure icon next to the forbidden
keyword you want to configure.

23. To delete Forbidden Keywords, click the delete icon next to the forbidden
keyword you want to delete.

24. To configure Allowed URLs to specify URLs that are always allowed, click
Add Allowed URLs.
25. Enter a name in the Name field. 26. Enter a comment in the Comment field. 27. Enter the URL in the Entry field and click Add. Your entry will appear in
the List. To delete an entry, click Delete.
28. Click Update. The scheduler displays. 29. Expand Schedule by clicking the plus icon. 30. Select Immediate or specify a future date and time. 31. Click Accept. 32. To edit Allowed URLs, click the Configure icon next to the allowed URL
you want to configure.

33. To delete Allowed URLs, click the delete icon next to the allowed URL you
want to delete.
583
Configuring Miscellaneous Web Filters

The miscellaneous page provides configuration for Web risks, forbidden files types and trusted sites. To configure miscellaneous web filters, perform the following steps:
1. 2. 3.
In the left pane, select a SonicWALL CSM appliance. Click the Policies tab. In the center pane, navigate to the Web Filters > Miscellaneous.
584
4.
Web risks, including Block Cookies, Block ActiveX, Block HTTP Proxy Server, and Block Fraudulent Certificates are always activated as Block and cannot be deleted or modified.
Block Cookies - Cookies are used by Web servers to track Web
usage and remember user identity. Cookies can also compromise users' privacy by tracking Web activities.
Block ActiveX - ActiveX is a programming language that embeds
scripts in Web pages. Malicious programmers can use ActiveX to delete files or compromise security.
Block HTTP Proxy Servers - When a proxy server is located on the
external interface, users can circumvent content filtering by pointing their computer to the proxy server.
Block Fraudulent Certificates - Digital certificates help verify that
Web content and files originated from an authorized party. Enabling this feature protects users on the LAN from downloading malicious programs warranted by these fraudulent certificates. If digital certificates are proven fraudulent, then the SonicWALL CSM blocks the Web content and the files that use these fraudulent certificates.
5.
To add forbidden files types, click Add Forbidden File Types. Forbidden File Types are groupings of file extensions including Java Applets, Executable Files, Video Files, Audio Files, and user specified file types by extension, used for similar purposes. SonicWALL CSM allows you to filter Internet content based on file extension. Enter a name in the Name field. Enter a comment in the Comment field. Enter the file type in the Entry field and click Add. Your entry will appear in the List. To delete an entry, click Delete. Click Update. The scheduler displays.
6. 7. 8. 9.
10. Expand Schedule by clicking the plus icon. 11. Select Immediate or specify a future date and time. 12. Click Accept. 13. To edit Forbidden File Types, click the Configure icon next to the forbidden
file type you want to configure.

14. To delete Forbidden File Types, click the delete icon next to the forbidden
file type you want to delete.

15. To add trusted sites, click the configure button next to Trusted Sites List. 16. Enter a name in the Name field. 17. Enter a comment in the Comment field.
585
Configuring the Custom Block Page
18. Enter a URL in the Entry field and click Add. Your entry will appear in the
List. To delete an entry, click Delete.
19. Click Update. The scheduler displays. 20. Expand Schedule by clicking the plus icon. 21. Select Immediate or specify a future date and time. 22. Click Accept.
Configuring the Custom Block Page

The Custom Block Page allows you to enter your customized text to display to the user when access to a blocked site is attempted. Any message, including embedded HTML, can be entered in this field.
1. 2. 3.
In the left pane, select a SonicWALL CSM appliance. Click the Policies tab. In the center pane, navigate to the Web Filters > Custom Block Page.
4. 5. 6. 7. 8. 9.
Type the custom text to be displayed when a blocked site is accessed under Message to Display when Blocking Website. Select the background color from the Background Color drop-down menu. Click Preview to see a preview of the custom block page. When you are finished, click Update. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time.
10. Click Accept.
586
CHAPTER 29 Configuring Application Filters for CSM

This chapter provides configuration tasks for deploying CSM application filtering services. SonicWALL Content Security Manager (CSM) provides appliance-based application filtering that enhances security and employee productivity and optimizes network utilization.
Configuring Application Filters

SonicWALL Content Security Manager (CSM) provides appliance-based application filtering. To configure application filters, perform the following steps:
1. 2.
In the left pane, select the CSM appliance to manage. Click the Policies tab.
587
3.
In the center pane, navigate to Application Filters > Settings.
4.
To update the filter database, click Update Filter Database. The scheduler displays.
5.
Expand Schedule by clicking the plus icon.
6. 7.
Select Immediate or specify a future date and time. Click Accept.
588
8. 9.
To enable application filtering, check the Enable Application Filtering box. Click Update. The scheduler displays.
10. Expand Schedule by clicking the plus icon. 11. Select Immediate or specify a future date and time. 12. Click Accept. 13. To enable the application filters exclusion list, which excludes an IP
address or IP address range from application filtering, check the Enable Application Filters Exclusion List.
14. Click Update. The scheduler displays. 15. Expand Schedule by clicking the plus icon. 16. Select Immediate or specify a future date and time. 17. Click Accept. 18. Enter the address range for the application filters exclusion list by entering
a beginning IP address range in the Address Range Begin field and an ending IP address in the Address Range End field.
19. Click Add.The scheduler displays. 20. Expand Schedule by clicking the plus icon. 21. Select Immediate or specify a future date and time. 22. Click Accept.
589
590
CHAPTER 30 Registering and Upgrading SonicWALL Appliances

This chapter describes how to upgrade SonicWALL appliances. This chapter contains the following subsections:

Registering SonicWALL Appliances section on page 591 Upgrading Firmware section on page 592 Upgrading Licenses section on page 594 Searching section on page 594 Creating License Sharing Groups section on page 597 Viewing Used Activation Codes section on page 600

Registering a SonicWALL appliance using GMS registers the appliance using the same registration information supplied for GMS. To register a SonicWALL appliance using GMS, perform the following steps:
1. 2.
In the left pane, select the SonicWALL appliance. Click the Policies tab.
591
Upgrading Firmware
3.
In the center pane, navigate to Register/Upgrades > Register SonicWALLs.
4. 5. 6. 7.
Click Register. The scheduler displays. Expand Schedule by clicking the plus icon. Select Immediate or specify a future date and time. Click Accept. When a unit is added to GMS, once it is acquired successfully by GMS, it is automatically registered by GMS.
Note
Upgrading Firmware
SonicWALL firmware is updated on a periodic basis to offer new functionality and address any known issues. After a SonicWALL appliance is added to SonicWALL GMS management, its auto-update feature is disabled.
592
Upgrading Firmware
SonicWALL GMS periodically polls mysonicwall.com site for new firmware versions. Once a new version of firmware is detected and available, SonicWALL GMS sends an email notification to the SonicWALL GMS administrator. You need to go to your mysonicwall.com account at <https://www.mysonicwall.com> and download the firmware, save the firmware file to the GMS server, and then access the SonicWALL security appliance from GMS. To upgrade to the latest firmware, perform the following steps:
Note
In order for changes on this page to take effect, the SonicWALL appliance(s) will automatically be restarted. We recommend scheduling the firmware update to run when network activity is low. In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Register/Upgrades > Firmware Upgrade.
1. 2. 3.
4.
Select one of the following three methods for upgrading firmware:

To upgrade the firmware of all selected SonicWALL appliances using
the firmware file that is stored in the local GMS server folder, click Upgrade Firmware using files on the GMS Server.
To upgrade from a firmware file on the local drive of your desktop
system, enter the path to the file or click Browse to locate a file. Then, click Upgrade firmware from local file.
593
Upgrading Licenses
(Group view only) To upgrade firmware using the latest version
available on mysonicwall.com, click Upgrade to latest firmware available at mysonicwall.com.
Caution
Upgrading firmware requires that the appliance be restarted. Selecting any of the three firmware upgrade methods displays a warning message that states This will involve restarting the Appliance(s).
Upgrading Licenses
For information on upgrading SonicWALL GMS subscription services (warranty support, anti-virus, content filtering, etc.) see SonicWALL Upgrades on page 1049.
Searching
The search feature allows you to search for appliances based on registration, subscription and upgrade status. You can print the search results or save them to a PDF file with a single click of the printer icon or PDF icon on the Search Results banner. The search parameters are pre-populated for retrieving the subscription services that are currently active on the appliance(s). The search is executed and the results are sorted by Expiry Date. To search for appliances, perform the following tasks:
1. 2. 3.
In the left pane, select a node or appliance to search. Select the Policies tab. In the center pane, navigate to Register/Upgrades > Search.
To search based on Registration Criteria, perform the following steps:

4. 5.
From the first pull-down menu, select Registration Status. From the second pull-down menu, select Registered or Not Registered.
594
Searching
6.
Click Search. A table of search results displays.
7.
Click a header in the table to sort by that variable. For example, to sort by appliance name, click the Appliance Name header.
To search based on Subscription Status Criteria, perform the following steps:

1. 2. 3. 4. 5.
From the first pull-down menu, select a subscription service. From the second pull-down menu, select a subscription service status. Optionally enter a date (mm/dd/yyyy) in the expiring on or before field. Click Search. A table of search results display. Click a header in the table to sort by that variable. For example, to sort by appliance name, click the Appliance Name header.
595
Searching
To search based on Upgrade Status Criteria, perform the following steps:

1. 2. 3. 4.
From the first pull-down menu, select an upgrade. From the second pull-down menu, select an upgrade status. Click Search. A table of search results display. Click a header in the table to sort by that variable. For example, to sort by appliance name, click the Appliance Name header.
Tip
You can print the search results by clicking on the printer icon in the banner Search Results. You can also save the search results to a PDF file by clicking on the PDF icon in the banner.
596
Creating License Sharing Groups

License Sharing allows you to share VPN or Anti-Virus Client Licenses license among multiple SonicWALL appliances. As a result, you can save money by purchasing licenses in quantity and not wasting licenses on SonicWALL appliances that do not use them all. License sharing assigns a License Sharing Group (LSG) to a SonicWALL appliance and activates this feature. You can then add other SonicWALL appliances to the LSG and assign them licenses from the pool of remaining available licenses. This section contains the following subsection:

Creating a License Sharing Group on page 597. Adding a SonicWALL Appliance to an Existing Group on page 599.
Creating a License Sharing Group

To create a VPN Client Enterprise or Anti-Virus LSG, perform the following steps:
1. 2. 3.
In the left pane, select a SonicWALL appliance that has no GVC licenses. Select the Policies tab. In the center pane, navigate to Register/Upgrades > License Sharing. The License Sharing page displays.
4.
Select VPN Client Enterprise or Anti-Virus from the List of Services list box.
597
5.
Click Join a License Sharing Group. The Join a License Sharing Group dialog box displays.
6.
Select Create a new License Sharing Group With and from the drop-down menu, select the appliance that has the Enterprise GVC license. Enter a name for the group in the And Name it field. A pop-up with the member license count displays. Click OK. The scheduler displays. Expand Schedule by clicking the plus icon.
7. 8. 9.
598
Adding a SonicWALL Appliance to an Existing Group

To add a SonicWALL appliance to an existing VPN Client Enterprise or Anti-Virus LSG, perform the following steps:
1. 2. 3.
In the left pane, select the global icon, a group, or a SonicWALL appliance. Click the Policies tab. In the center pane, navigate to Register/Upgrades > License Sharing. The License Sharing page displays.
4. 5.
Select VPN Client Enterprise or Anti-Virus from the List of Services drop-down menu. Click Join a License Sharing Group. The Join a License Sharing Group dialog box displays.
6. 7. 8. 9.
Select Join Existing License Sharing Group and select an LSG from the list box. Click Accept. A pop-up with the member license count displays. Click OK. The scheduler displays. Expand Schedule by clicking the plus icon. 599
Viewing Used Activation Codes
Changing the License Count

To change the number of licenses that a SonicWALL appliance uses, perform the following steps:
1. 2. 3. 4.
In the center pane, navigate to Register/Upgrades > License Sharing. The License Sharing page displays. Select VPN Client Enterprise or Anti-Virus from the List of Services drop-down menu. Enter a new license value and click Change License Count to. To remove this SonicWALL appliance from the LSG, select Remove from License Sharing Group.
Viewing the Properties of a License Sharing Group

To view the properties of an LSG, perform the following steps:
1. 2. 3.
In the center pane, navigate to Register/Upgrades > License Sharing. The License Sharing page displays. Select VPN Client Enterprise or Anti-Virus from the List of Services drop-down menu. Click the name of the LSG to view. The License Sharing Group Properties dialog box displays. This dialog box contains detailed information about the total number of licenses, the expiration date of the license, the number of licenses used by each member of the group, and other information. To change the name of the LSG, enter a new name and click Accept.
4.

To view used activation codes, perform the following steps:
1. 2.
In the left pane, select a node, group or appliance. Select the Policies tab.
600
3.
In the center pane, navigate to Register/Upgrades > Used Activation Codes. The Used Activation Codes page displays a list of used activation codes.
4.
From the Select sort order drop-down menu, select Activation Code to sort by activation code or Service Name, Activation Code to sort first by service name, then by activation code.
601
602
CHAPTER 31 Adding SSL-VPN Appliances to GMS

This chapter provides instructions on configuring SonicWALL SSL-VPNs for management using SonicWALL GMS. To be managed by GMS, SonicWALL SSL-VPN appliances must be running the following firmware versions:

SonicWALL SSL VPN 2001.5.0.3 or later SonicWALL SSL VPN 2001.5.0.3 or later SonicWALL SSL VPN 2001.5.0.3 or later SonicWALL Aventail EX-Series SSL VPN9.0.0 or later
To configure a SonicWALL SSL-VPN for SonicWALL GMS management, perform the following tasks:

Preparing SSL VPN Appliances for GMS Management section on page 603 Adding SSL-VPN Appliances in GMS section on page 606 Managing SSL-VPN Appliance Settings section on page 608
Preparing SSL VPN Appliances for GMS Management

This section describes the local configuration steps required on the individual appliance before adding it to SonicWALL GMS management. See the following subsections:
Preparing SonicWALL SSL VPN Appliances, page 604

603
Preparing SonicWALL Aventail EX-Series SSL VPN Appliances, page 605
Preparing SonicWALL SSL VPN Appliances

To prepare a SonicWALL SSL VPN appliance (non-Aventail) for GMS management:
1. 2. 3.
Log in to your SonicWALL SSL-VPN. Navigate to System > Administration. In GMS settings, select the Enable GMS Management check box.
4. 5. 6. 7.
Type the GMS host name or IP address of the GMS server in the GMS Host Name or IP Address field. Type the GMS syslog server port in the Syslog Server Port field. The default port is 514. Enter the heartbeat interval, in seconds, in the Heartbeat Interval (seconds) field. The maximum heartbeat interval is 86400 (24 hours). Click Apply.
604
Preparing SonicWALL Aventail EX-Series SSL VPN Appliances

There are specific requirements for preparing the SonicWALL Aventail EX-Series SSL VPN appliance for GMS management:
SonicWALL Aventail EX-Series SSL VPN appliances must be licensed before you can enable GMS management in the Aventail Management Console. When enabling GMS on a SonicWALL Aventail appliance, select Enable single sign-on for AMC configuration if you want direct access to the Aventail Management Console from the SonicWALL GMS right-click menu. If this check box is cleared, you can still open the AMC from the right-click menu, but you must enter your appliance login credentials. The SonicWALL Aventail EX-Series SSL VPN appliance allows HTTPS access only to its LAN port(s), and not to its WAN port(s). This means that when SonicWALL GMS is deployed outside of the Aventail LAN subnet(s), management traffic must be routed from GMS to a gateway that allows access into the LAN network, and from there be routed to the Aventail LAN port.
To prepare a SonicWALL Aventail EX-Series SSL VPN appliance for GMS management:
1. 2. 3. 4. 5.
Log in to your SonicWALL Aventail EX-Series SSL VPN. Click General Settings in the main Aventail Management Console (AMC) navigation menu. Click Edit in the Centralized management area. Select the Enable GMS management check box, and then enter the host name or IP address of the GMS console, and its port number. In the Heartbeat interval text box, set the interval (in seconds) at which the appliance indicates its readiness to send a report on authentication-related events, in addition to status information. An interval of 60 seconds is typical. Select Enable single sign-on for AMC configuration if you want to be able to open the Aventail Management Console and make changes to its configuration from within GMS. If this setting is cleared, you can still open AMC, but you must first enter your AMC login credentials; this is less convenient, but more secure. Select Send only heartbeat status messages if you want to only manage the appliance and not create reports for the appliance.
6.
7.
605
Adding SSL-VPN Appliances in GMS
For more information about preparing SonicWALL Aventail appliances for GMS management, see the SonicWALL GMS Aventail EX-Series Appliance Management feature module and the SonicWALL / Aventail EX-Series 9.0.0 Installation and Administration Guide on the SonicWALL Support Web site: http://www.sonicwall.com/us/Support.html

To add your appliance to GMS, perform the following tasks:
1. 2. 3.
Log in to GMS. Click the SSL-VPNs tab . In the left-most pane, right click and select Add Unit. The Add Unit popup displays.
4. 5.
Enter a descriptive name for the SonicWALL appliance in the Unit Name field. Enter the serial number of the SonicWALL appliance in the Serial Number field. On SonicWALL Aventail appliances, the serial number is found on a sticker on the back of the appliance. Enter it without hyphens into the field.
606
6.
For the Managed Address, choose weather to Determine automatically, or Specify manually. Most SMB SSL VPN deplyoments will be able to determine the address automatically. For Aventail deploiyments, choose to Specify manually and check the Aventail SSL-VPN appliance option. Enter the administrator login name for the SonicWALL appliance in the Login Name field. For SonicWALL Aventail SSL VPN appliances, the login name is pre-configured as GMS and cannot be changed. Enter the password used to access the SonicWALL appliance in the Password field. SSL-VPN deployments.
7. 8.
9.
10. The radio button next to Using HTTPS is automatically selected for 11. For SonicWALL Aventail SSL VPN appliances, enter 8443 in the HTTPS
Port field. Other SonicWALL SSL VPN appliances use port 443. pop up displays.
12. Click OK.. It may take up to a minute for the data to load; a Please Wait
The SonicWALL SSL-VPN displays in the left pane of the SonicWALL GMS interface as a yellow icon, which means the unit has not been acquired by SonicWALL GMS. After the appliance has been acquired, the icon will either turn red, indicating that the appliance status is down, or blue, indicating that the appliance status is up. For detailed appliance icon descriptions, see Understanding SonicWALL GMS Icons on page 25. It may take up to five minutes for the SonicWALL GMS to establish an HTTPS connection and acquire the SonicWALL appliance for management.
607
Managing SSL-VPN Appliance Settings

After a SonicWALL SSL-VPN appliance has been added to GMS, it can be modified or deleted. This section contains the following subsections:

Modifying an SSL-VPN Appliance on page 608 Deleting an SSL-VPN Appliance on page 609
Modifying an SSL-VPN Appliance

1. 2.
Click the SSL-VPN tab
In the left pane, right click the SSL-VPN appliance you want to modify and select one of the options Description Allows you to rename the unit. Allows you to change the appliance settings, including the unit display name, and appliance login name and password. Allows you to add the appliance to Net Monitor for real-time monitoring. Allows you to import XML settings. Allows you to select HTTP or HTTPS management to directly access the appliance. Single sign-on must be enabled for SonicWALL Aventail appliance to allow direct access to the Aventail Management Console from the SonicWALL GMS right-click menu. Otherwise you will be prompted to enter your Aventail appliance login credentials. Allows you to modify the properties of the appliance, including company, country and department names.
Option Rename Unit Modify Unit
Add to Net Monitor Import XML Login to Unit
Modify Properties
608
Deleting an SSL-VPN Appliance

1. 2. 3.
Click the SSL-VPNs tab
In the left pane, right click the SSL-VPN appliance you want to delete and select Delete. An alert will appear to verify the appliance deletion. Click Yes.
Note
It may take several seconds for the appliance to be deleted.
609
610
CHAPTER 32 Using General SSL-VPN Status and Tools

This chapter provides instructions for modifying the general status and tools for SonicWALL SSL-VPNs. To modify the general status and tools of an SSL-VPN appliance using GMS, click the SSL-VPNs tab at the top of the screen, then select the Policies tab. In the center pane, select General. You will see the options Status, Tools and Info. This section contains the following subsections:

SSL-VPN Status section on page 612 SSL-VPN Tools section on page 614 SSL-VPN Info section on page 616
611
SSL-VPN Status
SSL-VPN Status
The General > Status section provides the current status of the SSL-VPN appliance and allows for an instant update of appliance information using the Fetch Information button.
The General > Status section provides the following appliance information:
Table 11 General > Status Information
SSL-VPN Status Item SSL-VPN Model Serial Firmware Version CPU Number of LAN IPs allowed SSL-VPN Status
Description The SSL-VPN model number. The SSL-VPN serial number. The SSL-VPN firmware version information. The SSL-VPN CPU information. The number of LAN IPs allowed by the SSL-VPN. The current status of the SSL-VPN appliance, either Up, Down or Unacquired.
612
SSL-VPN Status
SSL-VPN Status Item Unit added to SonicWALL GMS on Management Mode
Description The date and time the SSL-VPN appliance was added to GMS. The management mode used to access the SSL-VPN, either HTTP or HTTPS. Includes the IP address and port of the SSL-VPN. The IP address of the primary agent. The number of tasks pending for the SSL-VPN. The up time since last reboot in days, hours, minutes, seconds.
Primary Agent Tasks Pending SSL-VPN Information
Using Fetch Information

To update the General > Status section using the Fetch Information button, perform the following tasks:
1.
Click Fetch Information. The update scheduler displays.
2.
Expand Schedule by clicking the plus button.
3.
Select the Immediate radio button. Alternatively, you can select the At button and specify a date and time for SonicWALL GMS to perform the update.
613
SSL-VPN Tools
4.
Click Accept. It may take several seconds for GMS to fetch the appliance information. The latest status will be displayed under General > Status.
SSL-VPN Tools
The General > Tools section provides the following options: Restart Appliance, Synchronize Now, Synchronize the Appliance with mysonicwall.com.
Note
The Restart Appliance option is not available for SonicWALL Aventail SSL VPN appliances.
Restarting SSL-VPN
To restart the SSL-VPN appliance, perform the following tasks:
1.
Click the Restart Appliance button. A confirmation pop-up displays.
2.
Use the Scheduler to specify a date and time for SonicWALL GMS to perform the update.
It may take several minutes for the SSL-VPN to restart.
614
SSL-VPN Tools
Synchronize Now
If a change is made to a SonicWALL appliance through any means other than through SonicWALL GMS, GMS is notified of the change through the syslog data stream. After the syslog notification is received, SonicWALL GMS schedules a task to synchronize its database with the local change. Auto-synchronization automatically occurs whenever SonicWALL GMS receives a local change notification status syslog message from a SonicWALL appliance. You can also force synchronization at any time for a SonicWALL appliance or a group of SonicWALL appliances. To synchronize the SSL-VPN appliance, perform the following tasks:
1.
Click the Synchronize Now button. A confirmation pop-up displays.
2. 3.
Click OK. Use the Scheduler to specify a date and time for SonicWALL GMS to perform the update.
It may take several seconds for SSL-VPN to synchronize.
Synchronizing with mysonicwall.com

SonicWALL appliances check their licenses and subscriptions with mysonicwall.com once every 24 hours. Using the Synchronize the Appliance with mySonicWALL.com button, you can force the SonicWALL SSL VPN appliance to synchronize this information with mysonicwall.com immediately. To synchronize the SSL-VPN appliance with mysonicwall.com, perform the following tasks:
1.
Click the Synchronize the Appliance with mysonicwall.com button. A confirmation pop-up displays.
615
SSL-VPN Info
2. 3.
Click OK. The update scheduler displays. Use the Scheduler to specify a date and time for SonicWALL GMS to perform the update.
It may take several seconds for the SSL-VPN to synchronize with mysonicwall.com.
SSL-VPN Info
The General > Info section provides the ability to update the contact information for the SSL-VPN appliance.
Updating SSL-VPN Appliance Information

To update the SSL-VPN appliance information, perform the following steps:
1. 2. 3.
Navigate to General > Info. Enter the appropriate information for each field. Click Update to update the information, or Reset to clear the form and start over.
616
CHAPTER 33 Registering, Upgrading, and Logging in to SonicWALL SSL-VPN Appliances

This chapter describes how to register SonicWALL SSL-VPN appliances using GMS. Register SSL-VPNs is an option in the Policies tab that registers your SSL-VPNs using the account information you provided when you registered your GMS. This chapter contains the following subsection:

Registering SonicWALL SSL-VPN Appliances on page 617 Upgrading SonicWALL SSL-VPN Firmware on page 619 Logging in to SSL-VPN using SonicWALL GMS on page 620
Registering SonicWALL SSL-VPN Appliances

Note
Registering SonicWALL Aventail SSL VPN appliances from GMS is not supported.
To register a SonicWALL SSL-VPN using GMS, perform the following tasks:

1. 2.
In the left pane, right- click the SSL-VPN you want to register and then select Login to Unit to open its management interface. In the SSL-VPN management interface, the System > Status page will be displayed. Record your Serial Number and Authentication Code from the Licenses and Registration box.
617
Registering SonicWALL SSL-VPN Appliances
3.
In the GMS management interface, navigate to the Policies panel. In the center pane, select Register/Upgrades > Register SSL-VPNs.
4.
In the right pane, click the Register button. The update scheduler displays.
5.
Expand Schedule by clicking the plus button.
6.
Select the Immediate radio button. Alternatively, you can select the At button and specify a date and time for SonicWALL GMS to perform the update. Click Accept.
7.
You will receive a confirmation in the right pane when the registration succeeded.
Note
If you receive an error message, navigate to the Console tab, then to Log > View Log. A detailed error message will be displayed.
618
Upgrading SonicWALL SSL-VPN Firmware
Upgrading SonicWALL SSL-VPN Firmware

The SonicWALL SSL-VPN appliance must be registered before the firmware can be upgraded. For information about registering your SSL-VPN appliance, refer to Registering SonicWALL SSL-VPN Appliances section on page 617.
Note
Upgrading SonicWALL Aventail SSL VPN appliances from GMS is not supported.
To upgrade the firmware of a SonicWALL SSL-VPN appliance using GMS, perform the following tasks:
1.
In the left pane, select the SSL-VPN you want to upgrade.
2.
In the center pane, navigate to Register/Upgrades > Firmware Upgrade. The current SSL-VPN appliance firmware is displayed under Current Status.
3. 4.
To upgrade the SSL-VPN appliance firmware using a file on the GMS server, click Upgrade firmware using files on the GMS Server. To upgrade the SSL-VPN appliance firmware using a local file, enter the path and file name of the firmware file in the field next to Upgrade firmware from local file, or click Browse to locate the firmware file. Click Upgrade firmware from local file. A message displays indicating that an appliance restart is necessary to complete the firmware upgrade. Click OK to continue.
5.
619
Logging in to SSL-VPN using SonicWALL GMS
6.
The license agreement message displays. Read the message and click OK to agree and download the firmware, or click Cancel to disagree and cancel the firmware upgrade.

To log in to the SonicWALL SSL-VPN using SonicWALL GMS, make sure that pop-ups are enabled on your Web browser and use the procedure in this section. SonicWALL Aventail SSL VPN appliances allow direct GMS login when Enable single sign-on for AMC configuration is selected when enabling GMS management. If SSO is not enabled, you can still open the Aventail Management Console from the right-click GMS menu, but you must then enter your appliance login credentials.
1. 2. 3. 4. 5.
.
Log in to SonicWALL GMS. Click the SSL-VPNs tab: In the left pane, click the SSL-VPN that you want to manage. If you see a security certificate warning, click Yes to continue. The SSL-VPN management interface opens in a new browser window. This may take several seconds.
620
You can now manage the SonicWALL SSL-VPN directly from the management interface. For detailed instructions about configuration tasks using the SonicWALL SSL-VPN management interface, refer to the SonicWALL SSL-VPN Administrators Guide, available at http://www.sonicwall.com/us/Support.html.
621
622
CHAPTER 34 CDP / Email Security Appliance Management

This chapter describes how to impliment and manage single or multiple deployments of SonicWALL CDP and Email Security appliances through GMS. Included is an introduction to the Multi-Solutions appliance management feature, and instructions for using the appliance configuration tools in SonicWALL GMS. This chapter contains the following sections:

Adding a CDP/ES Appliance to GMS section on page 624 Managing CDP/ES General Settings section on page 626 Registering CDP/ES Appliances section on page 632 Configuring Alerts section on page 634 Templates section on page 637 Accessing the CDP/ES Management Interface section on page 640 Using Multi-Solution Management section on page 640
623
Adding a CDP/ES Appliance to GMS

SonicWALL CDP appliances must be running firmware version 2.3 or later, while SonicWALL Email Security appliances must be running firmware version 7.2 or later to be managed using SonicWALL GMS. To configure a SonicWALL CDP/ES for SonicWALL GMS management, perform the following tasks:

Preparing the Appliance on page 624 Adding the Appliance to GMS on page 625 Registering CDP/ES Appliances on page 632
Preparing the Appliance

1. 2. 3.
Log in to your SonicWALL CDP or Email Security appliance. Navigate to System > Administration. In GMS settings, select the Enable GMS Management check box.
4. 5. 6. 7.
Type the GMS host name or IP address of the GMS server in the GMS Host Name or IP Address field. Type the GMS syslog server port in the Syslog Server Port field. The default port is 514. Enter the heartbeat interval, in seconds, in the Heartbeat Interval (seconds) field. The maximum heartbeat interval is 86400 (24 hours). Click Submit
624
Adding the Appliance to GMS

To add your appliance to GMS, perform the following tasks:
1. 2. 3.
Log in to GMS. Click the CDP appliance tab to add a CDP appliance to GMS, or click the ES appliance tab to add an Email Security appliance to GMS. In the left-most pane, right click and select Add Unit. The Add Unit popup displays.
4. 5. 6. 7.
Enter a descriptive name for the SonicWALL appliance in the Unit Name field. Enter the appliance administrator login name in the Login Name field. Enter the appliance administrator password in the Password field. Enter the appliance serial number in the Serial Number field. The serial number can be found in the appliance management interface under General > Status. The management mode defaults to Using HTTPS. Click OK. This may take up to a minute for the data to load.
8. 9.
625
Managing CDP/ES General Settings
The SonicWALL appliance is displayed in the left pane of the SonicWALL GMS interface as a yellow icon, which means the unit has not been acquired by SonicWALL GMS. After the appliance has been acquired, the icon will either turn red, indicating that the appliance status is down, or blue, indicating that the appliance status is up. For detailed appliance icon descriptions, see Understanding SonicWALL GMS Icons on page 25. It may take up to five minutes for the SonicWALL GMS to establish an HTTPS connection and acquire the SonicWALL appliance for management. Your CDP/ES is now ready for management using SonicWALL GMS.

After a SonicWALL CDP/ES appliance has been added to GMS, it can be managed through the CDP/ES Policies panel.

Viewing and Managing CDP/ES Status section on page 627 CDP/ES Appliance Tools for Synchronization section on page 630 Registering CDP/ES Appliances section on page 632 Modifying a CDP/ES Appliance section on page 633
626
Viewing and Managing CDP/ES Status

The General > Status windows displays both general deployment status, as well as individual appliance status for Email Security and CDP appliances. Views available in the Status screen are:

Global CDP/ES Status section on page 627 Individual CDP/ES Appliance Status section on page 628
Global CDP/ES Status

The Global status window displays information about all CDP or Email Security devices in the current GMS deployment.
For CDP appliances, there is an option to Fetch Information at both global and appliance levels. When in global view, this feature acquires information for all available CDP appliances, however, the results are only displayed when an individual appliance is selected.
627
Individual CDP/ES Appliance Status

The individual appliance status window displays information about the currently selected CDP or Email Security appliance.
Note
For CDP appliances, click the Fetch Information button for an updated view. This feature is also available on a global level.
General Appliance Status Information

The General > Status screen provides the following appliance information: Status Item Model Serial Number Firmware Version CPU Number of LAN IPs allowed Status Description The CDP/ES model number The CDP/ES serial number The CDP/ES firmware version number The CDP/ES CPU information The number of LAN IPs allowed by the CDP/ES The current status of the CDP/ES appliance, either Up, Down or unacquired
Unit added to The date and time the CDP/ES appliance was added SonicWALL GMS on to GMS
628
Status Item Management Mode
Description The management mode used to access the CDP/ES, either HTTP or HTTPS; includes the IP address and port of the CDP/ES The IP address of the primary agent (server, laptop, or PC intended to be backed up on the SonicWALL CDP/ES Appliance) The IP address of the secondary agent used in case of failure The number of tasks pending for the CDP/ES The scheduled task to be executed The up time since last reboot in days, hours, minutes, seconds
Primary Agent
Standby Agent Tasks Pending Last Log Entry CDP/ES Information
CDP Appliance Information

The CDP Information section of the General > Status screen provides additional information about the selected CDP appliance.
629
CDP/ES Appliance Tools for Synchronization

The General > Tools section provides the following options to synchronize both the static and dynamic information:

Synchronize Now section on page 630 Synchronizing with mySonicWALL.com section on page 630
Synchronize Now
If a change is made to a SonicWALL appliance through any means other than through SonicWALL GMS, GMS is notified of the change through the syslog data stream. After the syslog notification is received, SonicWALL GMS schedules a task to synchronize its database with the local change. Auto-synchronization automatically occurs whenever SonicWALL GMS receives a local change notification status syslog message from a SonicWALL appliance. You can also force synchronization at any time for a SonicWALL appliance or a group of SonicWALL appliances. To synchronize the appliance, perform the following tasks:
1. 2. 3. 4.
In the General > Tools screen, click Synchronize Now. A confirmation pop-up displays. Click OK. Use the scheduler to update immediatley, or selecte a date in the future. Click the Accept button.
It may take several seconds for the appliance to synchronize.
Synchronizing with mySonicWALL.com

SonicWALL appliances check their licenses and subscriptions with mysonicwall.com once every 24 hours. Using the Synchronize the Appliance with mySonicWALL.com button, you can force the SonicWALL CDP or ES appliance to synchronize this information with mysonicwall.com immediately.
630
To synchronize the appliance with mySonicWALL.com, perform the following tasks:

1. 2. 3. 4.
On the General > Tools page, click the Synchronize the Appliance with mySonicWALL.com button. A confirmation pop-up displays. Click OK. Use the scheduler to update immediatley, or selecte a date in the future. Click Accept.
It may take several seconds for the SonicWALL appliance to synchronize with mySonicWALL.com.
Editing CDP/ES Appliance Contact Information

The General > Info screen allows you to edit CDP or Email Security appliance information on a global or unit level.
631
Registering CDP/ES Appliances

To register a CDP or ES appliance, you must perform tasks on GMS and on the CDP or ES appliance through its local user interface. See the following sections:

Registration Tasks on GMS section on page 632 Registration Tasks on the CDP/ES Appliance section on page 633 Modifying a CDP/ES Appliance section on page 633 Deleting a CDP/ES Appliance section on page 634
Registration Tasks on GMS

When you add an appliance, GMS creates a task to register it. You can see the scheduled Appliance Registration task in the Console > Tasks > Scheduled Task screen.
Note
When a unit is added to GMS, once it is acquired successfully by GMS, it is automatically registered by GMS. However, CDP or ES appliances cannot be used until you complete the registration tasks on the local CDP/ ES appliance.
You can also register appliances manually in GMS. To register a CDP/ES appliance:
1. 2. 3.
In the left pane of the CDP or ES appliance, select the appliance. Click the Policies tab. In the center pane, navigate to Register/Upgrades > Register CDPs / Register ESAs.
4.
Click Register. The scheduler displays.
632
5.
Use the scheduler to update immediatley, or selecte a date in the future.
Note
When registering a CDP appliance, you will need to specify the offsite backup location between Europe or North America. Click Accept. It may take several seconds for GMS to contact SonicWALL to register the CDP/ ES appliance.
6.
Registration Tasks on the CDP/ES Appliance

After the GMS task has been executed, it disappears from the table of scheduled tasks in the Console > Tasks > Scheduled Tasks screen. You can now perform the local registration tasks on the CDP/ES appliance. For more information on CDP registration, see the SonicWALL CDP Getting Started Guide for your CDP appliance. The SonicWALL Email Security Getting Started Guide for your Email Security appliance for more information on Email Security Appliance registration.
Modifying a CDP/ES Appliance

1. 2.
Click the CDP or ES tab . In the left pane, right click the CDP/ES appliance you want to modify and select one of the following options:: Description Allows you to rename the unit. Allows you to change the appliance settings, including the unit display name, and appliance login name and password. Allows you to delete the unit. Allows you to add the appliance to Net Monitor for real-time monitoring. Allows you to import XML settings. Allows you to modify the description of the appliance, including company, country and department names.
Option Rename Unit Modify Unit
Delete Add to Net Monitor Import XML Modify Properties
633
Configuring Alerts
Deleting a CDP/ES Appliance

1. 2. 3.
Click the CDP or ES tab. In the left pane, right click the CDP/ES appliance you want to delete and select Delete. An alert will display to verify the appliance deletion. Click Yes.
Note
It may take several seconds for the appliance to be deleted.
To access the GMS Policies panel for CDP management, click the CDP icon at the top of the screen, then select the Policies tab. To access the GMS Policies panel for Email Security management, click the ES icon at the top of the screen, then select the Policies tab.The following sections describe the CDP and ES management options available on the Policies panel.
Configuring Alerts
The Events > Alerts screen allows you to add, edit, or delete a Unit Status alert for managed CDP/ES appliances. See the following sections:

Adding Alerts on page 635 Enabling/Disabling Alerts on page 635 Deleting Alerts on page 636 Editing Alerts on page 636 Current Alerts on page 637
634
Configuring Alerts
Adding Alerts
To add or edit an alert:
1.
Select a CDP or ES appliance in the left pane, click the Policies tab, and click on Events > Alert Settings.
2.
Click the Add Alert link. The screen displays. Enter the name and description, and click Update.
Enabling/Disabling Alerts
To enable/disable an alert:
1. 2.
Select the Enabled checkbox of the alert you wish to enable. Click the Enable/Disable Alert(s) link. A confirmation window will display. Click OK to enable/disable.
635
Configuring Alerts
Deleting Alerts
To delete an alert:
1. 2.
In the Events > Alerts Settings screen, select the checkbox of the Alert you wish to delete. Click the Delete Alert link. A confirmation window will display.
3.
Click OK to delete. You can also delete an alert by clicking the Delete icon under the Configure section of the alert you wish the delete.
Note
Editing Alerts
To edit an alert:
1.
Click the Configure icon of the alert you wish to edit.
2.
The Edit Alert page will display. When you finish making edits to this alert, click Update.
636
Templates
Current Alerts
To check the status of current alerts for your CDP or Email Security appliance, follow the procedures listed:
1. 2.
Click on the appliance you wish to check the alerts for. From the Policies tab, navigate to the Events > Current Alerts page. All active alerts for this appliance will be listed under Alert Listing.
Templates
A Template is simply a collection of Recordings from one or more appliances of the same type. A Template belongs to a user of a particular domain, and remains visible only in that domain. That is, Templates from one domain are not visible in another domain. A user only has access to his or her own Templates (editing, deleting, or moving Templates). It is recommended that a Template contains Recordings with data that does not conflict with the data in another Recording, as this may cause the deletion of data previously applied, unless intended. For example, a Template should not contain a Recording of setting a time zone to IST, followed by a Recording of setting a time zone to PST, unless it is intentional by the user.
Template Management Screen

The Template Management Screen includes the following sections:

Add Recording on page 637 Edit Recording on page 638 Add/Edit Template on page 638 Move Recording on page 639 Delete Template(s)/Recording(s) on page 639 Applying a Template or a Recording on page 640
Add Recording
This is used to save a freshly created recording. This screen appears when the Recording is stopped. This new recording can be directly added to one of the existing Templates or to the default Template.
637
Templates
Edit Recording
This is used to edit an existing recording.
Add/Edit Template
This is used to create a new Template or to edit an existing Template.
638
Templates
Move Recording
This dialog screen is used to move one or more recordings from one Template to another.
Delete Template(s)/Recording(s)
This is used to confirm the deletion of Template(s) and recording(s).
639
Accessing the CDP/ES Management Interface
Applying a Template or a Recording

Follow the procedures listed below to successfully apply a Recording of a Template to an appliance or a group of appliances:
1.
Click on the Unit/Group Node from the Tree Control that you wish to apply a Template or a Recording for. Based on the Node selected on the Tree Control, the Templates screen will list only those Templates/Recordings that can be applied to the currently selected node. Select the checkbox next to the Template you wish to apply. Specify a Schedule for the Template/Recording to be applied. Note that once applied, a task will be created. To view the newly created task, click on the Console tab, and navigate to Tasks>Scheduled Tasks. To verify if the task executes successfully, navigate to Log>View Log. You can also navigate back to the User Interface screen of the appliance that you applied the Template to also verify that the changes are successful.
2.
3.
Accessing the CDP/ES Management Interface

You can access the CDP or Email Security management interface from SonicWALL GMS. This section provides a brief introduction to the CDP and ES management interface. For detailed configuration tasks available on the CDP or ES management interface, refer to either appliances respective SonicWALL Administrators Guide.
Using Multi-Solution Management

SonicWALL GMS is used to primarily manage SonicWALL UTM appliances where the majority of the web user interface of those appliances are duplicated and implemented in GMS. This is mainly done so the user has a common experience while working on GMS or on the appliance interface. Whenever new functionalities or screens are added, modified, or deleted in the appliance user interface, the same functionalities need to be implemented on the GMS interface. Over time, SonicWALL has expanded its GMS management with other SonicWALL appliances, such as CDP and Email Security. This expansion of GMS management along with other SonicWALL appliances led to finding a generic solution where GMS would be able to manage all these appliances, as well as have the ability to support any new appliance types in 640
the future. The Multi-Solution Management feature in GMS provides the capability to support management of all these appliance types through their web user interface over HTTP and HTTPS. Another advantage to the Multi-Solution Management enhancement is that GMS Core Management functionalities, like creating tasks to post policies, scheduling tasks at the Unit Node and Group Node levels, and many more will also be configurable through the enhancement. The Multi-Solution Management feature provides the next generation management capability in GMS. The Multi-Solution Management includes the following sections:

Logging into the CDP/ES Management Interface on page 641 Configuring Multi-Solution Management on page 642 Recording on page 644 Configuring Heartbeat using Email Security CLI on page 648
Logging into the CDP/ES Management Interface

To log in to a SonicWALL CDP/ES appliance using SonicWALL GMS, ensure that pop-ups are enabled on your Web browser, and perform the following tasks:
1. 2. 3.
Log in to SonicWALL GMS. Click the CDP or ES panel. In the left pane, click the CDP or ES appliance that you want to manage. You may see a security certificate warning. Click Yes to continue. To open the CDP/ES management interface, click Management > User Interface. You will be directed to the User Interface of this appliance. To return to the Policies tab, click the Status Page button.
Note 4.
You can now manage the SonicWALL CDP/ES directly from the management interface. For detailed instructions about configuration tasks using the SonicWALL CDP management interface, refer to the SonicWALL CDP Administrators Guide. For detailed instructions about configuration tasks using the SonicWALL Email Security management interface, refer to the SonicWALL Email Security Administrators Guide.
641
Configuring Multi-Solution Management

Navigate to the Host Role Configuration page and configure the MSM Server Protocol and MSM Server Port settings.
Note
If you choose HTTPS, the server uses the same SSL keystore or certificate that is used by the Tomcat web server.
642
The Management Screen Group page is one of the latest supported screens for this new feature.
From this screen, you can navigate to the Template screen or the User Interface screen. Note that the User Interface screen is only available at the Unit Node level. The Templates screen displays all the applicable Templates for the selected Unit/Group Node on the Tree Control.
643
Management Processes Unchanged

The following management processes are still available with Multi-Solution Management:

Adding a Unit into GMS The Unit Acquire process Unit Status monitoring through Heartbeat syslogs Task creation and scheduling Execution of Task(s) by the Scheduler service All other core management processes
Recording
The Recording option provides an easier way to apply configurations for one appliance to another similar appliance. You have the option of saving the Recording into the Default Template or into a new Template. The data recorded between one Start Recording and Stop Recording action is called a Recording.
Note
Recording can only be applied to a compatible appliance. For example, a Recording for the CDP 5.0 appliance can be applied to other CDP appliance, but a Recording for the Email Security appliance cannot be applied to a CDP appliance.
To successfully create and save a Recording, follow the procedures listed below:
Step 1 Step 2
Click on the User Interface screen of the Unit Node (appliance) on which you want to make the changes and record on. Navigate to the screen in which you wish to make changes. In this example, we wish to modify General Settings on the Default Message Management screen.
644
Step 3
Next, start the recording by clicking on the Start Recording button on the Recording Controls Panel. Once you see the Recording in progress notification at the top, you can start modifying the settings. In this example, the Number of days to store in Junk Box before deleting changes to 60 days, and the Number of Junk Box messages to display per page changes to 400 rows.
645
Step 4
When finished making changes, click the Apply Changes button. A screen will appear notifying you that the changes were successfully applied.
Step 5
More changes can be recorded similarly. Once you have finished making the necessary changes, stop the Recording by clicking the Stop Recording button on the Recording Controls Panel. A dialog box will display asking if you wish to save the Recording. Click OK.
646
Step 6
Next, the Add Recording dialog box will display. Type in Name and a brief Description of the Recording that will be useful in identifying the Recording at a later time. Indicate if this Recording should be saved into the Default Template or into a New Template. Click Update when you are finished.
Step 7
The Templates screen will display, notifying you that the changes to the Recording were successfully saved.
647
Configuring Heartbeat using Email Security CLI

Configuring a heartbeat with GMS is exclusively available on the Email Security Command Line Interface (CLI). Follow the steps below to configure a Heartbeat with GMS using the Email Security CLI.
Step 1 Step 2 Step 3 Step 4
Login to the SNWLCLI as admin. Enter the command gms. This will display the EMS current settings for the GMS heartbeat displayed. Next, set the EMS appliance heartbeat. In this example, the heartbeat interval is 60 seconds. Enter the destination IP address of your GMS server. In this example, the destination IP address is 10.195.11.38.
Note
It is not mandatory to send heartbeat messages to a GMS management server, but it does provide GMS with more data during Multi-Solution Management.
648
Part 3 Reporting
649
650
CHAPTER 35 GMS Reporting Features

This chapter describes how to use GMS reporting, including the type of information that can appear in reports. A description of the available features in the user interface is provided. Settings for reporting on the Console and Policy panels are described. This chapter includes the following sections:

GMS Reporting Overview section on page 651 Navigating GMS Reporting section on page 655 Showing Domain Names in Reports section on page 666 Managing GMS Reports on the Console Panel and Policies Panel section on page 667 For information about archiving report data using the Move Data to Archive (MDTA) feature, see the Management section on page 1000 in the Managing Reports in the Console Panel chapter. section on page 669
GMS Reporting Overview

Monitoring critical network events and activity, such as security threats, inappropriate Web use, and bandwidth levels, is an essential component of network security. GMS Reporting complements SonicWALL's Internet security offerings by providing detailed and comprehensive reports of network activity. The GMS Reporting Module is a software application that creates dynamic, Web-based network reports. The GMS Reporting Module generates both real-time and historical reports to offer a complete view of all activity through
651
SonicWALL Internet security appliances. With GMS Reporting, you can monitor network access, enhance security, and anticipate future bandwidth needs. You can search saved reports by using the report search bar, available in most report screens in the GMS UI. The search bar provides pre-populated quick settings for the search field, and a drop-down calendar for the start and end dates. The search operator field offers a comprehensive list of search operators that varies depending on the search field, which can be either text-based or numeric. You can search all columns of report data except columns that contain computed values, such as %, Cost, or Browse Time. GMS waits until you click Search before it begins building the new report. The GMS Reporting Module:

Displays bandwidth use by IP address and service Identifies inappropriate Web use Provides detailed reports of attacks Collects and aggregates system and network errors Shows VPN events and problems Tracks Web usage by users and by Web sites visited Provides detailed daily firewall logs to analyze specific events.
Note
The GMS Reporting Module receives its information from the stream of syslog data sent by each SonicWALL appliance and stores it in the SonicWALL GMS database or as files on the hard-disk. GMS Reporting can be enabled or disabled. Once disabled, the Reports tab disappears from the SonicWALL GMS User Interface (UI) and the syslog data is no longer stored.
652
Viewing GMS Reports

The GMS reports are available on the UTM and SSL-VPN tabs of the GMS interface, under the Reports tab in the middle pane:
The GMS Reports view is divided into three panes:
A list of views and individual units referred to as the TreeControl: In the left pane, you can select a top level view, a group view, or a unit to display reports that apply to the selected view or unit. GlobalView is the default top level selection. A list of reports: The middle pane provides a list of available reports that changes according to your selection in the TreeControl pane. The reports are divided into categories. You can click on the plus sign next to a category to view the list of reports in that category. You can click on an individual report name to view that report.
653
The report: The right pane displays the report that you selected in the middle pane for the view or unit that you selected in the TreeControl. For most reports, the search bar is provided at the top of the pane. Above the search bar a link to the Scheduler is provided. You can change the time for the report to run by clicking the Schedule link or its clock icon in the upper right. A quick access link to your systems printer is also available in the upper right corner. To print the report, click the Print link or icon. To access the display settings for the report, click More Options to the right of the search bar.
The SonicWALL GMS reporting feature provides the following configurable reports:
Table 12 Dashboard Status Custom Report* Configurable Reports
Bandwidth Services* Web Usage Web Filter FTP Usage Mail Usage VPN Usage Attacks Virus Attacks Anti-Spyware Intrusion Prevention Application Firewall Authentication
Provides a high-level activity summary. Provides up-time and down-time status reports. Provides Internet Activity and Website Filtering reports with details from raw data *Custom Reports are only available at the unit level. Provides bandwidth usage reports. Provides events and usage by service protocol. *Services reporting is only available at the unit level. Provides Web usage reports. Provides web filter event reports. Provides FTP usage reports. Provides mail usage reports. Provides VPN usage reports. Provides attack event reports. Provides virus attack event reports. Provides spyware event reports. Provides intrusion event reports. Provides Application Firewall reports. Provides login reports.
654
Navigating GMS Reporting

GMS Reporting is a robust and powerful tool you can use to view detailed reports for individual SonicWALL appliances or groups of appliances. This section describes each view and what to consider when making changes. It also describes the Search Bar and display options for interactive reports, as well as other enhancements provided in SonicWALL GMS . See the following sections:

Global and Group Views on page 656 Unit View on page 657 Using Interactive Reports on page 658 Searching for a Report on page 659 Collapsible TreeControl Pane on page 664 Enabling/Disabling Scheduled Reports on page 664 Combined Reports on page 664 Improved Navigation on page 665
655
Global and Group Views

From the Global and Group views of the Reports Panel, Summary and Over Time reports are available for all SonicWALL appliances within a group or all SonicWALL appliances being managed by SonicWALL GMS. To open the Global or Group view, click the GlobalView icon in the upper-left hand corner of the left pane or select a Group Icon. The Status page displays.
As you navigate the SonicWALL GMS reports screens with the GlobalView or Group view selected and view different reports, the settings that you specify are maintained in effect throughout the session.
656
Unit View
From the Unit view of the Reports panel, reports contain detailed data for the selected SonicWALL appliance. To open the Unit view, click the Reports tab. Then, click a SonicWALL appliance in the left pane of the SonicWALL GMS interface. The report page for the SonicWALL appliance displays.
As you navigate the Reports panel with a single SonicWALL appliance selected and change settings, those settings will remain in effect throughout the session.
657
Using Interactive Reports

GMS provides interactive reporting to create a clear and visually pleasing display of information. The following figures provide examples of an interactive report graph and a pie chart for Summary and Top Users. You can control the way the information is displayed by adjusting the settings which are collapsed in the search bar.
658
Searching for a Report

The search bar feature provides search and configuration capabilities for every report. In addition to the original quickset functions, the search bar has intuitive search fields to provide context-based searching.
The search bar contains a number of helpful components that allow you to specify search parameters and locate a report with ease. The components of the search bar include:
A column drop-down list: The searchable column drop-down list contains all the searchable columns of a report. It is context-based, containing different options in different reports. The column drop-down list defines criteria for the search and filter functions. An operator drop-down list: There are two types of operator sets. If the content of the selected column is character-based, a character-based list is displayed. If the column contains numerical data, a list with mathematical symbols is displayed. A search text field: You can input a search string into this field. Start date and end date calendar fields: You can also search for reports by date. Clicking on the Start field displays a drop-down calendar where you can select day, month, and year by using the side arrows to navigate. You may also navigate through dates by clicking on the arrows located beside the start date and the end date fields. Detailed drop-down menu
659
The collapsed and expanded Search Bar views are shown below:
660
The search bar feature consists of a column drop-down list, an operator drop-down list, a search text field, and a detailed pull-down menu. Search/Filter functions can be performed by utilizing various components reporting at unit and group level. The drop-down list contains all the searchable columns of a report. It is context-based, meaning that it contains different options in different reports. The column drop-down list defines criteria for search and filter functions to work on.
There are two different operator sets. If the content of the selected column is character-based, the character based operators will show:
A character-based list contains Equals, Start with, End with, and Contains operators. If the content of the selected column contains numerical data, a list with mathematical symbols plus the between operator selection will display:
661
A generated report is shown below with user name (Users) starting with (Start With) 10.50.20 (the value of the search text field).
A generated report is shown below in which the Hit count (Hits column) is greater than (>) 100 (the value of the search field).
662
The calendar module of the search bar is shown below. You can use the calendar module to easily select a date for the Start or End field. You can also manually type in a date. For single day reports, the End field is disabled.
The detailed options are per report based. For example, if you select PIE as the chart type for report A, you will still see Bar chart in report B if the bar chart was the existing chart type. The detailed drop-down menu can be expanded by clicking More Options as shown in the red circle below. As Figure 5 and Figure 6 show, the options in the detailed drop-down menu are context-based. Figure 5 shows the detailed options of the Web Usage By User report. As you can see, Figure 6 contains different options because it is specific to the By User report.
Figure 5 Context-based Detail Options
663
Figure 6
Web Usage by User - Report Display Settings
Collapsible TreeControl Pane

The unit TreeControl pane can be collapsed to free up screen space by clicking on the the small arrow button to the right of the Add Unit, Modify Unit, Refresh, and Find buttons above the TreeControl pane. The panel can be brought back by clicking the same button.
Enabling/Disabling Scheduled Reports

GMS allows you to disable a scheduled report without deleting it. This allows you to re-use the report at a later time without having to create it again. To enable or disable a report, navigate to the Configuration > Scheduled Reports page under the Reports tab. This screen shows all the scheduled reports on the current appliance. Select the checkbox in the row for a report(s) that you wish to disable, and click the Disable Selected Scheduled Reports button above the table. After confirmation, the check mark in the Enabled column is grayed out. To re-enable the report, use the Enable Selected Scheduled Reports button above the table.
Combined Reports
Users familiar with GMS4.0 will find two categories of reports that are no longer visible on the function tree: the Browse Time report and the ROI report. The information from these two reports have been folded into the Web Usage and Bandwidth reports, respectively. The Web Usage report pages now feature a Browse Time column. The Bandwidth report pages feature a Cost($) column that displays all the information previously displayed by the ROI reports. 664
Improved Navigation
To save time, GMS now features linked reports. Web Usage and Web Filter reports now link their By User and By Site pages. It is now possible to navigate directly from the Web Usage > By User page to a Web Usage > By Site page or from the Web Filter > By User page to a Web Filter > By Site page detailing the information of the site that the user has been browsing. Click the Plus sign next to the entry in the User column to show details, and hover the mouse over a site. A sticky tooltip will display with a link to the corresponding sites report page. This makes navigating from one report to the next much easier and makes retrieving detailed information simple.
Sample Navigation Use Case

This sample use case demonstrates the improved navigation feature. In this use case you will open up the Web Usage > By User report and observe what sites the top browser has been visiting. Then you will move directly from the By User report to a detailed By Site report.
1.
Navigate to the Web Usage > By User report from the Report tab.
2.
Click the Plus button next to any IP address in the User column. This displays detailed information about the sites that the user at that address has been visiting.
665
Showing Domain Names in Reports
3.
Hover your mouse over a site in this list. Click the Navigate to Top Visited Web Sites By Site link to navigate directly to the Web Usage > By Site report page.
The Web Usage > By Site report page shows detailed information about Web traffic to this site. Information in this report include the IP addresses of users who have browsed that site, as well as how much time they have spent browsing.
Showing Domain Names in Reports

Reports sometimes show the domain names of systems or websites, and sometimes show only the IP address. This is caused by different firmware versions on the appliances for which reports are being generated. The reporting subsystem consumes the contents of src, dst, dstname, and other tags from the syslog messages. The syslog format and tags depend on the version of the firmware. For firmware that includes name resolution, the reports will list the domain.
666
Managing GMS Reports on the Console Panel and Policies Panel
Note
In SonicWALL GMS 5.1 and above, the Name Resolution option on the UTM appliance (where the firmware supports it) is enabled when a unit is added. This does not apply to already existing appliances in the system.

There are management settings for the GMS Reporting Module on the GMS Console panel. The Policies panel also contains certain screens that are useful when managing GMS reporting. The Reports panel contains limited configuration screens, used for managing scheduled reports and per-unit settings.
The Management section of the Console panel controls the configuration of GMS, including settings which have an effect on GMS Reports.
667
For information about GMS management settings, see the Settings section on page 941 in the Configuring Management Settings chapter. For information about user screen permissions, see the Moving a User section on page 957 in the Configuring Management Settings chapter.
The Reports section on the Console panel is divided into sections that allow you to manage system-wide settings, including the following:
Table 13 Console > Reports
Section Settings Summarizer
Settings Report Settings/Options Log Viewer Settings Summarizer Settings Reports Data Summarization Interval Syslog Deletion Schedule Host Name Resolution Settings
Email/Archive
Email/Archive Time Settings Days to Store Archived/Published reports Email/Archive Configuration - Web Server Details Logo Settings SortBy Settings In PDF Reports
Scheduled Reports
Summary Search Criteria Search Results
Management
Report Data Management Settings
The Reports section of the Console panel controls settings for syslog data collection, summarizer configuration, email and archiving, scheduling reports, and archiving report data. The Logs section of the Policies panel provides settings for controlling the rate of syslog event logging.
For information about syslog data collection settings, see the Enabling Report Table Sorting section on page 982 in the Managing Reports in the Console Panel chapter. To configure the syslog event rate, see the Configuring Log Settings section on page 278 in the Configuring Log Settings chapter.
668
For information about the summarizer, see the following sections in the Managing Reports in the Console Panel chapter:
About Summary Data in Reports section on page 983 About the Distributed Summarizer section on page 984 Summarizer Settings and Summarization Interval section on
page 987
For information about Email and Archiving settings, see the Configuring Email/Archive Settings section on page 994 in the Managing Reports in the Console Panel chapter. For a description of how to schedule reports in the Console panel, see the Scheduled Reports section on page 995 in the Managing Reports in the Console Panel chapter. For information about archiving report data using the Move Data to Archive (MDTA) feature, see the Management section on page 1000 in the Managing Reports in the Console Panel chapter.
669
670
CHAPTER 36 Scheduling and Configuring Reports

This chapter provides information about scheduling automatic reports and configuring data summarization settings. It also describes how to view the list of current alerts on the Events > Current Alerts page. This chapter also describes how to export compliance reports in PDF format. The settings described in this chapter are applied on a per-unit or per-group basis. This chapter includes the following sections:

Configuring Scheduled Reports section on page 671 Selecting Reports for Summarization section on page 675 Configuring Inheritance for Reporting Screens section on page 676 Configuring Data Storage Settings section on page 677 Configuring Summarization Data for Top Usage section on page 678 Configuring Summarization Data for Bandwidth Reports section on page 679 Viewing Current Alerts section on page 680 Scheduling PDF Compliance Reports section on page 680
Configuring Scheduled Reports

SonicWALL GMS Reporting can automatically send reports to any email addresses that you specify. This section contains the following:

Viewing or Managing Scheduled Reports on page 672 Adding or Editing a Scheduled Report on page 673
671
To create scheduled email reports in PDF format as Compliance Reports, see the Scheduling PDF Compliance Reports section on page 680.
Viewing or Managing Scheduled Reports

To view , delete, or enable/disable currently scheduled reports, perform the following steps:
1. 2.
Click the Reports tab and select a SonicWALL appliance. Expand the Configuration tree and click Scheduled Reports. The Scheduled Reports page displays.
3.
On the Scheduled Reports page, to add a new scheduled report, click Add Scheduled Report. See Adding or Editing a Scheduled Report on page 673. To edit a report, click the pencil icon in that row. See Adding or Editing a Scheduled Report on page 673. To delete a report, select the checkbox in that row and then click Delete Selected Scheduled Reports. To disable a scheduled report, select the checkbox in that row and then click Disable Selected Scheduled Reports. To enable a disabled report, select the checkbox in that row and then click Enable Selected Scheduled Reports. To select all reports in the list, click Select All Scheduled Reports.
4. 5. 6. 7. 8.
672
Adding or Editing a Scheduled Report

You can add a new scheduled report or edit an existing one on the Reports panel on the Configuration > Scheduled Reports screen. When adding or editing the report, you can configure its name, category, formats, cover page, summary report page, and detailed reports page. You can also use or create a profile for the detailed reports page settings. To add or edit a new scheduled report, perform the following steps:
1.
Navigate to the Configuration > Scheduled Reports page on the Reports panel and do one of the following:
To add a new schedule report, click the Add Scheduled Report
button.
To edit an existing report, click the pencil icon in that row. The
Scheduled Report Configuration window displays.

2. 3. 4. 5. 6.
Enter a name for the report in the Name field. Enter descriptive information in the Description field. To email the report, select the Email check box. The screen expands to show email configuration settings. Enter the IP address of the mail server into the SMTP Server field. By default, the GMS Reporting Module will use the email address that was configured in the Console panel in the Management > GMS Settings screen as the Sender email address. To change it, enter a new Sender email address in the Source Email Address field. Enter one or more destination email addresses, separated by semicolons, into the Destination Email Addresses field. Enter the Subject Line that will appear in reports sent from the GMS Reporting Module in the Email Subject field. Enter text that will appear in the message body in the Email Body field. select the Send Reports Inline check box. To send the file as an email attachment, make sure this check box is deselected.
7. 8. 9.
10. To copy the contents of the report into the body of the email message,
Note
Reports can only be sent inline when all data is sent in a single report.
11. To archive the file on the servers hard disk, select the Archive check box
and enter a path in the Save Directory field.
673
Specify the directory where the file will be archived in the Save Directory field.
12. For Report Type, select Daily, Weekly, or Monthly. 13. For Report Format, select HTML, XML, or PDF. 14. Select either Include all data in a single report or Zip Reports into a
single file.
15. If you selected PDF for the Report Format, you can create a password to
protect it by selecting Password Protect the PDF File and typing a password into the Password field. Users must input the password to view the contents of a password-protected PDF file. The content can be copied or printed, but is not editable by a PDF editor. Password Protect the Zip File and typing a password into the Password field. When both PDF and Zip Reports into a single file are selected, you can password-protect the PDF, but not the zip file.
16. If the zip file is selected, you can create a password for it by selecting
Note
17. For the Cover Page, enter a Title and Subtitle and select colors for the
Foreground and Background of the cover page.
18. For Summary Report Page, you can select up to 4 reports. Select a report
for the summary page from the Choose the Summary Reports drop down list, and then click Add.
19. For Detailed Report Page, do one of the following: Click Select an existing profile, and then select the profile to use
from the Profile Name drop-down list.
Click Create a new profile, type a profile name into the New Profile
Name field, and then select the checkboxes in the Report list for each report to be included. You can click the checkbox next to the Report heading to select all reports in the list.
20. Optionally click Configure Filters Options. For this procedure see
Configuring Filters and Options on page 675.

21. To see a preview of this scheduled report, click PREVIEW. 22. When finished, click Add.
674
Selecting Reports for Summarization
Configuring Filters and Options

1.
At the bottom of the Scheduled Report Configuration page, click the Configure Filters/Options button. The Display Options/Settings page displays. Select the number of sites to display in Top Sites reports (default: 20). Select the number of users to display in Top Users reports (default: 20). Select the number of sites to display in Sites by User/Users By Site reports (default: 20). Select the number of items to display in all other reports (default: 20). Select the number of entries per item to display in all other reports (default: 20). Under Inclusion Filter Parameters, enter a comma separated list of sites to include in By Site reports in the Site List field. Enter a comma separated list of users to include in By User reports in the User List field. To include the users full name and IP address in the report, select the Whole Name/IP checkbox. Interface drop-down list. Interface drop-down list.
2. 3. 4. 5. 6. 7. 8. 9.
10. For Bandwidth Usage reports, select the source from the Source 11. For Bandwidth Usage reports, select the destination from the Destination 12. Click the Update button to apply changes. The new report will appear in
the list on the Scheduled Reports page.
Selecting Reports for Summarization

This section describes how to tune the performance of the Summarizer by configuring which reports will be created. When an appliance is configured to communicate with GMS, you need to prepare it for syslog data collection for reporting. Make sure the summarizer is collecting data for the reports you want for this unit. To configure the Summarizer settings, perform the following steps:
1.
Click the Reports tab.
675
Configuring Inheritance for Reporting Screens
2.
Expand the Configuration tree and click Summarizer Settings. The Summarizer Settings page provides a list of reports and a correlating description of each report. Each report contains a checkbox that you can select to generate a summarized report.
3. 4.
Select the checkbox of each report type to summarize. When you are finished, click Update. Your configuration changes are saved automatically.
Configuring Inheritance for Reporting Screens

On the Configuration > Summarizer Settings screen, there is an option to synchronize report settings between the unit level and global/group level. This option can be displayed in any of the sections on this page when those settings are not synchronized between the unit level and global/group level. This option provides inheritance support for report settings.
676
Configuring Data Storage Settings
When you are viewing the screen at the unit level, the option is Sync group to appliance level settings. This is reverse inheritance. Click the Update button to apply your current unit level settings to the group to which this unit belongs.
When you are viewing the screen at the global or group level, the option is Sync appliance(s) to group level settings. This is forward inheritance. Click the Update button to apply your current global or group level settings to the appliances in this group.
Configuring Data Storage Settings

The Data Storage Configuration section of the Configuration > Summarizer Settings page allows you to specify the number of days to store summarized data and syslog data.
For all fields in this section, the minimum values should be 3 days, and will typically be longer. Raw syslog data is transferred to the GMS Summarizer system by individual SonicWALL appliances, where it is stored in raw syslog files. The data from these files is combined and stored in a raw syslog database. Data from this database is processed by the Summarizer and then stored in the summarized data database.
677
Configuring Summarization Data for Top Usage
The raw syslog files and databases older than the number of days specified here will get deleted by the global daily deletion schedule configured on the Console > Reports > Summarizer page. That page also provides a way to delete the summarized database for a certain date. See the Configuring the Syslog Deletion Schedule Settings section on page 991. To configure the Data Storage Configuration settings:
1. 2. 3. 4. 5. 6.
On the Reports tab, expand the Configuration tree and click Summarizer Settings. Scroll down to the Data Storage Configuration section. Type the desired number of days to store summarized data into the Days To Store Summarized Data field and then click Update. Type the desired number of days to store raw syslog database files into the Days To Store Raw Syslog Databases field and then click Update. Type the desired number of days to store raw syslog database files into the Days To Store Raw Syslog Databases field and then click Update. Type the desired number of days to store archived XML reports into the Days To Store XML reports field and then click Update.
Configuring Summarization Data for Top Usage

The Reports Summarization Data for Top Usage section of the Configuration > Summarizer Settings page allows you to enable Web event consolidation. When enabled, Web event consolidation reduces repetitive syslog event entries within the syslog database. Enabling Web Event Consolidation promotes search and summarizer efficiency by consolidating the syslog messages that result from a single click (for example, a visit to a Web page), and further correlates events by time proximity, such as multiple visits to the same URL by the same user within a set time, and HTTP header information. GMS consolidates syslog messages under the main domain name. When Web Event Consolidation is disabled, multiple syslog events are logged for one request. For instance, a single access to www.cnn.com can generate more than 70 syslog messages. Many of the 70 syslog messages refer to the links to other pages like images.cnn.com or video.cnn.com that are included in the Web page. In this simplified example, if Domain Only consolidation is selected, then only one Web event is recorded (cnn.com). If Host & Domain is selected, then you would see three Web events. You would see all 70 Web events if consolidation was not enabled at all. 678
Configuring Summarization Data for Bandwidth Reports
To enable Web event consolidation, perform the following:

1. 2. 3. 4.
On the Reports tab, expand the Configuration tree and click Summarizer Settings. Scroll down to the Reports Summarization Data for Top Usage section. Optionally select the Enable Homeport Syslog Reporting checkbox. Select the Enable Web Event Consolidation checkbox to consolidate repetitive syslog event entries within the syslog database and then select one of the following levels of consolidation:
Host & Domain - More restrictive, less consolidation Domain Only - More general, more consolidation
5.
Click Update.
Configuring Summarization Data for Bandwidth Reports

The Reports Summarization Data for Bandwidth Reports section of the Configuration > Summarizer Settings page allows you to configure the currency type and cost per megabyte for use in bandwidth reports. To configure the data for bandwidth reports, perform the following:
1. 2.
On the Reports tab, expand the Configuration tree and click Summarizer Settings. In the Reports Summarization Data for Bandwidth Reports section, select the currency type in the Type of Currency field. Over 20 different currencies from around the world are available. Specify an amount based on your chosen currency in the Cost Per Mega Byte Bandwidth Use field. Click Update.
3. 4.
679
Viewing Current Alerts

You can view a list of current alerts on the Events > Current Alerts page of the UTM, SSL-VPN, or CDP panel. Select a global view, group, or unit to view current alerts for your selection.
Scheduling PDF Compliance Reports

GMS can create scheduled email reports in PDF format. Called Compliance Reports, this feature allows you to export regular reports in universally readable format.
Compliance Report Overview

A Compliance Report is a report that collects report data and presents it in an organized format. The GMS Compliance Report feature allows administrators to provide more customized report summaries and to create more formal and defined layout of report information in PDF format. This feature provides the following benefits:

Customizable cover page (Default also available) Customize Summary/ Descriptions for the reports. Ability to customize a set of reports. Three reports can be persisted as a profile so that it can be consumed by less experienced users in the system. Reports can be generated in industry standard PDF format. Compressed format provides a smaller sized file than an equivalent HTML report. The print quality is higher. This feature has the ability to open a 200 page PDF report with ease. In comparison, opening the same report in HTML takes a more extensive amount of time using IE, as it is weighed down by memory and other systems.
Requirements
Adobe Reader plug-in is required for the preview function.
680
How Do Compliance Reports Work?

GMS has the capability to generate both online and scheduled reports in HTML format. Since PDF has become a standard document format for distribution, the compliance reports are based on this universal standard. Moreover, users are able to customize/define sections throughout the report. For example, they can assign different logos/titles to the cover pages for their customers.
Adding a New Scheduled Compliance Report

This section includes the following sub-sections:

Customizing Your Cover Page section on page 683 Customizing Your Summary Report Page section on page 684 Customizing Your Detailed Reports Page section on page 685 Editing Existing Profiles section on page 686 Verifying User Compliance Reports Configuration section on page 688
To begin creating a new customized Compliance Report, perform the following steps:
1. 2. 3.
Navigate to Reports > Configuration > Scheduled Reports. Click the ADD button, to add a scheduled report. The Scheduled Report Configuration page displays. In the General section, enter the name of your report into the Name field, and the report description.
681
4.
In the Category section, select the Email check box. The details window displays:

SMTP Server field: Enter your SMTP Server IP address or hostname. Source Email Address field: Enter your Source Email Address. Destination Email Address field: Enter the Destination Email Address(es). Email Subject field: Enter your Email Subject. Email Body field: Enter your Email Body.
5.
To archive a directory, click the Archive check box. Enter the your desired directory you want to archive into the Save Directory field.
To change the format and settings of your customized compliance report, perform the following steps:
6.
In the Format and Settings category, select the Report Type that reflects the time interval you want to view your reports, either Daily, Weekly, or Monthly.
682
7.
Select the PDF report format in the Report Format category. Selecting the PDF option will open additional fields to allow you to customize the set up of the Cover Page, Summary Report Page, and Detailed Report Page of your report in PDF format.
8.
To zip all of your reports into a single file, select the check box next to the Zip Reports into a single file check box.
Note 9.
PDF will disable some options that are only applicable to HTML.
For custom reports, enter the template folder name into the Template Folder Name field.
Customizing Your Cover Page

The Cover Page section allows the user to design a cover page for their report using different color schemes.
1. 2.
Title field: Enter the document title. Subtitle field: Enter the document subtitle. (Optional).
683
3.
Select the color for the Title and Subtitles foreground and background by clicking the gradient color box in the right side of the each field. You may select a color by either choosing a color on the color bar and then selecting its value in the color box or by typing in the HTML color.
4.
The color codes are automatically filled in the corresponding fields once the color chooser window is closed.
Customizing Your Summary Report Page

The Summary Report Page allows you to add new reports and individually customize their appearance.
1.
On the Summary report page, select the type of summary reports you need, up to a maximum of 4 reports. Then, click the Add button. The report will be created based on the type of summary report you have selected. Enter the report title in and report description in the appropriate fields. Select the text color for the title and description. Select the background color for both fields. Select the order in the Order drop-down window.
2. 3. 4. 5.
6.
You may continue to add reports based on the summary you select in the Summary Reports drop-down menu. Repeat steps 1-5 to add more summary reports.
684
Customizing Your Detailed Reports Page

The Details Report Page provides you with a list of reports you may select to include in your report summaries. You can refine your setting for your report in more detail in the Detailed Report Settings category. First, select the appropriate profile setting for your report. If you are creating a new profile, select the Create a New Profile button.
1.
New Profile Name field: Enter the name of your new profile.
2.
To determine the type of reports that will be summarized in your compliance report, check the boxes next to the reports you need. Sub-folders are revealed to each folder by clicking the plus icon. When all sub-folders are selected, the main folder will be selected. When you have completed your selection(s) of reports, scroll down the page until you see a check button with Configure Filters/Options beside it. Click the check mark button.
3.
685
4.
In the Configure Filter/Options section, you are able to decide how your filter and display is set. Once you have clicked the check button, fill out the table accordingly.
Editing Existing Profiles

A profile is associated with selected reports from the report list. You have the ability to go back and edit existing profiles in your scheduled reports. Since the report list is populated based on the report type selection, a profile is associated with the report type also. Instead of three categories, there will only be two: single day or multi-days. A profile in a single report will not be seen be seen by the users when they select weekly or monthly as report types. To edit existing profiles, perform the following tasks:
1.
Click the Edit icon, located next to the report name you want to edit.
2.
In the Detailed Page section, choose the Select an existing profile button.
Note
You are able to delete an existing profile in that section by clicking the Delete Selected Scheduled Reports button located at the top of the page.
686
3.
From the drop-down list in the Detailed Report Page, select the profile name you wish to edit. Choose the reports you want to add or remove from that profile. If a new profile has the same name as one of the existing profiles, the behavior will be the same as users opening the existing profile and edit the report list. When selecting an existing profile, the associated reports are checked in the report list automatically.
A default cover page is provided:
687
Verifying User Compliance Reports Configuration

If you have chosen the PDF version of this report, you now have the option to see a preview of the report covers you have created and how all of the report summaries you added will fit into that template. To review your customize PDF settings, click the Preview button:
Figure 7
Cover page; Summary page; and Details page Preview
Note
The images used for the preview do not use actual data.
688
CHAPTER 37 Viewing Reports

This chapter describes how to generate reports using the SonicWALL GMS Reporting Module. The following section describes how to configure the settings for viewing reports:

Managing Report Settings section on page 690 Viewing Dashboard Reports section on page 694 Using Custom Reports on UTM Appliances section on page 699 Viewing Status Reports section on page 716 Viewing Bandwidth Reports section on page 723 Viewing Services Reports section on page 731 Viewing Web Usage Reports section on page 733 Viewing Web Filter Reports section on page 751 Viewing File Transfer Protocol Reports section on page 767 Viewing Mail Usage Reports section on page 773 Viewing VPN Usage Reports section on page 780 Viewing Attacks Reports section on page 792 Viewing Virus Attacks Reports section on page 801 Viewing Anti-Spyware Reports section on page 807
Select from the following reports:
689
Managing Report Settings
Viewing Intrusion Prevention Reports section on page 814 Viewing Application Firewall Reports section on page 822 Viewing Authentication Reports section on page 828 Viewing the Log section on page 831

All of the reports in GMS report on data gathered on a specific date or range of dates. You can also edit the report settings for each report by using the Search Bar and the More Options button.
Editing Report Settings

To edit the report settings, use the Search Bar at the top of the report. You can search other reports, set the start and end dates for a report to view, or click More Options to access other Report Display Settings. For a detailed description, see the Searching for a Report section on page 659.
Selecting a Graphical Display

Some reports allow you to specify how many items to display in the report. Select 5, 10, 20, 50, 100, or All from the Number of Items list. This allows you to limit the display to a the specified number in order to make the report easier to read.
690
Many reports offer different graphical displays for the data, such as a bar-graph or a pie chart. To select a graphical display, select Chart and Table under Report Display Settings and choose the display type from the Chart Type list. Your selection should display immediately in the report screen. For most reports you can choose Area, Bar, Pie or Plot.
Setting a Date or Date Range

Summary reports display only information for a single date. Over-time reports display information over a date range.
Selecting a Single Date

To select a single date for a report, click on the Start or End fields in the Search Bar to display the drop-down calendar. The End field is only configurable for Over Time reports. In the calendar, you can set the month by
691
clicking the single arrows (<, >), or the year by clicking the double arrows (<<, >>). To select the month or year from a drop-down list, click and hold the arrow button. Click Search to begin building the report.
Selecting a Date Range

To select a date range for an Over Time report, select a Start Date and End Date in the Search Bar, and then click Search. You can use the drop-down calendars by clicking in either field.
Additional Settings
Many reports have additional settings that you can select such as source and destination interfaces to report traffic through or how to display names and IP addresses. Make your selection from these lists and click Search.
Troubleshooting Reports
One of the most common error messages when a report does not display is No Data. There are several reasons why you might see this error, and SonicWALL GMS 5.1 and higher displays the most likely reason and points you to the screen where you can make the necessary adjustments. Some examples are shown in the following figures.
Figure 8 Appliance is Down
692
Figure 9
Appliance in a Provisioned State
Figure 10
Configured for Status Only
693
Viewing Dashboard Reports

Dashboard reports display an overview of bandwidth, uptime, intrusions and attacks, and alerts for managed SonicWALL UTM appliances. The Security Dashboard report provides data about worldwide security threats that can affect your network. The Dashboard also displays data about threats blocked by the SonicWALL security appliance. Select from the following:

Viewing the Dashboard Summary Report on page 694 Viewing the Security Dashboard Report on page 697
Viewing the Dashboard Summary Report

At the global level, the Dashboard Summary report contains information about total bandwidth, average up time, total intrusions and attacks on SonicWALL appliances during the specified period. At the unit or group level, the Dashboard Summary report provides information about total bandwidth, total HTTP bandwidth, and total attacks. To view the Dashboard Summary report, perform the following steps:
1. 2.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance.
694
3.
Expand the Dashboard tree and click Summary.
4. 5.
The tables at the top of the page display the totals, using megabytes for the bandwidth totals. The graphical display breaks down the information as follows:
Bandwidthshown by group when viewed at global or group level. At
the unit level, the bandwidth is shown per hour.

HTTP Bandwidthat the unit level, this is shown as a pie chart with
eight slices. The top seven Web users by IP address are each shown as a slice, with all other HTTP bandwidth combined in the eighth slice.
Attacks Eventsat the global level, both attack events and virus
attack attempts are shown per group. At unit level, these are shown per hour.
695
Custom Report Templatesyour favorites list of saved custom
report templates. See Using Custom Reports on UTM Appliances on page 699. You can click the Edit icon next to the template on this page to edit the template in the Custom Report page and save it using the Save Template button. To delete the template, click the Delete icon.
Viewing Custom Reports on the Dashboard

SonicWALL GMS provides access to your saved Custom Report templates on the Dashboard > Summary page for the appliance. The template must have been previously created and saved for the same appliance on the Custom Report > Internet Activity or Custom Report > Website Filtering page.
When you click on a saved template, the detailed report page is displayed in Full Mode with the same categories in the same order as in the template that you saved. In the report page, the Print, PDF, and Excel icons are available, along with the pagination controls. There is no link to Split Mode and no Save Template button since this template is already saved.
696
You can also configure or delete a saved template from the Dashboard > Summary page. To access a custom report from the Dashboard:
1. 2. 3.
Select a unit for which Log Viewer is enabled, and then navigate to Dashboard > Summary. Locate the box labeled Custom Report Templates. All saved templates for this appliance are listed in the box. Do one of the following: To generate a Custom Report, click a saved template in the Custom Report Templates box. To configure a saved template, click the Configure icon for that template, make the desired changes, and then click OK. For configuration instructions, see Using Custom Reports on UTM Appliances on page 699. To delete a saved template, click the Delete icon then click OK in the confirmation dialog box. for that template and
Viewing the Security Dashboard Report

The Security Dashboard report shows two types of reports:

An Individual Appliance Report that displays a summary of attacks detected by the local SonicWALL security appliance. A Global Report that displays a summary of threat data received from all SonicWALL security appliances worldwide.
The Dashboard > Security Dashboard screen is available at the global level, but not at unit level for SonicWALL CSM Series appliances. To view the Security Dashboard report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Dashboard tree and click Security Dashboard. The Security Dashboard page displays.
697
Figure 11
Security Dashboard Page
4.
At the top of the screen, select either the Global radio button or, for reporting at unit level, select the radio button that is labeled with the units MAC address. Select Global to display a summary of attacks caught by SonicWALL appliances worldwide. Select the units MAC address to see results only for attacks through this unit. At all levels, the categories charted include the following:
Viruses Blocked by SonicWALL Network Intrusions Prevented by SonicWALL Network Spyware Blocked Multimedia (IM/P2P) Detected/Blocked
For each of these, the report includes the results over time for the top ten.
5.
Optionally select the period of time for the report from the drop-down box at the top right of each graphical display. At the unit level, you can select only the Last 21 days. At the global or group level, you can select from:
Last 12 Hours Last 14 Days Last 21 Days Last 6 Months
698
Using Custom Reports on UTM Appliances

Custom Reports are available at the unit level for appliances visible on the UTM tab. Log Viewer must be enabled for the appliance. For information about enabling Log Viewer, see Viewing the Log on page 831. When configuring a Custom Report on the Internet Activity or Website Filtering page, the Template Section acts as a query builder. You select the criteria for the report that you want, and SonicWALL GMS uses your input to query the raw syslog database for the information, and then outputs the report. The Template Section consists of two parts: the Date/Time section and the Report Layout section. After building your query in the Template Section and clicking the Generate Report button, the report is displayed in the Report Section. The Report Section is displayed in the lower half of the page, under the Template Section; this layout is called Split Mode. You can easily toggle between Split Mode and Full Mode. Full Mode can be used to display only the Template Section or only the Report Section in a full page view. The Report Section displays the report and provides controls for pagination, printing, and exporting the report in PDF or CSV format. You can also click the Save Template button in this section if you want to save the settings for this report as a template for reuse later. See the following sections for detailed information:

Toggling Between Split Mode and Full Mode on page 700 Configuring the Date and Time for Custom Reports on page 702 Configuring the Report Layout and Generating the Report on page 704 Generating the Custom Report on page 712 Viewing a Custom Report on page 713 Printing a Page or Exporting the Report as a PDF or CSV File on page 715 Saving the Report Template on page 716
699
Toggling Between Split Mode and Full Mode

The Custom Report page contains two main sections, the Template Section and Report Section, which can be displayed together or independently depending on the mode. When the Custom Report page is initially displayed for a selected appliance, the Template Section is displayed in Full Mode. Split Mode is available, but the Report Section displays no data until a report has been generated. The Custom Report > Internet Activity page with the Template Section displayed in Full Mode is shown below.
700
After generating a report, the page automatically changes to Split Mode and displays the report settings in the Template Section in the top half of the page and the report results in the Report Section in the lower portion. The Template Section and Report Section displayed in Split Mode is shown below.
At any time, you can change to Full Mode if you want to display either the Template Section or the Report Section individually. From Full Mode, you can easily change back to Split Mode. To toggle between Split Mode and Full Mode:
1. 2.
Select a unit for which Log Viewer is enabled, and then navigate to the Custom Report page. On a page that is currently displayed in Full Mode, to change the view to Split Mode click the <Split Mode> button at the right side of the section heading. On a page that is currently displayed in Split Mode, do one of the following to change to a Full Mode display of either the Template Section or the Report Section:
Click the <Full Mode> button to the right of the Template Section
3.
heading.
Click the <Full Mode> button to the right of the Report Section
heading. 701
Configuring the Date and Time for Custom Reports

At the top of the Template Section of the Custom Report page, the Date/Time region provides a way to designate the time period to use when generating the report. You can select either a Dynamic Date Range or a Static Date Range. Both the Dynamic Date Range and the Static Date Range provide Start Time and End Time settings. By using the Start Time and End Time fields, you can specify the exact hour, minute, and second for both the beginning and the end of the period for the report. When a start and end time is specified for a date range containing multiple days, the start/end times are applied to each day of the period when analyzing data for the report. The default is to include data for the full 24 hours in each day of the date range.
Dynamic Date Range

The Dynamic Date Range selection allows you to select from four date ranges and to specify the exact starting and ending times on the days in the selected date range for the log data to be used for the report. For the Dynamic Date Range, you can select from the following four date choices:

Today Uses log data from the current date, beginning just after midnight Yesterday Uses log data from just after midnight of the previous day, up to and including the most recent log message from the current date Week to Date Uses log data from the current date, plus the seven preceding days Month to Date Uses log data from the same date as the current date in the previous month, up to and including the most recent log message from the current date
When generating a report with a template containing a dynamic date range setting, the dates used when referencing the log data are relative to the current date. Thus, two reports generated from the same template on different days will provide different results. 702
To select a Dynamic Date Range:

1. 2. 3. 4.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In the Template Section under Date/Time, select the Dynamic Date Range radio button. In the drop-down list, select Today, Yesterday, Week to Date, or Month to Date. For the Start Time, select the hour, minute, and second from the drop-down lists in the Dynamic Date Range row. These settings specify the earliest data to be included in the report, for each day of the date range. For the End Time, select the hour, minute, and second from the drop-down lists. These settings specify the most recent data to be included in the report, for each day of the date range. To change the settings back to the defaults, click Reset at the bottom of the Template Section. Note that this will change the Report Layout region as well as the Date/Time region back to default settings.
5.
6.
Static Date Range

The Static Date Range selection allows you to specify the exact dates, starting, and ending times on the days in the selected date range for the log data to be used for the report. You can specify a single date or a date range, and indicate the exact hour, minute, and second for both the beginning and the end of the daily period for the report. A popup calendar makes it easy to select the Start Date and End Date for the date range.
703
To specify a Static Date Range:

1. 2. 3. 4.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In the Template Section under Date/Time, select the Static Date Range radio button. Click the Start Date field to access the pop-up calendar. Use the navigation arrows near the top of the calendar to change the year or month. Click the << button to move to the previous year, or hold the button to select from a list of years. Click the >> button to move to the next year, or hold the button to select from a list of years. Similarly, click the < or > to move back or ahead by one month, or hold the button to select from a list of months. Click the desired start date in the calendar. This adds the date to the Start Date field and closes the calendar. Click the End Date field to access the pop-up calendar. Use the navigation arrows near the top of the calendar to change the year or month. Click the desired end date in the calendar. This adds the date to the End Date field and closes the calendar. For the Start Time, select the hour, minute, and second from the drop-down lists in the Static Date Range row. These settings specify the earliest data for each day in the date range to be included in the report. drop-down lists. These settings specify the most recent data for each day in the date range to be included in the report.
5. 6. 7. 8. 9.
10. For the End Time, select the hour, minute, and second from the
11. To change the settings back to the defaults, click Reset at the bottom of
the Template Section. Note that this will change the Report Layout region as well as the Date/Time region back to default settings.
Configuring the Report Layout and Generating the Report

Located in the Template Section of the Custom Report page below the Date/Time region, the Report Layout region provides a way to specify the type of data to include, and the format of the report. The Report Layout region has a Detailed Report tab and a Summary Report tab. The report appearance and the way information is organized is quite different between a Detailed Report and a Summary Report. 704
The Detailed Report tab contains a list of data categories that you can add as report fields, and allows you to specify query values for each. The categories you select will appear as column headings in the report. The Summary Report tab allows you to structure a report showing the top elements of Internet Activity or Website Filtering. You can select the number of top elements, what to base the comparisons on, and the two data categories to evaluate when determining the top elements. The generated report provides graphical output that you can click to drill down for detailed information. For more information about each of these Report Layout tabs, see the following sections:

Detailed Reports on page 705 Summary Reports on page 709 Filter Operators on page 711
For information about the Filter operators, see the following section:
Detailed Reports
The Detailed Report tab is the default view in the Report Layout region.
For a UTM Internet Activity report, the Select Report Field drop-down list contains eight data categories that you can add as column headings in the report. The categories are:

Full URL Adds a column containing the full URL of each Web site visited Category Adds a column containing the category of each site visited, such as Gambling or Adult/Mature Content
705
Domain Adds a column containing the domain name of each site visited Protocol Adds a column containing the protocol used by the traffic Received Traffic Adds a column containing the number of bytes received from the visited site Transmitted Traffic Adds a column containing the number of bytes transmitted to the site Total Traffic Adds a column containing the total number of bytes received and transmitted User Adds a column containing the user ID
For a UTM Website Filtering report, the Select report field drop-down list contains four data categories that you can add as column headings in the report. The categories are:

Full URL Adds a column containing the full URL of each logged Web site Category Adds a column containing the category of each logged site, such as Gambling or Adult/Mature Content Domain Adds a column containing the domain name of each logged Web site User Adds a column containing the user ID
To include a field in the report, select a choice from the list and then click Add. When you click Add, a row is populated in the table below, which has three column headings: Field, Filter, and Options.
Note
When you place your mouse cursor over the row, under the Field heading, the cursor changes to a move cursor. You can drag and drop the rows to rearrange the column ordering in the final report.
In the Filter column, two fields are displayed: an operator field and an input field. The operator field is a drop-down list containing the operator choices for the selected report field. See Filter Operators on page 711 for a description of each operator. The input field can be a drop-down list or a standard input field, depending on the selected report field. The operators and input fields are defined in Table 14 for each report field.
706
Table 14 Data Type Category
Operators and Input Fields for Each Data Type Input Field The input field is a drop-down list containing an alphabetized list of all the content filtering categories, such as Adult/Mature Content, Gambling, Military, etc. Leave the default of All in the input field if you choose not to filter by a certain category. The input field is a standard input field where you can type in the numbers to match, such as 192 or 10.25. Leave the input field blank if you choose not to filter by a certain destination IP address. The input field is a standard input field where you can type in the domain to match, such as sonicwall.com. Leave the input field blank if you choose not to filter by a certain domain. The input field is a standard input field where you can type in the URL to match, such as: http://www.funnyyoutubevideo.com/ funniest.html Leave the input field blank if you choose not to filter by a certain URL. The input field is a standard input field where you can type in the protocol to match, such as FTP. Leave the input field blank if you choose not to filter by a certain protocol. The input field is a standard input field where you can type in the number of bytes to match or compare to. Leave the input field blank if you choose not to filter by a certain amount of traffic. The input field is a standard input field where you can type in the numbers to match, such as 192 or 10.25. Leave the input field blank if you choose not to filter by a certain source IP address. The input field is a standard input field where you can type in the number of bytes to match or compare to. Leave the input field blank if you choose not to filter by a certain amount of traffic.
Operators Equals
Destination IP
Equals Starts with Ends with Contains Equals Start with End with Contains Equals Start with End with Contains
Domain
Full URL
Protocol
Equals Start with End with Contains = > >= < <= != Equals Starts with Ends with Contains = > >= < <= !=
Received Traffic
Source IP
Total Traffic
707
Data Type Transmitted Traffic
Operators = > >= < <= != Equals Start with End with Contains
Input Field The input field is a standard input field where you can type in the number of bytes to match or compare to. Leave the input field blank if you choose not to filter by a certain amount of traffic. The input field is a standard input field where you can type in the user ID to match. Leave the input field blank if you choose not to filter by a certain user.
User
In the Options column, two icons are displayed: an Eye and an X . You can click the Eye to toggle whether the report field on that row will be displayed in the final report. This allows you to filter the report results based on the selected report field and related filter value, but not display the field as a column. When you click on the Eye icon within a row, the eye closes to show that this field will not be displayed in the final report. The filter value will still be used to filter results from the raw syslog database to apply towards the report. For example, you might specify the following Field/Operator/Filter Value: Protocol/=/http. It would make sense to click the Eye icon to disable the Protocol field from being shown in the report, since it would always just be http and would not add any interesting information to the final report. Contrast this with simply specifying the Protocol field and leaving the Filter Value blank, in which case you would want to enable the Eye so that this column would appear in the report showing a variety of protocols such as udp/dns, tcp/http, udp/ntp, or numbered protocols such as udp/389 (the LDAP protocol) or tcp/445 (MS Server Message Block (SMB) file sharing). Clicking the X icon under Options deletes the selected report field from the table, so it will not be used to generate the report results nor will it be displayed in the report. Use the X icon instead of the Eye when you do not choose to filter the report results based on the field. The Detailed Report tab also contains the Sort By drop-down list. The list contains the Date/Time option and any other report fields that you have selected from the eight data types. The choice you select will be used to order the results in the report from the first page to the last. The selection in the left drop-down list is used for the first sorting, then the selection in the right drop-down list is used to sort and group the entries within each group resulting from the the first sorting.
708
To configure a detailed report:

1. 2. 3.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In Report Layout region of the Template Section of the Custom Report page, select the Detailed Report tab. In the Select report field drop-down list, select a data type to include in the report, and then click Add. A row for this field is populated in the table below. Repeat this step to add other fields. Optionally select an operator from the drop-down list under Filter in a table row, and type in or select an input value to be matched when the database is queried. Repeat this step for other rows to add filter values for those fields. To prevent a field from appearing in the final report, click the Eye icon in that row so that the eye appears closed. To allow the field to be displayed in the report, click the closed Eye icon to return it to normal appearance. To delete a field from the table, click the X icon in that row. To sort the report pages by a different field than the default of Date/Time, select the desired field from the Sort by drop-down list. To change the settings back to the defaults, click Reset at the bottom of the Template Section. Note that this will change the Date/Time region and the Report Layout region back to default settings.
4.
5.
6. 7. 8.
Summary Reports
The Summary Report tab is available in the Report Layout region of the Template Section.
709
The Top drop-down list provides selections for the number of entries to display in the report. For example, if the User field is selected below as a Summary Group, and 5 is selected in the Top drop-down list, the report will provide entries for the top five users. For all Custom Reports, available numbers in the Top drop-down list are 5, 10, 20, 50, and 100. The Summary Base drop-down list offers a selection of traffic types that will be used to determine the top usage for the selected field. The Summary Base choices vary as follows depending on the type of Custom Report:

For a UTM Internet Activity report, the Summary Base choices are Total traffic, Received traffic, or Transmitted traffic. For a UTM Website Filtering report, the only Summary Base choice is Filtered Items.
Below the Top and Summary Base fields, you can create one or two Summary Groups from the choices listed on the left side. The Summary Groups choices vary as follows depending on the type of Custom Report:

For a UTM Internet Activity report, the choices are Total traffic, Received traffic, or Transmitted traffic. For a UTM Website Filtering report, the choices are Category, Domain, or User.
To select a field for a Summary Group, simply drag and drop the desired field from the list to either the Level 1 Summary Group or Level 2 Summary Group boxes. When the field name is dragged to one of these, the operator drop-down list and filter input value field are displayed, allowing you to specify values to match when the data is searched. See Filter Operators on page 711 for a description of each operator. Either the Level 1 Summary Group field or the Level 2 Summary Group field can be used alone; the resulting report will look the same in both cases. When both the Level 1 and Level 2 Summary Group fields are populated, the report will display the top entries for the Level 2 field for each of the top entries for the Level 1 field. For example, if User is dragged to the Level 1 Summary Group and Domain is dragged to the Level 2 Summary Group, and 5 is selected in the Top drop-down list, the generated report will display the top five domains visited by each of the top five users. To configure a summary report:
1. 2.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In Report Layout region of the Template Section of the Custom Report page, select the Summary Report tab.
710
3. 4. 5.
In the Top drop-down list, select the number of entries to be displayed in the report. In the Summary Base drop-down list, select one of the choices to use when determining which are the top elements in the selected field. To specify the field for the Level 1 Summary Group, click and drag the desired field from the list on the left to the Level 1 Summary Group field, and then release your mouse button to drop the field into position. The filter operator and input field are displayed next to the field name.
6.
To specify the field for the Level 2 Summary Group, click and drag the desired field from the list on the left to the Level 2 Summary Group field, then release your mouse button to drop the field into position. The filter operator and input field are displayed next to the field name. To specify a filter operator and filter value for a Summary Group, select the operator from the drop-down list next to the field and type a filter value into the input field to the right of the operator. To change the settings back to the defaults, click Reset at the bottom of the Template Section. Note that this will change the Date/Time region as well as the Report Layout region back to default settings.
7.
8.
Filter Operators
When configuring the Report Layout on either the Detailed Report tab or the Summary Report tab, you can specify filter values to be matched in the database during report generation. Depending on the selected field type, text string or numeric, several filter operators are available. The filter operators are used with a filter input value to determine which data should be included in the report. The operators are defined as shown in Table 15.
Table 15 Filter Operators
Operator Equals Start with
Definition Only data that exactly matches the filter input text will be included in the report Data that begins with the input text will be included in the report
711
Operator End with Contains = > >= <= < !=
Definition Data that ends with the input text will be included in the report Data that contains the input text will be included in the report Only data that exactly matches the filter input numerical value will be included in the report Data values that are greater than the input numerical value will be included in the report Data values that are greater than or equal to the input numerical value will be included in the report Data values that are less than or equal to the input numerical value will be included in the report Data values that are less than the input numerical value will be included in the report Data values that are not equal to the input numerical value will be included in the report
Generating the Custom Report

The Generate Report button at the bottom of the Template Section is used to create the report. Before clicking Generate Report, use the Template Section to specify the time period for the report and the contents and layout of the report.
Note
Custom Reports are available at the unit level and Log Viewer must be enabled for the appliance. For information about enabling Log Viewer, see Viewing the Log on page 831.
To generate a custom report:

1. 2.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report you want. In the Date/Time region of the Template Section, specify the time period that the report will cover. For detailed information and instructions, see Configuring the Date and Time for Custom Reports on page 702.
712
3.
In the Report Layout region of the Template Section, specify the contents and appearance of the report. For detailed information and instructions, see Configuring the Report Layout and Generating the Report on page 704. Click Generate Report to create the report using the specified configuration.
4.
Viewing a Custom Report

After you click Generate Report, the Report Section is displayed in Split Mode in the lower half of the main window, even if you previously were in Full Mode for the Template Section. Pagination controls are displayed at the upper right of the report, just below the Save Template button and the printer, PDF, and Excel icons. Navigation buttons are provided to take you to the first page, next page, previous page, and last page, or you can specify an exact page number in the field.
In a Detailed Report, shown below, the selected report fields are displayed as column headings. You can click on any column heading to sort that page by the values in the column that you click. Click again to toggle between ascending and descending order on that page. When you navigate away from that page and then come back using the pagination controls, the page reverts to the original sorting order as specified in the Sort by field of the Template Section before generating the report.
713
In a Summary Report, the Report Section displays the traffic volume as horizontal bar charts. This lets you see the information at a glance, such as who consumed the most bandwidth and which domains they visited the most.
You can click on a bar in the chart to pop up detailed information, just like the detailed report with all of the columns for all fields. The report lists details about this Summary Group field only. For example, in the Internet Activity report, if the Summary Group contains the User field and you click on a bar for one of the top users, the report displays the date and time of all Internet activity for the user, and includes data for every field available for detailed reports. A scroll bar is provided along the bottom of the Detailed Information window to allow viewing of all eight fields plus the date and time column.
714
The Detailed Information window is shown below.
Printing a Page or Exporting the Report as a PDF or CSV File

To print the current page of the report, click the printer icon at the top of the Report Section. Your normal print dialog box pops up. This prints only the page that is currently displayed. To export the entire report in PDF format, click the PDF icon at the top of the Report Section. A PDF file is generated showing the report results in table format. To export the entire report in Microsoft Excel Comma Separated Value (CSV) format, click the Excel icon at the top of the Report Section. A CSV file is generated showing the report results in spreadsheet format. The PDF can contain a maximum of 10,000 records. If your report contains more than 10,000 records, you can use the Static Date Range fields to adjust the dates and regenerate the report to shorten its length. You can save the PDF or CSV file using any filename and location.
715
Viewing Status Reports
Saving the Report Template

After generating the report, you can save the settings for this report as a template for reuse. You can select the saved template from the Template Section or from the Dashboard > Summary page at a later time, and use it to generate a report using the same settings. For information about using the template on the Dashboard > Summary page, see Troubleshooting Reports on page 692. The template is saved for the currently selected appliance and for the specific user. The saved template will not be available for other appliances or for other users. To save the report template:
1.
In the Report Section in the upper right corner, click the Save Template button.
2.
In the popup dialog box, type in a descriptive name for the template, up to 40 characters. The number of remaining characters allowed in the name is displayed below the input field and changes as you type. Click Save. If you are in a Full Mode display of the Report Section, you can verify that the template has been saved by changing back to Split Mode and viewing the contents of the Template drop-down list.
3.
SonicWALL GMS provides access to your saved Custom Report templates on the Dashboard > Summary page for the appliance. See Viewing Custom Reports on the Dashboard on page 696.

Status reports display the number of hours that one or more SonicWALL appliances were online and functional during the time period. From this information, you can locate trouble spots within your network, such as a SonicWALL appliance that is having network connectivity issues caused by the ISP.
716
Note
Global reports are displayed in the GMSs timezone. Reports for individual SonicWALL security appliances are displayed in the individual appliances time zone.

Viewing the Status Up-Time Summary Report on page 717 Viewing Status Up-Time Over Time on page 718 Viewing the Status Down-Time Summary Report on page 720 Viewing Status Down-Time Over Time on page 721
Viewing the Status Up-Time Summary Report

The Status Up-Time Summary report contains information on the status of a SonicWALL appliance or group of appliances during each hour of the specified day. To view the Status Up-Time Summary report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Status tree and click Up-Time Summary. The Up-Time Summary page displays.
717
4. 5.
The bar graph displays the amount of time the SonicWALL appliance(s) were online and functional during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Up Timenumber of minutes during the hour that the SonicWALL
appliance was Up.

% of Up Timepercentage of time the SonicWALL appliance was
Up over the hour.

6.
By default, the GMS Reporting Module shows yesterdays report. To change the date of the report and other settings, click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar or Plot chart
7.
See Managing Report Settings on page 690.

8.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
Viewing Status Up-Time Over Time

The Status Up-Time Over Time report displays the how often the SonicWALL appliance or a group of SonicWALL appliances was available during the specified time period. To view the Status Up-Time Over Time report, perform the following steps:
1. 2.
718
3.
Expand the Status tree and click Up-Time Over Time. The Up-Time Over Time page displays.
4. 5.
The bar graph displays the amount of time the SonicWALL appliance(s) were available during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Up Timeamount of time (in hours) that the SonicWALL appliance
was Up.
% of Up Timepercentage of time the SonicWALL appliance was
Up over the date.

6.
The GMS Reporting Module shows yesterdays report. To change the date range of the report and other settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected date range.
719
Viewing the Status Down-Time Summary Report

The Status Down-Time Summary report contains information on the status of a SonicWALL appliance or group of appliances during each hour of the specified day. To view the Status Down-Time Summary report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Status tree and click Down-Time Summary. The Down-Time Summary page displays.
4. 5.
The bar graph displays the amount of time the SonicWALL appliance(s) were offline and not available during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Down Timenumber of minutes during the hour that the SonicWALL
appliance was Down.

% of Down Timepercentage of time the SonicWALL appliance was
Down over the hour.
720
6.
By default, the GMS Reporting Module shows yesterdays report. To change the date of the report and other settings, click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
Viewing Status Down-Time Over Time

The Status Down-Time Over Time report displays how often the SonicWALL appliance or a group of SonicWALL appliances was unavailable during the specified time period. To view the Status Down-Time Over Time report, perform the following steps:
1. 2.
721
3.
Expand the Status tree and click Down-Time Over Time. The Down-Time Over Time page displays.
4. 5.
The bar graph displays the amount of time the SonicWALL appliance(s) were not available during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Down Timeamount of time (in hours) that the SonicWALL appliance
was Down.
% of Down Timepercentage of time the SonicWALL appliance was
Down over the date.

6.
The GMS Reporting Module shows yesterdays report. To change the date range of the report and other settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.
See Managing Report Settings on page 690. 722

Viewing Bandwidth Reports
8.

Bandwidth reports display the amount of data transferred through one or more selected SonicWALL appliances. These reports include the cost of consumed network bandwidth per 100 megabytes transferred through the selected appliances. Bandwidth reports are an ideal starting point for viewing overall bandwidth usage. You can view bandwidth usage view by hour, day, or over a period of days. Additionally, you can view the top users of bandwidth. From this information, you can determine network strategies. For example, if you need more bandwidth, you might need to upgrade network equipment, or you might simply need to curtail the bandwidth usage of a few employees.
Note
All reports appear in the appliances time zone.

Viewing the Bandwidth Summary Report on page 723 Viewing the Top Users of Bandwidth on page 725 Viewing Bandwidth Usage Over Time on page 727 Viewing the Top Users of Bandwidth Over Time on page 729
Viewing the Bandwidth Summary Report

The Bandwidth Summary report contains information on the amount of traffic handled by a SonicWALL appliance during each hour of the specified day, or at the global or group level, by each group of SonicWALL appliances for the day. To view the Bandwidth Summary report, perform the following steps:
1. 2.
723
3.
Expand the Bandwidth tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the amount of bandwidth transferred during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Eventsnumber of events or hits. Cost ($)amount of the expense per 100 megabytes. You can
configure this in the Cost Per Mega Byte Bandwidth Use field in the Console > Reports > Summarizer screen.
MBytesnumber of megabytes transferred. % of MBytespercentage of megabytes transferred during this hour,
compared to the day. For example, if 1000 megabytes of data was transferred during the day and 100 megabytes was transferred at the 12:00 time period, the % of MBytes field will display 10%.
6.
The GMS Reporting Module shows yesterdays report. To change the date of the report and other settings, click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.
724
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Select the Source and Destination interfaces to view If you want to track bandwidth usage in both directions, select the
Bi-directional check box.

8.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected day.
Note
These settings will stay in effect for all summary reports during your active login session.
Viewing the Top Users of Bandwidth

The Top Users report displays the users who used the most bandwidth on the specified date and the correlating expense. To view the Top Users report, perform the following steps:
1. 2.
Click the Reports tab. Select a SonicWALL appliance.
725
3.
Expand the Bandwidth tree and click Top Users. The Top Users page displays.
4. 5.
The pie chart displays the percentage of bandwidth transferred by each user. The table contains the following information:
Usersthe IP address of the user. Connectionsnumber of events or hits. Cost ($)amount of the expense per 100 megabytes. You can
MBytesnumber of megabytes. % of MBytespercentage of megabytes transferred by this user,
compared to all users. For example, if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user, the % of MBytes field will display 20%.
6.
By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top users. To change the date of the report and other settings, click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
726
7.
Under Report Display Settings you can set:

Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Users Rows per Screen

8.
To display a limited number of users, use the Search Bar fields.
Note
The search bar fields use pattern matching with operators such as contains. For example, john will match john_smith, john42, or big_john.
9.
Note
These settings will stay in effect for all similar reports during your active login session.
Viewing Bandwidth Usage Over Time

The Bandwidth Over Time report displays the daily amount of traffic and the total daily expense for consumed network bandwidth handled by a SonicWALL appliance or a group of SonicWALL appliances for the specified time period. To view the Bandwidth Over Time report, perform the following steps:
1. 2.
727
3.
Expand the Bandwidth tree and click Over Time. The Over Time page displays.
4. 5.
The bar graph displays the amount of bandwidth transferred during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Connectionsnumber of hits. Cost ($)amount of the expense per 100 megabytes. You can
MBytesnumber of megabytes transferred. % of MBytespercentage of megabytes transferred during this day,
compared to the time period. For example, if 100,000 megabytes of data was transferred during the time period and 25,000 megabytes was transferred on one day, the % of MBytes field will display 25%.
6.
To change the date of the report and other settings, use the Search Bar and click the Start or End fields to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Display Type: Chart and Table, or Table Only
7.
728
Chart Type: Area, Bar or Plot chart

8.
Note
Viewing the Top Users of Bandwidth Over Time

The Top Users Over Time report displays the users who used the most bandwidth and accumulated the highest cost during the specified date range. This report is available at the unit level. To view the Top Users Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Bandwidth tree and click Top Users Over Time. The Top Users Over Time page displays.
4.
The pie chart displays the percentage of bandwidth transferred by each user.
729
5.
The table contains the following information:

Usersthe IP address of the user. Connectionsnumber of events or hits. Costtotal amount of the expense per 100 megabytes. MBytesnumber of megabytes. % of MBytespercentage of megabytes transferred by this user,
compared to all users. For example, if 1000 megabytes of data was transferred during this period and 200 megabytes was transferred by the top user, the % of MBytes field will display 20%.
6.
The GMS Reporting Module shows yesterdays report. To change the date range of the report and other settings, click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
To display a limited group of users, enter the user IDs in the Search Bar fields.
Note
9.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected users and date range.
Note
730
Viewing Services Reports

Service reports provide information on the amount of data transmitted through the selected SonicWALL appliance by each service. Service reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies. For example, if there is a large spike of bandwidth usage, you can determine whether this is caused by regular Web access, someone using FTP to transfer large files, an attempted Denial of Service (DoS) attack, or another service.
Note
The procedures for viewing the Services Reports are described in the following section:
Viewing the Services Summary Report on page 731
Note
You cannot view services reports from the global or group view.
Viewing the Services Summary Report

The Services Summary report displays the amount of traffic handled by each service during each hour of the specified day. To view the Services Summary report, perform the following steps:
1. 2.
731
3.
Expand the Services tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the amount of bandwidth used by each service during each hour of the day. The table contains the following information:
Protocolthe service. Eventsnumber of events or hits. MBytesNumber of Megabytes. % of MBytespercentage of megabytes transferred by this service
on the selected day, compared to all other services. For example, if 10,000 megabytes of data was transferred during the day and 5,000 of the megabytes were transferred, the % of MBytes field will display 50%.
6.
To change the date of the report and other settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.
732
Viewing Web Usage Reports
8.
Note

Web usage reports provide information on the amount of Web usage that occurs through the selected SonicWALL appliance(s). Web usage reports can be used to view Web bandwidth usage by the hour, day, or over a period of days. Additionally, you can view the top users of Web bandwidth and view the most visited sites. Exclusion settings for Web sites and Web users are available on the Console > User Settings > Reports page. Web Usage reports will not contain references to the Web sites or users specified on this page. For more information, see the Configuring Reports Settings section on page 930. For the Summary and Over Time reports, and for all reports involving Users, the browse time is also provided in one column of the table. The browse time is the amount of time consumed browsing the Internet through one or more selected SonicWALL appliances. The browse time is not displayed in reports for Category or Sites.
Note

Viewing the Web Usage Summary Report on page 734 Viewing the Top Web Sites on page 736 Viewing the Top Users of Web Bandwidth on page 737 Viewing Web Usage by User on page 739 Viewing Web Usage By Site on page 741 Viewing Web Usage By Category on page 742 Viewing Web Usage Over Time on page 744 Viewing Top Sites Over Time on page 745 Viewing Top Users Over Time on page 747 Viewing Web Usage By User Over Time on page 749
733
Viewing Web Usage By Category Over Time on page 750
Viewing the Web Usage Summary Report

The Web Usage Summary report contains information on the amount of HTTP bandwidth handled by a SonicWALL appliance or group of SonicWALL appliances during each hour of the specified day. The report includes information on the amount of time spend browsing the Internet behind a SonicWALL appliance or group of SonicWALL appliances. To view the Web Usage Summary report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Web Usage tree and click Summary. The Summary page displays.
4.
The bar graph displays the amount of HTTP bandwidth transferred during each hour of the day.
734
5.

Hourwhen the sample was taken. Eventsnumber of events or hits. Browse Timenumber of hours, minutes, and seconds spent
browsing non-job function-related sites on the Internet. Browse Time is calculated as follows: (Number Of Pages / Noise Reduction Factor) * Average Browse Time Per Page "Number Of Pages" is the number of hits (responses by the Web site to build the page) when a User accesses a Web page (www.sonicwall.com). "Noise Reduction Factor" is the average noise we want to exclude per page (like eliminating pop-up links, images, and more). The factory default is 40. "Average Browse Time Per Page" is the time allocated to read a page. Noise Reduction Factor and Average Browse Time Per page are configurable in the database directly, but are not exposed in GMS management interface.
MBytesnumber of megabytes transferred. % of MBytespercentage of megabytes transferred during this hour,
compared to the day. For example, if 1000 megabytes of HTTP data was transferred during the day and 100 megabytes was transferred at the 12:00 time period, the % of MBytes field will display 10%.
6.
7.

8.
735
Viewing the Top Web Sites

The Top Sites report displays the Web sites that used the most HTTP bandwidth on the specified date. To view the Top Sites report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Usage tree and click Top Sites. The Top Sites page displays.
4. 5.
The pie chart displays the percentage of bandwidth used to access the top sites. The table contains the following information:
SiteURL or IP address of the site. Hitsnumber of hits. MBytesnumber of megabytes transferred. Categorythe Web site category. % of MBytespercentage of megabytes transferred between this
site, compared to all other HTTP traffic. For example, if 10,000 megabytes of data was transferred during the day and 5,000 megabytes was transferred between the appliance and Ebay, the % of MBytes field will display 50% and you have a problem. 736
6.
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Sites Rows per Screen
7.

8.
Note
Viewing the Top Users of Web Bandwidth

The Top Users report displays the users who used the most HTTP bandwidth and the amount of time they spent browsing the Internet on the specified date. To view the Top Users report, perform the following steps:
1. 2.
737
3.
Expand the Web Usage tree and click Top Users. The Top Users page displays.
4. 5.
The pie chart displays the percentage of bandwidth transferred by each of the top users. The table contains the following information:
Usersthe IP address of the user. Hitsnumber of hits. Browse Timenumber of hours, minutes, and seconds spent
browsing non-job function-related sites on the Internet.

MBytesnumber of megabytes transferred. % of MBytespercentage of megabytes transferred by this user,
6.
The GMS Reporting Module shows yesterdays report. To change the date of the report and other settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
738
7.


8.
Note
9.
Note
Viewing Web Usage by User

The By User report displays a list of all users, their top sites, the number of hits to each site, the time spent browsing, and the amount of data transferred. To view the By User report, perform the following steps:
1. 2.
739
3.
Expand the Web Usage tree and click By User. The By User page displays.
4.

Userthe IP address of the user. Hitsthe number of hits to each Web site visited by the user. Browse Timenumber of hours, minutes, and seconds spent

MBytesthe number of megabytes transferred. 5.
You can navigate directly from the Web Usage > By User page to a Web Usage > By Site page detailing the information of the site the user has been browsing. Click the Plus sign to the left of the User name or IP address to show details, and then hover the mouse over a site. A sticky tooltip will display with a link to the corresponding sites report page. The GMS Reporting Module shows yesterdays report. To change the date of the report and other settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Number of Users Number of Sites per User Rows per Screen
6.
7.

8.
740
Note
9.
Note
Viewing Web Usage By Site

The By Site report displays a list of all sites, the users that accessed the sites, the number of hits to each site, and the amount of data transferred. To view the By Site report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Usage tree and click By Site. The By Site page displays.
4.

Sitethe URL of the site. Hitsthe number of hits to the Web site, by user. MBytesthe number of megabytes transferred, by the user. Categorythe category of the site.
741
5.
You can navigate directly from the Web Usage > By Site page to a Web Usage > By User page detailing the information of the users who have been browsing the site. Click the Plus sign to the left of the Site to show details, and then hover the mouse over a user. A sticky tooltip will display with a link to the corresponding user report page. The GMS Reporting Module shows yesterdays report and all Web sites. To change the date of the report or Web sites displayed, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Chart Types you can set:
Number of Sites Number of Users per Site Rows per Screen
6.
7.

8.
To display a limited group of sites, enter the sites in the Search Bar fields. The search bar fields use pattern matching with operators such as contains. For example, john will match john_smith, john42, or big_john.
Note
9.
Note
Viewing Web Usage By Category

The Web Usage By Category report displays a list of the top Web site categories, the number of hits to each category, the amount of data transferred, and the percentage of data transferred. To view the By Category report, perform the following steps:
1. 2.
742
3.
Expand the Web Usage tree and click By Category. The By Category page displays.
4.

Categorythe Web site category. Hitsthe number of hits to the Web site category. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred.
5.
The GMS Reporting Module shows yesterdays report and all Web site categories. To change the date of the report or Web site categories displayed, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Items Entries per Item Rows per Screen
6.

7.
743
Note
Viewing Web Usage Over Time

The Web Usage Over Time report displays the daily amount of HTTP bandwidth and browse time handled by a SonicWALL appliance or group of SonicWALL appliances for the specified time period. To view the Web Usage Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Web Usage tree and click Over Time. The Web Activity page displays.
4. 5.
The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period. The table contains the following information:
744
Datewhen the sample was taken. Connectionsthe number of connections or hits. Browse Timenumber of hours, minutes, and seconds spent

MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred during this
day, compared to the time period. For example, if 100,000 megabytes of data was transferred during the time period and 25,000 megabytes was transferred on one day, the % of MBytes field will display 25%.
6.
To change the date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
Note
Viewing Top Sites Over Time

The Top Sites Over Time report displays the most visited Web sites for the specified time period. To view the Top Sites Over Time report, perform the following steps:
1. 2.
745
3.
Expand the Web Usage tree and click Top Sites Over Time. The Top Sites Over Time page displays.
4. 5.
The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period. The table contains the following information:
SiteURL or IP address of the site. Hitsthe number of hits. MBytesthe number of megabytes transferred. Categorythe Web site category. % of MBytesthe percentage of megabytes transferred between this
site, compared to all other HTTP traffic. For example, if 1,000,000 megabytes of data was transferred during the day and 500,000 megabytes was transferred between the appliance and Ebay, the % of MBytes field will display 50% and you have a problem.
6.
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Sites
7.
746
Rows per Screen

8.
Note
Viewing Top Users Over Time

The Top Users Over Time report displays the top users of bandwidth and the amount of time they spent browsing the Internet for the specified time period. To view the Top Users Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Usage tree and click Top Users Over Time. The Top Users Over Time page displays.
4. 5.
The graph provides a graphical display of the percentage of bandwidth transferred by each of the top users over the specified time period. The table contains the following information:
747
SiteURL or IP address of the site. Hitsnumber of hits. Browse Timenumber of hours, minutes, and seconds spent

MBytesnumber of megabytes transferred. Categorythe category of the site. % of MBytespercentage of megabytes transferred by this user,
compared to all users. For example, if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user, the % of MBytes field will display 20%.
6.
7.

8.
Note
748
Viewing Web Usage By User Over Time

The By User Over Time report displays a list of all users, their top sites, the number of hits to each site, the time spent browsing, and the amount of data transferred for the specified time period. To view the By User Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Usage tree and click By User Over Time. The By User Over Time page displays.
4.

Userthe IP address of the user. Hitsnumber of hits to each Web site visited by the user. Browse Timenumber of hours, minutes, and seconds spent

MBytesnumber of megabytes transferred. 5.
6.

7.
749
Note
Viewing Web Usage By Category Over Time

The By Category Over Time report displays a list of all users, their top sites, the number of hits to each site, and the amount of data transferred for the specified time period. To view the By Category Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Usage tree and click By Category Over Time. The By User Over Time page displays.
4.

Categorythe Web site category. Hitsnumber of hits to each Web site visited by the user. MBytesnumber of megabytes transferred. % of MBytespercentage of megabytes transferred by this user,
compared to all users. For example, if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user, the % of MBytes field will display 20%. 750
Viewing Web Filter Reports
5.
6.

7.
Note

Web filter reports provide information on the number of attempts that users made to access blocked Web sites through the selected SonicWALL appliance(s). These reports include Web sites blocked by the Content Filter List, customized keyword filtering, and domain name filtering. Web filter reports can be used to view blocked site access attempts by the hour, day, or over a period of days. Additionally, you can view the users that most frequently attempt to access blocked sites and the most popular blocked sites.
Note
All reports appear in the applianceUTMs time zone.

Viewing the Web Filter Summary Report on page 752 Viewing the Web Filter Top Sites Report on page 754 Viewing the Top Users that Try to Access Blocked Sites on page 755 Viewing the Blocked Sites for Each User on page 757 Viewing Blocked Sites Sorted By Site on page 758
751
Viewing Blocked Sites Sorted By Category on page 759 Viewing Blocked Site Attempts Over Time on page 761 Viewing the Top Blocked Site Attempts Over Time on page 762 Viewing the Top Blocked Site Users Over Time on page 763 Viewing Blocked Sites for Each User Over Time on page 764 Viewing Blocked Sites By Category Over Time on page 765
Viewing the Web Filter Summary Report

The Web Filter Summary report contains information on the number of times users attempt to access blocked sites for the specified day. To view the Web Filter Summary report, perform the following steps:
1. 2.
752
3.
Expand the Web Filter tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the number of blocked sites that users attempted to access during each hour of the day. The table contains the following information:
Hourtime when the sample was taken. Attemptsthe number of attempts to access blocked sites. % of Attemptsthe percentage of attempts during this hour,
compared to the day. For example, if 100 attempts occurred during the day and 20 attempts occurred at the 12:00 time period, the % of Attempts field will display 20%.
6.
To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
753
7.


8.
Viewing the Web Filter Top Sites Report

The Web Filter Top Sites report displays the top blocked Web sites that users attempted to access on the specified date. To view the Top Sites report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Filter tree and click Top Sites. The Top Sites page displays.
4.
The graph provides a display of the number of access attempts for each of the top twenty blocked Web sites.
754
5.

Sitethe URL or IP address of the site. Attemptsthe number of attempts. Categorythe Web site category. % of Attemptspercentage of attempts to access the blocked site,
compared to all other blocked site attempts. For example, if 500 attempts were made during the day and 100 of those attempts were for www.badsite.com, its % of Attempts field will display 20%.
6.
To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
Viewing the Top Users that Try to Access Blocked Sites

The Web Filter Top Users report displays the users who made the most attempts to access blocked sites on the specified date. To view the Top Users report, perform the following steps:
1.
Click the Reports tab.
755
2. 3.
Select a SonicWALL appliance. Expand the Web Filter tree and click Top Users. The Top Users page displays.
4. 5.
The pie chart displays the top users with the most blocked site attempts. The table contains the following information:
Usersthe IP address of the user. Attemptsthe number of attempts. Categorythe Web site category. % of Attemptspercentage of attempts to access the blocked site,
compared to all other user attempts. For example, if 500 attempts were made during the day and 250 of those attempts were made by a single user, that users % of Attempts field will display 50%.
6.
By default, GMS Reporting shows yesterdays report, a pie chart, and the ten top users. To change these settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Display Type: Chart and Table or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Users Rows per Screen
7.
756
8. 9.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected date range. These settings will stay in effect for all similar reports during your active login session.
Viewing the Blocked Sites for Each User

The Web Filter By User report displays the top blocked Web sites that each user attempted to access on the specified date. To view the Web Filter By User report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Filter tree and click By User. The By User page displays.
4.

Userthe IP address of the user. Sitethe top five sites visited by the user. Attemptsthe number of attempts the user made to access each
Web site.
5.
You can navigate directly from the Web Filter > By User page to a Web Filter > By Site page detailing the information of the site the user has been browsing. Click the Plus sign to the left of the User name or IP address to show details, and then hover the mouse over a site. A sticky tooltip will display with a link to the corresponding sites report page. By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top users. To change these settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
6.
7.
757

8. 9.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected settings. These settings will stay in effect for all similar reports during your active login session.
Viewing Blocked Sites Sorted By Site

The Web Filter By Site report displays the top blocked Web sites that were accessed by users. To view the Web Filter By Site report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Filter tree and click By Site. The By Site page displays.
4.

Sitethe top five sites visited by the user. Attemptsthe number of attempts the user made to access each
Web site.
Categorythe Web site category.
758
5.
You can navigate directly from the Web Filter > By Site page to a Web Filter > By User page detailing the information of the users who have been browsing the site. Click the Plus sign to the left of the Site to show details, and then hover the mouse over a user. A sticky tooltip will display with a link to the corresponding user report page. By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top users. To change these settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Number of Users per Site:
Rows per Screen
6.
7.

8. 9.
Search for Web site addresses in the Search Bar fields. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
Viewing Blocked Sites Sorted By Category

The Web Filter By Category report displays the top categories of Web sites that were accessed by users. To view the Web Filter By Category report, perform the following steps:
1. 2.
759
3.
Expand the Web Filter tree and click By Category. The By Site page displays.
4.

Categorythe Web site category. Attemptsthe number of attempts the user made to access each
Web site.
% of Attemptsthe percentage of attempts to access the blocked
site, compared to all other user attempts. For example, if 500 attempts were made during the day and 250 of those attempts were made by a single user, his % of Attempts field will display 50%.
5.
By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top users. To change these settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
6.

7.
760
Viewing Blocked Site Attempts Over Time

The Web Filter Over Time report displays the number of attempts that were made to access blocked Web sites for the specified time period. To view the Web Filter Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Web Filter tree and click Over Time. The Over Time page displays.
4. 5.
The bar graph displays the number of attempts that were made to access blocked Web sites during each day of the specified time period. The table contains the following information:
Datethe day when the sample was taken. Attemptsthe number of attempts to access blocked Web sites. % of Attemptsthe percentage of attempts to access the blocked
site on the day, compared to the time period. For example, if 5,000 attempts were made during the time period and 500 were made on one day, its % of Attempts field will display 10%.
6.
To change date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.
761

8.
Note
Viewing the Top Blocked Site Attempts Over Time

The Top Sites Over Time report displays the top blocked Web sites for the specified time period. To view the Web Filter Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Filter tree and click Top Sites Over Time. The Top Sites Over Time page displays.
4. 5.
The graph displays the number of access attempts for each of the top blocked Web sites during the specified time period. The table contains the following information:
Sitethe URL or IP address of the site. Attemptsthe number of attempts. Categorythe Web site category. % of Attemptsthe percentage of attempts to access the blocked
site, compared to all other blocked site attempts. For example, if 500 attempts were made during the period and 100 of those attempts were for www.badsite.com, its % of Attempts field will display 20%. 762
6.
7.

8.
Viewing the Top Blocked Site Users Over Time

The Web Filter Top Users Over Time report displays the users who made the most attempts to access blocked sites during the specified time period. To view the Top Users Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Filter tree and click Top Users Over Time. The Top Users Over Time page displays.
4.
The pie chart displays the top users with the most blocked site attempts.
763
5.

Usersthe IP address of the user. Attemptsthe number of attempts. Categorythe Web site category. % of Attemptsthe percentage of attempts to access the blocked
site, compared to all other user attempts. For example, if 500 attempts were made during the period and 250 of those attempts were made by a single user, his % of Attempts field will display 50%.
6.
To change date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for display settings. Under Report Display Settings you can set:
7.

8.
Viewing Blocked Sites for Each User Over Time

The Web Filter By User report displays the top blocked Web sites that each user attempted to access during the specified time period. To view the By User Over Time report, perform the following steps:
1. 2.
764
3.
Expand the Web Filter tree and click By User Over Time. The By User Over Time page displays.
4.

Userthe IP address or name of the user. Attemptsthe number of attempts the user made to access each
Web site.
5.
6.

7.
Note
Viewing Blocked Sites By Category Over Time

The Web Filter By Category Over Time report displays the top categories that users attempted to access.
765
To view the By Category Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Web Filter tree and click By Category Over Time. The By Category Over Time page displays.
4.

Categorythe Web site category. Attemptsnumber of attempts the user made to access each Web
site.
% of Attemptsthe percentage of attempts to access the blocked
site, compared to all other user attempts. For example, if 500 attempts were made during the period and 250 of those attempts were made by a single user, his % of Attempts field will display 50%.
5.
6.

7.
766
Viewing File Transfer Protocol Reports

FTP usage reports provide information on the amount of FTP usage that occurs through the selected SonicWALL appliance(s). FTP usage reports can be used to view FTP bandwidth usage by the hour, day, or over a period of days. Additionally, you can view the top users of FTP bandwidth. General bandwidth reports do not always provide a complete picture of network bandwidth usage. If a large amount of FTP traffic occurs during peak times, you might need more bandwidth, you might need to upgrade network equipment, or you might ask employees to use compression or transfer large files during non-peak times.
Note

Viewing the FTP Summary Report on page 767 Viewing the Top FTP Sites By User on page 769 Viewing FTP Bandwidth Usage Over Time on page 770 Viewing the Top Users of FTP Bandwidth Over Time on page 772
Viewing the FTP Summary Report

The FTP Summary report contains information on the amount of FTP bandwidth handled by a SonicWALL appliance or group of SonicWALL appliances during the specified day. To view the FTP Summary report, perform the following steps:
1. 2.
767
3.
Expand the FTP Usage tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the amount of FTP bandwidth transferred during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Eventsthe number of FTP events. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred during this
hour, compared to the day. For example, if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12:00 time period, the % of MBytes field will display 10%.
6.
The GMS Reporting Module shows yesterdays report. To change the date or other report settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart
7.
768
8.
Viewing the Top FTP Sites By User

The By User report displays the users who used the most FTP bandwidth on the specified date. To view the By User report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the FTP Usage tree and click By User. The By User page displays.
4.
The pie chart displays the percentage of bandwidth used by each user. To view the sites visited by each user, expand the users site tree (indicated by a + sign). The table contains the following information:
5.
769
Usersthe IP address of the user. Eventsthe number of FTP Events. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred during this
hour, compared to the day. For example, if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12:00 time period, the % of MBytes field will display 10%.
6.
By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top users. To change these settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Users Number of Sites per User Rows per Screen
7.

8.
To display a limited group of users, use the Search Bar fields.
Note
9.
Viewing FTP Bandwidth Usage Over Time

The FTP Usage Over Time report displays the daily amount of FTP bandwidth handled by a SonicWALL appliance or group of SonicWALL appliances for the specified time period. To view the FTP Usage Over Time report, perform the following steps:
1. 2.
770
3.
Expand the FTP Usage tree and click Over Time. The FTP Activity page displays.
4. 5.
The bar graph displays the amount of FTP bandwidth transferred during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Connectionsthe number of FTP connections. MBytesthe number of megabytes transferred. % of Usagethe percentage of megabytes transferred during this
day, compared to the time period. For example, if 10,000 megabytes of FTP data was transferred during the time period and 2,500 megabytes of FTP data was transferred on one day, the % of Usage field will display 25%.
6.
7.

8.
771
Viewing the Top Users of FTP Bandwidth Over Time

The By Users Over Time report displays the users who used the most FTP bandwidth for the specified time period. To view the By Users Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the FTP Usage tree and click By Users Over Time. The By Users Over Time page displays.
4.

Usersthe IP address of the user. Eventsthe number of FTP Events. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
compared to all users. For example, if 10000 megabytes of data was transferred during the period and 2000 megabytes was transferred by the top user, the % of MBytes field will display 20%.
5.
To change the date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
772
Viewing Mail Usage Reports
6.

Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Users Number of Sites per User Rows per Screen

7.
To display a limited group of users, use the Search Bar fields.
Note
8.

Mail usage reports provide information on the amount of mail usage that occurs through the selected SonicWALL appliance(s). Mail usage reports can be used to view mail bandwidth usage by the hour, day, or over a period of days. Additionally, you can view the top users of mail bandwidth.
Note
Mail usage reports include SMTP, POP3, and IMAP traffic.
General bandwidth reports do not always provide a complete picture of network bandwidth usage. If a large amount of mail traffic occurs during peak times, you might want to take some of the following actions:

Add bandwidth Upgrade network equipment Ask employees to use compression or transfer large files during non-peak times Ask employees to place large files on an FTP site rather than sending them as mail attachments.
773
Note

To view a summary of the daily mail usage, see Viewing the Mail Usage Summary Report on page 774. To view the users who consume the most mail bandwidth, see Viewing the Top Users of Mail Bandwidth on page 776. To view mail usage over a period of time, see Viewing Mail Usage Over Time on page 777. To view the users who consume the most mail bandwidth over time, see Viewing the Top Users of Mail Bandwidth Over Time on page 779.
Viewing the Mail Usage Summary Report

The Mail Usage Summary report contains information on the amount of mail handled by a SonicWALL appliance or group of SonicWALL appliances during the specified day. To view the Mail Usage Summary report, perform the following steps:
1. 2.
774
3.
Expand the Mail Usage tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the amount of mail sent and received during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Eventsthe number of mail events. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred during this
hour, compared to the day. For example, if 10,000 megabytes of mail was transferred during the day and 1,000 megabytes was transferred at the 12:00 time period, the % of MBytes field will display 10%.
6.
The GMS Reporting Module shows yesterdays report. To change the date of the report or the report display settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for display settings. Under Report Display Settings you can set:
7.

8.
775
Viewing the Top Users of Mail Bandwidth

The Top Users report displays the users who sent and received the most mail on the specified date. To view the Top Users report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Mail Usage tree and click Top Users. The Top Users page displays.
4. 5.
The pie chart displays the percentage of mail sent and received by the top mail users. The table contains the following information:
Usersthe IP address of the user. Eventsthe number of mail messages sent and received. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
776
6.
By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top users. To change the date of the report or the report display settings, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
Viewing Mail Usage Over Time

The Mail Usage Over Time report displays the daily amount of mail handled by a SonicWALL appliance or group of SonicWALL appliances for the specified time period. To view the Mail Usage Over Time report, perform the following steps:
1. 2.
777
3.
Expand the Mail Usage tree and click Over Time. The Over Time page displays.
4. 5.
The bar graph displays the amount of mail sent and received during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Connectionsthe number of mail messages. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
6.
7.

8.
778
Viewing the Top Users of Mail Bandwidth Over Time

The Top Users Over Time report displays the users who sent and received the most mail during the specified time period. To view the Top Users Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Mail Usage tree and click Top Users Over Time. The Top Users Over Time page displays.
4. 5.
The pie chart displays the percentage of mail sent and received by the top mail users. The table contains the following information:
Usersthe IP address of the user. Eventsthe number of mail messages sent and received. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
compared to all users. For example, if 10,000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user, the % of MBytes field will display 20%.
779
Viewing VPN Usage Reports
6.
7.

8.
To display a limited group of users, use the Search Bar fields. The search bar fields use pattern matching with operators such as contains. For example, john will match john_smith, john42, or big_john.
9.

VPN Usage reports provide information on the amount of VPN usage that occurs through the selected SonicWALL appliance(s). VPN Usage reports can be used to view VPN usage by the hour, day, or over a period of days. Additionally, you can view the top users of VPN. General bandwidth reports do not always provide a complete picture of network bandwidth usage. If a large amount of VPN traffic occurs, you might need to add bandwidth, upgrade network equipment, or reconfigure the VPN network.
Note

To view a summary of the daily VPN bandwidth usage, see Viewing the VPN Usage Summary Report on page 781. To view the users who consume the most VPN bandwidth, see Viewing the Top VPN Users on page 783. To view VPN bandwidth usage over a period of time, see Viewing VPN Usage Over Time on page 784.
780
To view the users who consume the most VPN bandwidth over time, see Viewing VPN Usage Over Time on page 784. To view the users who consume the most VPN bandwidth over time, see Viewing the Top VPN Users Over Time on page 785. To view VPN usage by policy, see Viewing VPN Usage By Policy on page 787. To view VPN usage by policy over time, see Viewing the Top VPN Policies Over Time on page 788. To view hourly VPN usage by policy, see Viewing Hourly VPN Usage By Policy on page 789. To view VPN services usage, see Viewing the VPN Services Summary Report on page 790.
Viewing the VPN Usage Summary Report

The VPN Usage Summary report contains information on the number of VPN connections made through a SonicWALL appliance or group of SonicWALL appliances during the specified day. To view the VPN Usage Summary report, perform the following steps:
1. 2.
781
3.
Expand the VPN Usage tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the number of VPN connections made during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Eventsthe number of mail events. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
6.
The GMS Reporting Module shows yesterdays report. To change the date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
782
Viewing the Top VPN Users

The Top Users report displays the users who made the most VPN connections on the specified date. To view the Top Users report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the VPN Usage tree and click Top Users. The Top Users page displays.
4. 5.
The pie chart displays the VPN connections for the top VPN users. The table contains the following information:
Usersthe IP address of the user. Connectionsthe number of VPN connections. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
6.
By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top users. To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
783
7.


8. 9.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected date. These settings will stay in effect for all similar reports during your active login session.
Viewing VPN Usage Over Time

The VPN Usage Over Time report displays the daily number of VPN connections made through a SonicWALL appliance or group of SonicWALL appliances during the specified time period. To view the VPN Usage Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the VPN Usage tree and click Over Time. The Over Time page displays.
784
4. 5.
The bar graph displays the number of VPN connections made during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Connectionsthe number of connections. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
6.
7.

8.
Viewing the Top VPN Users Over Time

The Top Users report displays the users who made the most VPN connections for the specified time period. To view the Top Users report, perform the following steps:
1. 2.
785
3.
Expand the VPN Usage tree and click Top Users Over Time. The Top Users Over Time page displays.
4. 5.
The pie chart displays the VPN connections for the top VPN users. The table contains the following information:
Usersthe IP address of the user. Connectionsthe number of VPN connections. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred by this user,
6.
7.
786
8.
Viewing VPN Usage By Policy

The VPN Usage By Policy report contains information on VPN usage for a SonicWALL appliance, organized by policy. To view the VPN Usage By Policy report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the VPN Usage tree and click By Policy. The By Policy page displays.
4. 5.
The pie chart displays the amount of data transferred for each policy. The table contains the following information:
Policythe name of the policy. Eventsthe number of VPN events. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred for this
policy, compared to all other policies. For example, if a total of 10,000 megabytes was transferred and 2,500 megabytes was transferred for one policy, the % of Usage field will display 25%.
787
6.
The GMS Reporting Module shows yesterdays report. To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Items Rows per Screen
7.

8.
Viewing the Top VPN Policies Over Time

The By Policy Over Time report displays the top VPN Policies for the specified time period. To view the By Policy Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the VPN Usage tree and click By Policy Over Time. The By Policy Over Time page displays.
788
4. 5.
The pie chart displays the VPN connections for the top policies. The table contains the following information:
Policythe name of the policy. Eventsthe number of VPN events. MBytesthe number of megabytes transferred. % of MBytesthe percentage of megabytes transferred for this
policy, compared to all other policies for the period. For example, if a total of 100,000 megabytes was transferred and 3,000 megabytes was transferred for one policy, the % of MBytes field will display 3%.
6.
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar, Pie or Plot chart Number of Items Rows per Screen
7.

8.
Viewing Hourly VPN Usage By Policy

The VPN Usage By Policy Hourly report contains information on hourly VPN usage for a SonicWALL appliance, organized by policy. To view the VPN Usage By Policy Hourly report, perform the following steps:
1. 2.
789
3.
Expand the VPN Usage tree and click By Policy Hourly. The By Policy Hourly page displays.
4.

Hourthe period of time. Eventsthe number of VPN events. MBytesthe number of megabytes transferred.
5.
Display Type: Chart and Table, or Table Only Chart Type: Area, Bar or Plot chart Hour Begin Hour End
6.

7.
Viewing the VPN Services Summary Report

The Services Summary report displays the amount of traffic handled by each service during each hour of the specified day. To view the Services Summary report, perform the following steps:
1. 2.
790
3.
Expand the VPN Usage tree and click By Service. The By Service page displays.
4. 5.
The bar graph displays the amount of bandwidth used by each service during each hour of the day. The table contains the following information:
Protocolthe service. Eventsthe number of events or hits. MBytesthe number of megabytes. % of MBytesthe percentage of megabytes transferred by this
service on the selected day, compared to all other services. For example, if 1,000 megabytes were transferred and 900 megabytes were handled by the HTTP service, the % of Mbytes field will display 90%.
6.
7.
791
Viewing Attacks Reports
8. 9.

Attacks reports show the number of attacks that were directed at or through the selected SonicWALL appliance(s). These include denial of service attacks, intrusions, probes, and all other malicious activity directed at the SonicWALL appliance or computers on the LAN or DMZ.
Note

To view a summary of the attacks, see Viewing the Attack Summary Report on page 792. To view the attacks by attack category, see Viewing the Attacks By Category on page 794. To view the attacks by source IP address, see Viewing the Errors Report on page 795. To view a summary of the errors and exceptions, see Viewing the Errors Report on page 795. To view attacks over a period of time, see Viewing Attack Reports Over Time on page 797. To view errors and exceptions over a period of time, see Viewing Errors Over Time on page 799.
Viewing the Attack Summary Report

The Attack Summary report contains information on the number of attacks attempted on a SonicWALL appliance or group of SonicWALL appliances during the specified day. To view the Attack Summary report, perform the following steps:
1. 2.
792
3.
Expand the Attacks tree and click Summary. The Summary page displays.
4.
The bar graph displays the number of attacks attempted during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Attacksthe number of attack attempts. % of Attacksthe percentage of attacks during this hour, compared
to the day. For example, if 1,000 attacks occurred during the day and 100 attacks occurred during the 2:00 time period, the % of Attacks field will display 10%.
5.
6.

7.
793
Viewing the Attacks By Category

The Attacks By Category report displays the attacks that occurred on the specified date, sorted by category. To view the Attacks By Category report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Attacks tree and click By Category. The By Category page displays.
4.
The pie chart displays the percentage of each type of attack. To view source and destination information on the individual attacks, expand the category tree (indicated by a + sign). The table contains the following information:
Typethe type of attack Sourcethe IP address of the source Destinationthe IP address to the destination
5.
Click the highlighted source or destination IP address to access the Who is Source Website.
794
Attacksthe number of attacks % of Attacksthe percentage of this type of attack, compared to all
other attack types. For example, if 5,000 attacks occurred during the day and the IP Spoof makes up 500 of the attacks, its % of Attacks field will display 10%.
6.
By default, the GMS Reporting Module shows yesterdays report, a pie chart, and the ten top categories. To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8. 9.
Viewing the Errors Report

The Errors Summary report contains information on the number of dropped packets on a SonicWALL appliance or group of SonicWALL appliances during the specified day. To view the Errors report, perform the following steps:
1. 2.
795
3.
Expand the Attacks tree and click Errors. The Errors page displays.
4. 5.
The bar graph displays the packets that were dropped during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Packetsthe number of dropped packets. % of Packetsthe percentage of packets dropped during this hour,
compared to the day. For example, if 1,000 packets were dropped during the day and 100 packets were dropped during the 1:00 time period, the % of Packets field will display 10%.
6.
The GMS Reporting Module shows yesterdays report.To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings. Under Report Display Settings you can set:
7.

8.
796
Viewing Attack Reports Over Time

The Attacks Over Time report displays the daily number of attempted attacks during the specified time period. To view the Attacks Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Attacks tree and click Attacks Over Time. The Attacks Over Time page displays.
4. 5.
The bar graph displays the number of attacks attempted each day of the time period. The table contains the following information:
Datewhen the sample was taken. Attacksthe number of attacks. % of Attacksthe percentage of attacks on this day, compared to the
time period. For example, if 10,000 attacks occurred during the time period and 1,000 attacks occurred on Thursday, its % of Attacks field will display 10%.
6.
797
7.


8.
Viewing the Attacks By Category Over Time

The Categories Over Time report displays the number of attacks in each attack category during the specified time period. To view the Categories Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Attacks tree and click Categories Over Time. The Categories Over Time page displays.
4.
The bar graph displays the number of attacks attempted each day of the specified time period. To view source and destination information on the individual attacks, expand the category tree (indicated by a + sign). The table contains the following information:
Typethe type of attack Sourcethe IP address of the source
5.
798
Destinationthe IP address to the destination
Click the highlighted source or destination IP address to access the Whois Source Website.
Attacksthe number of attacks % of Attacksthe percentage of this type of attack, compared to all
other attack types. For example, if 5,000 attacks occurred during the day and the IP Spoof makes up 500 of the attacks, its % of Attacks field will display 10%.
6.
7.

8.
Viewing Errors Over Time

The Errors Over Time report displays the number of errors during the specified time period. To view the Errors Over Time report, perform the following steps:
1. 2.
799
3.
Expand the Attacks tree and click Errors Over Time. The Dropped Packets & Exceptions page displays.
4. 5.
The bar graph displays the number of packets that were dropped during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Dropped Packetsthe number of dropped packets. % of Errorsthe percentage of dropped packets on this day,
compared to the time period. For example, if 10,000 packets were dropped during the time period and 1,000 packets were dropped on Wednesday, its % of Attacks field will display 10%.
6.
7.

8.
800
Viewing Virus Attacks Reports

Virus Attacks reports show the number of virus attacks that were directed at or through the selected SonicWALL appliance(s).
Note
If the selected appliance is not licensed for SonicWALL Gateway Anti-Virus, a sample report is displayed, as shown below. You can click the Click Here link near the top to view the global dashboard report showing all viruses and similar attacks currently being monitored by SonicWALL, or click the link at the bottom of the page to read detailed information about SonicWALL Gateway Anti-Virus and other subscription services.

To view the top virus, see Viewing the Top Viruses By Attack Attempts Report on page 803. To view the virus attacks by top destinations, see Viewing the Virus Attack Attempts Report on page 804.
801
9.
To view virus attacks over time, see Viewing the Virus Attack Attempts Report on page 804. To view virus attacks over a period of time, see Viewing the Virus Attacks By User Report on page 806. To view virus attacks by top destinations over time, see Viewing Anti-Spyware Reports on page 807. Expand the Virus Attacks tree and click Summary. The Summary page displays
10. The bar graph displays the number of virus attacks attempted during each
hour of the day. The table contains the following information:

Hourthe hour of the day for which the summary is provided. Attemptsthe number of times the virus attempted to infect the
device during a pre-set time interval (the hour of the day is the default).
% of Attemptsthe percent of attempts the current virus entry
comprises as a portion of the aggregate number of virus attempts on the device during a pre-set time interval (the hour of the day is the default).
11. The GMS Reporting Module shows yesterdays report. To change the date
range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
12. Under Report Display Settings you can set:
802

13. When you are finished, click Search. The GMS Reporting Module displays
the report for the selected date range.
Viewing the Top Viruses By Attack Attempts Report

The Top Viruses By Attack Attempts report displays the top viruses for the specified date. To view the Top Viruses, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Virus Attacks tree and click By Virus. The Top Viruses By Attack Attempts page displays.
4. 5.
The pie chart displays the percentage of virus attacks attempted in a given day. The table contains the following information:
Virusthe name of the virus. Attemptsthe number of attack attempts.
803
% of Attemptsthe percentage of attempts as compared to the day. 6.
7.

8.
Viewing the Virus Attack Attempts Report

The Virus Attack Attempts report displays the number of virus attempts over the specified time range. To view the Virus Attack Attempts report, perform the following steps:
1. 2.
804
3.
Expand the Virus Attacks tree and click Over Time. The Virus Attack Attempts page displays.
4. 5.
The bar graph displays the number of virus attempts that were made during each day over a specified time period. The table contains the following information:
Datethe date of when the sample was taken. Attemptsthe number of attempted virus attacks. % of Attemptsthe percentage of attempted virus attacks in a day
compared to the time period. For example, if 5,000 attempts were made during the time period and 500 were made on one day, its % of Attempts field will display 10%.
6.
805
7.


8.
Viewing the Virus Attacks By User Report

The Virus Attacks By User report displays the number of virus attack attempts over the specified time range. To view the Virus Attacks By User report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Virus Attacks tree and click By Viruses Over Time. The Virus Attacks By User page displays.
806
Viewing Anti-Spyware Reports
4. 5.
The pie chart displays the percentage of virus attacks attempted in a given day. The table contains the following information:
Virusthe name of the virus. Attemptsthe number of attack attempts. % of Attemptsthe percentage of attempts compared to the day.
6.
7.

8.

SonicWALL Anti-Spyware is included within the SonicWALL Gateway Anti-Virus (GAV), Anti-Spyware and Intrusion Prevention Service (IPS) unified threat management (UTM) solution. SonicWALL UTM delivers a comprehensive, real-time gateway security solution for your entire network. Unlike other threat management solutions, SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service has the capacity to analyze files of any size in real-time without the need to add expensive hardware drive or extra memory. SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service includes a pro-active alerting mechanism that notifies network administrators when a new threat is discovered. Granular policy tools and an intuitive user interface enable administrators to configure a custom set of detection or prevention policies tailored to their specific network
807
environment. Network administrators can create global policies between security zones and group attacks by priority, simplifying deployment and management across a distributed network. If the selected appliance is not licensed for SonicWALL Anti-Spyware, a sample report is displayed, as shown below. You can click the Click Here link near the top to view the global dashboard report showing all spyware and similar attacks currently being monitored by SonicWALL, or click the link at the bottom of the page to read detailed information about SonicWALL Anti-Spyware and other subscription services.
See the following sections to view Anti-Spyware reports:

Viewing a Spyware Summary on page 809 Viewing Spyware Attempts By Category on page 810 Viewing Spyware Attempts Over Time on page 811 Viewing Spyware Attempts By Category Over Time on page 813
808
Viewing a Spyware Summary

The Anti-Spyware Summary report contains information on the number of spyware attempts by hour of the day. To view a spyware Summary, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Anti-Spyware tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the number of virus attacks attempted during each hour of the day. The table contains the following information:
Hourthe hour of the day for which the summary is provided. Attemptsthe number of times the spyware attempted to infect the
device during a pre-set time interval (the hour of the day is the default).
% of Attemptsthe percent of attempts the current spyware entry
comprises as a portion of the aggregate number of spyware attempts on the device during a pre-set time interval (the hour of the day is the default).
6.
The GMS Reporting Module shows yesterdays report. To change the date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
809
7.


8. 9.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected date range. Note this page displays the number of spyware attempts that occurred during two-hour intervals during the past day.
Viewing Spyware Attempts By Category

These reports display the spyware activity by category including the actual category or classification of the spyware, the priority, and the event/attacks type. By using the category as criteria, you can display details about the type/message text and number of events. To view spyware attempts by category, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Anti-Spyware tree and click By Category. The By Category page displays.
810
4. 5.
The pie chart displays the percentage of spyware attempts by category. The table contains the following information:
Categorythe category of the spyware. Attemptsthe number of times the spyware attempted to infect the
device using the category as a criteria.

comprises as a portion of the aggregate number of spyware attempts using the category as a criteria.
6.
7.

8.
Viewing Spyware Attempts Over Time

You can display spyware attempts over a set time interval. These reports are available at the unit and group levels similar to the other summary reports. To view spyware attempts using pre-set time intervals as the viewing criteria, perform the following steps:
1. 2.
811
3.
Expand the Anti-Spyware tree and click Over Time. The Over Time page displays.
4. 5.
The bar graph displays the number of spyware attempts that were made during each day over a specified time period. The table contains the following information:
Datethe date for which the summary is provided. Attemptsthe number of times the spyware attempted to infect the
device during a specific date.

comprises as a portion of the aggregate number of spyware attempts on the device during a pre-set time interval.
6.
7.

8.
812
Viewing Spyware Attempts By Category Over Time

You can generate reports that display the spyware activity by category, such as the category, priority, and events/attacks over time. Using the category over time statistic as criteria for report generation provides details about the type/message text and number of events. To view Anti-Spyware attempts using categories over time intervals as the viewing criteria, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Anti-Spyware tree and click By Category Over Time. The By Category Over Time page displays.
4.
The pie chart displays the percentage of spyware attempts by category. The table contains the following information:
Categorythe category of the virus. Attemptsthe number of times the spyware attempted to infect the
device during a pre-set time interval.

comprises as a portion of the aggregate number of spyware attempts on the device during a pre-set time interval.
5.
813
Viewing Intrusion Prevention Reports
6.


7.
To display a limited group of items, use the Search Bar fields.
Note
The search bar fields use pattern matching with operators such as contains. For example, john will match john_smith or john42.
8.

The Intrusion Prevention Service (IPS) reports show the number of attempted intrusions that occurred during the specified time period.
Note
If the selected appliance is not licensed for SonicWALL Intrusion Prevention Service, a sample report is displayed, as shown below. You can click the Click Here link near the top to view the global dashboard report showing all
814
intrusions and similar attacks currently being monitored by SonicWALL, or click the link at the bottom of the page to read detailed information about SonicWALL Intrusion Prevention Service and other subscription services.
Select from the following intrusion reports:

To view a summary of the attacks, see Viewing the Intrusion Prevention Summary Report on page 816. To view the attacks by source IP address, see Viewing the Errors Report on page 795. To view a summary of the errors and exceptions, see Viewing the Errors Report on page 795. To view attacks over a period of time, see Viewing Attack Reports Over Time on page 797. To view errors and exceptions over a period of time, see Viewing Errors Over Time on page 799.
815
Viewing the Intrusion Prevention Summary Report

The Attack Summary report contains information on the number of attempted intrusions on a SonicWALL appliance or group of SonicWALL appliances during the specified day. To view the IPS Summary report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Intrusion Prevention tree and click Summary. The Summary page displays.
4. 5.
The bar graph displays the number of intrusions attempted during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Intrusionsthe number of intrusion attempts. % of Intrusionsthe percentage of intrusion attempts on this day,
compared to the time period. For example, if 10,000 intrusion attempts occurred during the time period and 1,000 intrusion attempts occurred on Thursday, its % of Intrusions field will display 10%. 816
6.
7.

8.
Viewing Intrusion Attempts By Category

These reports display the intrusion activity by category including the actual category or classification of the intrusion, the priority, and the event/attacks type. By using the category as criteria, you can display details about the type/message text and number of events. To view intrusion attempts by category, perform the following steps:
1. 2.
817
3.
Expand the Intrusion Prevention tree and click By Category. The By Category page displays.
4.
The pie chart displays a list of intrusions attempted by category. The table contains the following information:
Categorythe category of the intrusion attempt. Intrusionsthe number of intrusion attempts. % of Intrusionsthe percentage of intrusion attempts as a portion of
the aggregate number of intrusion attempts using the category as a criteria.

5.
To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar, or click More Options for report display settings.
818
6.


7.
Viewing Intrusions Over Time

The Over Time report displays the daily number of intrusion attempts during the specified time period. To view the Intrusions Over Time report, perform the following steps:
1. 2.
819
3.
Expand the Intrusion Prevention tree and click Intrusions Over Time. The Intrusions Over Time page displays.
4. 5.
The bar graph displays the number of intrusions attempted each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Intrusionsthe number of intrusion attempts. % of Intrusionsthe percentage of intrusion attempts on this day,
compared to the time period. For example, if 10,000 intrusion attempts occurred during the time period and 1,000 intrusion attempts occurred on Thursday, its % of Intrusions field will display 10%.
6.
7.

8.
820
Viewing Intrusion Reports By Category Over Time

You can generate reports that display the intrusion activity by category, such as the category, priority, and events/attacks over time. Using the category over time statistic as criteria for report generation provides details about the type/message text and number of events. To view intrusion attempts using categories over time intervals as the viewing criteria, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Intrusion Prevention tree and click By Category Over Time. The By Category Over Time page displays.
4.
The pie chart displays a list of intrusions attempted by category over time. The table contains the following information:
Categorythe category of the intrusion attempt. Intrusionsthe number of attempted intrusions during a pre-set time
interval.
% of Intrusionsthe percentage of intrusion attempts the current
intrusion entry comprises as a portion of the aggregate number of intrusion attempts on the device during a pre-set time interval.
821
Viewing Application Firewall Reports
5.
6.

7.

Application Firewall reports provide information on the applications, users, and Application Firewall policies that are handled by Application Firewall on the selected SonicWALL appliance(s). The Application Firewall feature is available on SonicWALL NSA and SonicWALL TZ 210 Series appliances in SonicOS Enhanced 5.0 and higher. Application Firewall reports can be used to view Application Firewall usage by the day or over a period of days. Additionally, you can view the top applications, top users, or top policies for Application Firewall on a single SonicWALL NSA or SonicWALL TZ 210 series appliance. Clickable reports (Graphs and Data) are supported, providing drill-down reporting information by clicking the graphical elements (such as pie chart slices) and data rows. For example, you can drill down to the User report level by clicking a user in one of the Top reports.
Note

To view a summary of the daily Application Firewall usage, see Viewing the Application Firewall Summary Report on page 823. To view Application Firewall usage over time, see Viewing the Application Firewall Over Time Report on page 824.
822
To view the applications most often intercepted by Application Firewall, see Viewing Application Firewall Top Applications on page 825. To view the users whose traffic is most often intercepted by Application Firewall, see Viewing Application Firewall Top Users on page 826. To view the Application Firewall policies that are used the most, see Viewing Application Firewall Top Policies on page 827.
Viewing the Application Firewall Summary Report

The Application Firewall Summary report contains information on the number of connections incurring Application Firewall activity logged by a SonicWALL appliance during each hour of the specified day, or at the global or group level, by each group of SonicWALL appliances for the day. To view the Application Firewall Summary report, perform the following steps:
1. 2. 3.
Click the UTM tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Application Firewall tree and click Summary. The Summary page displays.
4.

Hourwhen the sample was taken
823
Connectionsnumber of attempted connections logged (and
possibly blocked) by Application Firewall

Mbytesmegabytes of data transferred during the connections 5.
The GMS Reporting Module shows yesterdays report. To change the date of the report, click the Start and End fields to access the drop-down calendars, select the desired dates, and then click Search. The GMS Reporting Module displays the report for the selected day or date range.
Viewing the Application Firewall Over Time Report

The Application Firewall Over Time report displays the amount of Application Firewall usage handled by a SonicWALL appliance or a group of SonicWALL appliances for the specified time period. To view the Application Firewall Over Time report, perform the following steps:
1. 2. 3.
Click the UTM tab. Select the global icon, a group, or a SonicWALL appliance. Expand the Application Firewall tree and click Over Time. The Over Time page displays.
4.

Datewhen the sample was taken
824

Mbytesmegabytes of data transferred during the connections 5.
To change the date of the report, click the Start and End fields to access the drop-down calendars, select the desired dates, and then click Search. The GMS Reporting Module displays the report for the selected date range.
Viewing Application Firewall Top Applications

The Top Applications report displays the applications that were most logged and/or blocked by Application Firewall on the specified date. The Top Applications report is available at the unit level. To view the Top Applications report, perform the following steps:
1. 2. 3.
Click the UTM tab. Select a SonicWALL appliance. Expand the Application Firewall tree and click Top Applications. The Top Applications page displays.
4.

Application Namethe type of application, such as HTTP, FTP, and
so on
825

Mbytesmegabytes of data transferred during the connections Action Typeeither No Action, Logged, or Blocked 5.
To change the date of the report, click the Start field to access the drop-down calendar, select the desired date, and then click Search. The GMS Reporting Module displays the report for the selected date.
Viewing Application Firewall Top Users

The Top Users report displays the users who made the most logged and/or blocked connections by Application Firewall on the specified date. The Top Users report is available at the unit level. To view the Top Users report, perform the following steps:
1. 2. 3.
Click the UTM tab. Select a SonicWALL appliance. Expand the Application Firewall tree and click Top Users. The Top Users page displays.
826
4.

User Namethe users name or IP address Host Namethe host name or IP address of the computer that made
the connection

Viewing Application Firewall Top Policies

The Top Policies report displays the Application Firewall policies that were triggered the most on the specified date. The Top Policies report is available at the unit level. To view the Top Policies report, perform the following steps:
1. 2.
Click the UTM tab. Select a SonicWALL appliance.
827
Viewing Authentication Reports
3.
Expand the Application Firewall tree and click Top Policies. The Top Policies page displays.
4.

Policy Namethe Application Firewall policy name Connectionsnumber of attempted connections logged (and


The login reports show user logins, administrator logins, and failed login attempts for users and administrators. Authentication reports are available at the unit level.
Note
Select from the following: 828

Viewing the User Login Report on page 829 Viewing the Administrator Login Report on page 830 Viewing the Failed Login Report on page 830
Viewing the User Login Report

The user login report shows users that logged on to the SonicWALL appliance during the specified day to bypass content filtering or to remotely access local network resources. To view the User Login report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Authentication tree and click User Login. The User Login page displays.
4.

Userthe user name. Timetime the user logged in.
5.
The GMS Reporting Module shows yesterdays report. To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar. See Managing Report Settings on page 690. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
6.
829
Viewing the Administrator Login Report

The administrator login report shows successful administrator logins during the specified day. This report is useful for identifying misuse and unauthorized management of a SonicWALL appliance. To view the Admin Login report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Authentication tree and click Admin Login. The Admin Login page displays.
4.

Userthe user name. Timetime the user logged in.
5.
To change the date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar. See Managing Report Settings on page 690. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date range.
6.
Viewing the Failed Login Report

The failed login report shows failed login attempts for users and administrators that attempted to log on to the SonicWALL appliance during the specified day. This report is useful for identifying unauthorized access attempts and potentially malicious activity. To view the Failed Login report, perform the following steps:
1. 2.
830
Viewing the Log
3.
Expand the Authentication tree and click Failed Login. The page displays.
4.

Userthe user name. Timetime the user logged in. IP AddressIP address of the user.
5.
The GMS Reporting Module shows yesterdays report. To change the date of the report, use the Search Bar and click the Start or End field to access the drop-down calendar. See Managing Report Settings on page 690. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
6.
Viewing the Log

The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance. This information is stored for the time that you specified in the configuration settings. It is necessary to enable the Log Viewer for UTM or SSL-VPN appliances for which you wish to generate Custom Reports. See Using Custom Reports on UTM Appliances on page 699.
Note
The Log Viewer displays raw log information for every connection. Depending on the amount of traffic, this can quickly consume a large amount of space in the database. It is highly recommended to be careful when choosing the number of days of information that will be stored. For more information, see Scheduling and Configuring Reports on page 671.
831
Viewing the Log
Viewing the Log for a SonicWALL Appliance

To view the Log, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Log Viewer tree and click Search. The Search page displays.
4.
Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data. This can consume a large amount of space in your database. Review your database space constraints before enabling the log viewer. The maximum number of appliances for which Log Viewer can be enabled is controlled on the Console > Reports > Settings page. See Controlling the Number of Appliances with Log Viewer Enabled on page 982.
Note
Custom Reports are available on appliances with Log Viewer enabled. See Using Custom Reports on UTM Appliances on page 699. Under Select Search Criteria, select the date range to view data from in the Start Date and End Date fields. Enter the starting time of events to view in the Start Time field. Enter the ending time of events to view in the End Time field. To limit the report to data originating from specific IP addresses or users, enter the source IP address or user name in the Source IP/User field. To view all IP addresses, enter All. To view log entries for data originating from a particular port, enter the port number in the Source Port field.
5. 6. 7. 8.
9.
832
Viewing the Log
10. To limit the report to data going to specific IP addresses or hosts, enter the
destination IP address or host name in the Destination IP/Hostname field. To view log entries for data going to all IP addresses, enter All. in the Destination Port field.
11. To view log entries for data going to a particular port, enter the port number 12. Select the type of events to view from the Message Category list box. 13. To limit the report to messages containing a specific text string, enter the 14. Select the number of entries to display per page from the Results Per
text in the Message Text field. Leave the field blank to view all messages. Page field.
15. Click Generate Report. The Log Viewer Results page displays.
16. Search through the entries to find the information for which you are
searching. To view the next page of entries, click Next.
17. To generate another report, click Search again in the Log Viewer tree.
833
Viewing the Log
834
CHAPTER 38 SSL-VPN Reporting

This chapter describes how to manage SonicWALL Global Management System (GMS) SSL-VPN reporting by customizing and defining scheduled reports and summarization for SSL-VPN appliances. For details about viewing specific SSL-VPN reports, see Viewing SSL-VPN Reports on page 841. This chapter contains the following sections:

SSL-VPN Reporting Overview section on page 835 Using and Configuring SSL-VPN Reporting section on page 837
SSL-VPN Reporting Overview

This section provides an introduction to the SSL-VPN reporting feature. This section contains the following subsections:

What is SSL-VPN Reporting? section on page 836 Benefits of SSL-VPN Reporting section on page 836 How Does SSL-VPN Reporting Work? section on page 837
After reading the GMS SSL-VPN Reporting Overview section, you will understand the main steps to be taken in order to create and customize reports successfully.
835
SSL-VPN Reporting Overview
What is SSL-VPN Reporting?

SSL-VPN reporting allows you to configure and design the way you view your reports and the manner in which you receive them. This feature offers various types of static and dynamic reporting in which you can customize the way information is reported. SonicWALL GMS SSL-VPN reporting provides a visual presentation of all your configured report settings and information. With SSL-VPN reporting, you are able to view your reports in new enhanced graphs, create granular, custom reports, create scheduled reports, and search for reports using the search bar tool. Custom reports are also available in SSL-VPN reporting. SonicWALL SSL-VPN appliances provide a Resource Activity custom report for tracking the source, destination, and other information about resource activity passing through a SonicWALL SSL-VPN device. The Custom Reports feature provides an intuitive, responsive interface for customizing the report layout and configuring content filtering prior to generating the report. Two types of reports are available: Detailed Reports and Summary Reports. Both provide detailed information, but are formatted to meet different needs. A Detailed Report displays the data in sortable, resizable columns, while a Summary Report provides top level information in graphs that you can click to drill down for detailed information. Once you set up a Custom Report that meets your needs, you can save your settings as a template for reuse, set a schedule to run the report, export the report as a PDF or CSV (Excel) file, or print report pages.
Benefits of SSL-VPN Reporting

SSL-VPN reports provide visibility into the resource use by logged in users, leading to policies that enhance the user experience and the productivity of employees. The following capabilities contribute to the benefits of the SSL-VPN reporting feature:

Custom reports can track events to the minute or second of the day for forensics and troubleshooting Interactive charts allow drill-down into specific details Table structure with ability to adjust column width of data grid Improved report navigation Report search Scheduled reports
836
Using and Configuring SSL-VPN Reporting
How Does SSL-VPN Reporting Work?

SSL-VPN appliances send syslog data to the GMS syslog collector, similar to SonicWALL UTM appliances. Once summarization takes place, you can create, schedule, view, and search for SSL-VPN reports from the GMS central reporting interface. SSL-VPN Custom Reports are based on raw syslog information contained in a database that is created daily from the raw syslog data sent from all managed or monitored appliances. This database is saved using a date/time suffix, and contains tables full of data for each appliance. All the syslog data received by SonicWALL GMS is available in the database.
Note
The raw syslog database required by Custom Reports is not enabled by default, as it is highly resource intensive. This functionality must be enabled per unit in the Reports > Log Viewer screen.
SSL-VPN Reporting supports scheduled reports to be sent on a daily, weekly, or monthly basis to any specified email address.

This section describes how to use and configure SSL-VPN reporting. See the following subsections:

About Viewing Available SSL-VPN Report Types section on page 837 Configuring SSL-VPN Scheduled Reports section on page 839
About Viewing Available SSL-VPN Report Types

To view the available types of reports for SSL-VPN, perform the following steps:
1. 2. 3.
Log into your GMS management console. Click the SSL-VPN tab. Click the Reports tab on the top of the screen. The SSL-VPN screen displays the following list of reports: Node Level reports:
Status
837
Summary: uptime by hour for one day Over Time: uptime by day for date range Down-Time Summary: down-time by hour for one day Down-Time Over Time: down-time over 7 days listed by date Bandwidth Summary: total connections listed by hour Top Users: connections listed by user Over Time: connections listed by date Top Users Over Time: connections listed by user for the selected
date range
Custom Report Resource Activity: source, destination, and other information about
resource activity
Resources Summary: connections per connection protocol (HTTPS,
NetExtender, etc)
Top Users: connections listed by user Authentication User Login: user, time, and source of successful
authentication-daily. User Login reports now combine admin users with all other users in the same report.
Failed login: time and source host of failed logins for one day
Group Level Reports:

Status Summary: uptime listed by appliance for one day Over Time: uptime listed by date for group Down-Time Summary: down-time by appliance for one day Down-Time Over Time: down-time over 7 days listed by date for
group
Bandwidth Summary: connections per SSL-VPN appliance Over Time: total connections by date for group
838
Configuring SSL-VPN Scheduled Reports

To configure SSL-VPN scheduled reports and summarization, perform the following tasks:
1. 2. 3.
On the Reports tab, navigate to Configuration > Scheduled Reports. Click the Add button. The Scheduled Report Configuration form displays. Fill out the fields accordingly. For more information, see the following sections:
Configuring Scheduled Reports on page 671 Scheduling PDF Compliance Reports on page 680
839
Configuring SSL-VPN Summarization

1.
On the Reports tab, navigate to Configuration > Summarizer Settings. The reports that can be summarized for a SSL-VPN appliance are configurable at either group or unit level. The screen displays the configuration appropriate for the level. The report type lists can also be expanded for a detailed description of report content. The report types you can summarize are shown below.
SSL-VPN reports generated in GMS can be exported in PDF format, providing easy online transfer. For more information about the Summarizer and exporting reports in PDF format, see:
Selecting Reports for Summarization on page 675 Configuring Data Storage Settings on page 677 Using Summarize Now on page 989 Scheduling PDF Compliance Reports on page 680
840
CHAPTER 39 Viewing SSL-VPN Reports

This chapter describes the available reports for SonicWALL SSL-VPN appliances. For information on how to configure scheduled reports and summarization, see:

Using and Configuring SSL-VPN Reporting on page 837 Viewing Status Reports section on page 841 Viewing SSL-VPN Bandwidth Reports section on page 845 Using SSL-VPN Custom Reports section on page 851 Viewing SSL-VPN Resources Reports section on page 869 Viewing SSL-VPN Authentication Reports section on page 874 Viewing the SSL-VPN Log section on page 876

Status reports display the amount of time that the SSL-VPN appliance(s) has been up and running. Select from the following reports:

Viewing the Status Summary Report section on page 842 Viewing the Status Over Time Report section on page 842 Viewing the Status Down-Time Summary Report section on page 842 Viewing the Status Down-Time Over Time Report section on page 843
841
Viewing the Status Summary Report

At the global or group level, the Status > Summary report displays the SSL-VPN appliance uptime listed by appliance for the selected date. At the unit level, the uptime is displayed by hour for the date. To view the Summary page, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, group icon, or a SSL-VPN appliance. Expand the Status tree and click Summary. The Summary page displays.
Viewing the Status Over Time Report

At the global or group level, the Status > Over Time report displays the SSL-VPN appliance uptime listed by date for the group. At the unit level, the uptime is displayed by day for the selected date range. To view the Over Time page, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, group icon, or a SSL-VPN appliance. Expand the Status tree and click Over Time. The Over Time page displays.
Viewing the Status Down-Time Summary Report

The Status Down-Time Summary report contains information on the status of an SSL-VPN appliance or group of appliances during each hour of the specified day. To view the Status Down-Time Summary report, perform the following steps:
1. 2.
Click the Reports tab. Select the global icon, a group, or an SSL-VPN appliance.
842
3.
Expand the Status tree and click Down-Time Summary. The Down-Time Summary page displays.
4. 5.
The graph displays the amount of time the SSL-VPN appliance(s) were offline and not available during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Down Time (Mins)number of minutes during the hour that the
SonicWALL appliance was Down.

6.
By default, the GMS Reporting Module shows yesterdays report. To change the date of the report and other settings, click the Start field to access the drop-down calendar. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
7.
Viewing the Status Down-Time Over Time Report

The Status Down-Time Over Time report displays how often the SSL-VPN appliance or a group of SSL-VPN appliances was unavailable during the specified time period.
843
To view the Status Down-Time Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select the global icon, a group, or an SSL-VPN appliance. Expand the Status tree and click Down-Time Over Time. The Down-Time Over Time page displays.
4. 5.
The graph displays the amount of time the SSL-VPN appliance(s) were not available during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken. Down Timeamount of time (in hours) that the SSL-VPN appliance
was Down.
6.
The GMS Reporting Module shows the past weeks report. To change the date range of the report, use the Search Bar and click the Start or End field to access the drop-down calendar. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date range.
7.
844
Viewing SSL-VPN Bandwidth Reports

Bandwidth reports display the amount of data transferred through one or more selected SSL-VPN appliances. Bandwidth reports are an ideal starting point for viewing overall bandwidth usage. You can view bandwidth usage view by hour, day, or over a period of days. Additionally, you can view the top users of bandwidth. From this information, you can determine network strategies. For example, if you need more bandwidth, you might need to upgrade network equipment, or you might simply need to curtail the bandwidth usage of a few employees.
Note
All reports appear in the time zone of the selected appliance.

Viewing SSL-VPN Bandwidth Summary Reports on page 845 Viewing SSL-VPN Top Users of Bandwidth Reports on page 847 Viewing SSL-VPN Bandwidth Usage Over Time Reports on page 848 Viewing SSL-VPN Top Users of Bandwidth Over Time Reports on page 850
Viewing SSL-VPN Bandwidth Summary Reports

The Bandwidth Summary report shows the number of connections handled by a SSL-VPN appliance during each hour of the specified day, or at the global or group level, by each SSL-VPN appliance for the day. To view the Bandwidth Summary report, perform the following steps:
1. 2.
Click the Reports tab. Select the global icon, a group, or a SSL-VPN appliance.
845
3.
Expand the Bandwidth tree and click Summary. The Summary page displays.
4. 5.
The graph displays the number of connections to the SSL-VPN appliance during each hour of the day. The table contains the following information:
Hourwhen the sample was taken. Connectionsnumber of connections to the SSL-VPN appliance
6. 7.
The GMS Reporting Module shows yesterdays report. To change the date of the report, click the Start field to access the drop-down calendar. After selecting a date, click Search. The GMS Reporting Module displays the report for the selected day.
Note
The date setting will stay in effect for all similar reports during your active login session.
846
Viewing SSL-VPN Top Users of Bandwidth Reports

The Top Users report displays the users who used the most connections on the specified date. To view the Top Users report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SSL-VPN appliance. Expand the Bandwidth tree and click Top Users. The Top Users page displays.
4.
The pie chart displays the percentage of connections used by each user.
847
5.
The table contains the following information for all users:

Usersthe user name Connectionsnumber of connection events or hits
6.
By default, the GMS Reporting Module shows yesterdays report, a pie chart for the top six users, and a table for all users. To change the date of the report, click the Start field to access the drop-down calendar. To display a limited number of users, use the Search Bar fields.
7.
Note
8.
Note
Viewing SSL-VPN Bandwidth Usage Over Time Reports

The Bandwidth Usage Over Time report displays the daily number of connections handled by a SSL-VPN appliance or a group of SSL-VPN appliances for the specified time period. To view the Bandwidth Usage Over Time report, perform the following steps:
1. 2.
Click the Reports tab. Select the global icon, a group, or a SSL-VPN appliance.
848
3.
Expand the Bandwidth tree and click Over Time. The Over Time page displays.
4. 5.
The graph displays the number of connections during each day of the specified time period. The table contains the following information:
Datewhen the sample was taken Connectionsnumber of hits
6. 7.
To change the date of the report, use the Search Bar and click the Start or End fields to access the drop-down calendar. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date range.
Note
These date settings will stay in effect for all similar reports during your active login session.
849
Viewing SSL-VPN Top Users of Bandwidth Over Time Reports

The Top Users Over Time report displays the users who used the most connections during the specified date range. This report is available at the unit level. To view the Top Users Over Time report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SSL-VPN appliance. Expand the Bandwidth tree and click Top Users Over Time. The Top Users Over Time page displays.
4.
The pie chart displays the percentage of connections used by the top users.
850
Using SSL-VPN Custom Reports
5.
The table contains the following information for all users:

Usersthe user name of the user Connectionsnumber of connection events or hits
6.
The GMS Reporting Module shows yesterdays report. To change the date range of the report, click the Start or End field to access the drop-down calendar. To display a limited group of users, enter the user IDs in the Search Bar fields.
7.
Note
8.
When you are finished, click Search. The GMS Reporting Module displays the report for the selected users and date range.
Note

Custom Reports are available at the unit level for appliances visible on the SSL-VPN tab. Log Viewer must be enabled for the appliance. For information about enabling Log Viewer, see Viewing the SSL-VPN Log on page 876. When configuring a Custom Report on the Resource Activity page, the Template Section acts as a query builder. You select the criteria for the report that you want, and SonicWALL GMS uses your input to query the raw syslog database for the information, and then outputs the report. The Template Section consists of two parts: the Date/Time section and the Report Layout section. After building your query in the Template Section and clicking the Generate Report button, the report is displayed in the Report Section. The Report Section is displayed in the lower half of the page, under the Template Section; this layout is called Split Mode. You can easily toggle between Split Mode and Full Mode. Full Mode can be used to display only the Template Section or only the Report Section in a full page view.
851
The Report Section displays the report and provides controls for pagination, printing, and exporting the report in PDF or CSV format. You can also click the Save Template button in this section if you want to save the settings for this report as a template for reuse later. See the following sections for detailed information:

Toggling Between Split Mode and Full Mode on page 852 Configuring the Date and Time for Custom Reports on page 855 Configuring the Report Layout and Generating the Report on page 858 Generating the Custom Report on page 864 Viewing a Custom Report on page 865 Printing a Page or Exporting the Report as a PDF or CSV File on page 867 Saving the Report Template on page 868
Toggling Between Split Mode and Full Mode

The Custom Report page contains two main sections, the Template Section and Report Section, which can be displayed together or independently depending on the mode.
852
When the Custom Report page is initially displayed for a selected appliance, the Template Section is displayed in Full Mode. Split Mode is available, but the Report Section displays no data until a report has been generated. The image below shows the Custom Report > Resource Activity page with the Template Section displayed in Full Mode.
853
After generating a report, the page automatically changes to Split Mode and displays the report settings in the Template Section in the top half of the page and the report results in the Report Section in the lower portion. The image below shows the Template Section and Report Section displayed in Split Mode.
At any time, you can change to Full Mode if you want to display either the Template Section or the Report Section individually. From Full Mode, you can easily change back to Split Mode. To toggle between Split Mode and Full Mode:
1. 2.
Select a unit for which Log Viewer is enabled, and then navigate to the Custom Report page. On a page that is currently displayed in Full Mode, to change the view to Split Mode click the <Split Mode> button at the right side of the section heading.
854
3.
On a page that is currently displayed in Split Mode, do one of the following to change to a Full Mode display of either the Template Section or the Report Section:
Click the <Full Mode> button to the right of the Template Section
heading.
Click the <Full Mode> button to the right of the Report Section
heading.
Configuring the Date and Time for Custom Reports

At the top of the Template Section of the Custom Report page, the Date/Time region provides a way to designate the time period to use when generating the report. You can select either a Dynamic Date Range or a Static Date Range. Both the Dynamic Date Range and the Static Date Range provide Start Time and End Time settings. By using the Start Time and End Time fields, you can specify the exact hour, minute, and second for both the beginning and the end of the period for the report. When a start and end time is specified for a date range containing multiple days, the start/end times are applied to each day of the period when analyzing data for the report. The default is to include data for the full 24 hours in each day of the date range.
Dynamic Date Range

The Dynamic Date Range selection allows you to select from four date ranges and to specify the exact starting and ending times on the days in the selected date range for the log data to be used for the report. For the Dynamic Date Range, you can select from the following four date choices:

Today Uses log data from the current date, beginning just after midnight Yesterday Uses log data from just after midnight of the previous day, up to and including the most recent log message from the current date
855
Week to Date Uses log data from the current date, plus the seven preceding days Month to Date Uses log data from the same date as the current date in the previous month, up to and including the most recent log message from the current date
When generating a report with a template containing a dynamic date range setting, the dates used when referencing the log data are relative to the current date. Thus, two reports generated from the same template on different days will provide different results. To select a Dynamic Date Range:
1. 2. 3. 4.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In the Template Section under Date/Time, select the Dynamic Date Range radio button. In the drop-down list, select Today, Yesterday, Week to Date, or Month to Date. For the Start Time, select the hour, minute, and second from the drop-down lists in the Dynamic Date Range row. These settings specify the earliest data to be included in the report, for each day of the date range. For the End Time, select the hour, minute, and second from the drop-down lists. These settings specify the most recent data to be included in the report, for each day of the date range. To change the settings back to the defaults, click Reset at the bottom of the Template Section. Note that this will change the Report Layout region as well as the Date/Time region back to default settings.
5.
6.
Static Date Range

The Static Date Range selection allows you to specify the exact dates, starting, and ending times on the days in the selected date range for the log data to be used for the report. You can specify a single date or a date range, and indicate the exact hour, minute, and second for both the beginning and the end of the daily period for the report.
856
A popup calendar makes it easy to select the Start Date and End Date for the date range, as shown below.
To specify a Static Date Range:

1. 2. 3. 4.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In the Template Section under Date/Time, select the Static Date Range radio button. Click the Start Date field to access the pop-up calendar. Use the navigation arrows near the top of the calendar to change the year or month. Click the << button to move to the previous year, or hold the button to select from a list of years. Click the >> button to move to the next year, or hold the button to select from a list of years. Similarly, click the < or > to move back or ahead by one month, or hold the button to select from a list of months. Click the desired start date in the calendar. This adds the date to the Start Date field and closes the calendar. Click the End Date field to access the pop-up calendar. Use the navigation arrows near the top of the calendar to change the year or month. Click the desired end date in the calendar. This adds the date to the End Date field and closes the calendar. For the Start Time, select the hour, minute, and second from the drop-down lists in the Static Date Range row. These settings specify the earliest data for each day in the date range to be included in the report.
5. 6. 7. 8. 9.
857
10. For the End Time, select the hour, minute, and second from the
drop-down lists. These settings specify the most recent data for each day in the date range to be included in the report.
11. To change the settings back to the defaults, click Reset at the bottom of
the Template Section. Note that this will change the Report Layout region as well as the Date/Time region back to default settings.
Configuring the Report Layout and Generating the Report

Located in the Template Section of the Custom Report page below the Date/Time region, the Report Layout region provides a way to specify the type of data to include, and the format of the report. The Report Layout region has a Detailed Report tab and a Summary Report tab. The report appearance and the way information is organized is quite different between a Detailed Report and a Summary Report. The Detailed Report tab contains a list of data categories that you can add as report fields, and allows you to specify query values for each. The categories you select will appear as column headings in the report. The Summary Report tab allows you to structure a report showing the top elements of Resource Activity. You can select the number of top elements, what to base the comparisons on, and the two data categories to evaluate when determining the top elements. The generated report provides graphical output that you can click to drill down for detailed information. For more information about each of these Report Layout tabs, see the following sections:

Detailed Reports on page 859 Summary Reports on page 862 Filter Operators on page 863
For information about the Filter operators, see the following section:
858
Detailed Reports
The Detailed Report tab is the default view in the Report Layout region.
For a SSL-VPN Resource Activity report, the Select report field drop-down list contains four data categories that you can add as column headings in the report. The categories are:

Destination IP Adds a column containing the IP address of each accessed resource Protocol Adds a column containing the protocol used by the traffic Source IP Adds a column containing the IP address of each system which accessed a resource User Adds a column containing the user ID
To include a field in the report, select a choice from the list and then click Add. When you click Add, a row is populated in the table below, which has three column headings: Field, Filter, and Options.
Note
When you place your mouse cursor over the row, under the Field heading, the cursor changes to a move cursor. You can drag and drop the rows to rearrange the column ordering in the final report.
In the Filter column, two fields are displayed: an operator field and an input field. The operator field is a drop-down list containing the operator choices for the selected report field. See Filter Operators on page 863 for a description of each operator. The input field can be a drop-down list or a standard input field, depending on the selected report field. The operators and input fields are defined in Table 16 for each report field.
859
Table 16 Data Type Destination IP
Operators and Input Fields for Each Data Type Input Field The input field is a standard input field where you can type in the numbers to match, such as 192 or 10.25. Leave the input field blank if you choose not to filter by a certain destination IP address. The input field is a standard input field where you can type in the protocol to match, such as FTP. Leave the input field blank if you choose not to filter by a certain protocol. The input field is a standard input field where you can type in the numbers to match, such as 192 or 10.25. Leave the input field blank if you choose not to filter by a certain source IP address. The input field is a standard input field where you can type in the user ID to match. Leave the input field blank if you choose not to filter by a certain user.
Operators Equals Starts with Ends with Contains Equals Start with End with Contains Equals Starts with Ends with Contains Equals Start with End with Contains
Protocol
Source IP
User
In the Options column, two icons are displayed: an Eye and an X . You can click the Eye to toggle whether the report field on that row will be displayed in the final report. This allows you to filter the report results based on the selected report field and related filter value, but not display the field as a column. When you click on the Eye icon within a row, the eye closes to show that this field will not be displayed in the final report. The filter value will still be used to filter results from the raw syslog database to apply towards the report. For example, you might specify the following Field/Operator/Filter Value: Protocol/=/http. It would make sense to click the Eye icon to disable the Protocol field from being shown in the report, since it would always just be http and would not add any interesting information to the final report. Contrast this with simply specifying the Protocol field and leaving the Filter Value blank, in which case you would want to enable the Eye so that this column would appear in the report showing a variety of protocols such as udp/dns, tcp/http, udp/ntp, or numbered protocols such as udp/389 (the LDAP protocol) or tcp/445 (MS Server Message Block (SMB) file sharing). Clicking the X icon under Options deletes the selected report field from the table, so it will not be used to generate the report results nor will it be displayed in the report. Use the X icon instead of the Eye when you do not choose to filter the report results based on the field.
860
The Detailed Report tab also contains the Sort By drop-down list. The list contains the Date/Time option and any other report fields that you have selected from the eight data types. The choice you select will be used to order the results in the report from the first page to the last. The selection in the left drop-down list is used for the first sorting, then the selection in the right drop-down list is used to sort and group the entries within each group resulting from the the first sorting. To configure a detailed report:
1. 2. 3.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In Report Layout region of the Template Section of the Custom Report page, select the Detailed Report tab. In the Select report field drop-down list, select a data type to include in the report, and then click Add. A row for this field is populated in the table below. Repeat this step to add other fields. Optionally select an operator from the drop-down list under Filter in a table row, and type in or select an input value to be matched when the database is queried. Repeat this step for other rows to add filter values for those fields. To prevent a field from appearing in the final report, click the Eye icon in that row so that the eye appears closed. To allow the field to be displayed in the report, click the closed Eye icon to return it to normal appearance. To delete a field from the table, click the X icon in that row. To sort the report pages by a different field than the default of Date/Time, select the desired field from the Sort by drop-down list. To change the settings back to the defaults, click Reset at the bottom of the Template Section. Note that this will change the Date/Time region and the Report Layout region back to default settings.
4.
5.
6. 7. 8.
861
Summary Reports
The Summary Report tab is available in the Report Layout region of the Template Section.
The Top drop-down list provides selections for the number of entries to display in the report. For example, if the User field is selected below as a Summary Group, and 5 is selected in the Top drop-down list, the report will provide entries for the top five users. For all Custom Reports, available numbers in the Top drop-down list are 5, 10, 20, 50, and 100. The Summary Base drop-down list offers a selection of traffic types that will be used to determine the top usage for the selected field. For a SSL-VPN Resource Activity report, the only Summary Base choice is Event Count. Below the Top and Summary Base fields, you can create one or two Summary Groups from the choices listed on the left side. For a SSL-VPN Resource Activity report, the choices are Destination IP, Protocol, Source IP, or User. To select a field for a Summary Group, simply drag and drop the desired field from the list to either the Level 1 Summary Group or Level 2 Summary Group boxes. When the field name is dragged to one of these, the operator drop-down list and filter input value field are displayed, allowing you to specify values to match when the data is searched. See Filter Operators on page 863 for a description of each operator. Either the Level 1 Summary Group field or the Level 2 Summary Group field can be used alone; the resulting report will look the same in both cases. When both the Level 1 and Level 2 Summary Group fields are populated, the report will display the top entries for the Level 2 field for each of the top entries for the Level 1 field. For example, if User is dragged to the Level 1 Summary 862
Group and Domain is dragged to the Level 2 Summary Group, and 5 is selected in the Top drop-down list, the generated report will display the top five domains visited by each of the top five users. To configure a summary report:
1. 2. 3. 4. 5.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report type you want. In Report Layout region of the Template Section of the Custom Report page, select the Summary Report tab. In the Top drop-down list, select the number of entries to be displayed in the report. In the Summary Base drop-down list, use the default, Event Count. To specify the field for the Level 1 Summary Group, click and drag the desired field from the list on the left to the Level 1 Summary Group field, and then release your mouse button to drop the field into position. The filter operator and input field are displayed next to the field name.
6.
To specify the field for the Level 2 Summary Group, click and drag the desired field from the list on the left to the Level 2 Summary Group field, then release your mouse button to drop the field into position. The filter operator and input field are displayed next to the field name. To specify a filter operator and filter value for a Summary Group, select the operator from the drop-down list next to the field and type a filter value into the input field to the right of the operator. To change the settings back to the defaults, click Reset at the bottom of the Template Section. Note that this will change the Date/Time region as well as the Report Layout region back to default settings.
7.
8.
Filter Operators
When configuring the Report Layout on either the Detailed Report tab or the Summary Report tab, you can specify filter values to be matched in the database during report generation. Depending on the selected field type, text string or numeric, several filter operators are available. The filter operators are used with a filter input value to determine which data should be included in the report. The operators are defined as shown in Table 17.
863
Table 17
Filter Operators
Operator Equals Start with End with Contains = > >= <= < !=
Definition Only data that exactly matches the filter input text will be included in the report Data that begins with the input text will be included in the report Data that ends with the input text will be included in the report Data that contains the input text will be included in the report Only data that exactly matches the filter input numerical value will be included in the report Data values that are greater than the input numerical value will be included in the report Data values that are greater than or equal to the input numerical value will be included in the report Data values that are less than or equal to the input numerical value will be included in the report Data values that are less than the input numerical value will be included in the report Data values that are not equal to the input numerical value will be included in the report
Generating the Custom Report

The Generate Report button at the bottom of the Template Section is used to create the report. Before clicking Generate Report, use the Template Section to specify the time period for the report and the contents and layout of the report.
Note
Custom Reports are available at the unit level and Log Viewer must be enabled for the appliance. For information about enabling Log Viewer, see Viewing the SSL-VPN Log on page 876.
To generate a custom report:

1.
Select a unit for which Log Viewer is enabled, and then navigate to the page under Custom Report for the report you want.
864
2.
In the Date/Time region of the Template Section, specify the time period that the report will cover. For detailed information and instructions, see Configuring the Date and Time for Custom Reports on page 855. In the Report Layout region of the Template Section, specify the contents and appearance of the report. For detailed information and instructions, see Configuring the Report Layout and Generating the Report on page 858. Click Generate Report to create the report using the specified configuration.
3.
4.
Viewing a Custom Report

After you click Generate Report, the Report Section is displayed in Split Mode in the lower half of the main window, even if you previously were in Full Mode for the Template Section. Pagination controls are displayed at the upper right of the report, just below the Save Template button and the printer, PDF, and Excel icons. Navigation buttons are provided to take you to the first page, next page, previous page, and last page, or you can specify an exact page number in the field.
In a Detailed Report, the selected report fields are displayed as column headings. You can click on any column heading to sort that page by the values in the column that you click. Click again to toggle between ascending and descending order on that page. When you navigate away from that page and
865
then come back using the pagination controls, the page reverts to the original sorting order as specified in the Sort by field of the Template Section before generating the report.
In a Summary Report, the Report Section displays the event count as horizontal bar charts. This lets you see the information at a glance, such as who had the most resource activity and which protocols they used the most.
You can click on a bar in the chart to pop up detailed information, just like the detailed report with all of the columns for all fields. The report lists details about this Summary Group field only. For example, if the Summary Group contains the User field and you click on a bar for one of the top users, the report displays the date and time of all resource activity for the user, and 866
includes data for every field available for detailed reports. A scroll bar is provided along the bottom of the Detailed Information window to allow viewing of all four fields plus the date and time column. The Detailed Information window is shown below.
Printing a Page or Exporting the Report as a PDF or CSV File

To print the current page of the report, click the printer icon at the top of the Report Section. Your normal print dialog box pops up. This prints only the page that is currently displayed.
867
To export the entire report in PDF format, click the PDF icon at the top of the Report Section. A PDF file is generated showing the report results in table format. To export the entire report in Microsoft Excel Comma Separated Value (CSV) format, click the Excel icon at the top of the Report Section. A CSV file is generated showing the report results in spreadsheet format. The PDF can contain a maximum of 10,000 records. If your report contains more than 10,000 records, you can use the Static Date Range fields to adjust the dates and regenerate the report to shorten its length. You can save the PDF or CSV file using any filename and location.
Saving the Report Template

After generating the report, you can save the settings for this report as a template for reuse. You can select the saved template from the Template Section at a later time, and use it to generate a report using the same settings. The template is saved for the currently selected appliance and for the specific user. The saved template will not be available for other appliances or for other users. To save the report template:
1.
In the Report Section in the upper right corner, click the Save Template button.
2.
In the popup dialog box, type in a descriptive name for the template, up to 40 characters. The number of remaining characters allowed in the name is displayed below the input field and changes as you type. Click Save. If you are in a Full Mode display of the Report Section, you can verify that the template has been saved by changing back to Split Mode and viewing the contents of the Template drop-down list.
3.
868
Viewing SSL-VPN Resources Reports

Resources reports provide information on the amount of data transmitted through the selected SSL-VPN appliance by each service or protocol. Resources reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies. For example, if there is a large spike of bandwidth usage, you can determine whether this is caused by regular Web access, someone using FTP to transfer large files, an attempted Denial of Service (DoS) attack, or another service.
Note
The procedures for viewing the Resources Reports are described in the following sections:

Viewing SSL-VPN Resources Summary Reports on page 869 Viewing SSL-VPN Resources Top Users Reports on page 871
Note
You cannot view resources reports from the global or group view.
Viewing SSL-VPN Resources Summary Reports

The Resources Summary report displays the number of connections handled by each service or protocol during the specified day. To view the Resources Summary report, perform the following steps:
1. 2.
Click the Reports tab. Select a SSL-VPN appliance.
869
3.
Expand the Resources tree and click Summary. The Resources Summary page displays.
4. 5.
The graph displays the number of connections used by each service or protocol during the day. The table contains the following information:
870
Resource namethe service or protocol Connectionsnumber of connection events or hits 6.
To view the user detail for a particular resource, click the resource slice in the pie chart or the resource name in the table to drill down for this information.
7. 8. 9.
To return to the Resources > Summary page, click the Go Back button. To change the date of the report, use the Search Bar and click the Start field to access the drop-down calendar. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
Note
This date setting will stay in effect for all similar reports during your active login session.
Viewing SSL-VPN Resources Top Users Reports

The Resources Top Users report displays the users who used the most connections on the specified date.
871
To view the Resources Top Users report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SSL-VPN appliance. Expand the Resources tree and click Top Users. The Top Users page displays.
4. 5.
The pie chart displays the percentage of connections used by each user. The table contains the following information for all users:
Usersthe user name Connectionsnumber of connection events or hits
872
6.
To view the resources by service or protocol used by a particular user, click the user slice in the pie chart or the user name in the table to drill down for this information.
7. 8.
To return to the Resources > Top Users page, click the Go Back button. By default, the GMS Reporting Module shows yesterdays report, a pie chart for the top six users, and a table for all users. To change the date of the report, click the Start field to access the drop-down calendar. To display a limited number of users, use the Search Bar fields.
9.
Note
10. When you are finished, click Search. The GMS Reporting Module displays
the report for the selected day.

Note
873
Viewing SSL-VPN Authentication Reports

The Authentication reports show user logins and failed login attempts. Authentication reports are available at the unit level.
Note

Viewing SSL-VPN User Login Reports on page 874 Viewing SSL-VPN Failed Login Reports on page 875
Viewing SSL-VPN User Login Reports

The user login report shows the user name, source host IP address, and time of login for users that logged on to the SSL-VPN appliance during the specified day. To view the User Login report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SSL-VPN appliance. Expand the Authentication tree and click User Login. The User Login page displays.
4.

Typeequal to User Login User Namethe user name
874
Source Hostthe IP address of the users computer Timethe time that the user logged in Durationthe duration of the user login session 5.
The GMS Reporting Module shows yesterdays report. To change the date of the report, use the Search Bar and click the Start field to access the drop-down calendar. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
6.
Viewing SSL-VPN Failed Login Reports

The failed login report shows failed login attempts for users who attempted to log into the SSL-VPN appliance during the specified day. This report is useful for identifying unauthorized access attempts and potentially malicious activity. To view the Failed Login report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SSL-VPN appliance. Expand the Authentication tree and click Failed Login. The Failed Logins page displays.
4.

Typeequal to Failed Login User Namethe user name Source Hostthe IP address of the users computer Timethe time that the user attempted to log in
875
Viewing the SSL-VPN Log
Durationnot applicable 5.
The GMS Reporting Module shows yesterdays report. To change the date of the report, use the Search Bar and click the Start field to access the drop-down calendar. When you are finished, click Search. The GMS Reporting Module displays the report for the selected date.
6.

The Log Viewer contains detailed information on each transaction that occurred on the SSL-VPN appliance. This information is stored for the time that you specified in the configuration settings.
Note
The Log Viewer displays raw log information for every connection. Depending on the amount of traffic, this can quickly consume a large amount of space in the database. It is highly recommended to be careful when choosing the number of days of information that will be stored. For more information, see Scheduling and Configuring Reports on page 671.
Viewing the Log for a SSL-VPN Appliance

To view the Log, perform the following steps:
1. 2.
Click the Reports tab. Select a SSL-VPN appliance.
876
3.
Expand the Log Viewer tree and click Search. The Search page displays.
4.
Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data. This can consume a large amount of space in your database. Review your database space constraints before enabling the log viewer. Under Select Search Criteria, select the date range to view data from in the Start Date and End Date fields. Enter the starting time of events to view in the Start Time field. Enter the ending time of events to view in the End Time field. To limit the report to data originating from specific IP addresses, enter the source IP address in the Source IP field. To view all IP addresses, enter All. To view log entries for data originating from a particular user, enter the user name in the User field. destination IP address or host name in the Destination IP/Hostname field. To view data for all IP addresses, enter All. can select from the following:
All Categories Connections Rejected Connections
5. 6. 7. 8.
9.
10. To limit the report to data going to specific IP addresses or hosts, enter the
11. Select the type of events to view from the Message Category list box. You
877
User Events Unrecognized Events 12. To limit the report to messages containing a specific text string, enter the 13. Select the number of entries to display per page from the Results Per
text in the Message Text field. Leave the field blank to view all messages. Page field.
14. Click Generate Report. The Log Search Results page displays.
15. To view the next page of entries, click Next. 16. To generate another report, click Search again in the Log Viewer tree.
878
Part 4 Monitoring
879
880
CHAPTER 40 Using Navigation and Monitoring Tools

The SonicWALL Global Management System Monitor Panel is used for real time monitoring of SonicWALL appliances, VPN Tunnels, network devices, and syslog information. This chapter describes the following:

GMS Navigation Tool section on page 881 VPN Monitor section on page 883 Net Monitor section on page 886 Real-Time Syslog section on page 912 Live Monitoring section on page 913
GMS Navigation Tool

The GMS Navigation Tool is a tool that shows a graphical representation of the GMS network. All devices within the network are displayed and color-coded according to their operational state. To open the GMS Navigation Tool, perform the following steps:
1.
Click the Monitor tab.
881
GMS Navigation Tool
2.
Expand the Tools tree and click GMS Navigation. The GMS Navigation Tool appears with the managed SonicWALL appliances displayed.
The Navigation Tool provides a quick way to locate failed devices within the GMS network. The following describes the meaning of link and device colors:
Device Status Yellow Devicedevice is provisioned Blue Devicedevice is operational Red Devicedevice is down Link Status Dark Blue Linklink is up and managed by Primary Agent Light Blue Linklink is up and managed by Standby Agent Link Thickness 1x Thicklink is using management tunnel 2x Thicklink is using existing tunnel 3x Thicklink is using HTTPS Solidprimary management tunnel Dashedstandby management tunnel 3.
To hide the devices that belong to an Agent, right-click the agent and select Collapse. To view the properties of a SonicWALL appliance, right-click the device and select Properties. To move a device, right-click a device and select Cut. Then, right-click the new agent and select Paste.
4.
882
VPN Monitor
5.
To open the configuration pages for a device, double-click its icon.
Note 6.
Clicking within the Navigation Tool will modify the network view.
To open the GMS Navigation Tool in a new window, uncheck the Dock checkbox at the top right section of the screen and click the Show Navigation Tool Window link. The GMS Navigation Tool displays in a new window. To re-enter docked view, close out the undocked window and check the Dock checkbox in the standard GMS Navigation window. When you are finished viewing managed SonicWALL appliances, close the window.
7. 8.
VPN Monitor
The VPN Monitor shows a graphical representation of the VPN network. All devices within the network are displayed and color-coded according to their operational state. To open the VPN Monitor, perform the following steps:
1. 2.
Click the Monitor tab. Expand the Tools tree and click VPN Monitor. The VPN Monitor appears with the configured VPN tunnels displayed.
883
VPN Monitor
3.
The VPN Monitor provides a quick way to view the status of VPN connections within the GMS network. The following describes the meaning of link and device colors:
Node Status Yellow Deviceunit is provisioned Blue Devicenode is operational Red Devicenode is down Black Devicegroup node Dark Gray DeviceVPN not enabled Purple DeviceNon-GMS device White Deviceexpanded tunnel nodes Link Status Blue Linktunnel is operational Red Linktunnel is down Yellow Linktunnel is pending Black Linktunnel is disabled White Linktunnel status unknown Link Thickness 1x Thicklink not selected 2x Thicklink is selected Soliddirect tunnel Dashedindirect tunnel
4. 5.
To synchronize the status of a tunnel with the Agent, right-click the SonicWALL appliance and select Synchronize Tunnel Status. To show the remote units that belong to a SonicWALL appliance, right-click the agent and select Expand. To hide the remote units, right-click the SonicWALL appliance and select Collapse. To center a SonicWALL appliance and remove all other devices from the display, right-click the SonicWALL appliance and select Center this node.
6.
884
VPN Monitor
7.
To open the VPN Monitor in a new window, uncheck the Dock checkbox at the top right section of the screen and click the Show VPN Monitor Window link. The VPN Monitor displays in a new window.
8. 9.
To re-enter docked view, close out the undocked window and check the Dock checkbox in the standard VPN Monitor window. When you are finished monitoring VPNs, close the window.
885
Net Monitor
Net Monitor
The SonicWALL GMS Net Monitor periodically tests the status of SonicWALL appliances and other network devices. Once configured, it enables you to monitor the status of your network and immediately respond when SonicWALL appliances and other network devices become unavailable. The Net Monitor enables you to categorize different groups of SonicWALL appliances or other network devices. You can categorize them by device type, geography, or any other organizational scheme. Additionally, you can assign devices within each category a high, medium, or low priority. The following graphic shows the main Net Monitor Page.
When you add a new device to monitor, you will be able to select a category, priority level, how often the device is tested, and the type of test that is used. The Net Monitor currently supports five types of tests: Ping, TCP Probe, HTTP, HTTPS and SNMP.
886
Net Monitor
Configuring the Net Monitor


Navigating the Net Monitor UI on page 887 Finding Devices on page 888 Viewing Device Status on page 888 Configuring Preferences on page 889
Navigating the Net Monitor UI

The above graphic (Figure 274) shows the main page of the Net Monitor in which the SNWL_SEC_DEV category is displayed. There are High, Medium and Low priority devices. To switch between categories, click a category tab. To reconfigure the settings for a device, right-click the device and select Properties. The Status Display shows the status of all devices within the category. If all devices are reachable, all three displays will be green. To change the priority for a device, drag and drop its icon to a new Priority Category. To move a device between categories, drag its icon to the tab of the new category and drop it in the appropriate Priority Category.
887
Net Monitor
Finding Devices
GMS NetMonitor gives you the ability to search for devices using the Find feature:
1.
In the menu bar, go to Edit > Find.
2. 3. 4. 5.
Type a search string in the Look For field. You can optionally choose to Match case or to find only the Whole word in your search. Click the Find button to search all views for your search term, results are displayed below. Double click on the device you wish to display and it will be found highlighted in the NetMonitor window. After making an initial search, you can use F3 (find next) and Shift+F3 (find previous) to move easily between found devices without having to keep the Find window open.
Note
Viewing Device Status

GMS NetMonitor provides the ability to view device status for all monitored devices:
1. 2.
In the NetMonitor window, select the device(s) you wish to view device status for. In the menu bar, go to Tools > Status.
888
Net Monitor
3.
The Device Status window displays device specific attributes.
Note
Multiple Device Status windows may be opened simultaneously.
Configuring Preferences
To configure Net Monitor preferences, perform the following steps:
1. 2.
Click the Monitor tab. Expand the Tools tree and click Net Monitor. The Net Monitor screen displays.
889
Net Monitor
3.
Select Preferences from the Tools Menu.
4. 5.
To view each category on its own page, select Each from the View Type list box. To view all categories on one page, select All. To configure the Net Monitor to automatically refresh the status of monitored devices, select the Enable auto refresh while loading check box and specify the refresh interval. In the Monitor tab of the Preferences window, select a Minimum Severity to Show Alert in Dashboard from the drop-down menu. In the Filters tab, select which devices will be displayed in the Show devices by status area. To view all devices, select the Select All check box.
6. 7.
890
Net Monitor
8.
In the Table tab, To view the default table color, select Default. To pick a custom color, select Custom and choose a color from the color selector.
9.
When you are finished, click Apply. To cancel and start over, click Cancel.
Adding Devices to the Net Monitor


Defining Categories on page 891 Adding SonicWALL Appliances on page 894 Adding Other Devices on page 898
Defining Categories
To create a new category, perform the following steps:
1.
In the Monitor Tool window, select Add Category from the Categories Menu.
2.
Enter the name of the new category in the Name field.
891
Net Monitor
3. 4.
When you are finished, click Apply. To cancel and start over, click Cancel. Repeat this procedure for each category to add.
Editing Categories
To edit an existing category, perform the following steps:
1.
In the Monitor Tool window, select Edit Category from the Categories Menu.
2. 3. 4.
Select the category name you want to change from the list. Enter a new name for the selected category in the Name field. When you are finished, click Apply. To cancel and start over, click Cancel.
892
Net Monitor
Deleting Categories
To delete an existing category, perform the following steps:
1.
In the Monitor Tool window, select Delete Category from the Categories Menu.
2. 3. 4. 5.
From the list provided, select the category name (shift-click for multiple category names) you want to delete. Select the Forcibly delete all devices under category checkbox to delete all devices in this category. To submit the delete request, click Apply. To cancel and start over, click Cancel. A warning message displays. Click Yes to continue and delete this category.
893
Net Monitor
Re-ordering Categories
To change the order of an existing category, perform the following steps:
1.
In the Monitor Tool window, select Order Category from the Categories Menu.
2. 3. 4.
From the list provided, select the category name you want to move. Click the Move Up or Move Down buttons to change the order of this category. Click Apply to finish. To cancel and start over, click Cancel.
Adding SonicWALL Appliances

To add one or more SonicWALL appliances, perform the following steps:
1.
From the Monitor Tool window, select Add GMS Device from the File Menu.
894
Net Monitor
2.
Select a device or group to monitor and click the Add button in the center of the screen. Repeat this step for each device or group to monitor.
3.
Click Next. The second page of the Add GMS Device Wizard appears.
4.
Select the category to which the SonicWALL appliance(s) will be added from the Use an Existing Category list box. To add the SonicWALL appliance(s) to a new category, enter the category name in the Add a New Category field. Select the priority of the appliance(s) from the Category Priority list box. Select how the SonicWALL appliance(s) will be monitored from the Monitoring Type list box and specify a Port if applicable.
5. 6.
895
Net Monitor
7.
If choosing SNMP as the monitoring type, you must enter a Monitor Port, and have the option of configuring the following advanced settings by clicking on the Advanced button.
Community Retry Timeout SNMP Version MIB(s)*
The community name. (default value is public) Time to retry, in seconds (default value is 0). Timeout length, in seconds (default value is 5). Choose the version of SNMP to be used (default value is V2C). Select the MIB(s) you wish to use for polling information (RFC1213-MIB is the default MIB and cannot be de-selected). Enter a user name (SNMP v3 only). Select an authentication protocol form the list (SNMP v3 only). Enter an authentication password (SNMP v3 only). Enter a privacy password (SNMP v3 only). Enter a context ID (SNMP v3 only). Enter a context name (SNMP v3 only).
User Name Authentication Protocol Authentication Password Privacy Password Context ID Context Name
8. 9.
Press the OK button to save SNMP advanced settings. Specify how often the SonicWALL appliance(s) will be tested in the Polling Interval field.
896
Net Monitor
10. Enter the ideal response time (IRT) in the Ideal Response Time field
(default: 500 milliseconds). SonicWALL appliances that take between 1 and 1.5 times the IRT will be marked as Slow. SonicWALL appliances that take between 1.5 and 2 times the IRT will be marked as Very Slow.
11. Select the Agent that will perform the testing from the Assign to Monitor
list box.
12. Optional. To disable monitoring of the SonicWALL appliance(s), select
Disable.
13. To change the icon image that will represent the device(s), click the icon
image button and select a new image.

14. Click the Finish button to acquire the new device.
Note
The process of acquiring a new device may take several minutes. To force acquisition of the device, select the device and go to SNMP > SNMP Re-acquire in the NetMonitor menu bar.
* Custom MIBs may be required for some devices. Custom MIBs allow polling Non-SonicWALL or Non-Standard based SNMP enabled devices and to poll information specific to a certain device based on Manufacturer ID.These MIBs have to be placed in the etc\mibs folder by the GMS Administrator on the Web Server and Monitoring Agent machine(s) in order to use it for probing.
897
Net Monitor
Adding Other Devices

In addition to SonicWALL appliances, SonicWALL GMS can monitor any publicly accessible servers or devices on the Internet. To add one or more non-SonicWALL devices, perform the following steps:
1.
From the Monitor Tool window, select Add Non-GMS Device from the File Menu.
2.
Enter a name for the device in the Name field and its IP address or hostname in the Host field and click Add. Repeat this step for each device to monitor. Click Next. The second page of the Add Non-GMS Device Wizard displays.
3.
4.
Select the category to which the device(s) will be added from the Use an Existing Category list box. To add the device to a new category, enter the category name in the Add a New Category field. Select the priority of the device(s) from the Category Priority list box. Select how the device(s) will be monitored from the Monitoring Type list box.
5. 6.
898
Net Monitor
7.
If choosing SNMP as the monitoring type, you must enter a Monitor Port, and have the option of configuring the following advanced settings by clicking on the Advanced button.
Community Retry Timeout SNMP Version MIB(s)*
The community name. (default value is public) Time to retry, in seconds (default value is 0). Timeout length, in seconds (default value is 5). Choose the version of SNMP to be used (default value is V2C). Select the MIB(s) you wish to use for polling information (RFC1213-MIB is the default MIB and cannot be de-selected). Enter a user name (SNMP v3 only). Select an authentication protocol form the list (SNMP v3 only). Enter an authentication password (SNMP v3 only). Enter a privacy password (SNMP v3 only). Enter a context ID (SNMP v3 only). Enter a context name (SNMP v3 only).
User Name Authentication Protocol Authentication Password Privacy Password Context ID Context Name
8. 9.
Press the OK button to save SNMP advanced settings. Specify how often the device(s) will be tested in the Polling Interval field.
899
Net Monitor
10. Enter the ideal response time (IRT) in the Ideal Response Time field
(default: 500 milliseconds). Devices that take between 1 and 1.5 times the IRT will be marked as Slow. Devices that take between 1.5 and 2 times the IRT will be marked as Very Slow.
11. Select the Agent that will perform the testing from the Assign to Monitor
list box.
12. Optional. To disable monitoring of the device(s), select Disable. 13. To change the icon image that will represent the device(s), click the icon
image button and select a new image.

14. Click the Finish button to acquire the new device. 15. The process of acquiring a new device may take several minutes. To force
acquisition of the device, select the device and go to SNMP > SNMP Re-acquire in the NetMonitor menu bar.
* Custom MIBs may be required for some devices. Custom MIBs allow polling Non-SonicWALL or Non-Standard based SNMP enabled devices and to poll information specific to a certain device based on Manufacturer ID.These MIBs have to be placed in the etc\mibs folder by the GMS Administrator on the Web Server and Monitoring Agent machine(s) in order to use it for probing.
Managing Realtime Monitors

When a device is configured for monitoring, the data retrieved form these devices are displayed in the form of a realtime monitor. There are 2 ways to create realtime monitors:

Creating a Realtime Monitor or Realtime Monitor Template Using a Dialog Creating a Realtime Monitor From a Template
900
Net Monitor
Creating a Realtime Monitor or Realtime Monitor Template Using a Dialog

The Manage Realtime Monitor Dialog enables you to create custom realtime monitors.
1. 2.
Select the device(s) you wish to create a realtime monitor for. In the menu bar, go to SNMP > SNMP Manage Realtime Monitors.
3. 4.
Click on the button on the left side of the screen (under Realtime Monitors) to add a new realtime monitor. In the Middle of the screen, select your preferences as follows:
901
Net Monitor
Add selected OIDs* Add Type
Individually: Add OID(s) as individual elements. As a group: Add multiple similar OIDs as one single element.
Add To: Add OID(s) to an existing Element. Insert At: Add OID(s) as a new element in the specified location. Append: Append OID(s) to the end of the element list. 5. Add a friendly name for the new monitor in the Monitor Name field.
6.
If you wish to save the new monitor as a template for future use, click the Save as template checkbox and add a friendly name for the template. It is important that the elements present in a Realtime Monitor Template contain OIDs that are present in the devices that the template is applied to. Applying a template which contains un-relevant OIDs can produce unexpected results.
Note
7.
Choose your display type and chart style as follows:
Display Type Chart Style Used only when display type is set to graph.
Table: Displays data in a tabular format. Graph: Displays data in a graphical format.
Plot: Generates graph in plot format. Bar: Generates graph in bar format. Area: Generates graph in area format. Pie: Generates graph in pie format. Line: Generates graphic in line format. 8. Navigate to the MIB Tree list and select the OIDs you wish to add.
9.
Click the button on the right side of the screen (under MIB Tree) to add the selected MIB(s) to the Elements list.
Tip
Alternate ways of adding a MIB to the Elements list include double-clicking the MIB and dragging and dropping the MIB from the MIB Tree into the Elements list.
10. Enter a friendly name for the element you just added by double-clicking
the display name field corresponding to the new element.
902
Net Monitor
11. Specify a threshold value for the alert monitor in the Threshold field
corresponding to the new element.

12. Click the Apply button to save changes and create the realtime monitor.
Creating a Realtime Monitor From a Template

Complete the following steps to set up a realtime monitor using one or more templates:
1. 2.
Select the device(s) you wish to create a realtime monitor for. In the menu bar, go to SNMP > SNMP Apply Realtime Monitor Templates.
3. 4.
Select the templates (ctrl-click for multiple selections) you wish to use for monitoring the selected device(s). Click the Apply button to create the Realtime Monitor.
Viewing Realtime SNMP Monitoring Information

GMS NetMonitor allows you to view realtime monitoring data for one or multiple devices simultaneously. Data represented in these charts will show the last hour of activity for the specified node. In order to view the realtime monitoring information for one or more devices:
1. 2. 3.
Select the device(s) you wish to monitor from the GMS NetMonitor main status screen (Ctrl-click for multiple devices). In the menu bar, select SNMP > SNMP Realtime Monitor Status. In the Realtime Monitors window, select one or more nodes to monitor. The appropriate graphs and or tables will be loaded into the monitoring window on the right side of the screen.
903
Net Monitor
Note
Data in the monitoring windows is refreshed automatically based on the auto-refresh interval specified in NetMonitor Preferences. While you may do a manual refresh of the graphs and charts, it is not necessary to do so.
904
Net Monitor
4.
To display historical charts (daily, weekly, monthly) for a node, double-click on the desired realtime graph in the monitoring window on the right side of the screen.
Note
Only one history chart window may be opened at a time. It is possible, however, to display historical charts for multiple nodes by selecting the charts you wish to view with ctrl-click and then clicking the button at the top right side of the screen.
905
Net Monitor
Managing Severity and Thresholds

Configuring Severity and Thresholds allows you to be notified when the value of a monitored OID exceeds a set level. These levels are set in the Manage Severity dialog and are then used to define your alerts by assigning a level of severity to each threshold, set in the Manage Threshold dialog.
Managing Severity
To configure your Severity settings:
1.
In the menu bar, select Tools > Manage Severity.
2. 3. 4. 5.
Add a new severity by clicking the severity.
button and entering a name for the
Move the new severity to a different priority level by having the severity selected in the list and using the and buttons. Change the color of the severity by having the severity selected in the list and clicking the button. To delete a severity, have the severity selected in the list and click the button.
Note
A severity can not be deleted if it is being used by one or more threshold elements. In order to delete a severity, you must make sure all corresponding threshold elements are first unassociated with that severity.
906
Net Monitor
Managing Thresholds
Every element in a threshold is assigned an operator, value and severity. These thresholds are used to notify the user when an element reaches a certain severity. To configure your thresholds:
1.
In the menu bar, select Tools > Manage Thresholds.
2. 3. 4.
Click the button under Threshold and enter a friendly name to add a new threshold. Click the threshold. button under Elements to add a new element to the
Configure the Operator, Value and Severity fields in the new element as follows: Double-click and choose an operator as a modifier for your value. For numeric values, operator options include ==, !=, >, >=, <, =<. For alpha numeric values, operator options include equals, equals ignore case, not equals, contains, not contains. Double-click and enter an alpha or numeric value. Numeric values are entered in bytes. Double-click and choose a severity from the list to correspond with the operator and value.
Operator
Value Severity
907
Net Monitor
The following threshold triggers a Low-level Warning at a value of less than 100000 bytes.
5.
Click the Apply button to save your changes. Thresholds are global settings and will be run across all available nodes.
Note
Viewing Threshold Alerts in the Dashboard

The Dashboard View is a screen where an alert about an SNMP Realtime Monitor satisfying user-defined threshold conditions are displayed. When a threshold alert is triggered, information about the device, realtime monitor and the element that triggered the alert is shown in this screen.
Managing SMTP Scheduled Reports

You can schedule reports from realtime monitors to be sent by email or archived to a location on disk. To create a scheduled report:
1. 2.
In the menu bar, select SNMP > Manage Scheduled Reports. Click the button to add a new report.
3.
Enter a friendly name for the report in the Report field.
908
Net Monitor
4. 5.
Enter a description for the report in the Description field. Optionally, you may check Disable this report to disable the current report and save it for future use.
6. 7. 8.
Check the Email check box to enable emailing of this report. Enter your SMTP server information in the SMTP server field. Enter a To address, From address, Subject and Body for the email in the appropriate fields.
9.
Check the Archive checkbox and enter a location in the Save Directory* field in order to archive this report on disk.
10. Choose a Report Type and Realtime Report Type as follows:
909
Net Monitor
Report Type
Specifies how often the report will be sent out. Daily: Sent ever day Weekly: Sent every week Monthly: Sent ever month Specifies the time range a report will cover. Realtime: Reports only the data at the time the report is sent Hourly: Reports hourly data form the last 24 hours. Daily: Reports daily data from the last 7 days. Monthly: Reports Monthly data from the last 12 months. Sends reports as an XML attachment Includes all reports in a single email, with the option to send reports inline instead of as an attachment. Will zip all reports into a single zip attachment, with the option to password protect the zip file.
Realtime Report Type (for charts only)
Generate reports in XML Include all data in a Single report Zip reports to single file
Template Folder The local folder where your template will be Name saved** *If the directory path entered is invalid, the archive will be saved to the default path of [sgms_directory]/Viewpoint/reports ** This field only requires the folder name to be entered, not the complete path.
11. Select the checkboxes for the realtime monitors you wish to include in this
report.
910
Net Monitor
12. Click the Apply button to save this Scheduled Report.
Dashboard and E-mail Threshold Alerts

GMS NetMonitor sends email alerts for every threshold severity you configure. In addition to email alerts, you can also set dashboard alerts by choosing a minimum severity for the alert to show. The dashboard will show only the alerts as of the last refresh. To set dashboard threshold alerts:
1.
In the menu bar, select Tools > Preferences.
2. 3. 1. 2.
In the Monitor tab of the Preferences window, select a Minimum Severity to Show Alert in Dashboard from the drop-down menu. Click the Apply button to save changes. Select the device(s) you wish to configure alerts for from the GMS NetMonitor main status screen by clicking (ctrl-click for multiple devices). In the menu bar, select Tools > Alert Settings.
To set email threshold alerts:
3. 4. 5. 6.
Select the Notify by Email check box to send the SonicWALL GMS administrator(s) email when the status of a device changes. Select the Notify by SNMP Trap check box to generate an SNMP trap when the status of a device changes. Choose to apply settings to Selected Devices or to All Devices. Click the Apply button to save changes.
911
Real-Time Syslog
Monitoring Devices Behind a SonicWALL Appliance

To monitor devices behind a SonicWALL appliance, do one of the following:

Create a VPN tunnel to the remote firewall that makes all LAN subnets accessible to the Net Monitor. Create NAT Policies that allow specific types of traffic through. For example, if TCP Probe is chosen as the monitor type, TCP connections must be allowed to the specified port. If Ping is chosen as the monitor type, ICMP must be allowed.
Adding Custom Icons to the Net Monitor

The Net Monitor supports custom icons that it will display in the Net Monitor window. The icons must be 16 x 16 pixels and created in the .GIF format. To add new icons to the Net Monitor, copy them to the following directory: <gms_directory>\Tomcat\webapps\sgms\images\monitor
Real-Time Syslog
The real-time syslog utility enables you to diagnose the system by viewing the syslog messages in real time.
Note
Only use this utility when needed for diagnostic purposes.
To open the real-time syslog utility, perform the following steps:

1. 2. 3.
Click the Monitor tab. Expand the Tools tree and click Real-Time Syslog. The Real-Time Syslog page appears. If the Syslog Reader is not already running, click Start Syslog Reader.
912
Live Monitoring
4.
Click Start Button at the bottom of the screen. The Syslog Viewer begins showing the latest syslog entries.
5. 6. 7.
To change how many messages are displayed, select a number from the Number of Messages list box at the bottom of the screen. To change how often the Syslog Viewer is refreshed, select the time from the Refresh Time list box at the bottom of the screen. To filter the results on the fly, enter the search terms in the Filter field using regular search expressions.
Note
The Real-Time Syslog Viewer uses java.util.regex to support the search feature. For more information on this enhanced search capability, visit <http://java.sun.com/developer/technialArticles/releases/1.4regex/ > To stop the viewer, click the Stop button.
8.
Live Monitoring
Live Monitoring lets users monitor a network through the correlation of syslogs received from appliances throughout a deployment. The syslogs are received by the Event Manager Receiver Service, which then feeds them into an Event Correlation Engine. The engine sends the messages through user-defined rules, and if a rule condition is met, the engine forwards the object to be turned into an alert for Live Monitoring.
913
Live Monitoring
These alerts are sent to email, traps, other user-defined destinations, and to the new Live Monitoring user interface, if a user is currently monitoring. Viewing alerts in the Live Monitoring interface provides greater flexibility to monitor a network, and to analyze traffic based on protocols, web usage and productivity, or even to detect viruses and attacks in the network.
Using the Rule Manager

Within GMS, go to Monitor > Tools > Live Monitor to reach the Live Monitoring user interface.
Click the Manage Rules button on the upper-right of the interface control bar. The Rule Manger > Rule List is now displayed.
To add a new rule, click the Add New Rule icon.
914
Live Monitoring
Rule Settings The Rule Manager > Rule Settings panel is now displayed. Fill in the Name field to build a more descriptive name for this new rule. If you wish to just build a rule without immediately enabling it, click on the Disable check box. Leaving this box blank sets the rule as enabled in the Rule List, once it is built.
The Severity drop down menu allows you to set a different severity level tag for each syslog that meets the conditions of this rule.
Rules must be created using available templates. Under the Group heading, you will find the available templates. Under the Generic rules group, a listing of six rule templates are displayed. Clicking on one of these types allows the full rule to display below in the Rule Editor box. The Computational rules group provides average-based statistical alerts on syslogs received, further broken down by number received for appliances, or the number of syslogs received grouped by appliance. The Attack rules group offers rules to understand the number of appliances under attack from security threats, and for identifying specific appliances under attack.
915
Live Monitoring
The Advanced rules group is a flexible template that allows syslogs to be filtered based on one or two conditions.
916
Live Monitoring
Using the Rule Editor The Rule Editor allows you to define conditions for a rule, if available. Keep in mind that the specificity with which these conditions are set, controls how many alerts will be received in the Live Monitoring user interface. To edit the rule conditions, click on the Rule Editor (pencil) icon. A series of open fields and drop down menus are now available to be adjusted to specify the desired conditions, including various parameters, if desired. Rule types allowing you to set one condition let you specify the name of the syslog tag you want to see, along with the operator to use in filtering those tags. You gain further granularity control on rule types allowing filtering based on two conditions.
Note
Multiple rules with the same Rule Type are allowed, as long as the values are different in the rule condition(s). Creating different severity tags for the same rule type, with the same conditions, is not possible.
Setting Alert Destination and Schedule Once rule editing is complete, click the Next button, or you may re-click the pencil icon to lock the rule editor, and then click Next. The Rule Manager > Destination/Schedule panel is now displayed. To set the destination and schedule for alerts based on the rule you just created, click Add Destination.
917
Live Monitoring
The Destination and Schedule drop down menus are now displayed in the panel. To open additional destination fields, up to the maximum of five, you may click again on Add Destination. Open the Destination drop down menu to select the desired destination, such as Email-Admin, Email-Adhoc, Trap listener Adhoc, etc. If you have email as a destination, and the condition defined is very lenient, your email could easily be flooded with alerts.
Note
The Live Monitoring user interface will not appear as a destination, as it is auto-determined, based on whether the interface is currently running. This means that if at least one user is live monitoring the interface, the engine will automatically detect this and continue forwarding alerts. If no one is currently monitoring, no alerts will be sent to the Live Monitor interface, but they will continue to be sent to defined destinations, such as email and traps.
Once the destination is selected, open the adjoining Schedule drop down menu to select the frequency this destination will receive alerts based on this rule.
918
Live Monitoring
Once the destination(s) and schedule(s) are set for alerts based on this rule, click the Finish button to complete this Rule Update. Once completed, a Message from webpage dialog box appears on screen announcing the Rule Update action was successful. Click OK to close the dialog box and to return to the Rule Manager > Rule List panel. The newly created rule will now be displayed in the list.
Modifying Rule Status From this screen, you can Enable (green circle with check), Disable (red circle with X), or Delete (blue wastebasket) selected rules. These icons are in the section header.
To change a rules status, select it by clicking on the checkbox to the left of the rule name, then click the desired status icon from the section header. For example, if you chose to disable a rule, here is how it would appear with the X icon now showing the rules current status as disabled.
Once you have built and enabled the rules you want the event correlation engine to apply against the syslogs, click the Close button to return to the Live Monitoring user interface.
919
Live Monitoring
Enabling Live Monitoring And Using The Interface

To configure the desired settings for the Live Monitoring user interface, click the Settings button in the upper-right of the interface control bar. The Settings Manager panel is now displayed.
Before you can receive alerts in the Live Monitoring user interface, you must check the box next to Enable Syslogs Forwarding for Live Monitoring. Once you check the box, the message below appears. This is a reminder to anticipate an increase in syslog traffic, since each message will be cloned for event handling. Click OK to proceed.
The remaining fields on the Monitor tab allow you to configure various Live Monitoring settings, such as the IP address and port (default port is 21011) that the Live Monitoring interface is listening on.
Note
In a distributed set-up, enter an IP address that is reachable, so the event manager knows where the Live Monitoring reader is running.
The Monitor Buffer Size field allows you to define how many alerts need to be stored in the buffer.
920
Live Monitoring
The Limit on Emails field is an email throttling setting that you can adjust to limit the number emails sent every hour for each rule to prevent the flooding of inboxes.
Click on the User tab. This field allows you to set how often the Live Monitoring user interface will refresh with new, incoming alerts. Once this is set, click Update to return to the Live Monitoring user interface.
Controlling the User Interface The control bar in the upper-left corner of the Live Monitoring interface holds the buttons to control the flow of alerts on the screen. Click the Start button to begin Live Monitoring. It will take 15-30 seconds for the backend to recognize that a user is Live Monitoring.
921
Live Monitoring
Once alerts are received, they will begin to appear in the user interface.
Note
Although Super Admins will be able to view alerts from across all domains of a network, regular users will only see their domain-specific alerts in the Live Monitoring user interface.
Once Live Monitoring begins, the buttons will change in the upper-left of the interface control bar. If you need to focus on one alert, while keeping the buffer from continuing to fill up with alerts, click the Pause button.
\
Once alerts are paused, the control bar buttons will change again. Click Resume when you are ready to resume Live Monitoring. If you wish to clear all alerts from the interface window, click the Clear button.
Clicking the Stop button will terminate Live Monitoring from receiving alerts to display. Keep in mind there is a 15-30 second lag before the event engine sees the Live Monitoring user interface is no longer listening. Scroll Navigation The right side of the Live Monitoring interface contains a scroll bar. As alerts are displayed, the most recent appear at the bottom of the buffer in auto-scroll mode. Clicking on other scroll bar controls disables auto-scroll, giving command to the user. Re-start auto-scroll by clicking on the auto-scroll icon at the top of the scroll bar. The scroll bars up and down double arrow buttons provide fast scroll movement in the display. The single arrow buttons provide standard scrolling capability.
922
Live Monitoring
Alert Event Detail Within the Live Monitoring user interface display, you can see greater detail about a particular alert by clicking on the arrow on the left of the alert. This expands the field to show additional information.
The Live Monitoring user interface can be viewed by multiple users at the same time. However, if no users are actively monitoring, alerts will no longer be sent to the interface. Alerts will continue to be sent to previously set destinations, such as email and traps.
923
Live Monitoring
924
Part 5 Console
925
926
CHAPTER 41 Configuring User Settings

This chapter describes how to configure the user settings that are available in the Console panel on the User Settings screens. This chapter includes the following sections:

Configuring General Settings section on page 928 Configuring Reports Settings section on page 930
927

This section describes the User Settings > General page, which provides a way to change the GMS administrator password, the GMS inactivity Timeout, and pagination settings.
Perform the following steps:

1. 2. 3.
Enter the existing SonicWALL GMS password in the Current GMS Password field. Enter the new SonicWALL GMS password in the New GMS Password field. Reenter the new password in the Confirm New Password field. Password fields will be grayed out for users on a Remote Domain. The GMS Inactivity Timeout period specifies how long SonicWALL GMS waits before logging out an inactive user. To prevent someone from accessing the SonicWALL GMS UI when SonicWALL GMS users are away from their desks, enter an appropriate value in the GMS Inactivity Timeout field. You can disable automatic logout completely by entering a -1 in this field. The minimum is 5 minutes and the maximum is 120 minutes.
Note 4.
928
5. 6.
Select a value between 10 and 100 in the Max Rows Per Screen field. This value applies only to non-reporting related paginated screens. The Appliance Selection Panel options determine how devices are displayed in the far left panel. You can display only icons (the Icons option), only the name of the appliance (Text), or both icons and names (Icons and text), or use the default GMS display settings for this user (Use default). The default is Icons and Text. To configure SonicWALL GMS to display an editable task description each time a task is generated, select the Enable edit task description dialog when creating tasks check box. To have GMS play an audio alert when an appliance goes up, check the Enable Audio Alarm when a Managed Unit goes Up check box. To have GMS play an audio alert when an appliance goes down, check the Enable Audio Alarm when a Managed Unit goes Down check box. To customize the audio alerts, place wav files in the following directory:
[SGMS2]\Tomcat\webapps\sgms\com\sonicwall\sgms\applets\common
7.
8. 9.
The file names for an appliance going up and down must be up_custom.wav and down_custom.wav respectively.
10. To view the message of the day now, click View Message of the Day. 11. When you are finished, click Update. The settings are changed. To clear
all screen settings and start over, click Reset.
Note
The maximum size of the SonicWALL GMS User ID is 24 alphanumeric characters. The password is one-way hashed and any password of any length can be hashed into a fixed 32 character long internal password.
929
Configuring Reports Settings

The User Settings > Reports page on the Console panel provides settings for the Web Site Exclusion Filter and Web User Exclusion Filter. Web Usage reports will not contain references to the Web sites or users specified on this page.
The following Web Usage reports are affected by the Web Site and Web User Exclusion Filters:

Web Usage > Summary Web Usage > Top Sites Web Usage > Top Users Web Usage > By User Web Usage > By Site Web Usage > By Category Web Usage > Over Time Web Usage > Top Sites Over Time Web Usage > Top Users Over Time Web Usage > By User Over Time Web Usage > By Category Over Time
930
Adding Web Sites to the Filter List

When entering the Web site to exclude, type only the site name. The filter will search for the exact value provided. In the reports, only the site name is listed, without the http:// or www prefix. So for example, http://site1.sonicwall.com would not find a match in any reports because it would be listed in the reports simply as site1.sonicwall.com. To add a Web site to the Web Sites Filter list, perform the following steps:
1.
On the Console > User Settings > Reports page, type the Web site to be excluded into the Web Sites Filter field. Enter the Web site without the http:// or www prefix. Click the Add button.
2.
Deleting Web Sites from the Filter List

To remove a Web site from the Web Sites Filter list, perform the following steps:
1.
On the Console > User Settings > Reports page, select the checkbox next to the Web site to be removed from the exclusion list. To select all sites in the list, select the Select All checkbox. Click the Delete button.
2.
Adding Web Users to the Filter List

To add a user to the Web Users Filter list, perform the following steps:
1.
On the Console > User Settings > Reports page, type the user name to be excluded into the Web Users Filter field. Enter the user name without the domain. Click the Add button.
2.
931
Deleting Web Users from the Filter List

To remove a Web user from the Web Users Filter list, perform the following steps:
1.
On the Console > User Settings > Reports page, select the checkbox next to the user to be removed from the exclusion list. To select all users in the list, select the Select All checkbox. Click the Delete button.
2.
932
CHAPTER 42 Configuring Log Settings

This section describes how to configure Log Settings. This includes adjusting settings on deleting log messages after a certain period of time, and setting criteria for viewing logs. This chapter includes the following sections:

Configuration section on page 933 View Log section on page 934
Configuration
The Log > Configuration screen provides a way to delete log messages older than a specific date. To delete GMS log messages, perform the following steps:
1.
Click the Console tab, expand the Log tree, and click Configuration. The Configuration page displays.
2. 3.
Select the month, day, and year from the drop down menu. Click Delete Log Messages Older Than.
933
View Log
View Log
The SonicWALL GMS log keeps track of changes made within the SonicWALL GMS UI, logins, failed logins, logouts, password changes, scheduled tasks, failed tasks, completed tasks, raw syslog database size, syslog message uploads, and time spent summarizing syslog data. To view the SonicWALL GMS log, perform the following steps:
1.
Click the Console tab, expand the Log tree, and click View Log. The View Log page displays.
2.
Each log entry contains the following fields:

#specifies the number of the log entry. Datespecifies the date of the log entry. Messagecontains a description of the event. Severitydisplays the severity of the event (Alert, Warning, or FYI). SonicWALLspecifies the name of the SonicWALL appliance that
generated the event (if applicable).

User@IPspecifies the user name and IP address.
934
View Log
3.
To narrow the search, configure some of the following criteria:
Tip
You can press Enter to navigate from one form element to the next in this section.
Select Time of logsdisplays all log entries for a specified range of
dates.
SonicWALL Nodedisplays all log entries associated with the
specified SonicWALL appliance.

GMS Userdisplays all log entries with the specified user. Message containsdisplays all log entries that contain the specified
text. This input field provides an auto-suggest functionality that uses existing log message text to predict what you want to type. It fills in the field with the suggested text and you can either press Tab to accept it or keep typing. Different suggestions will appear as you continue to type if log messages match your input.
Severitydisplays log entries with the matching severity level: All (Alert, Warning, and FYI)where FYI mean For Your
Information
Alert and Warning Alert Select the Match case checkbox to make the SonicWALL Node,
GMS User, and Message contains search fields case sensitive.
Select one of Exact Phrase, All Words, or Any Word. Exact Phrase matches a log entry that contains exactly what you
typed in the Message contains field
All Words matches a log entry that contains all the words you typed
in the Message contains field, but the words can be non-consecutive or in any order
Any Word matches a log entry that contains any of the words you
typed in the Message contains field
4.
To view the results of your search criteria, click Start Search. To clear all values from the input fields and start over, click Clear Search. To save the results as an HTML file on your system, click Export Logs and follow the on-screen instructions.
935
View Log
5.
To configure how many messages are shown per screen, enter a new value between 10 and 100 in the Show Messages Per Screen field. (default: 10). Click Next to display the next page, or click Previous to display the preceding page. To jump to a specific message, enter the message number in the Go to Message Number field.
6.
936
CHAPTER 43 Managing Tasks

This chapter describes how to configure scheduled tasks in the Console panel Tasks screen. This chapter includes the following section:
Scheduled Tasks section on page 937
Scheduled Tasks
As you perform multiple tasks through the SonicWALL GMS UI, SonicWALL GMS creates, queues, and applies them to the SonicWALL appliances. As SonicWALL GMS processes the tasks, some SonicWALL appliances may be down or offline. When this occurs, SonicWALL GMS requeues the tasks and reattempts the changes.
937
Scheduled Tasks
To view and manage pending tasks, perform the following steps:

1.
Click the Console tab, expand the Tasks tree and click Scheduled Tasks. The Scheduled Tasks page displays.
2.
Each task entry contains the following fields:

Number (#)specifies the number of the task entry. SonicWALLspecifies the name of the SonicWALL appliance to
which the task applies.

Descriptioncontains a description of the task. Creation Timespecifies the date and time the task was generated. Scheduled Time (Local)time the task was scheduled in the local
time zone of the appliance.

Scheduled Time (Agent)time the task was scheduled in the time
zone of the agent.

No. of Attemptsspecifies the number of times SonicWALL GMS
has attempted to execute the task.

Last Errorif the task was not successfully executed, specifies the
error.
SGMS Userspecifies the user who created the task. Agentspecifies the IP address of the agent.
938
Scheduled Tasks
3.
To narrow the search, enter one or more of the following search criteria and click Start Search:
Tip
You can press Enter to navigate from one form element to the next in this section.
Calendarselect the period of time for which SonicWALL GMS will
display tasks. The pull down menu to the right enables you to specify that the date range applies to the task creation time, the local scheduled time, and the agent scheduled time.
SonicWALL Nodedisplays all tasks associated with the specified
SonicWALL appliance.
Description containsdisplays all tasks that contain the specified
text.
Ownerdisplays all tasks with the specified owner. Task IDdisplays the task with the specified task ID. 4.
To execute one or more scheduled tasks immediately, select their check boxes and click Execute the tasks selected now. You can also select al l of the tasks on the page by checking the Select Only the 10 Tasks Displayed Above checkbox, or select all tasks by checking the Select All Pending Tasks checkbox. To reschedule one or more pending tasks for another time, select their check boxes and click Re-schedule the tasks selected. The GMS Date Selector dialog box displays.
5.
939
Scheduled Tasks
6.
Select a new date when the task will execute and click OK. The dialog box closes and the task will execute at the selected time.
Note
The task(s) will execute based on the time setting of the SonicWALL GMS agent server, UTC, or local browser's time. To delete one or more tasks from the list of pending tasks, select their check boxes and click Delete the tasks selected. To delete all pending tasks, select the Select all Tasks check box and click Delete the tasks selected.
7.
940
CHAPTER 44 Configuring Management Settings

This chapter describes the settings available on the Console panel in the Management section. The following sections are found in this chapter:

Settings section on page 941 Domains section on page 945 Users section on page 953 Custom Groups section on page 964 Sessions section on page 970 Agents section on page 971 SNMP Managers section on page 973 Inheritance Filters section on page 974 Message of the Day section on page 975 Database Maintenance section on page 977
Settings
On the Console > Management > Settings page, you can enable reporting, configure email settings, enable automatic preferences file backup, configure GMS to synchronize with managed units, and configure Enhanced Security Access (ESA) settings. This section describes the following Settings topics::

Configuring Email Settings on page 942 Configuring Prefs File Settings on page 942
941
Settings
Enabling Reporting and Synchronization with Managed Units on page 943 Enhanced Security Access Settings on page 944
Configuring Email Settings

An SMTP server and an email address are required for sending GMS reports. If the Mail Server settings are not configured correctly, you will not receive important email notifications, such as:
1. 2. 3.
System alerts for your SonicWALL GMS deployment performance Availability of product updates, hot fixes, or patches Availability of firmware upgrades for managed appliances Alerts on your managed appliances status Scheduled Reports Click the Console tab. Expand the Management tree and click Settings. The Settings page displays. Type the IP address of the Simple Mail Transfer Protocol (SMTP) server into the SMTP Server field. This server can be the same one that is normally used for email in your network. Type the email account name and domain that will appear in messages sent from the SonicWALL GMS into the GMS Senders e-Mail Address field. When finished in the Settings page, click Update. To clear the screen settings and start over, click Reset.
To configure these email settings:
4.
5.
Configuring Prefs File Settings

You can have the system automatically save your GMS preferences files on a regular basis. This includes the addunit.xml file that contains information about the units under GMS management. To configure the prefs file settings:
1.
Click the Console tab.
942
Settings
2. 3.
Expand the Management tree and click Settings. The Settings page displays. Select Daily or Weekly in the Automatically save prefs file & addunit.xml field, and select a day of the week (if weekly) and a time. This determines how often SonicWALL GMS will automatically save the preferences and addUnit.xml files. To automatically save the VPN Gateway Preferences files for SonicWALL appliances, select Automatically save VPN Gateway Prefs file.
Note
4.
The Enable Prefs Backup option must also be selected on the Policies > General > Settings screen.
5.
When finished in the Settings page, click Update. To clear the screen settings and start over, click Reset.
Enabling Reporting and Synchronization with Managed Units

By default, GMS Reporting is enabled. To enable or disable GMS Reporting, perform the following steps:
1. 2. 3. 4.
Click the Console tab. Expand the Management tree and click Settings. The Settings page displays. To enable GMS Reporting, select the Enable Reporting check box. To disable it, deselect the Enable Reporting check box (default: Enabled). To configure SonicWALL GMS to automatically synchronize with the local changes made to the SonicWALL appliances, select the Enable Auto Synchronization check box. For SonicWALL appliances that do not have direct access to the Internet, you can instruct GMS to download updates to security service signatures. To do so, select the follow two check boxes:
Firewalls managed by this GMS do not have Internet Access Upload latest signatures on subscription status change
5.
Note
When updated signatures have been downloaded to the GMS, you must then manually upload them to the SonicWALL appliances. This action is performed on the Policies>System>Tools page. When
943
Settings
there are new signatures to be uploaded, the Upload Signatures Now appears on the Tools page. Click this button to manually upload the signatures.
6. 7.
To create an addUnit.xml file to track all units under management, click Create Add Unit XML File. When finished in the Settings page, click Update. To clear the screen settings and start over, click Reset.
Enhanced Security Access Settings

SonicWALLs Enhanced Security Access (ESA) feature allows for greater granular control of user access across a GMS network, which is applicable for installations that must comply with stringent regulatory compliance and account management controls as found in such standards as Payment Card Industry (PCI), SOX, or HIPAA.
Note
Enhanced security settings are also available in your browser. For information, see Browser Requirements on page 12.
GMS supports these data security standards by providing support for encryption of all passwords and any pre-shared secrets in the database. This includes VPN Security Association pre-shared secrets, encryption keys, authentication keys, and passwords. The following passwords are encrypted in GMS :

GMS gateway password UTM appliance passwords for managed units Guest account password LDAP and RADIUS passwords
Enhanced security compliance also requires a password rotation feature. GMS supports password rotation requirements, including several changes in the management interface. These changes occur on the Console panel, in the Management > Settings screen and in all screens accessed from the Management > Users screen. To turn on password security enforcement in GMS:
1.
In the Management > Settings screen, select the Enforce Password Security checkbox.
944
Domains
2. 3.
In the Number of failed login attempts before user can be locked out field, enter a value. The default is 6. In the User lockout minutes field, enter a value. The default is 30. This is the number of minutes that a user will not be able to log in to GMS after failing to log in correctly for the specified number of attempts. In the Number of inactive days to mark user for deletion field, enter a value. The default is 90. The users account will be deleted if it is not used for the specified number of days. In the Number of days to force password change field, enter a value. The default is 90. GMS will prompt the user to change his password after the specified number of days. When finished in the Settings page, click Update. To clear the screen settings and start over, click Reset.
4.
5.
6.
Domains
A Domain in GMS is a logically bound collection of users, authentication servers, managed appliances, policies and reporting data, alerts and all other related data in manner such that the contents in a domain are only visible within the boundaries of the domain. Data from one domain is not visible to users in other domains. Only the SuperAdmin user can create new domains and can view and edit information from all the domains in the system. All other admin users of each domain have the privilege of managing their own domains in GMS. This section describes the following GMS Settings topics:

About Domains on page 945 Creating a New Domain on page 946
About Domains
In addition to a built in LocalDomain with a LocalAuthServer for authentication of users, GMS is able to access and authenticate against popular third party systems including Active Directory, RADIUS and LDAP in a transparent fashion. By default, GMS maintains its own locally stored database for authentication purposes. This is also referred to as the LocalAuthServer. GMS also allows simultaneous third party database authentication, which makes use of your existing (and separately maintained) database system(s).
945
Domains
Note
Although GMS 6.0 supports the use of multiple external authentication mechanisms for a single domain, only one instance of a local GMS authentication server the default GMS LocalAuthServer can exist for each domain.
The user hierarchy of your database (either GMS or third-party) determines what a users view consists of, and what data they are able to access and/or modify. In the case of Active Directory servers, GMS has the ability to limit access to only specified groups of users. If this functionality is desired, the target groups must be specified.
Creating a New Domain

By default, a GMS domain stores user account/passwords/permissions locally inside the GMS database. When users attempt to access resources in GMS, they are authenticated against this local database, which determines what their view consists of and data they are able to access and/or modify. The following procedures will assist you in creating a new domain, including configuring that domain to use LDAP/AD/RADIUS for authentication, if required.
Note
Every instance of GMS installs with a default domain, named LocalDomain even before a domain is created by the administrator. Users of new admin-created domains do not have the ability to view data in other domains.
Creating a New Domain

To create a new domain:
1.
Login as the Administrator of the LocalDomain on the SonicWALL GMS Login Screen.
946
Domains
2.
Navigate to the Console > Management > Domain page. You will see a default LocalDomain. To create a new domain in SonicWALL GMS, click Add Domain to complete the configuration parameters for the new remote domain.
3.
Under Name, type in the desired name for the remote domain. This name will be visible on the Domain drop-down list on the SonicWALL GMS Login screen. For Default Admin User, specify a valid user account -- this will be the default admin account created for the domain. Note that this username must exist in your third party server, and will have administrative privileges in GMS for the newly created domain. The Host Name can either be specified as the IP Address of the remote server, or the fully-qualified domain name. The authentication servers Global Catalog can be set as a Host in case of a complex directory structure. If using the Global Catalog, SonicWALL GMS will be able to search through the directory and through all its children node. Enter a friendly name, or Alias for this new Domain. If your new domain will use only local (GMS) database for user authentication, configuration is complete after this step. If you are planning to authenticate using an existing third-party database, continue to Configuring LDAP or AD Authentication or Configuring RADIUS Authentication.
4.
5.
6.
Note
Configuring LDAP or AD Authentication

Complete the following steps if you are configuring this domain for use with external LDAP or AD authentication:
1. 2.
Be sure to complete the basic setup procedures in theCreating a New Domain section on page 946 before continuing. Check the Add Auth Server option to enable third-party authentication for this domain.
947
Domains
3.
In the Authentication Port field, specify the value of the port number on which the third party server listens for authentication requests. The default Authentication Port for LDAP or AD servers is 389. To reach an AD servers global catalog, use port 3268.
Note
4. 5. 6.
Select LDAP, or Active Directory from the drop-down menu under Host Type. Next, select which Protocol Version the remote server is running on. The Base Distinguished Name (Base DN) is used to identify the root entry in the directory from which SonicWALL GMS will execute searches. This should be the node in the authentication system under which all SonicWALL GMS users will be present. The value is specified as a distinguished name (for example, dc=gmseng,dc=com). Click the Use SSL checkbox to use SSL when connecting to the remote server. If you check this checkbox, you will need to specify the SSL Port on which the remote server is listening for bind requests. By default, this is 636. If connecting to an AD servers global catalog, use port 3269.
7.
948
Domains
Note
SonicWALL recommends using SSL with remote domains. The Certificate Authority (CA) or Root certificate of the LDAP server will need to be imported into GMS JRE using the keytool command. Only select Anonymous Login if the authentication system is configured to allow anonymous binds. This option makes the Admin User ID irrelevant. This is not a recommended setting as it reduces security. The Login User Distinguished Name is used to authenticate to the third party server when performing the initial bind. This value is specified as a distinguished name. Type in the matching password for the Login Password field. The Login User Distinguished Name need not correspond with the Admin User ID, but both must exist in the third party server. The Login User Distinguished Name can be found using any LDAP Browser Tool.
8.
9.
Note
10. In the Connection Timeout field, specify the connection timeout period
(in milliseconds). Once the Settings panel is completed, click the Schema panel to continue setup of the new remote domain. drop-down list. Each selection in this list will fill in the remaining fields on the Schema panel with default values.
11. Under LDAP Schema, select which LDAP Server you are using from the
Note
If the server you are using is not specified in the default list, click User Defined to configure your own values and settings.
12. Optional, for AD servers only: Select the Allow Only AD Group Members
checkbox. Then specify which groups are allowed to login to GMS from this remote domain. Multiple groups can be specified if they are separated by a semi-colon. All users that are members of the specified AD group must be present below the Base DN that was specified in the settings pane.
13. Click OK.

949
Domains
Configuring RADIUS Authentication

Configure a RADIUS server for authentication in your domain: Be sure to complete the basic setup procedures in theCreating a New Domain section on page 946 before continuing.
Configuring the Settings Tab
1. 2. 3. 4. 5.
Check the Add Auth Server option to enable authentication by a third party server. Enter the Host Name (or IP address) of the RADIUS server you wish to use for authentication. Enter the Authentication Port on which the RADIUS server listens for requests. The default Authentication Port is 1812. Enter the Shared Secret to be used between GMS the RADIUS server. Enter the Authentication Protocol used by your RADIUS installation.
Note
SonicWALL GMS supports PAP, CHAP, MSCHAP, and MSCHAPv2 protocols for RADIUS authentication. Enter the RADIUS Timeout (Seconds), this specifies the amount of time GMS will wait before giving up or retrying the authentication attempt. The number of retries is specified next. The default value is 10 seconds. Enter the Max Retries, this specifies the number of times GMS will attempt to authenticate with the RADIUS server before aborting the attempt. The default value is 3 tries.
6.
7.
950
Domains
8.
Fill in the Host Name, Authentication Port, and Shared Secret values for your backup RADIUS server, if available.
Configuring the User Groups Tab
9.
Check the Allow Only Radius Group Members option if you plan to limit GMS access to members of select groups. The specific groups are specified later in this tab. RADIUS Server option to use SonicWall-user-group, and SonicWall-user-groups as RADIUS user group identifiers for GMS authentication.
10. If configured, select the Use SonicWALL Vendor specific attribute on
11. If the RADIUS server is configured to return the Filter-ID attribute with
each user ID, select the Use Filter-ID attribute on RADIUS Server option. Henceforth, this value will be used as the RADIUS user group identifier.
12. Enter the Allowed RADIUS Group(s), separated by a semi-colon ;. This
field specifies groups, the members of which are allowed to access GMS resources.
Verifying Administrator Third Party Authentication Configuration

Under the Test panel, you are able to test and verify the remote domain configurations entered on the Settings panel. If there are any errors in your configurations, this screen will alert you and provide information on how to correct them.
951
Domains
To test the third party authentication feature, specify the credentials of any user in the domain and click the Test button.
You will also see the new domain (local and remote) you have created under Console > Management > Domains of SonicWALL GMS. To confirm the configurations for each domain, click the icon to view or change these settings.
Verifying Third Party Authentication Server Configuration

If the login was successful, the user will automatically be directed to the SonicWALL GMS SonicToday default page. At the top of the page, SonicWALL GMS will no longer display the users status as Guest.
952
Users
Editing a Domain
Any admin-created domain can be edited after initial creation. To create a new domain:
1. 2.
Login as the Administrator of the LocalDomain on the SonicWALL GMS Login Screen. Navigate to the Console > Management > Domain page. To delete a domain in SonicWALL GMS, select the checkbox corresponding to the domain you wish to delete and click the Edit Domain button. The default LocalDomain which comes pre-installed with GMS systems cannot be edited or deleted. You are done. Please enjoy your edited domain.
Note
3.
Users
To operate in complex environments, the SonicWALL Global Management System (SonicWALL GMS) is designed to support multiple users, each with his or her own set of permissions and access rights. This section contains the following subsections:

Creating User Groups on page 954 Moving a User on page 957 Configuring Appliance Access on page 960
Note
If you do not want to restrict access to SonicWALL appliances or SonicWALL GMS functions, but want to divide SonicWALL GMS responsibility among multiple users, use views to provide specific criteria to display groups of SonicWALL appliances. Depending on the type of task they are trying to perform, users can switch between these views as often as necessary. For more information, see Configuring Unit, View, and Other Permissions on page 961.
Note
All of the user configuration options are available through the command-line interface. For more information, refer to the SonicWALL Global Management System Command-Line Interface Guide.
953
Users
Creating User Groups

A user group (or user type) is a group of SonicWALL GMS users who perform similar tasks and have similar permissions. SonicWALL GMS provides three pre-configured groups:
1. 2. 3. 4. 5.
AdministratorsFull view and update privileges. OperatorsView privileges only. End UsersNo privileges. Guest UsersNo privileges. Click the Console tab, expand the Management tree and click Users. The General Page of the User screen displays. In the middle pane, right-click All Users and select Add User Types from the pop-up menu. A new user group dialog box displays. In the dialog box, enter the name of the new user type and then click OK. The new user type is added to the list under All Users. In the right pane, enter any comments regarding the new user group in the Comments field. Select a default view for the new user group from the Default View pull-down menu. This view will be displayed for members of the user group when they first log in to SonicWALL GMS. To force all users in the user group to change their passwords, select the Change Password checkbox. To delete the user type when it becomes inactive, select the Delete Inactive checkbox. To set a date when the user type will become inactive, click in the Active Until field and then select a date from the popup calendar. To keep the user type active at all times without an end date, select the Always Active checkbox. list in the Schedule field.
To create a new group, perform the following steps:
6. 7. 8. 9.
10. Select the schedule for when the user group is active from the drop-down 11. Click Update. The new user group is added. By default, the new group has
no privileges. To configure screen access settings, see Moving a User on page 957.
954
Users
Adding Users
This section describes how to create a new user. Although the user will inherit all group settings, individual user settings will override the group settings. To add a new user, perform the following steps:
1.
Click the Console tab, expand the Management tree and click Users. The General Page of the User configuration screen displays.
2. 3.
Right-click a user group and select Add User from the pop-up menu. The Add User window displays. In the dialog box, enter a username and a password and click OK. In the main window, the new user displays beneath the group to which it is assigned.
Note
The username and password are case-sensitive. Do not enter the single quote character () in the User ID field. Select the new user. Enter the full name of the user in the Name field. Enter contact information for the user in the Phone, Fax, Pager, and Email fields. Select the default view for the user from the Default View list box.
4. 5. 6. 7.
955
Users
8. 9.
Enter any comments regarding the new user in the Comments field. Check the SuperAdmin checkbox to enable privelages for this user across all domains.
Note
By default, permissions for users exist only within the domain to which they belong. By checking the SuperAdmin option, permissions are extended across all domains.
10. Enter the number of minutes that the user can be inactive on his computer
before the session times out in the Inactivity Timeout field. Enter -1 to never time out. Password field, and then type it again in Confirm Password. Disabled checkbox. checkbox.
11. To change the password for the user, type in the password in the New 12. To disable the user without deleting the entire entry, select the Account 13. To force the user to change his password, select the Change Password 14. To delete the user when the account becomes inactive, select the Delete
Inactive checkbox.
15. To set a date when the user will become inactive, click in the Active Until
field and select a date from the popup calendar.

16. To keep the user active without an end date, select the Always Active
checkbox. If this is selected, the date in the Active Until field is ignored. Schedule field.
17. Select a schedule when the user is active from the drop-down list in the 18. Do one of the following: Click Inherit Permissions from Group. The user will inherit the
permissions from the group that you right-clicked to begin this procedure.
Click Update. The new user is added. You will need to configure the
users permissions. See Moving a User, below and Configuring Appliance Access on page 960.
Click Reset to change all fields in this screen to their default values
and start over.

Note
To temporarily disable a user account, select the Account Disabled check box and click Update.
956
Users
Moving a User
When new users log in to SonicWALL GMS for the first time, they will be considered guest users and will only have limited access. One way to configure user privileges is to more the user to the appropriate group. To change a SonicWALL GMS users group:
1.
Have the user login to GMS. The user will be logged in as a guest user with limited privileges. An administrator can now upgrade the account to a separate user class.
2. 3. 4.
Login as the remote domains administrator. Navigate to the Console tab. Navigate to the Management > Users page.
Youll see that there are currently four different categories of users: Administrators, End Users, Guest Users, and Operators. These categories can be further opened to list the users that comprise them.
5. 6.
Select the new user from the Guest Users list. Right-click the new users name in the Guest Users list and select Move User from the pull down menu.
957
Users
7.
In the Move User dialog box, select the appropriate new level for the new user, and select Inherit permissions defined from the new user type permission.
8.
Click OK.
Configuring Screen Access

The Screen Permissions page contains a hierarchical list of all screens that appear within SonicWALL GMS. From this screen, you can control access to individual screens or all screens within a section. This includes permissions for users or groups to view, or view and update reports.
Note
By default, a new user group has no privileges.
To configure screen access settings for a user or user group, perform the following steps:
1. 2. 3.
Navigate to Console > Management and open the Users configuration screen. Select a user or user group under All Users. Click the Screen Permissions tab.
958
Users
4.
Under All Screens, select a panel, section, or screen. For example, for REPORTS_PANEL, you can select the whole panel, the unit type section such as UTM, SSL-VPN, CDP, or Email Security, the group of reports for that type of unit, or the individual report or screen that you want to set permissions for. In this example, we chose the Firewall > Bandwidth panel.
5.
On the right side of the pane, select from the following:

To prevent any access to the object, select None. To allow view only access, select View Only. To allow the user or group to make updates only for unit-level screens
and not for group-level screens, select View & Update At Unit Level Only. This option is only available for objects in the Policies Panel and Reports Panel.
To allow unrestricted access to the object, select View and Update.
For this example, we select the View Only option to allow our executive team to view the firewall bandwidth panel.
6.
Click the Update button to apply the permission changes.

959
Users
7.
You may see a warning screen if you are applying permission changes to a group, verify that you wish to apply these changes to the group and all users within that group and click the OK button. The panel object is now preceded by a .
Note
The more specific settings override the more general settings. For example, if you select View Only for the Status group of reports and select None for the Up-Time over Time report, then the selected user will only see the Up-Time Summary report in the Status reports and have View Only permission for that report.
8. 9.
To clear all screen settings and start over, click Reset. When finished, click Update.
Configuring Appliance Access

The Appliance Permissions page contains a hierarchical list of all SonicWALL appliances that appear within SonicWALL GMS. From this screen, you can control access to SonicWALL groups or individual SonicWALL appliances. To configure appliance access settings for a user, perform the following steps:
1. 2.
Open the Users configuration screen. Select a user.
960
Users
3.
Click the Unit Permissions tab.
4. 5.
Select a View from the Views pull-down menu. To provide the user with access to a SonicWALL group or appliance, select a SonicWALL group or appliance in the left pane of the window and click Add. The group or appliance displays in the right pane. Repeat Step 5. for each group or appliance to add. To prevent the user from accessing a SonicWALL group or appliance, select the group or appliance in the right pane of the window and click Remove. The group or appliance is deleted from the right pane. Repeat Step 7. for each group or appliance to remove.
6. 7.
8.
Configuring Unit, View, and Other Permissions

The Action Permissions tab contains a list of actions and views that can be allowed for a group. To configure actions and views for a group, perform the following steps:
1. 2.
Open the Management > Users configuration screen. Select the user group.
961
Users
3.
Click the Action Permissions tab.
4.
Select the unit actions you wish to be available for this group in the Units section. Allows the user to... add, delete, or modify GMS management specifications of managed units rename units gain access to managed unit GUI through GMS modify properties of managed units move units between agents
Checkbox Add Unit, Modify Unit, Delete Unit Rename Unit Login to Unit Modify Properties Re-assign Agents
5.
Select the view options you wish to be available for this group in the Views section: Allows the user to... alter the properties of views change between views
Checkbox Manage View Change View 962
Users
6.
Select any remaining options for this group in the Others section:
Checkbox Enable CLI Show Switch link Use Web Services

7.
Allows the user to... manage using the command line interface (CLI) easily switch between the System and Management interfaces configure and use the Web Services feature
Enable SonicToday see the SonicToday view
Click Update. The settings are changed for the group.
963
Custom Groups
Custom Groups
The SonicWALL GMS uses an innovative method for organizing SonicWALL appliances. SonicWALL appliances are not forced into specific, limited, rigid hierarchies. Simply create a set of fields that define criteria (e.g., country, city, state) which separate SonicWALL appliances. Then, create and use views to display and sort appliances on the fly.

When first configuring SonicWALL GMS, you will create custom fields that will be entered for each SonicWALL appliance. SonicWALL GMS supports up to ten custom fields.
Note
Geographicuseful for organizing SonicWALL appliances geographically. Especially useful when used in combination with other grouping methods. Geographic fields may include:
Country Time Zone Region State City
Customer-basedUseful for organizations that are providing managed security services for multiple customers. Customer-based fields may include:
Configuration-basedUseful when SonicWALL appliances will have very different configurations. (e.g., Filtering, No Filtering, Pornography Filtering, Violence Filtering, or VPN).
964
Custom Groups
User-typeDifferent service offerings can be made available to different user types. For example, engineering, sales, and customer service users can have very different configuration requirements. Or, if offered as a service to end users, you can allow or disallow network address translation (NAT) depending on the number of IP addresses that you want to make available.
SonicWALL GMS is pre-configured with four custom fields: Country, Company, Department, and State. These fields can be modified or deleted. To add fields, perform the following steps:
1.
2. 3. 4. 5. 6. 7.
Right-click Custom Groupings in the right pane. Select Add Group from the pop-up menu. Enter the name of the first field. Select the newly created field and select Add Group from the pop-up menu. Enter the name of the new field. Repeat Steps 6 through 8 for each field that you want to create. You can create up to ten fields.
Note
Although the fields appear to be in a hierarchical form, this has no effect on how the fields will appear within a view. To define views, see Configuring Unit, View, and Other Permissions on page 961.
To modify or delete fields, right-click any of the existing fields and select Modify or Delete from the pop-up menu.
965
Custom Groups
Configuring Prefs File Settings

You can have the system automatically save your GMS preferences files on a regular basis. This includes the addunit.xml file that contains information about the units under GMS management. To configure the prefs file settings:
1. 2. 3.
Click the Console tab. Expand the Management tree and click Settings. The Settings page displays. Select Daily or Weekly in the Automatically save prefs file & addunit.xml field, and select a day of the week (if weekly) and a time. This determines how often SonicWALL GMS will automatically save the preferences and addUnit.xml files. To automatically save the VPN Gateway Preferences files for SonicWALL appliances, select Automatically save VPN Gateway Prefs file.
Note
4.
The Enable Prefs Backup option must also be selected on the Policies > General > Settings screen.
5.
When finished in the Settings page, click Update. To clear the screen settings and start over, click Reset.
Enabling Reporting and Synchronization with Managed Units

By default, GMS Reporting is enabled. To enable or disable GMS Reporting, perform the following steps:
1. 2. 3. 4.
Click the Console tab. Expand the Management tree and click Settings. The Settings page displays. To enable GMS Reporting, select the Enable Reporting check box. To disable it, deselect the Enable Reporting check box (default: Enabled). To configure SonicWALL GMS to automatically synchronize with the local changes made to the SonicWALL appliances, select the Enable Auto Synchronization check box.
966
Custom Groups
5.
For SonicWALL appliances that do not have direct access to the Internet, you can instruct GMS to download updates to security service signatures. To do so, select the follow two check boxes:
Firewalls managed by this GMS do not have Internet Access Upload latest signatures on subscription status change
Note
When updated signatures have been downloaded to the GMS, you must then manually upload them to the SonicWALL appliances. This action is performed on the Policies>System>Tools page. When there are new signatures to be uploaded, the Upload Signatures Now appears on the Tools page. Click this button to manually upload the signatures. To create an addUnit.xml file to track all units under management, click Create Add Unit XML File. When finished in the Settings page, click Update. To clear the screen settings and start over, click Reset.
6. 7.
Enhanced Security Access Settings

SonicWALLs Enhanced Security Access (ESA) feature allows for greater granular control of user access across a GMS network, which is applicable for installations that must comply with stringent regulatory compliance and account management controls as found in such standards as Payment Card Industry (PCI), SOX, or HIPPA.
Note
Enhanced security settings are also available in your browser. For information, see Browser Requirements on page 12.
GMS 4.1 supports these data security standards by providing support for encryption of all passwords and any pre-shared secrets in the database. This includes VPN Security Association pre-shared secrets, encryption keys, authentication keys, and passwords. The following passwords are encrypted in GMS 4.1:

GMS gateway password Firewall passwords for managed units Guest account password LDAP and RADIUS passwords
967
Custom Groups
Enhanced security compliance also requires a password rotation feature. GMS 4.1 supports password rotation requirements, including several changes in the management interface. These changes occur on the Console panel, in the Management > Settings screen and in all screens accessed from the Management > Users screen. To turn on password security enforcement in GMS:
1. 2. 3.
In the Management > Settings screen, select the Enforce Password Security checkbox. In the Number of failed login attempts before user can be locked out field, enter a value. The default is 6. In the User lockout minutes field, enter a value. The default is 30. This is the number of minutes that a user will not be able to log in to GMS after failing to log in correctly for the specified number of attempts. In the Number of inactive days to mark user for deletion field, enter a value. The default is 90. The users account will be deleted if it is not used for the specified number of days. In the Number of days to force password change field, enter a value. The default is 90. GMS will prompt the user to change his password after the specified number of days. When finished in the Settings page, click Update. To clear the screen settings and start over, click Reset.
4.
5.
6.
Custom Groups
The SonicWALL GMS uses an innovative method for organizing SonicWALL appliances. SonicWALL appliances are not forced into specific, limited, rigid hierarchies. Simply create a set of fields that define criteria (e.g., country, city, state) which separate SonicWALL appliances. Then, create and use views to display and sort appliances on the fly.

When first configuring SonicWALL GMS, you will create custom fields that will be entered for each SonicWALL appliance. SonicWALL GMS supports up to ten custom fields.
968
Custom Groups
Note
Geographicuseful for organizing SonicWALL appliances geographically. Especially useful when used in combination with other grouping methods. Geographic fields may include:
Country Time Zone Region State City
Customer-basedUseful for organizations that are providing managed security services for multiple customers. Customer-based fields may include:
Configuration-basedUseful when SonicWALL appliances will have very different configurations. (e.g., Filtering, No Filtering, Pornography Filtering, Violence Filtering, or VPN). User-typeDifferent service offerings can be made available to different user types. For example, engineering, sales, and customer service users can have very different configuration requirements. Or, if offered as a service to end users, you can allow or disallow network address translation (NAT) depending on the number of IP addresses that you want to make available.
SonicWALL GMS is pre-configured with four custom fields: Country, Company, Department, and State. These fields can be modified or deleted.
969
Sessions
To add fields, perform the following steps:

1.
2. 3. 4. 5. 6. 7.
Right-click Custom Groupings in the right pane. Select Add Group from the pop-up menu. Enter the name of the first field. Select the newly created field and select Add Group from the pop-up menu. Enter the name of the new field. Repeat Steps 6 through 8 for each field that you want to create. You can create up to ten fields.
Note
Although the fields appear to be in a hierarchical form, this has no effect on how the fields will appear within a view. To define views, see Configuring Unit, View, and Other Permissions on page 961.
To modify or delete fields, right-click any of the existing fields and select Modify or Delete from the pop-up menu.
Sessions
The Sessions page of the Management section of the GMS Console allows you to view session statistics for currently logged in GMS users and to end selected sessions.
970
Agents
Managing Sessions
On occasion, it may be necessary to log off other user sessions. To do this, perform the following steps:
1.
Click the Console tab, expand the Management tree and click Sessions. The Sessions page displays.
2.
When more than one session is active, a checkbox is displayed next to each row. Select the check box of each user to log off and click End selected sessions. The selected users are logged off.
Agents
The Agents page provides information for the SonicWALL GMS primary and backup agent servers that are managing the SonicWALL appliances. This page lists the IP address and status of each agent server, the IP address and password of the GMS gateway for each agent server, and the number of firewalls under SonicWALL GMS management. You can also schedule all the tasks for each agent server to be executed during a specified time period.
Note
You can also use this page to remove agents, but they cannot be managing any firewalls.
971
Agents
Managing Agent Configurations

To configure the Agents page, perform the following steps:
1.
Click the Console tab, expand the Management tree and click Agents. The Agents page displays.
2.
The summary section displays the number of installed and running agents. Select the IP address of the Agent you want to view from the Agent IP list box. The Agent Name field displays the name of the selected Agent. The agent name can be modified by editing this field. To specify when tasks can run, select the start time from the Daily At list box. The time is based on the SonicWALL appliances local time.
Note 3.
Note
By default, SonicWALL GMS schedules tasks for immediate execution.
972
SNMP Managers
4.
For each agent server, the GMS Gateway IP address and password is displayed. If you change the GMS gateway IP address or password, you must also change the settings on this page. To change the name of the GMS Gateway administrator for selected firmware/models, enter the name in the GMS Gateway Username field (default: admin). To change the password used to log in as the GMS Gateway administrator, enter the name in the GMS Gateway Password field. For each agent server, the Firewalls for Primary Management list box lists the SonicWALL appliances that are assigned to the agent server for primary management. The total number is also displayed. For each agent server, the Firewalls for Standby Management list box lists the SonicWALL appliances that are assigned to the agent server for backup management. The total number is also displayed. For each agent server, the Firewalls Under Active Management list box lists the SonicWALL appliances that are actively being managed by the agent server. The total number is also displayed. the settings and start over, click Reset.
5.
6. 7.
8.
9.
10. When you are finished, click Update. The settings are changed. To clear
SNMP Managers
The SNMP Managers page enables you to specify SNMP Managers to which SonicWALL GMS will send SNMP Traps.
973
Inheritance Filters
Configuring SNMP Settings

To configure the SNMP Managers page, perform the following steps:
1.
Click the Console tab, expand the Management tree and click SNMP Managers. The SNMP Managers page displays.
2. 3. 4. 5. 6.
Select the IP address and port of the SNMP Manager from the SNMP Manager IP/Port fields. Specify the IP addresses of SNMP Hosts to which traps will be forwarded in the SNMP Host to forward traps to fields. To enable trap forwarding, select the Enable SNMP Trap Forwarding check box. To enable trap email, select the Enable SNMP Trap Email check box. When you are finished, click Update. The settings are changed. To clear the settings and start over, click Reset.
Inheritance Filters
The Inheritance Filters page specifies which settings are inherited from the group when adding a new SonicWALL appliance.
974
Message of the Day
To configure the SNMP Inheritance Filter page, perform the following steps:
1.
Click the Console tab, expand the Management tree and click Inheritance Filters. The Inheritance Filter page displays.
2.
To edit an existing filter, select the filter from the Select Filter list box. To specify a new filter, select New Filter from the Select Filter drop-down menu and type a name in the Filter name field. Select which page settings are inherited in the Inheritance Filter Detail section. Select the type of access that is available to each SonicWALL GMS user group from the Access for each UserType section. When you are finished, click Add for a new filter or click Update for an existing filter. The settings are changed. To clear the settings and start over, click Reset.
3. 4. 5.
Message of the Day

The Message of the Day page displays a message when SonicWALL GMS users log on to SonicWALL GMS.
975
Message of the Day
To configure the Message of the Day page, perform the following steps:
1.
Click the Console tab, expand the Management tree and click Message of the Day. The Message of the Day page displays.
2. 3. 4. 5. 6. 7.
Select all users, a user group, or an individual user. Enter message text in the Message field. Select whether the message text will be displayed in plain text or HTML. Select the start and end date of the message (default: current day). When you are finished, click Update. The settings are changed. Repeat this procedure for each group or user for which this message will be displayed.
976
Database Maintenance
The Database Maintenance page allows you to back up the MySQL databases used by SonicWALL GMS. This screen is not applicable to deployments using SQL Server.
Note
The Console > Management > Database Maintenance page only appears in the management interface when a MySQL database is being used.
You can configure the type of backup, schedule for periodic backups, folder for backup storage, and number of backups (up to 3) to keep. You can also perform an immediate database backup from this page. Existing backups of the database are listed, and you can select from them to restore your databases.
977

Configuring Backup Schedule and Settings, page 978 Backing Up a Database Immediately, page 979 Restoring a Database Backup, page 979
If you have a SonicWALL UMA appliance, you can download and run the Data Export Wizard. The wizard will help you configure a Java-based client and a corresponding script that you can use to schedule recurring, automatic backups. For information about the Data Export Tool see the Data Export Wizard section on page 91.
Configuring Backup Schedule and Settings

To configure the database backup schedule and settings, perform the following steps:
1. 2.
Click the Console tab, expand the Management tree, and click Database Maintenance. The Database Maintenance page displays. Under Database Backup Schedule, select one of the following from the Database Backup Type drop-down list:
Current data Backs up system information and all data in sgmsdb
for the current month; sgmsdb contains summarized report data
Archived and Raw syslog data Backs up the archived data that is
moved from sgmsdb to other files at the end of every month, and backs up raw syslog data data and raw syslog data; this option requires the most time
Complete data Backs up all data including sgmsdb and all archived 3.
Select the desired backup schedule from the Database Backup Schedule drop-down list. You can select a pre-configured schedule or a custom schedule, which you can configure in the Console > Events > Schedule screen. When finished selecting options under Database Backup Schedule, click the Update Backup Schedule button. Under Database Backup Settings in the Backup files to directory [installDir] field, enter the folder name in which you want to store the backup files. Select the Zip files checkbox if you want the backup to be compressed and stored as a .zip file.
4. 5.
6.
978
7.
In the Number of backups to store field, enter the number of backups you want to store. The maximum is 3. When the maximum number of backups is reached in the configured folder, the oldest one will be removed when a new backup is created. If the folder is changed, existing backups in the previous folder will not be deleted. When finished selecting options under Database Backup Settings, Select the Zip files checkbox if you want the backup to be compressed and stored as a .zip file. When finished selecting options under Database Backup Settings, click the Update Backup Settings button.
8.
9.
Backing Up a Database Immediately

To perform an interactive backup of a database, complete the following steps:
1.
On the Console > Management > Database Maintenance page, under Immediate Database Backup, select the type of backup from the Backup database now drop-down list. You can select one of the following types:
Current data Backs up system information and all data in sgmsdb
for the current month; sgmsdb contains summarized report data
Archived and Raw syslog data Backs up the archived data that is
moved from sgmsdb to other files at the end of every month, and backs up raw syslog data data and raw syslog data; this option requires the most time
Complete data Backs up all data including sgmsdb and all archived 2. 3. 4.
Select the Zip files checkbox if you want the backup to be compressed and stored as a .zip file. Click the Backup Database Immediately button. In the confirmation dialog box, click OK.
Restoring a Database Backup

This feature allows the administrator to restore a previously backed-up database file.
979
Note
All services except the Web Server and the Database Service should be manually stopped before restoration is started to avoid corruption of data. For multi-agent systems, the services on the agents should also be stopped before restore.
To restore your database with one of your backups, perform the following steps:
1.
On the Console > Management > Database Maintenance page, under Database Restore, select the radio button for the backup that you want to restore.
2. 3. 4.
Click the Restore Database button. In the confirmation dialog box, click OK. For GMS software installations, you must restart the Web Server service manually after the backup is completed.
980
CHAPTER 45 Managing Reports in the Console Panel

This section describes how to configure reporting settings on the Console panel. These include how often the summary information is updated, the number of days that summary information is stored, and the number of days that raw data is stored. The following sections are included in this chapter:

Settings section on page 981 Summarizer section on page 983 Email/Archive section on page 994 Scheduled Reports section on page 995 Management section on page 1000
Settings
The Settings page under Reports on the Console panel provides a check box for enabling the sort option in report tables. You can also specify the number of appliances which can have Log Viewer enabled at the same time. See the following:

Enabling Report Table Sorting section on page 982 Controlling the Number of Appliances with Log Viewer Enabled section on page 982
981
Settings
Enabling Report Table Sorting

The Report Settings/Options section of the Console > Reports > Settings page provides a checkbox to enable the sort option on report tables. To enable or disable the sort option for report tables, perform the following steps:
1.
Click the Console tab, expand the Reports tree and click Settings.
2. 3.
To enable the report table sort option, select the Enable Sort Option on Report Tables checkbox. To disable sorting, clear the checkbox. Click Update.
Controlling the Number of Appliances with Log Viewer Enabled

You can control the maximum number of managed appliances for which Log Viewer can be enabled. The default setting allows Log Viewer to be enabled on up to five appliances. Because enabling Log Viewer causes raw syslog data uploading, it is resource intensive. Use care in increasing this number, and when enabling Log Viewer on systems. Log Viewer must be enabled on an appliance in order to use Custom Reports. Custom Reports are available for UTM and SSL-VPN appliances. For more information about Custom Reports, see the following:
Using Custom Reports on UTM Appliances section on page 699
For detailed information about Log Viewer files, see the Log Viewer Files section on page 985. To change the number of appliances for which Log Viewer can be enabled:
1.
On the Console panel, navigate to Reports > Settings.
982
Summarizer
2.
Under Log Viewer Settings, in the Maximum number of appliances on which Log Viewer can be enabled field, enter the number of appliances for which Log Viewer can be enabled. The default is five. Click Update. Limiting the number of appliances for which the Log Viewer is enabled will increase the overall performance of your SonicWALL GMS system.
3.
Note
Summarizer

About Summary Data in Reports on page 983 About the Distributed Summarizer on page 984 Summarizer Settings and Summarization Interval on page 987 Configuring the Syslog Deletion Schedule Settings on page 991 Configuring Host Name Resolution on page 992
About Summary Data in Reports

These reports are constructed from the most current available summary data. In order to create summary data, the GMS Reporting Module must parse the raw data files. When configuring GMS Reporting using the screens on the Console panel under Reports, you can select the amount of summary information to store. These settings affect the database size, be sure there is adequate disk space to accommodate the settings you choose.
983
Summarizer
Additionally, you can select the number of days that raw syslog data is stored. The raw data is made up of information for every connection. Depending on the amount of traffic, this can quickly consume an enormous amount of space in the database. Be very careful when selecting how much raw information to store. For information on configuring raw data storage, see Enabling Report Table Sorting section on page 982.
About the Distributed Summarizer


Summarizer Processing and Files, page 984 Log Viewer Files, page 985 Additional Files, page 986
The Distributed Summarizer (also known as Gen 2 Summarizer) gathers and processes the syslog data that the reports use. The Distributed Summarizer provides improved performance over the Gen 1 Summarizer (which captured the syslog directly into the database). For GMS releases after version 2.9.4, the Distributed Summarizer is enabled by default, and for GMS 5.0 and higher, the Gen 1 Summarizer is no longer an option. The Summarizer page manages the configuration of the Distributed Summarizer.
Summarizer Processing and Files

The following describes the processing and summarization process of the Distributed Summarizer:
With the Distributed Summarizer, the syslog is stored on the agents hard drive at the syslogFilePath location specified in: [installdir]\conf\sgmsConfig.xml The syslog messages are initially stored in a *.log file. When this file contains about 10K lines, the file is renamed to *.src and is ready for processing. The format of the filename is:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.SRC
When the summarizer starts, it groups the files for each unit and names each file with this format:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS_SERIAL_UnitType__#.UNP
As the summarizer processes the data, it creates PRG and PRE files. PRG files are created when the summarizer is grouping the data and preparing it for reports. PRE files contain error status information for each report type, and are used to track errors and failed upload attempts. When parsing is complete, the report data, or summary data, is uploaded to the
984
Summarizer
database. The PRG files contain the raw syslog data, but only the data necessary for reports is uploaded to the database. The format of these files is as follows:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS_SERIAL_UnitType__#.PRG AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS_SERIAL_UnitType__#.PRE
When the upload is complete, the PRE files are deleted and the PRG files are converted to this format:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS_SERIAL_UnitType__#.UPL
If the Log Viewer is enabled for a UTM appliance, additional files will be created from the raw syslog data in the UPL files (see Log Viewer Files, page 985). If the Log Viewer is not enabled, the UTM appliances UPL files are saved as PRD files in this format:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS_SERIAL_UnitType__#.PRD
At the configured syslogArchiveInterval (also in C:\sgmsConfig.xml), the PRD files are zipped and moved to the \archivedSyslog folder.
Log Viewer Files

If the Log Viewer is enabled for a UTM appliance (UTM > Reports > Log Viewer or SSL-VPN > Reports > Log Viewer), its raw syslog data will be uploaded to the rawsyslogdb database. After the PRE files are deleted, and the PRG files are converted, the raw syslog data is reformatted and stored in files with this naming convention:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS_SERIAL_#.UPD
At the configured syslogArchiveInterval, the UPD files are zipped with the PRD files mentioned above and moved to the \archivedSyslog folder. If there is no raw syslog data to be uploaded to the rawsyslogdb database, you may see this message in the GMS log: Raw syslog file upload ended. No syslog files were uploaded to database since upload has been disabled for the units encountered If there were problems uploading the raw syslog data to the database, the Raw Syslog Data Uploader quarantines the syslog files that consistently failed for 3 times. The files are quarantined in the \badSyslogs folder. The Uploader renames the original processed syslog file with .UPE (UPload Error) extension, then it deletes the corresponding format (.UDP) file. The diagram in Figure 12 displays the summarizer process.
985
Summarizer
Figure 12
Summarizer Process
Additional Files
The following files may also be seen: IMF (Infected Message File) - The summarizer has a mechanism to identify a possible infection of a host behind a UTM appliance by looking at the volume of data in the syslog file. This enables the summarizer to bypass certain reports, which will improve the performance. The infected file will be marked with the IMF extension and a log entry will be made in the StdVPSummarizer0.log file. NMM (Not My Message File) - Syslog messages containing a serial number not found in the system are logged to this file type. Additionally, if the vpsummarizer.associateScheduler parameter in sgmsConfig.xml is set to 1, then the summarizer will not process syslog from units which are not managed by that agent. Syslog received from these units will be stored in a file with the NMM extension.
986
Summarizer
Summarizer Settings and Summarization Interval

SonicWALL appliances send their syslog packets to SonicWALL GMS via UDP packets. When summarization is enabled, the Summarizer will process those files and store the data in the summary databases at the interval you specify. See the following sections:

Enabling Report Summarization section on page 987 Setting the Reports Data Summarization Interval section on page 987 Using Summarize Now section on page 989
Enabling Report Summarization

To globally enable the summarization of report data, which is necessary for viewing reports, perform the following:
1. 2. 3.
On the Console panel, navigate to Reports > Summarizer. Under Summarizer Settings, select the Enable Report Summarization checkbox. Click Update.
Setting the Reports Data Summarization Interval

The Summarizer will process syslog data sent from SonicWALL appliances and store the processed data in the summary databases at the interval you specify. When an appliance is configured to communicate with GMS, you need to verify that the summarizer is scheduled to collect and process data for this unit at an appropriate interval. To configure reports for summarization, see the Selecting Reports for Summarization section on page 675 in the Scheduling and Configuring Reports chapter.
987
Summarizer
To configure the summarization interval, perform the following steps:

1.
Click the Console tab, expand the Reports tree and click Summarizer. The Summarizer page displays.
2.
Under Reports Data Summarization Interval, important information about the Summarizer is displayed. Use the Summarize every drop-down lists to specify how often in hours and minutes the GMS Reporting Module should process syslog data and update summary information. Click the Update button to the right of this field. To specify the next summarization time, enter a date in the form mm/dd/yyyy in the Next Scheduled Run Time field, and select the hour and minute values from the drop-down lists. Click the Update button to the right of this field. To update the summary information now, click the Summarize Now button. SonicWALL GMS will automatically process the latest information and make it available for immediate viewing.
3. 4.
5. 6.
Note
This will not affect the normally scheduled summarization updates on the GMS Agent. For more information about using and verifying the Summarize Now option, see the Using Summarize Now section on page 989.
988
Summarizer
Using Summarize Now

The Summarize Now feature allows the administrator to create instant summary reports without affecting the regularly scheduled summary reports. You can use Summarize Now to test that the Summarizer is gathering data for a managed unit. The SonicWALL GMS Summarize Now feature is located in the Console tab under Reports > Summarizer. The SonicWALL GMS Summarizer creates summary reports by default every 8 hours. Summary reports can be configured by the administrator to occur every 15 minutes to every 24 hours. To use the Summarize Now feature, perform the following tasks:
1. 2.
Click the Console tab, expand the Reports tree and click Summarizer. Click the Summarize Now button. You will see a pop-up window verifying that you want to summarize the data now. Summarizing data using Summarize Now is a one-time action and will not affect the scheduled summary. Click OK to continue.
989
Summarizer
3.
To verify summarization, navigate to Log > View Log in the center pane. Search for the message Report Data Summarized to verify that the Summarize Now action has completed.
4.
When Summarize Now has completed, click the Reports tab. In the left-most pane, click GlobalViewor click a group or a managed appliance. You may see incomplete data if you view the Summary section of a selected report before the Summarize Now process is complete. Wait for the Report Data Summarized message to be displayed in Log > View Log.
Note
990
Summarizer
5.
In the center pane, click a report to expand it, then click the Summary option underneath it. For example, click Bandwidth, then click Summary to review the summarized bandwidth usage data.
6.
Navigate to the Summary section of other reports in the center pane to see other summarized data.
Configuring the Syslog Deletion Schedule Settings

Syslog files sent from SonicWALL appliances are stored on the GMS Summarizer system, and are consolidated into the syslog database. The Summarizer processes the syslog data and stores the processed data in the summary database. After summarization and after the configured period of syslog storage, the syslog data can be periodically deleted from the system. This is necessary as the syslog files and database can consume a lot of space on the file system. This section of the the Summarizer page also provides a way to delete summarized data for a certain date. For example, if summarized data is kept for a long time, such as 90 days, then you could use this option to remove some summarized data from a particular date within the 90 day period if the stored data was becoming too large.
991
Summarizer
Tip
Run your database maintenance jobs soon after the completion of the scheduled tasks configured on this page for summarizing data and deleting old syslog data.
For information about setting the number of days to store syslog files, the syslog database, and the summary database, see the Configuring Data Storage Settings section on page 677. To configure the syslog and summarized data deletion settings, perform the following:
1. 2.
On the Console panel, navigate to Reports > Summarizer. Under Syslog Deletion Schedule, select the time for daily deletion in the hour and minute Delete Syslog Data Daily at drop-down lists. Syslog data will be deleted at this time only after being stored for the number of days configured. Click the Update button to the right of this field. To delete summarized data from a specific date, enter a date in the form mm/dd/yyyy in the Delete Summarized Data For field. Click the Update button to the right of this field.
3. 4. 5.
Configuring Host Name Resolution

The Host Name Resolution feature allows the administrator to enable and configure the time period for the name resolution crawler. The name resolution crawler periodically resolves host names for IP addresses found in reporting data. Once the host name is resolved, the name will appear in place of the IP address in reports that contain it. Over time, more host names will appear in the report data as they are added to the list. The name resolution crawler runs by default every 24 hours (1440 minutes) and can be configured to run every 1 to every 60 hours.
992
Summarizer
To use the Host Name Resolution feature, perform the following steps:
1.
On the Console panel, navigate to Reports > Summarizer. The Host Name Resolution Settings section is displayed at the bottom of the page.
2. 3. 4.
To resolve host names for destination IP addresses, select the Resolve Destination Host Names checkbox. To resolve host names for source IP addresses, select the Resolve Source Host Names checkbox. To set the interval at which the name resolution crawler runs, select the number of minutes in the Periodic Crawling Interval drop-down list. Performance may be affected while the name resolution crawler is running, especially for the Summarizer module.
993
Email/Archive
Email/Archive
The Console > Reports > Email/Archive page provides global options for setting the time and interval for emailing/archiving scheduled reports, and global settings for the Web server, logo, and PDF sorting options.
Configuring Email/Archive Settings

To configure Email/Archive and Web server settings, perform the following steps:
1. 2. 3.
Click the Console tab, expand the Reports tree and click Email/Archive. The Email/Archive page displays. To set the next archive time, enter the date and time in the Next Scheduled Email/Archive Time fields and click Update. To specify the day to send weekly reports, select the day from the Send Weekly Reports Every list box and click Update.
994
Scheduled Reports
4. 5.
To specify the date to send monthly reports, select the date from the Send Monthly Reports Every list box and click Update. If the Web server address, port, or protocol has changed since SonicWALL GMS was installed, the new values will automatically appear in the Email/Archive Configuration section. These settings can be modified on the System Interface, and cannot be modified here. Under Logo Settings, you can select a logo to be used on reports. By default, the SonicWALL logo is used. To select another logo, click Browse next to the Logo File field or type the path and filename into the field, and then click Update. Under SortBy Settings for PDF Reports, select one of the following as the sorting criteria for reports and then click Update.
Mbytes - Sort reports by the number of megabytes in each entry Hits/Connections/Events - Sort reports by the number of hits,
6.
7.
connections, or events, depending on the type of report
Scheduled Reports
The Scheduled Reports page allows you to manage all the report schedules in the system from a central location. This page lists all the schedules in the system, enabling you to monitor the status of these recurring schedules and re-send failed schedules, if needed. For information on adding a new scheduled report, see Adding or Editing a Scheduled Report section on page 673. Under Search Results, the table indicates whether each schedule is enabled, along with information about the last execution time of a schedule, whether it ran successfully and the error that occurred if it failed, the last run type (scheduled or one time run), along with the node, owner and other relevant information. The Summary section provides status information on your report schedules. The Search Criteria section provides settings for searching report schedules. Results of your searches are displayed in the Search Results section.
995
Scheduled Reports
To search for scheduled reports:

1.
Click the Console tab, expand the Reports tree and click Scheduled Reports. The Scheduled Reports page displays.
2.
Define the Search Criteria tab. The Search Criteria tab contains the following elements to refine your search:
Schedule Type - Select from the following schedule types: All Schedules Daily Schedules Weekly Schedules Monthly Schedules Status - Select from the following status conditions: All
996
Scheduled Reports
Failed In Progress Success In Queue Partial Failure SonicWALL Node - Select from the following SonicWALL nodes: All Per Unit View Owner - Displays the owner (admin). Name Contains - Enter a context string to search by keywords. Error Contains - Enter a context string to search by keywords. Use Condition - Select from the following conditions: And Or Match Case - Select this checkbox to make your searches case
sensitive.
3.
Click Start Search to begin searching, or click Clear Search to reset all fields and start over.
The results of your search are displayed in a table in the Search Results section. You can adjust the number of schedules displayed, go directly to a row of the table, or navigate to other screens by clicking on links within the table.
To work with the search results:
1.
To adjust the number of schedules displayed in the table, enter a number of rows to display in the Show Schedules Per Screen field, and then click on the checkmark. To go directly to a row of the table, enter the row number in the Go To Schedule Number field, and then click on the checkmark. The columns in the table are as follows:
The check box allows you select the schedule for emailing or
2. 3.
archiving.
The notepad icon is a link to the Schedule Properties page.
997
Scheduled Reports
ID - The schedule ID number used to identify this schedule. You can
click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting, and indicates ascending or descending order.
Enabled - A green check mark indicates that this schedule is enabled,
and a red X means that it is disabled.

Name - The name of the report. Click on the highlighted report name
link to access the report for editing. You can click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting, and indicates ascending or descending order.
Type - All, Daily Schedules, Weekly Schedules, and Monthly
Schedules.
Unit/Group/Devices(s) - The host name of the SonicWALL appliance,
or the group name.

Last Run (Local) - The date when the report was last generated. You
can click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting, and indicates ascending or descending order.
Status - Includes the following report status options: Blue: Queued, waiting to be processed. Yellow: Currently processing. Orange: Report completed with errors. Red: Report failed with errors. Green: Report processed successfully.
You can click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting, and indicates ascending or descending order.
Last Run Type - Indicates if the most recent run was a scheduled run
or a one-time execution. You can click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting, and indicates ascending or descending order.
Last Error - Displays the error condition from the most recent run, if
any. You can click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting, and indicates ascending or descending order.
998
Scheduled Reports
Owner - Indicates the user ID of the user who created the schedule.
You can click on the column heading to sort by this field. An arrow is displayed in the column heading when this field is the basis for sorting, and indicates ascending or descending order.
4. 5.
To view the properties for a schedule, click the notepad icon in that row. The Schedule Properties page displays. To view the report, click on the name of the report. Your screen will change to the report screen on the UTM or SSL-VPN panel.
Resending Schedules
Apart from selecting multiple schedules for a one-time execution by selecting the appropriate checkboxes and clicking the Email/Archive the Selected Schedules now, you can re-send required schedules using the Re-send the selected schedules for dates option.
To resend any schedules, follow the procedures below:

1.
Select the Schedule Type (Daily, Weekly, or Monthly) from the Search Criteria section and click Start Search. This lists all the schedules of the selected type. Select the checkboxes of the schedules you want to resend. Provide a start date (and an end date if applicable). Reports are generated for the specified date/date range. Click Re-send the selected schedules for dates. Reports are generated for the specific dates and emailed/archived as a one time option for all the schedules selected.
2. 3.
999
Management
Management
Report Data Management allows the SonicWALL GMS administrator to backup large amounts of report data incrementally and at specified intervals using MDTA. Typically, the total amount of data stored in an archive is equal to at least 30 days, although best benefits are seen when storing at least 60 days of summarizer data. MDTA allows this archive to be built over time, archiving as little as 1 day of data each time the MDTA process is run.
Note
Total days to store summarized data in reports is set separately in the Console > Reports > Summarizer screen. Set this field for a value greater than 60 days for best results.
Configuring Report Data Management

As an administrator, you choose the number of days worth of data to archive each time the MDTA process is run. With the exception of the current month, all available data is eligible for archiving. For example, if you specify 3 days as the number of days to archive, MDTA will archive 3 days of data, starting with the oldest available data and will repeat this process every day. In order to obtain optimal performance when viewing reports however, SonicWALL GMS ensures that the current month is always kept in un-archived form.
Step 1
In the GMS Administrator Interface, navigate to Console > Reports > Management.
1000
Management
Step 2 Step 3
Check the box next to Enable Data Archive and click the corresponding Update button. Configure Data Archiving as follows, clicking the corresponding Update button after each line is completed:
Save Data Archive Select to save truncated data archive transaction Transaction Logs logs during each MDTA operation. Click the Update button. This option is deselected by default in order to conserve disk space. Next Scheduled Archive Time Schedule an initial date (mm/dd/yyyy) and time (in 24-hour format) for the MDTA operation. Click the Update button. MDTA operations will take place every day at the time you specify, starting with your initial date selection.
Number of Days to Specify the number of days worth of data to Archive consider for each MDTA operation. Archive Data Immediately Press this button to immediately start an on-demand MDTA operation. The archive will run immediately but your scheduled archive operation will still take place.
Note
High-traffic systems can generate reports that consume large amounts of memory, disk space and CPU time when using MDTA. Set your Number of Days to Archive and Scheduled Archive Time accordingly. To view when MDTA operations are starting and how long the process is taking, navigate to the Console > Log > View Log screen and look (or search) for or start and completed times for Report Data Archive.
1001
Management
1002
CHAPTER 46 Using Diagnostics

This chapter describes the diagnostic information that GMS provides, including log settings for debugging, system snapshots for troubleshooting, and summarizer status information. This chapter includes the following sections:

Debug Log Settings section on page 1003 Request Snapshot section on page 1006 Snapshot Status section on page 1008 Summarizer Status section on page 1009
Debug Log Settings

Debug Log Settings are included with GMS to help you diagnose issues you may encounter with your log data.
The Debug Log Settings are intended for use only under the direction of SonicWALL Tech Support.
Warning
1003
Debug Log Settings
Configuring Debug Log Settings

When instructed by SonicWALL Technical Support, perform the following steps to set the debug level:
1.
Click the Console tab, expand the Diagnostics tree and click Debug Log Settings. The Debug Log Settings page displays.
2.
Select the amount of debug information that is stored from the System Debug Level field. For no debugging, enter 0. For verbose debugging, enter 3. Select a debug setting from the Custom Settings list, and check the Enable Current Custom Setting checkbox to enable it. If there is not a custom setting that meets your needs, select New Custom Setting. The custom debug settings control the selections in the Custom Settings Detail and Qualification Type sections of this page. Custom settings can be useful to repeat the same debug runs after making changes elsewhere in the product to monitor the effect of those changes.
3.
4.
If you selected New Custom Setting or you need to modify the current custom setting, configure the Custom Setting Detail section:
Custom Setting Name: Enter the name for the new custom setting. Event Class: Select whether you want to monitor DEBUG,
APPLICATION, or INTERNAL events.

Event Type: Select the specific type of event you want to monitor
within the Event Class you selected. SonicWALL Technical Support can help you understand the names of the event types. 1004
Debug Log Settings
Destination File Name: Enter a name for the file where your debug
information will be written. The destination file will reside in: [GMS_Install_Directory]/Logs/
Sys Output: Select this to enable the debug to capture all system
information as it occurs.
5.
Click Select Qualification List to select a list Java classes in the GMS code in which to monitor debug symbols. The Qualification List is a list of Java classes. When you select Java classes in this list, the debug process monitors only the debug symbols in the Java classes you selected. Leave the list blank (it will display None) to monitor debug symbols for all classes.
6.
In the Qualification Names window, select the Java packages you want to debug. you can include or exclude specific Java classes by entering their full package and class names in the Included Class File Name and Excluded Class File Name fields.
7.
Click Update to accept your selections and close the window. You can clear you selections by clicking Reset.
1005
Request Snapshot
Request Snapshot
In order for a technical support representative to troubleshoot a problem, you might be asked to take a snapshot of SonicWALL GMS or you might want to view the configuration yourself.
Performing a System Snapshot

A system snapshot provides a detailed information about SonicWALL GMS, the SonicWALL GMS database, the system environment, licensing, and firewalls. This information includes:
Data from the sgmsConfig.xml file (Console or Agent only)

Debug state Build number Version Product Code Database type Database driver string Database dbuser Database password Database URL
Server state (Console or Agent only)whether a database connection could be established Environment information
CLASSPATH, PATH variables Web server listening port (Console only) Country Language Operating System IP Address MAC Address Machine data (memory size, etc.)
Latte/Licensing (Console or Agent only)

Connectivity to Latte backend
1006
Request Snapshot
Latte username/password MS license information (Console only)
Agent specific data

Managed units Units states (active or standby) Gateway firmware version Gateway state Ports (syslog, syslog parsing, etc.)
Firewall data (Gateway or Unit only)

IP address Data from status.xml VPNs present (Gateway only) Latte information (if registered)
Performing the Snapshot

To take a snapshot of the system, perform the following steps:
1.
Click the Console tab, expand the Diagnostics tree and click Request Snapshot. The Request Snapshot page displays.
2. 3. 4. 5. 6.
To take a snapshot of the SonicWALL GMS console, select GMS Console. To take a snapshot of one or more SonicWALL GMS agents, select the Agent check box(es). To take a snapshot of the GMS Gateway, select Gateway. Click Submit Snapshot Request. SonicWALL GMS takes the snapshot. To view the snapshot, see Viewing the Snapshot or Diagnostics.
1007
Snapshot Status
Snapshot Status
Viewing the Snapshot or Diagnostics
To view a snapshot or SonicWALL diagnostics, perform the following steps:
1.
Click the Console tab, expand the Diagnostics tree and click Snapshot Status. The Snapshot Status page displays.
2. 3. 4. 5. 6.
Select the snapshot or diagnostics that you want to view from the Diagnostics requested list box. To view the information, click View Snapshot Data. To save the information to a file that you can send to technical support, click Save Snapshot Data. To delete the information, click Delete Snapshot Data. To refresh the information, click Refresh Snapshot Data.
1008
Summarizer Status
Summarizer Status
The Summarizer Status page displays overall summarizer utilization information for the deployment including database and syslog file statistics, and details on the current status of each summarizer.
The Summarizer Status screen provides performance metrics for your network administrator to plan, design, and expand your GMS server deployment. This feature has information on the Syslog Collector and Summarizer metrics. The Summarizer metrics are available only for GMS deployments that have Distributed Summarizer enabled (enabled by default on GMS. The metrics are available for the past 24 hours, past seven days, and past 30 days. These metrics are reset (to zero), every 24 hours for daily metrics, every seven days for weekly metrics, and every 30 days for monthly metrics. Weekly metrics are not shown unless the data collection for weekly metrics started earlier than the daily metrics. Similarly, monthly metrics are not shown unless data collection for monthly metrics started earlier than for daily and weekly metrics. GMS will not display metrics for a component if the daily statistics collection started more than 26 hours earlier. This generally indicates that the component is not active. You can receive alert emails when Summarizer Status shows any abnormalities.
1009
Summarizer Status
To reach the Summarizer Status screen, navigate to the Console panel of GMS and then to Diagnostics > Summarizer Status. The Summarizer Status page is divided into a section showing the overall deployment-wide summarizer status and sections with details for each summarizer. See the following sections:

Summarizer Status Over 7 Days, page 1010 Details for Summarizer at <IP Address>, page 1012
Summarizer Status Over 7 Days

The Summarizer Status Over 7 Days section displays overall summarizer utilization information for the deployment including database and syslog file statistics. Results are calculated over the last 7 days, with historical data available over the last 30 days.
Summarizer Utilization
The top Summarizer Utilization section shows the average utilization of the summarizer over the applicable time period. The Dial Charts show the percent of total capacity used by the Syslog Collector or the Summarizer. The following metrics are also displayed in the Summarizer Utilization section: Total Run Time: Total amount of time spent generating summarization statistical data and results over the applicable time period. Number of Syslogs Received: Total number of syslogs received by the Summarizer over the applicable time period.
Note
Not all syslogs are summarized some syslogs, such as heartbeat messages are ignored. When Web Event Consolidation/Home Port Reporting is enabled, several syslogs may be ignored or alternatively, consolidated into a single syslog. If your appliance is managed by a different Agent, the results are not summarized here.
Number of Syslogs Summarized: Total number of syslogs summarized over the applicable time period. Average Syslogs Summarizer per Minute: Average number of syslogs summarized per minute over the applicable time period. Estimated Unused Capacity in Syslogs: The estimated remaining capacity of the summarizer in terms of the number of syslogs it can summarize, based on the time taken and number of syslogs summarized over the applicable time period. This number does not include the discarded syslogs. 1010
Summarizer Status
Tip
Usage Example: For this example, lets assume that the syslogs summarized per minute on a system is 18,108, and the average number of syslogs received on that system is 91 per firewall, per minute. Divide the number of syslogs per minute (18,108) by the number of syslogs per appliance per minute (91). This yields an estimate of 198 security appliances, assuming that the current appliances are a fair sample of the security appliances on your network. This simple math gives a reasonable estimate of the total number of security appliances this system should be able to handle, assuming that the Summarizer was to constantly summarize 24 hours (as in the case of a dedicated Summarizer).
Reporting Details
The Reporting Details section shows the number of appliances in the deployment, and the number with the following types of reports enabled:

Factory default reports All reports Custom set of reports
Summarizer Usage Top Appliances

The Summarizer Usage Top Appliances section displays information about the appliances in the deployment that used the most summarizer time. Details are given about which reports were generated and their summarizer execution time.
Database Statistics
The size is displayed for each of the following databases:

Current Archive Raw Syslog
Syslog File Storage Statistics

The size is displayed for each of the following syslog directories:
Current
1011
Summarizer Status
Archived Bad
Details for Summarizer at <IP Address>

Summarizer Utilization
The Summarizer Utilization section for a specific summarizer shows the same information described above for the entire deployment, but only shows the values for this summarizer.
Reporting Details
The Reporting Details section shows the number of appliances serviced by this summarizer, and the number with the following types of reports enabled:

Factory default reports All reports Custom set of reports
Summarizer Usage Top Appliances

The Summarizer Usage Top Appliances section displays information about the appliances serviced by this summarizer that used the most summarizer time. Details are given about which reports were generated and their summarizer execution time.
1012
Summarizer Status
Syslog File Information

This section displays syslog file details for the selected summarizer.
The Syslog File Information table is divided into three columns:
Syslog File Type: The type of files being reported on. There are ten main syslog file types:
Processed Files Unprocessed Files Grouped Files Not Mine Files Infected Files Archived Files Bad Files Upload Pending Files Uploaded Files Bad Upload Files
File Stats: The number of syslog files in the category and their size in Megabytes. Oldest: The date and time on the oldest file in the category.
Summarizer Process Details

The Summarizer Process Details section shows what tasks the summarizer is performing at the moment the Console > Diagnostics > Summarizer Status page displays. Refresh your browser display or leave the page and return to it to update the information.
1013
Summarizer Status
If the summarizer is currently running, the page displays the thread, appliance identifier, file being used, and state of the summarizer.
If the summarizer is currently idle, the page displays the last run time and next run time.
1014
CHAPTER 47 Granular Event Management

This chapter describes how to configure and use the Granular Event Management (GEM) feature in a GMS environment. This chapter contains the following sections:

Granular Event Management Overview section on page 1015 Using Granular Event Management section on page 1019 Configuring Granular Event Management section on page 1023 Viewing Current Alerts section on page 1040 Sample Event Alert Reports section on page 1041
Granular Event Management Overview

Granular Event Management (GEM) provides a customized and controlled manner in which events are managed and alerts are created. On the Console panel, GEM allows you to systematically configure each sub-component of your alert in order for the alert to best accommodate your needs. The GEM alert has multiple sub-components, some of which have further subcomponents. It is not necessary to configure all sub-components prior to creating an alert.
Severities: Severity is used to tag an alert as Critical, Warning, Information, or a custom severity level. You can create your own preferred severities and assign the order of importance to them from lowest to highest. When using a custom severity, you must define it before creating a threshold that uses it.
1015
Thresholds: A threshold defines the condition that must be matched to trigger an event and send an alert. Each threshold is associated with a Severity to tag the generated alert as critical, warning, or another value . You must define a threshold prior to creating an alert that uses it. One or more threshold elements are defined within a threshold. Each element of a threshold includes an Alert Type (defined below), an Operator, a Value, and a Severity. When a value is received for an alert type, the GEM framework examines threshold elements to find a match for the specified condition. If a match is found (one or more conditions match), the threshold with the highest severity containing a matching element is used to trigger an event.
Schedules: You can use Schedules to specify the day(s) and time (intervals) in which to send an alert. You can also invert a schedule, which means that the schedule is the opposite of the time specified in it. For example:
Send an alert during weekdays only, or weekends only, or only during
business hours.
Do not send an alert during a time period when the unit, network, or
database are down for maintenance.
Destinations: You can use Destinations to define where the alerts are sent. The destination(s) for an alert are specified in the Add Alert or Edit Alert screen. You can specify up to six destinations for an alert, such as multiple email addresses. For example:
Send an alert to the Unit owner all the time. Send an alert to a GMS user during business hours. Send an alert to the admin also during non-business hours for
immediate attention.
Alert types: Alert Types are pre-defined, static parameters and are not customizable. Alert types are used within threshold elements that define conditions that can trigger an event. Some example alert types are:
Unit Up-Down Alert type VPN SA is UP-Down, Enable-Disable
You must configure three of these components in order to create alerts:

Severities - You can use the pre-defined defaults or create your own Severities. Thresholds - You must configure the Thresholds that will trigger alerts. Schedules - You can use the pre-defined defaults or create your own Schedules.
1016
These can be configured in the Console > Events screens. After you configure these elements in Console > Events, you can also create alerts on the UTM and SSL-VPN panels. The Super Admin (admin@LocalDomain) user is able to add a new Severity, Threshold, Schedule, Schedule Group, or Alert into any domain. Other administrative users may only create/edit objects within their own domain. The GEM process flow is illustrated below. As you can see, you begin by configuring Severities and end with creating Alerts.
What is Granular Event Management?

The purpose of Granular Event Management is to provide all the event handling and alerting functionality for GMS. The GMS management interface provides screens for centralized event management on the Console panel,
1017
including screens for Events > Settings, Severity, Threshold, Schedule, and Alert Settings. The UTM, SSL-VPN, CDP, and Email Security panels also provide an Events > Alert Settings screen where you can add, delete, enable, or configure alerts that relate to either policies or reports. You can create or update an alert at the global, group, or unit level in GMS. At the group or global level, the alert is then applied to all units in the group or globally. Whenever you add a new unit to GMS management, the alerts set at the global level are applied to the new unit. Group level alerts are not automatically applied to the new unit, but when you update an alert at the group level, the update applies the alert to the entire group including any new units.
Benefits
Granular Event Management offers a significant improvement in control over the way different events are handled. You now have more flexibility when deciding where and when to send alerts, and you can configure event thresholds, severities, schedules, and alerts from a centralized location in the management interface rather than configuring these on a per-unit basis.
How Does Granular Event Management Work?

The Granular Event Management framework provides customized event handling, including email alerting on the status of specific VPN tunnels, alerting based on schedules (such as 8 am to 5 pm, or 24 hours a day), and alerting to specific email destinations based on severity and functionality. You can also configure GEM to send an alert when changes are made to a managed appliance by a local administrator through the appliance management interface rather than through GMS. This is a predefined alert available on the Policies panel. For a list of the predefined alerts, see Using Granular Event Management on page 1019.
1018
Using Granular Event Management

For convenience and usability, a number of default settings are predefined for severities, schedules, thresholds, and alerts. You can edit the predefined values to customize these settings, or you can create your own at the global, group, or unit level. To create your own, start by examining the Events screens on the Console Panel and adding custom components where needed. Then continue with the Events > Alerts Settings screens in the UTM and SSL-VPN panels. The predefined defaults for each panel and screen are as follows:
Table 18 GEM Predefined Default Objects
Panel Console
Screens Events > Severities
Predefined Default Objects Information Warning Critical
Console
Events > Thresholds
Unit Status Unit WAN Status Unit HF Status Unit Locally Changed VPN Tunnel Status Capacity in Percentage Agent Quota Reached Unit Status Database Size Status Database Log Size Status (on MySQL DB only) Summarizer Utilization
Console
Events > Schedule
Schedule Groups:

24x7 Weekdays 24 hours 8x5 Weekend Schedule: admin Monday 24 hours 1019
Schedules:
Panel
Screens
Predefined Default Objects

Monday business hours Tuesday 24 hours Tuesday business hours Wednesday 24 hours Wednesday business hours Thursday 24 hours Thursday business hours Friday 24 hours Friday business hours Saturday 24 hours Sunday 24 hours
Console
Events > Alert Settings
Unit Status Report Database Info New Firmware Availability Database Size Status Database Log Size Status (on MySQL DB only) Summarizer Utilization Status Summarizer Backed-Up Files Status (on MySQL DB only)
About Alerts
The Events > Alert Settings screens are available in the Console, UTM, SSL-VPN, CDP, and ES panels. You can create and edit alerts on these screens. In the alert settings screens, you can combine all of the previous elements (severity, threshold, and schedule) that you have configured in the Console panel. The GEM framework provides different types of alert types for the respective areas of the GMS application:

Policies panel: Alert settings for Management Reports panel: Alert settings for Reporting Console panel: Alert settings for the GMS application
1020
Table 19
GEM Alert Types
Panel location Console
Available Alert Types Date Base Info New Firmware Availability Unit Status Report Database Size Status Database Log Size Status (on MySQL DB only) Summarizer Utilization Status Summarizer Backed-Up Files Status (on MySQL DB only)
Reports
Bandwidth Usage (Billing Cycle) Bandwidth Usage (Daily) Events/Hits Total (Daily) Number of Attacks (Daily) Number of Intrusions (Daily) Number of Spyware Attempts (Daily) Number of Virus Attacks (Daily)
Policies
Unit HF Status Unit Locally Changed Unit Status Unit WAN Status VPN Tunnel Status
Duplicate Alerts
Duplicate alerts are allowed in GMS. A duplicate alert uses the same alert type that is already used in an existing alert. You do not need to create a duplicate alert if you want to add to or change an existing alert. Normally, you would avoid creating a duplicate alert by editing an existing alert to add another threshold element, destination, or other component. For example, you can have two or more threshold elements in the same alert to trigger under different conditions.
1021
At times there are benefits to creating a duplicate alert. As an example, only five destinations are allowed per alert, so a duplicate alert could include additional destinations. Or, you could create a duplicate alert that sends SNMP traps while the original alert sends email notifications. Also, if a threshold is being shared and you do not want to modify it, you can create a separate threshold and use it in a duplicate alert. GMS displays a warning when you try to create a duplicate alert. The warning serves as a reminder in case you forget that an alert already exists using the same alert type.
Note
Duplicate alerts use more resources from the alerting agent, but do not have a large impact on performance. You will receive two alert emails instead of one if the destinations are identical.
1022
Configuring Granular Event Management

To set up the GEM environment after installing GMS, start with the Events screens on the Console panel. You should examine each Events screen and make any necessary configuration changes. Then you can configure alerts in the Events screens on the Policies panel and Reports panel. See the following sections:

Configuring Events on the Console Panel section on page 1023 Configuring Alerts on the Policies Panel section on page 1037 Configuring Alerts on the Reports Panel section on page 1038 Adding Destinations and Schedules to an Alert section on page 1039
Configuring Events on the Console Panel

To experience the benefits of GEM, you must configure alerts for important events. In the Events screens on the Console panel, you can configure the frequency of subscription expiration and task failure notifications, as well as severities, thresholds, schedules, and alerts for handling events. See the following sections:

Configuring Event Alert Settings on page 1023 Configuring Event Severities on page 1025 Configuring Event Thresholds on page 1026 Configuring Event Schedules on page 1032 Configuring Alerts on the Console Panel on page 1035
Configuring Event Alert Settings

In Events > Settings, you can specify the following:

Email Alert Format, such as HTML (the default), text, or text for a pager Email Alert Frequencies and Thresholds Enable and Disable Alerts
1023
To configure Event Settings, perform the following steps:

1. 2.
On the Console panel, navigate to the Events > Settings screen. Under Email Alert Format Preferences, select whether the email alert will be sent as HTML, Plain Text, or Plain Text (Pager). The Pager setting sends a very short email to ensure that the email is not cut off by the character limits of some pagers.
Note
To assist in your decision for choosing a type of alert format, refer to Email Alert Formats section on page 1042 to view the appearance of the types of Email Alert Format Preferences.
3.
SonicWALL GMS provides a subscription expiry notification email that notifies the SonicWALL GMS administrator before warranty support, anti-virus, and content filtering services expire. By default, the email is sent to the SonicWALL GMS administrator 30 days and 7 days in advance of the firewall subscription service expiration dates. The email lists all managed SonicWALL appliances with expiring subscription services. In the E-Mail Alert Frequencies area, configure the notification and alert frequency settings:
Subscription Expiration 1st NoticeSpecifies when the first
subscription expiration notification is sent (default: 30 days).

Subscription Expiration 2nd NoticeSpecifies when the second
subscription expiration notification is sent (default: 7 days).

E-Mail Alert on Task Failure CountSpecifies how many times a
task must fail before an email notification is sent (default: 25).

4.
Click Update.
1024
Console_Events_Severity_Snwls
Configuring Event Severities

In the Events > Severity screen, you can create your own severity levels or use predefined severity levels. You can delete severity levels in this screen as well. Defining the severity priority can also be performed in this screen. Users with permissions to the Severity screen can create and edit these severities. GMS supplies the following three predefined severity levels:
1.
Information: This is the lowest severity level Warning: This is a mid-range severity level Critical: This is the highest severity level On the Console panel, navigate to the Events > Severity screen. On this screen, you can re-sequence the severities in importance by entering a severity sequence number in each field.
To configure Event Severities, perform the following steps:
2.

To re-order existing severities with the new sequence numbers that
you entered, click Update.
To add a new severity level, click Add Severity. 3.
In the Add Severity dialog box, type a name for the new severity level in the Name field.
1025
4.
Choose the color associated with this severity level by selecting a color from the Color Chooser diablog. You can see a preview of the color you selected in the Preview field.
5. 6.
Click Update. In the Console > Events > Severity screen, assign the level for the new severity you created by changing the numbering in the Sequence column of the Severity table. Click Update.
7.
Configuring Event Thresholds

In the Events > Threshold screen, you can view existing event thresholds, enable or disable them, configure their elements. A threshold defines the condition for which an event is triggered. Predefined thresholds have names similar to predefined Alert Types. Each threshold can contain one or more threshold elements. An element consists of an Operator, a Value, and a Severity. The following tasks are described in this section:

Adding a Custom Event Threshold on page 1027 Adding a Threshold Element on page 1028 Editing a Custom or Existing Threshold on page 1029 Editing an Event Threshold Element on page 1029 Enabling/Disabling Event Thresholds and Threshold Elements on page 1030 Deleting a Threshold and Threshold Elements on page 1031
1026
Adding a Custom Event Threshold

To add a custom event threshold, perform the following steps:
1.
On the Console panel, navigate to Events > Threshold.
2. 3.
Click the Add Threshold button to add a new threshold. In the Add Threshold dialog box, provide a name for the threshold value in the Name field.
4.
Select the Visible to Non-Administrators check box if you want the threshold to be visible to non-administrators. If this is selected, anyone can view the threshold elements and use the threshold in customized reports.
1027
Note
If the Visible to Non-Administrators is unchecked, only users from the Administrator group or the threshold creator will be able to view, use, edit, and delete the threshold. Whether this is selected or not, only the users from the Administrator group and the threshold creator will be able to edit or delete this object. Click Update.
5.
Adding a Threshold Element

Elements are components of a threshold. You must define a threshold by defining its elements.
1. 2.
To add a threshold element to the threshold, click the plus button in the Configure column of the Events > Threshold screen. The Add Threshold window will display.
3.
In the Operator drop-down menu, select from the list of operators.
4. 5.
In the Value field, enter a value. In the Severity field, select a severity.
1028
6.
The Disable check box allows you to temporarily disable the threshold without deleting it. Select the Disable check box if you want to disable the threshold. For more information about the enabling and disabling feature, see Enabling/Disabling Event Thresholds and Threshold Elements section on page 1030. Click Update.
7.
Editing a Custom or Existing Threshold

To edit your custom or existing threshold, perform the following steps:
1. 2.
On the Events > Threshold screen, click the threshold row.
edit button in the
The Edit Threshold window will display. In this window, you can edit the name of your threshold as well as allow this threshold to be visible to non-administrators. For more information on the visible to non-administrators feature, seeAdding a Custom Event Threshold section on page 1027. Click Update.
3.
Editing an Event Threshold Element

To edit an existing element of a Threshold, perform the following steps:
1. 2.
On the Events > Threshold screen, click the Configure column in the element row.
Operator Value Description Severity Disable
Edit icon located in the
In the Edit Threshold Element window, you can edit the following fields:
1029
Some alerts created by certain Alert Types contain predefined Thresholds that may not be edited. Alert Types: Unit HF Status, Unit WAN Status, Unit Locally Changed, and Thresholds with the same name in the Console Panel.
3.
In the Operator field, select from the drop down menu the type of operator to apply to your threshold element..
4. 5. 6.
In the Value field, enter the value for your threshold element. In the Description field, enter the description for your threshold element. In the Severity field, select the severity priority from the drop down menu. These are color coded for your easy reference on the Events > Threshold screen.
7.
To disable the threshold element, click the Disable check box. See Enabling/Disabling Event Thresholds and Threshold Elements section on page 1030. Click Update.
8.
Enabling/Disabling Event Thresholds and Threshold Elements

The GEM feature provides a Disable check box that allows you to disable or enable thresholds or individual elements within that threshold. Disabling an element or threshold rather than deleting it is beneficial because of the time invested in creating it. If it is needed again, you can simply enable it.
1030
You can disable a threshold by disabling all its elements. You can also disable individual elements within a threshold. To enable or disable Thresholds and/or their elements, perform the following tasks:
1.
On the Console panel, navigate to the Events > Threshold screen. On this screen, you are able to view existing Thresholds. You can also view existing elements within those thresholds by clicking the expand button by a threshold. You have the following two options for the enabling/disabling feature:
You can enable or disable a Threshold by disabling/enabling all the
elements that exist within it.

You can enable/disable the individual elements within a Threshold. 2. 3.
To enable or disable a threshold and/or elements, click the edit button that is on the element level. Select the Disable checkbox to disable the element or de-select the Disable checkbox to enable the element.
4.
Click Update.
Deleting a Threshold and Threshold Elements

On the Events > Threshold screen, you can delete Thresholds and Threshold Elements. This can be done by using the red Delete Threshold(s)/Element(s) button. To view the elements within a threshold, expand the threshold. You can select which threshold or elements within that threshold to delete. If you delete a threshold, the elements within that threshold will automatically be deleted as well. To delete thresholds and threshold elements, perform the following steps:
1.
On the Events > Threshold screen, optionally expand the threshold to view the individual elements.
1031
2.
To delete a threshold, click the checkbox to the left of the threshold name. You will see that its elements are automatically selected as well.
3. 4.
To delete an element, select only the element checkbox. When you have finished with your selections, click the Delete Threshold(s)/Element(s) button.
Configuring Event Schedules

The next component on the Console panel is Events > Schedule. In this screen, you can add, delete, or configure schedules and schedule groups. Schedule groups are one or more schedules grouped within an object. Administrators and Owners can edit these objects. Other users should be able to view or use them only if the Visible to Non-Administrators check box is selected. The following tasks are described in this section:

Adding an Event Schedule on page 1032 Editing an Event Schedule on page 1033 Adding an Event Schedule Group on page 1034 Deleting a Schedule or Schedule Group on page 1034
Adding an Event Schedule

In Events > Schedules you can add, delete, or configure schedules. You will see your schedules and schedule groups, their descriptions, and whether they are enabled. You can also individually delete one schedule or schedule group at a time by selecting the trash-icon on the right hand side for each row. For quick reference, you can hover your mouse over the descriptions to quickly view the type of schedule and the days and times when it is active. To add an event schedule, perform the following steps:
1. 2. 3. 4.
On the Events > Schedules screen, click Add Schedule. Select the Visible to Non-Administrators check box if you want the schedule to be visible and usable by non-administrators. To temporarily disable a schedule, select the Disable checkbox. Click Invert to create a schedule that is off during the dates and times that you specify.
1032
5. 6.
In the Schedule field, you can create one or more schedules. For each schedule, configure either: One Time Occurrence
Fill in the Date and Time fields.
Recurrence
Fill in Days, Start Time, and End Time fields.
Click Add to add this schedule to the Schedule List text box.
7. 8.
To delete an entry from the Schedule List text box, select the entry that you want to delete, and then click Delete. Click Delete All to delete all entries. Click Update when you are finished.
Editing an Event Schedule

To edit an existing schedule, click the Edit icon on the right side of the Events > Schedule screen. The screen and procedure for editing are the same as those for adding a schedule. See Adding an Event Schedule section on page 1032.
1033
Adding an Event Schedule Group

You can combine several schedules into a schedule group on the Events > Schedule screen. To add a schedule group, perform the following steps:
1. 2. 3. 4. 5. 6.
On the Events > Schedule screen, click the Add Schedule Group button. Enter the name of your schedule group in the Name field. Enter a description of your schedule group in the Description field. Click the Visible to Non-Administrators check box to allow this schedule group to be viewed and used by non administrators. Click the Disable check box to temporarily disable the schedule group. In the Schedules field, select the schedule(s) to add to your schedule group, and then use the arrow buttons to move the selected schedule into or out of the group. To move multiple schedule groups and/or schedules all at once, hold the CTRL button on your keyboard while making your selections.
7.
Click Update.
Deleting a Schedule or Schedule Group

You can delete custom schedules or schedule groups, or you can remove schedules from schedule groups. You cannot delete predefined static schedules or schedule groups. Only Administrators and Owners can delete schedules or schedule groups. 1034
To delete an event schedule, schedule group, or remove a schedule from a schedule group:
1. 2.
Navigate to the Events > Schedule screen. Click the check boxes of the schedule groups or schedules that you want deleted. When you click the schedule group check box, the schedules within that schedule group will be deleted as well. To remove a schedule from a schedule group, click the expand button on the schedule group, and select the schedules you wish to remove within that group. To delete the selected schedule group(s) or remove the selected schedules from a group, click the Delete Schedule Group(s)/Remove Schedules from Group button. To delete the selected schedule(s), click the Delete Schedule(s) button.
3.
4.
5.
Configuring Alerts on the Console Panel

The Console > Events > Alert Settings screen provides predefined alerts that apply to GMS as a whole. These are status type alerts, and do not use thresholds. You can hover your mouse over these to display information about them. You can configure the predefined alerts to use different destinations and schedules.
Adding an Alert
To add an alert in the Console panel, perform the following steps:
1. 2. 3.
Navigate to the Events > Alert Settings screen on the Console panel. Click Add Alert. In the Add Alert dialog box, optionally select the Visible to Non-Administrators checkbox. When the Visible to Non-Administrators checkbox is selected, anyone can use the Alert or view its details. When not selected, only users in the administrator group can view, edit, delete, or use this Alert.
1035
4.
To temporarily disable the alert, select the Disable checkbox. This is convenient for temporarily disabling the Alert rather than deleting it completely.
5. 6.
Select an alert type from the Alert Type drop-down list. Click Edit Content to configure the Threshold to use for triggering the Alert. The Edit Content link displays [Not Edited] until you have edited the content for the alert. See the following sections for more steps to perform when adding an alert:
Adding Destinations and Schedules to an Alert section on page 1039 Adding Destinations and Schedules to an Alert section on page 1039
7.
1036
Policies_Events_AlertSettings_Snwls
Configuring Alerts on the Policies Panel

You can configure alerts for events pertaining to policies on the Policies panel. There are five alert types for policies, four of which are used in predefined alerts. You can configure an alert using the fifth alert type, which is VPN Tunnel Status. If the GMS is managing units that have VPN tunnels, you should configure an alert using this alert type. You can also edit the predefined alerts to change their severities, schedules, destinations, or other components. GMS also allows you to create duplicate alerts. For more information, see Duplicate Alerts on page 1021. To configure an alert on the Policies panel:
1.
In the Policies > Events > Alert Settings screen, click Add Alert to access the Add Alert dialog box.
2.
In the Add Alert dialog box, optionally select the Visible to Non-Administrators checkbox. When the Visible to Non-Administrators checkbox is selected, anyone can use the Alert or view its details. When not selected, only users in the administrator group can view, edit, delete, or use this Alert.
1037
3. 4. 5.
To temporarily disable the alert, select the Disable checkbox. Select an alert type from the Alert Type drop-down list. Click Edit Content to configure the Threshold to use for triggering the Alert. The Edit Content link displays [Not Edited] until you have edited the content for the alert. See the following sections for more steps to perform when adding an alert:
6.
Configuring Alerts on the Reports Panel

You can configure alerts for events pertaining to reports on the Reports panel. You can configure an alert using any of the seven available alert types. No predefined alerts are provided for reports. To configure an alert on the Reports panel:
1.
On the Reports > Events > Alert Settings screen, click Add Alert to access the Add Alert dialog box. The following screenshot shows an example of the Alert Types list available when adding an alert from the Reports panel:
1038
2.
In the Add Alert dialog box, optionally select the Visible to Non-Administrators checkbox. When the Visible to Non-Administrators checkbox is selected, anyone can use the Alert or view its details. When not selected, only users in the administrator group can view, edit, delete, or use this Alert. To temporarily disable the alert, select the Disable checkbox. Select an alert type from the Alert Type drop-down list. Click Edit Content to configure the Threshold to use for triggering the Alert. The Edit Content link displays [Not Edited] until you have edited the content for the alert. See the following sections for more steps to perform when adding an alert:
3. 4. 5.
6.
Adding Destinations and Schedules to an Alert

When adding an alert, you must provide one or more destinations and schedules for the alert. You can add up to five destinations per alert. To add destinations for event schedules, perform the following steps:
1. 2.
In the Add Alert dialog box, click Add Destination to create an entry under Destination / Schedule. In the Destination drop-down list, select the type of email alert to send. For some email types, specify one or more email addresses in the second text box that GMS displays.
Note
Destination includes the new GMS homepage: SonicToday.
1039
3.
In the Schedule drop-down list, select the alert schedule from your choice of custom or predefined schedules or schedule groups. You can add up to five destinations and schedules to the Alert.
4. 5.
Repeat this procedure for additional destinations and/or schedules. A total of five destinations is allowed. When you are finished, click Update. If you select another Alert Type before you click Update in the Add Alert dialog box, or if you click Reset, you lose the on the fly Threshold that you created and the Edit Content status becomes Not Edited.
Note

You can view a list of current alerts on the Events > Current Alerts page of the UTM, SSL-VPN, CDP, or ES panel. Select a global view, group, or unit to view current alerts for your selection.
1040
Sample Event Alert Reports

Examples of alert emails you will receive are shown below:
Figure 13
Database Healthcheck
Figure 14
Critical: Unit Status
1041
Figure 15
Critical [Recovered]: Unit Status
Email Alert Formats

The types of alert emails are available in the following formats:

HTML Plain Text Plain Text (Pager)
HTML Email Alert Format
1042
Plain Text
1043
Plain Text (Pager)
1044
CHAPTER 48 Managing Licenses

This chapter provides information about GMS licensing, registration, upgrading to new versions, and applying software patches. This chapter includes the following sections:

GMS License section on page 1045 SonicWALL Upgrades section on page 1049
GMS License
The following sections describe how to manage GMS licenses:

Upgrading a Demo License to a Retail License on page 1046 Product Licenses on page 1047
1045
GMS License
Upgrading a Demo License to a Retail License

The following sections describe how to upgrade a SonicWALL GMS demo license to a retail license.
Upgrading within the Demo Period

To upgrade a SonicWALL GMS demo license to a retail license within the demo period, perform the following steps:
1.
Click the Console Panel tab, expand the Licenses tree and click Manage Licenses. The product License Summary page displays. If prompted to login, enter your mysonicwall.com User name and password before continuing.
2.
Enter the activation code in the Activation Code field and click Upgrade.
The License Type will change to Retail License and the Current Nodes Allowed will change from 10 to 25.
Upgrading Outside the Demo Period

To upgrade a SonicWALL GMS demo license to a retail license after the demo period expires, perform the following steps:
1. 2.
Start SonicWALL GMS. The Registration page displays. Enter the demo upgrade activation code and click Update. The Login displays and the license is upgraded.
1046
GMS License
Product Licenses
The Product Licences page allows the user to view, upload, and manage licences and subscriptions for this GMS installation.
License Summary
View license details on the Licenses > Product Licences page, under the License section.
This section allows you to view the following information about security services and support services: StatusDisplays whether the product is licensed or not licensed CountDisplays the remaining number of licenses for this service. ExpirationDisplays the expiration date of the service (if applicable).
Current Subscription Expirations

View current subscription expiration status on the Licenses > Product Licences page, under the Current Subscription Expirations section.
This section allows you to view a summary of information about any subscriptions which carry an expiration date.
Managing Licenses
This feature allows licenses to be managed through your MySonicWALL.com account.
1047
GMS License
To manage licenses:
1. 2.
In the Console panel, navigate to the Licenses > Product Licenses page. Click the Manage Licenses button. The MySonicWALL login page displays.
3.
Login with your MySonicWALL credentials to manage your licenses.
Refreshing Licenses
This feature allows the administrator to synchronize GMS with the MySonicWALL license server. Synchronization is useful if you have recently purchased new licenses, and these licenses are not yet appearing in the summary page. To refresh licenses:
1. 2.
In the Console panel, navigate to the Licenses > Product Licenses page. Click the Refresh Licenses button. The License Summary page displays a message, and the date of last contact changes to reflect this.
Manually Uploading a License

Normally, MySonicWALL communicates with your GMS installation to synchronize licenses automatically. The manual upload feature is useful if for some reason your GMS node is without Internet connectivity.
1048
SonicWALL Upgrades
To manually upload a license:

1. 2.
In the Console panel, navigate to the Licenses > Product Licenses page. Click the Upload Licenses button. The Upload Licenses page displays.
3.
Click the Browse... button to search for your locally stored license file. License files for manual updates are available for download through your MySonicWALL account. Click the Upload button to complete the license transfer.
Note
4.
SonicWALL Upgrades
This section describes the procedures for upgrading SonicWALL appliances. This functionality includes adding nodes, content filter subscriptions, VPN functionality, VPN clients, anti-virus licenses, and more. When a SonicWALL GMS subscription service (i.e., warranty support, anti-virus, or content filtering) is about to expire, the GMS administrator will receive expiration notifications via email prior to the expiration. The email notification is sent once a day (if applicable) and lists all managed SonicWALL appliances with expiring subscription services. To upgrade SonicWALL appliances, complete the following procedures:
1. 2. 3.
Upgrading the Node License on page 1050 Purchasing Upgrades on page 1050 Activating the Upgrades on page 1051
1049
SonicWALL Upgrades
Upgrading the Node License

Depending on the number of licenses you have ordered, you may need to add SonicWALL GMS licenses to configure and support additional SonicWALL appliances. This section describes how to perform a node license upgrade. To view the current node license, click on the Console panel, expand the Licenses tree, and click Product License. The current license is displayed under the License Summary section. SonicWALL offers unified support packages called Comprehensive GMS Support (CGS). CGS is an annual agreement that includes:

Technical support for the GMS application Software updates and upgrades for GMS Technical support, advanced-exchange hardware replacement and firmware updates for all of the units under GMS management
Comprehensive GMS Support is sold in increments of 25, 100, and 1,000 nodes and is available in both 8X5 and 24X7 versions. The nodes can be any combination of UTM or SSL-VPN nodes. Currently CDP and SonicWALL Email Security are not included in CGS packets.
Purchasing Upgrades
To purchase upgrades, perform the following steps:
1. 2.
Contact your SonicWALL sales representative. You will receive an activation code for each upgrade that you purchase. After receiving the activation codes for the SonicWALL upgrades, continue to the next section.
1050
SonicWALL Upgrades
Activating the Upgrades

To license upgrades, perform the following steps:
1.
Click the Console tab, expand the Licenses tree and click Activation Codes. The SonicWALL Activation Codes page displays.
2. 3.
To manually add one or more activation codes, in the Activation Code (manual) field, enter a list of activation codes separated by semi-colons. Click Add Activation Code(s). GMS validates the codes with the backend server and then adds them to the GMS license pool database if they are valid. The Console > Logs screen provides more information on success/failure of individual activation codes.
4.
To delete activation codes, select one or more codes under the Delete Activation Codes section and click the Delete Activation Code(s) button. To add a large number of activation codes from a file, type the file name into the Activation Code (file-based) field, or click Browse to select the file. Then, click Add Activation Code(s) and follow the on-screen prompts. The file can contain multiple activation codes - each line in the file has a single activation code. Once the operation is completed, the Console > Logs screen has more detailed information on the success/failure of individual activation codes that were provided in the file. A sample file is as follows, which includes for activation codes (one per line): SBRG4827 AGTRUY56 GFKJASLJ
5.
1051
SonicWALL Upgrades
1052
CHAPTER 49 Web Services

This chapter provides information about the GMS Web Services feature. Web Services is a software system designed to support interoperability between GMS and other network appliances, servers, and devices through an application programming interface (API). Web Services is located in the Console panel of the GMS management interface:

URI Basics section on page 1054 Settings section on page 1055 Status section on page 1056 Distributed Instances section on page 1057
1053
URI Basics
URI Basics
The URI is a HTTPS string which is used to identify Web Services resources. Each URI is composed of both static and dynamic parts which differ based on each particular deployment. The following provides a typical, though not comprehensive, URI example:
https protocol
host name or IP address
serial number of the appliance (dynamic)
https://10.0.14.150/ws/screenAttributes/0001B123C45D/1003
Web Service name

Note
Web Services application name
screen ID (dynamic)
For more information on configuring and using GMS Web Services in your deployment, download the GMS Web Services Technote at: <http://www.sonicwall.com/us/support.html>
1054
Settings
Settings
The Settings screen allows configuration of a secure HTTPS Public URI for use with Web Services features. The public URI specified here is used to access Web Services and to ensure proper embedded cross-links between Web Services applications. To configure Web Services Settings:
1.
Navigate to the Web Services > Settings screen on the GMS Console panel.
2. 3. 4.
Choose which deployment you wish to configure from the drop-down list in the GMS Deployment section. Enter the public server name and port in the Public URI section. This field is typically pre-populated during the GMS install/setup process. Click the Update button to save your changes.
1055
Status
Status
The status screen allows the administrator to view, enable, and disable individual Web Services across one or more GMS deployments. To view and configure Web Services status:
1.
Navigate to the Web Services > Status screen on the GMS Console panel.
2. 3. 4.
Select or deselect the Enabled checkbox for the service(s) you wish to enable or disable. Click the Update button to save your changes. The Web Services table, in the Web Services > Status screen gives the following information about each Web Service: Description If selected, this feature is currently enabled Indicates the name of the Web Service Indicates the full URI used to access this Web Service Provides a description of the Web Service
Feature Enabled Service URI Description
1056
Distributed Instances
The distributed instances screen allows the administrator to enable and configure distributed instances of GMS Web Services. The distributed instances feature is accessed through the Web Services > Distributed Instances screen in the GMS Console tab.
The Distributed Instances Table

The distributed instances table is located on the Web Services > Distributed Instances screen.
Current distributed instances can be viewed, edited, or deleted as follows: Feature Status Serial Number Name Hostname Port Username Password Edit Icon Delete Icon Description Green: Instance is currently online Red: Instance is currently offline Serial number of this instance Friendly name assigned to this instance Hostname or IP address of this instance SSL port used to communicate with this instance Username used when accessing this instance Password used when accessing this instance Click to edit the properties of this instance Click to delete this instance
1057
Configuring Distributed Settings

To manage distributed settings for GMS Web Services:
1.
Navigate to the Web Services > Distributed Instances screen in the GMS Console tab.
2. 3.
Select the Enable distributed instances checkbox to allow this instance of GMS Web Services to interact with other instances. Select the This is a central instance checkbox to designate this installation as the central management point for Web Services across a distributed environment.
Adding a Distributed Instance

To add a new distributed instance for GMS Web Services:
1. 2.
Navigate to the Web Services > Distributed Instances screen in the GMS Console tab. Click the Add Distributed Instance link in the Distributed Interfaces section. The Add Remote Interface window displays.
3. 4. 5. 6. 7. 8.
Enter a friendly Name for this instance. Enter the Hostname / IP Address for the system . Enter the HTTPS port for the system you wish to add as an instance. Enter the Username you wish to use to access this system. Enter the Password for the username you specified in the previous step. Select the Default Domain for this instance to operate under.
1058
9.
Select the Default Scheduler to be used for this instance. instance is authenticated and verified.
10. Click the Update button to add this instance and wait while the new
1059
1060
CHAPTER 50 Using GMS Help

To access the GMS online help, click the blue help button corner of the GMSuser interface. in the top-right
Tips and Tutorials

Tips and tutorials are available in some pages of the user interface, and are denoted by a Lightbulb icon:
1061
About GMS
To access tips and tutorials:

1. 2.
Navigate to the page where you need help. If available, click the Lightbulb icon in the upper right-hand corner of the window. Tips, tutorials, and online help are displayed for this topic.
About GMS
The Console > Help > About page displays the version of GMS being run, who the GMS is licensed to, database information, and the serial number of the GMS. To access the GMS online help, click the blue help button corner of the GMSuser interface. in the top-right
1062
Part 6 Appendix
1063
1064
Appendix A Technical Tips


Log Viewer section on page 1066 Real-time Syslog Viewer section on page 1068 Forwarding Syslog Data to Another Syslog Server section on page 1072 Forwarding the Syslog Data to a WebTrends Server section on page 1072 Posting GMS Reporting to Another Web Server for End-User Access section on page 1073 Miscellaneous Procedures and Troubleshooting Tips section on page 1073
1065
Log Viewer
Log Viewer
The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance. This information is stored for the time that you specified in the configuration settings.
Note
The Log Viewer displays raw log information for every connection. Depending on the amount of traffic, this can quickly consume a large amount of space in the database. It is highly recommended to be careful when choosing the number of days of information that will be stored. For more information, see Configuring Log Settings on page 933.
To configure Log Viewer settings for generating a report, perform the following steps:
1. 2. 3.
Click the Reports tab. Select a SonicWALL appliance. Expand the Log Viewer tree and click Search. The Search page displays.
Reports > Log Viewer > Search
Figure 16
4. 5. 6. 7. 8.
Select the date to view from the Date list box. Enter the starting time of events to view in the Start Time field. Select the ending date of events to view in the End Date list box Enter the ending time of events to view in the End Time field. Select the type of events to view from the Message Category list box.
1066
Log Viewer
9.
Enter the source IP address to view in the Source IP Address field. To view all IP addresses, enter All. field. To view all IP addresses, enter All.
10. Enter the destination IP address to view in the Destination IP Address 11. Select the number of entries to display per page from the Results Per
Page field.
12. Click Generate Report. The Log Viewer Results page displays. Figure 17 Log Viewer Results
1067
Real-time Syslog Viewer
Real-time Syslog Viewer

The real-time syslog utility enables you to diagnose the system by viewing the syslog messages in real time.
Note
Only use this utility when needed for diagnostic purposes.
To open the real-time syslog utility, follow these steps:

1. 2. 3.
Click the Monitor tab, expand the Tools tree and click Real-Time Syslog. The Real-Time Syslog page appears. If the Syslog Reader is not already running, click Start Syslog Reader. Click Start Button at the bottom of the screen. The Syslog Viewer begins showing the latest syslog entries.
Syslog Viewer Entries
Figure 18
4. 5.
To change how many messages are displayed, select a number from the Number of Messages list box at the bottom of the screen. To change how often the Syslog Viewer is refreshed, select the time from the Refresh Time list box at the bottom of the screen.
1068
GMS Reports and Corresponding Syslog Categories
6. 7.
To stop the viewer, click the Stop button. To search for text, use the browsers Find utility.
When you are finished, close the Syslog Viewer.

Table 20 GMS Reports and Syslog Categories
Report Category Status Bandwidth
Report Title Up-time summary Up-time over time Summary Top Users Over Time
Syslog Category GMS GMS Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic
Top Users Over Time Network Traffic Web Usage Summary Top Sites Top Users By User By Site By Category Over Time
Top Sites Over Time Network Traffic Top Users Over Time Network Traffic By Users Over Time Network Traffic By Category Over Time Browse Time Summary Top Users By User Over Time Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic 1069
Table 20
GMS Reports and Syslog Categories
Report Category
Report Title By User Over Time
Syslog Category Network Traffic Blocked Websites Blocked Websites Blocked Websites Blocked Websites Blocked Websites Blocked Websites Blocked Websites
Top Users Over Time Network Traffic Web Filter Summary Top Sites Top Users By User By Site By Category Over Time
Top Sites Over Time Blocked Websites Top Users Over Time Blocked Websites By Users Over Time Blocked Websites By Category Over Time FTP Usage Summary Top Users Over Time Mail Usage Summary Top Users Over Time VPN Usage Summary Top Users Over Time By Policy By Policy Hourly By Service Blocked Websites Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic Network Traffic
Top Users Over Time Network Traffic
Top Users Over Time Network Traffic
Top Users Over Time Network Traffic By Policy Over Time Network Traffic
1070
Table 20
GMS Reports and Syslog Categories
Report Category Attacks
Report Title Summary By Category Errors Attacks Over Time Categories Over Time Errors Over Time
Syslog Category Attacks, Intrusion Prevention Attacks, Intrusion Prevention Dropped TCP, Dropped UDP, Dropped ICMP Attacks, Intrusion Prevention Attacks, Intrusion Prevention Dropped TCP, Dropped UDP, Dropped ICMP Attacks Attacks Attacks Attacks Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Authenticated Access Authenticated Access
Virus Attacks
Summary Top Viruses Over Time Top Viruses Over Time
Anti-Spyware
Summary By Category Over Time By Category Over Time
Intrusion Prevention
Summary By Category Over Time By Category Over Time
Authentication
User Login Admin Login Failed Login
1071
Forwarding Syslog Data to Another Syslog Server
Forwarding Syslog Data to Another Syslog Server

To forward SonicWALL GMS syslog data to another syslog server, perform the following steps:
1. 2. 3. 4. 5.
Open the sgmsConfig.xml file with a text editor. Locate the following line:
Parameter name =syslog.forwardToHost value=
Add the IP address or hostname of the destination syslog server to the value attribute. Save the sgmsConfig.xml file and exit. Ensure that at least firmware 6.3.1.0 is running on the managed SonicWALL appliances.
Note
To configure SonicWALL GMS to not store the syslog data after it has been forwarded, you must disable the GMS Reporting Module. To do this, open the GMS Settings page in the Console Panel, deselect the Enable Reporting check box, and click Update.
Forwarding the Syslog Data to a WebTrends Server

From SonicWALL GMS, you can forward the syslog data to a WebTrends server. To accomplish this, do the following:
1. 2. 3. 4. 5. 6.
Open the sgmsConfig.xml file with a text editor. Locate the following line:
Parameter name =syslog.forwardToHost value=
Add the IP address or hostname of the WebTrends syslog to the value attribute. Save the sgmsConfig.xml file and exit. Ensure that at least firmware 6.3.1.0 is running on the managed SonicWALL appliances. Change the syslog format in each managed SonicWALL appliance from the default format to the WebTrends format on the Log Settings page.
1072
Posting GMS Reporting to Another Web Server for End-User Access
WebTrends cannot read the SonicWALL syslog in its default format. The default syslog formats source (src) and destination (dst) fields contain port numbers and link information (i.e., WAN, LAN, and DMZ). These prevent WebTrends from resolving the IP to DNS entries and from performing HTML title lookups within the reports.
Note
The GMS Reporting Module also has problems with the WebTrends syslog format. To disable GMS Reporting, open the GMS Settings page in the Console Panel, deselect the Enable Reporting check box, and click Update.
Posting GMS Reporting to Another Web Server for End-User Access

To allow end user access to another web server for end-user access, install the SonicWALL GMS Console in redundant mode. You can then allow end user access to the redundant Console for viewing GMS Reporting real-time and historical reports. End user access will be isolated from the main Console that is used for managing and configuring SonicWALL appliances.
Miscellaneous Procedures and Troubleshooting Tips

This section contains miscellaneous SonicWALL Global Management System procedures and troubleshooting tips.
Miscellaneous Procedures
This section contains information on procedures that you may need to perform. Select from the following:
It is highly recommended that you regularly back up the SonicWALL GMS data. For more information, see Backing up SonicWALL GMS Data on page 1074.
1073
SonicWALL GMS requires Mixed Mode authentication when using SQL Server 2000. To change the authentication mode, see Changing the SQL Server Authentication Mode on page 1074. If you are reinstalling SonicWALL GMS, preserving the previous configuration settings can save a lot of time. To reinstall SonicWALL GMS using an existing SonicWALL GMS database, see Reinstalling SonicWALL GMS Using an Existing Database on page 1075. If you need to uninstall SonicWALL GMS from a server, it is important to do it correctly. To uninstall SonicWALL GMS, see Uninstalling SonicWALL GMS and Its Database on page 1075.
Backing up SonicWALL GMS Data

SonicWALL GMS stores its configuration data in the SGMSDB database. It is important to back up this database and the individual SonicWALL GMS databases (sgmsvp_yyyy_mm_dd) on a regular basis. The Console > Management > Database Maintenance page provides the necessary support for backing up and restoring the MySQL database that is bundled with SonicWALL UMS. For more information, see the Database Maintenance section on page 977. If you are using SQL Server, this can be accomplished by backing up the entire SQL Server using the database backup tool. When using this tool, there is no need to stop the SonicWALL GMS services for database backup. However, make sure that the backup occurs when SonicWALL GMS activity is the lowest and that the backup operation schedule does not clash with the SonicWALL GMS scheduler.
Note
It is also recommended to regularly back up the entire contents of the SonicWALL GMS directory, the sgmsConfig.xml file.
Changing the SQL Server Authentication Mode

SonicWALL GMS requires the Mixed Mode authentication mode. To change the authentication mode from Windows Mode to Mixed Mode, follow these steps:
1. 2. 3.
Start the Microsoft SQL Server Enterprise Manager. Right-click the appropriate SQL Server Group and select Properties from the pop-up menu. Click the Security tab.
1074
4. 5.
Change the Authentication mode from Windows only to SQL Server and Windows. Click OK.
Reinstalling SonicWALL GMS Using an Existing Database

If you need to reinstall SonicWALL GMS, but want to preserve the settings in an existing SonicWALL GMS database, follow these steps:
1. 2. 3. 4.
Install a new database, using the same username and password that you used for the existing SonicWALL GMS database. Install SonicWALL GMS using this new database. Stop all SonicWALL GMS services. Open the sgmsConfig.xml and web.xml files with a text editor. Change the values for the dbhost and dburl parameters to match the existing SonicWALL GMS database. Restart the SonicWALL GMS services. Uninstall the new database.
5. 6.
Uninstalling SonicWALL GMS and Its Database

This section describes how to uninstall SonicWALL GMS and its components. Select from the following:

To uninstall SonicWALL GMS on the Windows platform, see Windows on page 1075. To uninstall SonicWALL GMS databases from Microsoft SQL Server 2000, see MS SQL Server 2000 on page 1076.
Windows
To uninstall SonicWALL GMS from a Windows system, follow these steps:
1. 2. 3.
Click Start, point to Settings, and click Control Panel. Double-click Add/Remove Programs. The Add/Remove Programs Properties window displays. Select SonicWALL Universal Management Suite and click Change/Remove. The SonicWALL Universal Management Suite Uninstall program starts. Follow the on-screen prompts. Restart the system. SonicWALL GMS is uninstalled.
4. 5.
1075
MS SQL Server 2000

To uninstall or remove the SonicWALL GMS databases in the MS SQL Server 2000, you can execute the following DOS command from any SonicWALL GMS server:
osql -U username -P password -S dbHost_IP -q "drop database SGMSDB" osql -U username -P password -S dbHost_IP -q "drop database sgmsvp_yyyy_mm_dd"
Or you can use the MS SQL Server's Enterprise Manager and delete the SGMSDB and sgmsvp_ databases.
Troubleshooting Tips
This section contains SonicWALL GMS troubleshooting tips.
Changing a SonicWALL GMS Agent IP Address

If you have changed the IP address of the SonicWALL GMS Agent, follow these steps:
1. 2. 3.
Stop all SonicWALL GMS services. Change the GMS Scheduler service status to manual mode (Windows only). If you are using MS SQL Server, execute the following SQL commands from a DOS window:
osql -U <userid> -P <password> -Q "update sgmsdb.dbo.schedulers set ipAddress = 'new ip' where ipAddress = 'old ip'"
4. 5.
Change the GMS Scheduler service status to Automatic mode (Windows only). Restart all SonicWALL GMS services.
1076
Changing the Default Syslog Server Port Number

By default, the SonicWALL GMS syslog server default port number is 514 on Windows systems. To change the port number, follow these steps:
1. 2.
Open the sgmsConfig.xml file with a text editor. Add the following line to the end of the file before the </Configuration> section:
Parameter name="syslog.syslogServerPort" value="port_number" where port_number is the new port number.

3.
Save the file and exit.
Manually Configuring the Java.policy File for SonicWALL GMS JRE

Manually configuring the java.policy file is only necessary if you dont want to accept certificates for signed applets. See About Signed Applets in SonicWALL GMS, page 28. In order for SonicWALL GMS to access the java.policy file, permissions to that file must be manually configured due to read/write restrictions imposed on SonicWALL GMS by the client Web browser. If the java.policy file is not modified, you will encounter error messages when cutting and pasting text, trying to login to a firewall, and importing various settings. The java.policy file must be configured on every system that is used to access SonicWALL GMS. To configure the java.policy file to allow SonicWALL GMS JRE to have read/write access to the java.policy file, perform the following procedures:
1. 2. 3. 4. 5. 6. 7.
Open the Windows Control Panel. Double-click on the Java icon. Click the Java tab. Select the View button at the top of the dialog box, under Java Applet Runtime Settings. Record the default directory for your JRE plugin. The default directory is the first instance listed in the Location column. Navigate to the \lib\security folder within your default JRE plugin directory. Open the java.policy file using a text editor, for example, WordPad.
1077
8.
At the end of the file, paste the following text: grant { permission java.net.SocketPermission "*","connect,resolve"; permission java.net.NetPermission "getCookieHandler"; permission java.net.NetPermission "setCookieHandler"; permission java.io.FilePermission "<<ALL FILES>>","read, write, delete,execute"; permission java.util.PropertyPermission "user.home","read, write"; permission java.util.PropertyPermission "user.dir","read, write"; permission java.lang.RuntimePermission "modifyThread"; permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; permission java.awt.AWTPermission "accessClipboard", "write"; };
9.
Save the changes and close all instances of the browser.
Installing the Java Plug In

You need Java Plug-in 1.6 or later to access the SonicWALL GMS management interface.
Tip
The Java Plug-in is automatically installed during the SonicWALL GMS installation. However, you can manually install the Java Plug-in by following these steps.
To manually install the Java Plug-in, perform the following steps:

1. 2. 3. 4. 5.
Execute the application C:\SGMS4\etc\jre-1_6-windows-i586-p.exe. Select the radio button next to Accept the Terms of the LIcense Agreement. Click Next. Select the radio button next to Typical installation and click Next. It may take several minutes for the Java Plug-in to install. In the Installation Complete window, click Finish.
1078
Appendix B Using the SonicWALL GMS CLI

This chapter describes how to access the command line interface (CLI) and how to execute CLI commands. This chapter contains the following subsections:

Accessing the CLI section on page 1080 CLI Commands section on page 1081 Configuring SonicWALL Parameters section on page 1105 Modifying SonicWALL Parameters section on page 1109 Configuration Parameters section on page 1112
1079
Accessing the CLI
Accessing the CLI

The GMS CLI may be accessed either locally (directly from a prompt on the GMS machine), or remotely (through an SSL connection using the SonicWALL GMS CLI Server-Client).
Local CLI Access

To access the CLI locally:
1. 2.
Open the command-line prompt. Change to the following directory: sonicwall_directory\cli where sonicwall_directory is the location where SonicWALL GMS is installed.
3. 4. 5.
Enter one of the following commands: For Windows NT, enter: sgms Perform any of the commands described in CLI Commands on page 1081. To exit from the SonicWALL GMS CLI, enter the following command: sgms> quit
Remote (SSL) CLI Access

The GMS CLI Server feature allows for remote clients to connect and administer CLI commands over a secure SSL connection using a lightweight Java client. The CLI server uses the gmsvpserverks (SonicWALL Self-Signed) keystore. This section provides instructions to configure both server and client for remote CLI access.
Note
The default port for the CLI service is 5555. Ensure that this port is opened on your perimeter firewall or UTM device in order for a connection to be established. This port is configurable in the <gmsvp>/CLI/cliserver/liserver.properties file.
1080
CLI Commands
Using the Remote Client

To access the CLI remotely:
1. 2. 3.
Unzip and install the CLIClient.zip bundle on the client system. This file is found inside the CLI directory on your GMS or ViewPoint system. On the client system, run the remote client from a command prompt. Enter the network configuration information for your remote server as prompted.
Note
On the client system, verify that the JAVA_HOME environment variable is set to the JRE/JDK install directory. Perform any commands as you would using a local CLI prompt. These commands are described in CLI Commands on page 1081. To exit from the SonicWALL GMS CLI, enter the following command: sgms> quit
4. 5.
CLI Commands
This section provides both syntax and usage guidelines for common GMS CLI commands. This section contains the following sub-sections:

Logging In section on page 1082 Logging Out section on page 1082 Executing a Command without Logging In section on page 1083 Adding SonicWALL Appliances section on page 1084 Adding Users section on page 1088 Changing Users section on page 1092 Deleting a Single User section on page 1095 Deleting Multiple Users section on page 1096 Adding and Removing Activation Codes section on page 1097 Deleting Nodes Using XML section on page 1101 Monitoring Tunnel Status section on page 1102 Monitoring Tunnel Statistics section on page 1103 Refreshing a Tunnel section on page 1104
1081
CLI Commands
Renegotiating a Tunnel section on page 1104 Synchronizing Tunnel Information section on page 1104
Logging In
To log in to the SonicWALL GMS CLI, use the sgms login command: sgms > login username password
Syntax
Table 1:
username password
Admin user. Password of the admin user.
Usage Guidelines
When this command is entered, SonicWALL GMS does the following:
Checks whether the command is entered with the correct parameters.

If the command is not entered correctly, it returns the correct form of
the command.

Checks the validity of the username and password. Executes the login command. Creates a new session with a randomly generated session ID. Returns any command output.
Example
In the following example, the user admin logs in using the password password.
sgms>
login admin password
Logging Out
To log out from the SonicWALL GMS CLI, use the logout command.
sgms>
logout
1082
CLI Commands
Usage Guidelines

Executes the logout command. Closes the session. Returns to the SGMS prompt from which you can login again.
Executing a Command without Logging In

To execute a command without logging in to the SonicWALL GMS CLI, use the login command.
sgms>
login -L username password -C command parameter
Syntax
Table 2:
username password command parameter
Admin user. Password of the admin user. The command. Any command parameters.
Usage Guidelines

the command.

Checks the validity of the username and password. Executes the login command. Creates a new session with a randomly generated session ID. Executes the command. Closes the session and exits.
Example
1083
CLI Commands
In the following example, the user admin logs in using the password password and runs an addunit command.
sgms>
login -L admin password -C addunit new_sonicwall.xml
Adding SonicWALL Appliances

To add one or more SonicWALL appliances to SonicWALL GMS using the CLI, use the addunit command.
sgms>
addunit xml_file
Syntax
Table 3:
xml_file
XML file that contains SonicWALL appliance information.
Usage Guidelines
The XML file should contain the following:
<?xml version ="1.0" ?> <sgmscommand> <command>addUnit</command> <FirewallList> <FirewallInfo> <SonicwallName>sonicwall_name</sonicwallName> <SonicwallPassword>password</sonicwallPassword> <IpAddress>ip_address</ipAddress> <SerialNumber>serial_number</serialNumber> <SAencryptionKey>encrypt_key</SAencryptionKey> <SAAuthKey>auth_key</SAAuthKey> <AntivirusPassword>av_password</antivirusPassword> <SchedulerIPAddress>scheduler_ip</schedulerIPAddress> <StandbySchedulerIP>standby_ip</standbySchedulerIP> <UseVPN>use_vpn</useVPN> <supportRavlin>ravlin_bit</supportRavlin> <snmpRead>read_string</snmpRead> <snmpWrite>write_string</snmpWrite> <httpsMgmt>https_bit</httpsMgmt> <managedOnLanIP>managedon_lanip</managedOnLanIP> <StandbyManagedAtWan>standbymanaged_atwan</standbyManagedAtW an> <CustomInfo> <Customfield01>field_01</Customfield01> <Customfield02>field_02</Customfield02>
... <Customfield10>field_10</Customfield10>
1084
CLI Commands
</CustomInfo>
<userList> <user>user_01</user> <user>user_02</user>

... </userList>
</FirewallInfo> <FirewallInfo> (SonicWALL Configuration Information) </FirewallInfo>
<FirewallInfo>
(SonicWALL Configuration Information) </FirewallInfo> </FirewallList> </sgmscommand> Table 4:
sonicwall_name password ip_address
Required. Descriptive name for the SonicWALL appliance. Required. Password used to access the SonicWALL appliance. If the WAN IP address of the SonicWALL appliance is static, enter the IP address. If the WAN IP address of the SonicWALL appliance changes dynamically, leave this field blank. Required. Serial number of the SonicWALL appliance. Required. Enter a 16-character encryption key. The key must be exactly 16 characters long and comprised of hexadecimal characters. Valid hexadecimal characters are 0 to 9, and a to f (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef. This key must match the encryption key of the SonicWALL appliance. Required. Enter a 32-character authentication key. The key must be exactly 32 characters long and comprised of hexadecimal characters. For example, a valid key would be 1234567890abcdef1234567890abcdef. This key must match the authentication key of the SonicWALL appliance.
serial_number encrypt_key
auth_key
av_password scheduler_ip
If the SonicWALL appliance uses the Anti-Virus feature, enter the Anti-Virus password. Otherwise, leave the field blank. Required. Enter the IP address of the SonicWALL GMS server that will manage the SonicWALL appliance: If SonicWALL GMS is configured in a two-tier distributed environment, you can select any Agent. However, the IP address must match the IP address that you specified when configuring the SonicWALL appliance for SonicWALL GMS management. If SonicWALL GMS is in a single server environment, enter the IP address of the SonicWALL GMS server.
1085
CLI Commands Table 4:
standby_ip
Enter the IP address of the standby SonicWALL GMS server. The standby SonicWALL GMS server will automatically manage the SonicWALL appliance in the event of a primary failure. Any Agent can be configured as the standby. If SonicWALL GMS is in a single server environment, leave this field blank.
use_vpn
Specifies whether SonicWALL GMS will need a VPN tunnel to reach the SonicWALL appliance (default: yes). If yes, enter use_vpn. If no, leave it blank. Specifies whether this is a Ravlin device (default: no). If yes, enter 1. If no, enter 0. If this entry does not appear in the file, SonicWALL GMS assumes it is SonicWALL appliance. Specifies the SNMP read string for Ravlin devices. Specifies the SNMP write string for Ravlin devices. Specifies whether this device uses HTTPS instead of a VPN tunnel (default: no). If yes, enter 1. If no, enter 0. Specifies the device will be managed from the LAN interface. If you will use HTTPS, this setting must be enabled. Specifies whether the SonicWALL appliance will establish a VPN tunnel to the standby scheduler (default: yes). If yes, standbymanaged_atwan. If no, leave it blank. Specifies the values of each custom field. Specifies the usernames of non-administrator SonicWALL GMS users that have access to this SonicWALL appliance through the SonicWALL GMS UI.
ravlin_bit
read_string write_string https_bit managedon_lanip standbymanaged_atwan
field_01...field_10 user_01...
Example
In the following example, two new SonicWALL appliances are added to SonicWALL GMS:
sgms> addunit new_sonicwall.xml
The following is the content of new_sonicwall.xml.

<?xml version ="1.0" ?> <sgmscommand> <command>addUnit</command> <FirewallList> <FirewallInfo> <sonicwallName>ABC14</sonicwallName> <sonicwallPassword>abc</sonicwallPassword> <ipAddress></ipAddress> <serialNumber>00F12211F114</serialNumber> <SAencryptionKey>1234567812345678</SAencryptionKey>
1086
CLI Commands <SAuthKey>12345678123456781234567812345678</SAuthKey> <antivirusPassword>avpass</antivirusPassword> <schedulerIPAddress>192.168.168.168</schedulerIPAddress> <useVPN>1</useVPN> <standbyManagedAtWan>1</standbyManagedAtWan> <standbySchedulerIP>192.168.168.23</standbySchedulerIP> <supportRavlin>1</supportRavlin> <snmpRead>abcdef12</snmpRead> <snmpWrite>abcdef12</snmpWrite> <httpsMgmt>0</httpsMgmt> <manageOnLanIP>0</manageOnLanIP> <CustomInfo> <Company>SonicWAll</Company> <Country>China</Country> <State>California</State> <Department>Engineering</Department> </CustomInfo> <userList> <user>billb</user> <user>dana</user> </userList> </FirewallInfo> <FirewallInfo> <sonicwallName>XYZ26</sonicwallName> <sonicwallPassword>abc</sonicwallPassword> <ipAddress></ipAddress> <serialNumber>00F1434CE265</serialNumber> <SAencryptionKey>1234567812345678</SAencryptionKey> <SAuthKey>123456781234567812345678abcdef89</SAuthKey> <antivirusPassword></antivirusPassword> <schedulerIPAddress>192.168.168.168</schedulerIPAddress> <useVPN>1</useVPN> <standbyManagedAtWan>1</standbyManagedAtWan> <standbySchedulerIP>192.168.168.23</standbySchedulerIP> <httpsMgmt>0</httpsMgmt> <manageOnLanIP>0</manageOnLanIP> <CustomInfo> <Company>SonicWAll</Company> <Country>China</Country> <State>California</State> <Department>Engineering</Department> </CustomInfo> </FirewallInfo> </FirewallList> </sgmscommand>
Note
A sample of this file, sample_nodes.xml, is located in the Misc directory on the SonicWALL GMS CD-ROM.
1087
CLI Commands
Adding Users
To add users, use the addusers command.
sgms>
addusers xml_file
Syntax
Table 5:
xml_file
XML file that contains user information.
Usage Guidelines
<? Xml version ="1.0" > <Sgmscommand> <AddUsers> <AddUser> <UserAccountInfo> <Name>username</Name> <Password>password</Password> <UserTypeName>group</UserTypeName> <DefaultViewName>viewname</DefaultViewName> <FirstName>firstname</FirstName> <MiddleName>middlename</MiddleName> <LastName>lastname</LastName> <Phone>phone</Phone> <Fax>fax</Fax> <Email1>email</Email1> <Email2>email2</Email2> <Timeout>timeout_period</Timeout> </UserAccountInfo> <UserPermsInfo> <UserScreenList> <UserScreen pathname="screenpath" permtype="permission_type"> </UserScreen> </UserScreenList> <UserNodeList> <UserNode displayname="node" viewname="viewname" operationtype="optype"></UserNode> </UserNodeList> <UserActionList> <AddUnit>permission</AddUnit> <ModifyUnit>permission</ModifyUnit> <DeleteUnit>permission</DeleteUnit> <RenameUnit>permission</RenameUnit> <ModifyProperties>permission</ModifyProperties> <ReassignAgents>permission</ReassignAgents> <AddDeleteModifyView>permission</AddDeleteModifyView>
1088
CLI Commands <ChangeView>permission</ChangeView> <AllowCLI>permission</AllowCLI> </UserActionList> </UserPermsInfo> </AddUser> </AddUsers>
1089
CLI Commands </Sgmscommand>
Table 6:
UserAccountInfo
User account options include: Nameusername of the user. Passwordpassword of the user. UserTypeNameuser group to which the user belongs. DefaultViewNamedefault view for the user. FirstNamefirst name of the user. MiddleNamemiddle name of the user. LastNamelast name of the user. Phonephone number of the user. Faxfax number of the user. Email1email address of the user. Email2email address of the user. Timeoutidle-timeout setting for the user.
UserPermsInfo
User permissions information include: UserScreenList pathnamepath to a screen. For example: Console/Management/Users or Policies/Access/General. permtypepermissions for the screen. Options include: Read Only and Read/Write. UserNodeList displaynamename of the node. viewnameview in which the node appears. UserActionList AddUnitspecifies whether the user can add units (allow or deny). ModifyUnitspecifies whether the user can modify units (allow or deny). DeleteUnitspecifies whether the user can delete units (allow or deny). RenameUnitspecifies whether the user can rename units (allow or deny). ModifyPropertiesspecifies whether the user can modify unit properties (allow or deny). ReassignAgentsspecifies whether the user can reassign units to other agents (allow or deny). AddDeleteModifyViewspecifies whether the user can add, delete, or modify views (allow or deny). ChangeViewspecifies whether the user can change views (allow or deny). AllowCLIspecifies whether the user can use the CLI (allow or deny).
1090
CLI Commands
Example
In the following example, the user Linda is added:
sgms> addusers linda.xml
The following is the content of linda.xml.

<? Xml version ="1.0" > <Sgmscommand> <AddUsers> <AddUser> <UserAccountInfo> <Name>Linda</Name> <Password>password</Password> <UserTypeName>Operators</UserTypeName> <DefaultViewName>ISPView</DefaultViewName> <FirstName>Linda</FirstName> <MiddleName></MiddleName> <LastName>Griffith</LastName> <Phone>(408)111-2222</Phone> <Fax>(408)222-3333</Fax> <Email1>lgriffith@sonicwall.com</Email1> <Email2></Email2> <Timeout>40</Timeout> </UserAccountInfo> <UserPermsInfo> <UserScreenList> <UserScreen pathname="Console/Management/Users" permtype="Read Only"> </UserScreen> <UserScreen pathname="Policies/Access/General" permtype="Read/Write"></UserScreen> </UserScreenList> <UserNodeList> <UserNode displayname="Palo Alto1" viewname="ISPView" operationtype="Add"></UserNode> <UserNode displayname="Houston 1" viewname="View All" operationtype="Add"></UserNode> </UserNodeList> <UserActionList> <AddUnit>allow</AddUnit> <ModifyUnit>allow</ModifyUnit> <DeleteUnit>deny</DeleteUnit> <RenameUnit>deny</RenameUnit> <ModifyProperties>deny</ModifyProperties> <ReassignAgents>deny</ReassignAgents> <AddDeleteModifyView>allow</AddDeleteModifyView> <ChangeView>allow</ChangeView> <AllowCLI>deny</AllowCLI> </UserActionList> </UserPermsInfo> </AddUser> </AddUsers> </Sgmscommand>
1091
CLI Commands
Changing Users
To change user settings, use the changeusers command. This command is similar to the addusers command.
sgms>
changeusers xml_file
Syntax
Table 7:
xml_file
Usage Guidelines
The XML file can contain the following:
<? Xml version ="1.0" > <Sgmscommand> <AddUsers> <AddUser> <UserAccountInfo> <Name>username</Name> <Password>password</Password> <UserTypeName>group</UserTypeName> <DefaultViewName>viewname</DefaultViewName> <FirstName>firstname</FirstName> <MiddleName>middlename</MiddleName> <LastName>lastname</LastName> <Phone>phone</Phone> <Fax>fax</Fax> <Email1>email</Email1> <Email2>email2</Email2> <Timeout>timeout_period</Timeout> </UserAccountInfo> <UserPermsInfo> <UserScreenList> <UserScreen pathname="screenpath" permtype="permission_type"> </UserScreen> </UserScreenList> <UserNodeList> <UserNode displayname="node" viewname="viewname" operationtype="optype"></UserNode> </UserNodeList> <UserActionList> <AddUnit>permission</AddUnit> <ModifyUnit>permission</ModifyUnit> <DeleteUnit>permission</DeleteUnit> <RenameUnit>permission</RenameUnit> <ModifyProperties>permission</ModifyProperties>
1092
CLI Commands <ReassignAgents>permission</ReassignAgents> <AddDeleteModifyView>permission</AddDeleteModifyView> <ChangeView>permission</ChangeView> <AllowCLI>permission</AllowCLI> </UserActionList> </UserPermsInfo> </AddUser> </AddUsers>
1093
Table 8:
UserAccountInfo
User account options include: Nameusername of the user. Passwordpassword of the user. UserTypeNameuser group to which the user belongs. DefaultViewNamedefault view for the user. FirstNamefirst name of the user. MiddleNamemiddle name of the user. LastNamelast name of the user. Phonephone number of the user. Faxfax number of the user. Email1email address of the user. Email2email address of the user. Timeoutidle-timeout setting for the user.
UserPermsInfo
User permissions information include: UserScreenList pathnamepath to a screen. For example: Console/Management/Users or Policies/Access/General. permtypepermissions for the screen. Options include: Read Only and Read/Write. UserNodeList displaynamename of the node. viewnameview in which the node appears. UserActionList AddUnitspecifies whether the user can add units (allow or deny). ModifyUnitspecifies whether the user can modify units (allow or deny). DeleteUnitspecifies whether the user can delete units (allow or deny). RenameUnitspecifies whether the user can rename units (allow or deny). ModifyPropertiesspecifies whether the user can modify unit properties (allow or deny). ReassignAgentsspecifies whether the user can reassign units to other agents (allow or deny). AddDeleteModifyViewspecifies whether the user can add, delete, or modify views (allow or deny). ChangeViewspecifies whether the user can change views (allow or deny). AllowCLIspecifies whether the user can use the CLI (allow or deny).
1094
CLI Commands
Example
In the following example, new information is updated for the users Linda and Mike:
sgms> addusers linda.xml
The following is the content of linda-mike.xml.

<? Xml version ="1.0" > <Sgmscommand> <AddUsers> <AddUser> <UserAccountInfo> <Name>Linda</Name> <Password>new-password</Password> <Phone>(408)555-1212</Phone> <Email1>linda@sonicwall.com</Email1> <Timeout>70</Timeout> </UserAccountInfo> </AddUser> <AddUser> <UserAccountInfo> <Name>Mike</Name> <Password>new-password</Password> <Phone>(408)555-1233</Phone> <Email1>mike@sonicwall.com</Email1> <Timeout>60</Timeout> </UserAccountInfo> </AddUser> </AddUsers> </Sgmscommand>
Deleting a Single User

To delete users, use the deleteuser command.
sgms>
deleteuser username
Syntax
Table 9:
username
Name of a user.
Example
1095
CLI Commands
In the following example, the user Linda is deleted:

sgms>
deleteuser linda
Deleting Multiple Users

To delete users, use the deleteusers command.
sgms>
deleteusers xml_file
Syntax
Table 10:
xml_file
Usage Guidelines
<? Xml version ="1.0" > <Sgmscommand> <DeleteUsers> <DeleteUser username="username"></DeleteUser> <DeleteUser username="username"></DeleteUser> </DeleteUsers> </Sgmscommand>
Table 11:
username
Name of the user to delete.
Example
In the following example, the users John, Linda, and Albert are deleted:
sgms> deleteuser deleteusers.xml
The following is the content of deleteusers.xml.

<? Xml version ="1.0" > <Sgmscommand> <DeleteUsers> <DeleteUser username="John"></DeleteUser> <DeleteUser username="Linda"></DeleteUser> <DeleteUser username="Albert"></DeleteUser> </DeleteUsers>
1096
Adding and Removing Activation Codes

To add or remove activation codes for SonicWALL appliances, use the activationcode command.
sgms>
activationcode xml_file
Syntax
Table 12:
xml_file
XML file that contains activation code information.
Usage Guidelines
<? Xml version ="1.0" > <Sgmscommand> <Activation>command_type</Activation> <Activation values> <Activation category>category</Activation _category > <Activation type>activation_type</Activation type> </Activation values> <Codes> <Code>code</code> <Code>code</code> </Codes> </Sgmscommand>
1097
command_type
Required. Specifies the action to perform. Options include: addadds the specified category and type. deletedeletes the specified activation codes. listlists the activation codes for the specified category and type. To add activation codes, enter add. To remove codes, enter delete.
category
Required for add and list. Enter the category of upgrade. Options include: Anti-Virus Content Filter Subscription PKI End User Certificate Node Upgrade PKI Administrator Certificate VPN Upgrade VPN Client Upgrade HA Upgrade
activation_type
Required for add and list. Enter the type of upgrade for the selected category. Options include:
1098
Anti-Virus
5 Nodes 10 Nodes 50 Nodes 100 Nodes 1000 Nodes 5 Nodes 10 Nodes 50 Nodes Unlimited Nodes 1 Node 10 Nodes 50 Nodes 100 Nodes 10->25 Nodes 10->50 Nodes 10->Unlimited Nodes 25->50 Nodes 50->Unlimited Nodes SOHO2/SOHO3 GX 2500/GX 2500 HA Backup GX 6500/GX6500 HA Backup XPRS/XPRS2/PRO 100 PRO/PRO-VX/RPO 200/PRO 300 TELE2/TELE3
Content Filter Subscription
PKI EndUser Certificate
Node Upgrade
PKI Administrator Certificate
VPN Upgrade
5/10/25/50 Nodes Unlimited Nodes Single VPN Client 10 VPN Clients 100 VPN Clients 50 VPN Clients PRO/PRO 200
VPN Client Upgrade
HA Upgrade
code
Required for add and delete. One or more code numbers. Each code number must appear on its own line.
1099
CLI Commands
Example
In the following example, four 100 Node Anti-Virus activation codes are added to SonicWALL GMS:
sgms> activationcode new_virus_codes.xml
The following is the content of new_virus_codes.xml.

<? Xml version ="1.0" > <Sgmscommand> <Activation>add</Activation> <Activation values> <Activation category>Anti-Virus</Activation _category > <Activation type>100 Nodes</Activation type> </Activation values> <Codes> <Code>12345678</code> <Code>23456780</code> <Code>34567890</code> <Code>45678901</code> </Codes> </Sgmscommand>
Note
A sample of the file is available on the SonicWALL GMS CD-ROM. It is called sample_activationcode.xml and is located in the Misc directory.
Deleting Nodes Using the CLI

To delete a single node, use the deletenode command.
sgms>
deletenode displayname viewname [deleteSAs {0
1}]
Syntax
Table 14:
displayname viewname {0 | 1}
Required. Specifies the name of the node. Required. Specifies the name of a view in which the node appears. Specifies whether the nodes SAs are deleted. To delete the SAs, enter 1. To save the SAs, enter 0.
1100
CLI Commands
Example
In the following example, the node Timbuktu52 and its SAs are deleted.
sgms>
deletenode Timbuktu52 NewView deleteSAs 1
Deleting Nodes Using XML

To delete nodes or groups, use the deletenodes command.
sgms>
deletenodes xml_file
Syntax
Table 15:
xml_file
XML file that contains nodes to delete.
Usage Guidelines
The XML file should contain the following: <? Xml version ="1.0" > <Sgmscommand> <DeleteNodes> <DeleteNode displayname="displayname" viewname="viewname" deleteSAs="0" /> </DeleteNodes> </Sgmscommand>
Table 16:
displayname viewname deleteSAs
Required. Specifies the name of the node. If you specify group parameters, all nodes that belong to the groups will be deleted. Required. Specifies the name of a view in which the node appears. Specifies whether the nodes SAs are deleted. To delete the SAs, enter 1. To save the SAs, enter 0.
Example
In the following example, Palo Alto 4 and all nodes within the specified groups are deleted:
sgms> activationcode node-delete.xml
1101
CLI Commands
The following is the content of node-delete.xml.

<? Xml version ="1.0" > <Sgmscommand> <DeleteNodes> <DeleteNode displayname="Country=USA:State=California:Department=Engineering:Company= Silicon Valley" viewname="View All" deleteSAs="1" /> <DeleteNode displayname="Palo Alto 4" viewname="View All" deleteSAs="0" /> </DeleteNodes> </Sgmscommand>
Monitoring Tunnel Status

To monitor the status of a VPN tunnel, use the vpnmonitor status command.
sgms>
vpnmonitor status firewall-sn [type {up
down
all
}]
Syntax
Table 17:
firewall-sn type {up Note

|
Serial number of the firewall to view. down

|
all
Specifies which types of tunnels are displayed (default: all).
This command causes the SonicWALL appliance to display the first five VPN tunnels. If the SonicWALL appliance has more than 5 tunnels, enter the vpnmonitor N command to display the next page of results.
Example
In the following example, the status of each VPN tunnel for the SonicWALL appliance with serial number 004010126FB0 is displayed:
sgms> vpnmonitor status 004010126FB0 ----------------------------------------------------------------------------SA NAME: GroupVPN LAST UPDATED: Mar 22, 2004 Mon [11:49 AM] Tunnel ID Status Destination Address Range MT107998499199600B0D01FDBF8 Down 0.0.0.0 - 0.0.0.0 ----------------------------------------------------------------------------SA NAME: SGMS-0006B1040148 LAST UPDATED: Mar 22, 2004 Mon [11:49 AM] Tunnel ID Status Destination Address Range MT107998499489000B0D01FDBF8 Up 10.0.14.43 - 10.0.14.43 ----------------------------------------------------------------------------SA NAME: SGMS-0006B1044046
1102
CLI Commands
LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]
Tunnel ID Status Destination Address Range MT107998499529000B0D01FDBF8 Up 10.0.14.44 - 10.0.14.44 ----------------------------------------------------------------------------SA NAME: SGMS-00401012550C LAST UPDATED: Mar 22, 2004 Mon [11:49 AM] Tunnel ID Status Destination Address Range MT107998499428900B0D01FDBF8 Up 10.0.14.45 - 10.0.14.45 ----------------------------------------------------------------------------Displayed 0 to 4 of 4 rows.
Monitoring Tunnel Statistics

To view the statistics for a VPN tunnel, use the vpnmonitor statistics command.
sgms>
vpnmonitor statistics tunnel-id
Syntax
Table 18:
tunnel-id
ID of the tunnel to view.
Example
In the following example, the statistics for tunnel MT107998499428900B0D01FDBF8 are displayed:
sgms> vpnmonitor statistics MT107998499428900B0D01FDBF8 Statistics for tunnel MT107998499428900B0D01FDBF8 ------------------------------------------------------------------SA Name: SGMS-00401012550C Gateway: 10.0.14.45 Source Address Range: 0.0.0.0 - 255.255.255.255 Destination Address Range: 10.0.14.45 - 10.0.14.45 Creation Time: 03/19/2004 10:43:34 Expiry Time: SaUpTime: No Expiry Packets In: 18822 Packets Out: 2941 Bytes In: 267 Bytes Out: 103 Fragmented Packets In: 0 Fragmented Packets Out: 0 -------------------------------------------------------------------
1103
CLI Commands
Refreshing a Tunnel
To refresh a tunnel, use the vpnmonitor refresh command.
sgms>
vpnmonitor refresh tunnel-id
Syntax
Table 19:
tunnel-id
Example
In the following example, tunnel MT107998499428900B0D01FDBF8 is refreshed:
sgms> vpnmonitor refresh MT107998499428900B0D01FDBF8
Renegotiating a Tunnel
To renegotiate a VPN tunnel, use the vpnmonitor renegotiate command.
sgms>
vpnmonitor renegotiate tunnel-id
Syntax
Table 20:
tunnel-id
Example
In the following example, tunnel MT107998499428900B0D01FDBF8 is renegotiated:
sgms> vpnmonitor renegotiate MT107998499428900B0D01FDBF8
Synchronizing Tunnel Information

To synchronize VPN information for a SonicWALL appliance with SonicWALL GMS, use the vpnmonitor synchronize command.
sgms>
vpnmonitor synchronize firewall-sn
1104
Configuring SonicWALL Parameters
Syntax
Table 21:
firewall-sn
Serial number of the firewall to view.
Example
In the following example, tunnel status information for each VPN tunnel on the SonicWALL appliance with serial number 004010126FB0 is synchronized with SonicWALL GMS:
sgms> vpnmonitor synchronize 004010126FB0

This section describes how to use the configure command to execute a group of commands using an XML configuration file.
Using the Configure Command

To execute a group of commands in an XML configuration file, use the configure command.
sgms>
configure xml_file
Note
For information on creating a configuration file, see Preparing a Configuration File on page 1106.
Syntax
Table 22:
xml_file
The XML file that contains configuration instructions.
Usage Guidelines
1105
the command.

Checks the validity of the XML file. Executes the command. Closes the session and exits.
Example
In the following example, the user admin logs in using the password password and runs an addunit command.
sgms>
configure configure.xml
Preparing a Configuration File

Configuration files can be used to set, add, or delete parameters that are normally only accessible from the SonicWALL GMS UI. Additional examples of XML files are found in the SGMS2/CLI directory. The following is the format of an XML configuration file:
Note
For information on configuration parameters, see Configuration Parameters on page 1112.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?> <!DOCTYPE Configure [ <!ELEMENT Configure (Task*)> <!ELEMENT Task (SetParam*,DelParam*,AddParam*)> <!ATTLIST Task displaynameCDATA#REQUIRED viewnameCDATA #REQUIRED updatetypeCDATA #REQUIRED tasktypeCDATA#REQUIRED description CDATA#REQUIRED> <!ELEMENT SetParam EMPTY> <!ATTLIST SetParam setParamNameCDATA#REQUIRED setParamValueCDATA#REQUIRED> <!ELEMENT DelParam EMPTY> <!ATTLIST DelParam delParamNameCDATA#REQUIRED delParamValueCDATA#REQUIRED> <!ELEMENT AddParam EMPTY> <!ATTLIST AddParam
1106
Configuring SonicWALL Parameters addParamNameCDATA#REQUIRED addParamValueCDATA#REQUIRED> ]> <Configure> <Task displayname="firewall_parameters" viewname="view_name" updatetype="update_type" tasktype="task_type" description="description" > <AddParam addParamName="add_parameter_name" addParamValue="add_parameter_value"/> <AddParam setParamName="set_parameter_name" setParamValue="set_parameter_value"/> </Task> </Configure>
firewall_parameters Required. Specifies the firewall or parameters of the firewalls that will updated. To specify a single firewall, enter the firewall name. For example:
displayname="Firewall_42"
To specify more than one firewall, enter each group parameter that applies to the firwall. For example:
displayname="Country=USA:State=California:Department=Engineering"
view_name
Specifies the view to which the firewall or group of firewalls belongs. This allows you to apply changes to firewalls within a specific view. For example, to apply the changes to firewalls that meet the parameters that you specified in the view USA_west_coast, enter the following:
viewname=USA_west_coast
update_type
Specifies the kind of update to be performed such as changing existing values, adding new values, or deleting values. Options include: change_fieldused to set a non-array-type field add_array_fieldused to add an array-type field del_array_fieldused to delete a value from an array-type field special_actionused to perform special tasks, such as synchronizing or restarting a firewall Specifies the task type. Options include: Configure_FWused to configure SonicWALL firewalls Configure_RCused to configure Ravlin devices Registerused to register SonicWALL appliances Description of the tasks you are performing. This information will appear in the log files.
task_type
description
1107
Parameter Settings
Used to add, delete, or set parameters. Change Fields Used to set independent firewall parameters. set_parameter_namespecifies the name of the parameter. set_parameter_valuespecifies the new setting. For example, to create a task to change the time zone of the firewall (the
timezone parameter), enter the following:
updatetype=change_field tasktype=Configure_FW description=Change Timezone setParamName=timezone setParamValue=829
Add Fields Used to add new firewall parameters. add_parameter_namespecifies the name of the parameter. add_parameter_valuespecifies the new parameter setting. For example, to add a rule (such as Allow File Transfer (FTP)), use the following text:
updatetype=add_array_field tasktype=Configure_FW description=Add Rule, Allow File Transfer (FTP) setParamName=serviceNameInRule setParamValue=File Transfer (FTP)
Delete Fields Used to delete firewall parameters. del_parameter_namespecifies the name of the parameter. del_parameter_valuespecifies the setting to delete. For example, to remove a rule (such as Allow File Transfer (FTP)), use the following text:
updatetype=del_array_field tasktype=Configure_FW description=Delete Rule, Allow File Transfer (FTP) setParamName=serviceNameInRule setParamValue=File Transfer (FTP)
Special Action Used to execute special actions such as a resetting a firewall. set_parameter_namespecifies the name of the parameter. set_parameter_valuespecifies the action to execute. For example, to restart a firewall, use the following text:
updatetype=special_action tasktype=Configure_FW description=Restart Firewall setParamName=cgi_action setParamValue=restart
1108
Modifying SonicWALL Parameters
Modifying SonicWALL Parameters

This section describes how to use the ModifyArray command to change SonicWALL appliance settings using an XML configuration file.
Using the ModifyArray Command

To modify a SonicWALL parameter setting, use the ModifyArray command.
sgms>
modifyarray xml_file
Note
For information on creating a configuration file, see Preparing a Parameter Modification File on page 1110.
Syntax
Table 23:
xml_file
The XML file that contains configuration instructions.
Usage Guidelines

the command.

Checks the validity of the XML file. Executes the command. Closes the session and exits.
Example
In the following example, the value of the secondary phone number is changed to the number specifed in the primary phone number field and the primary phone number is changed to 800-555-1212.
sgms>
modifyarray modify.xml
The following is the content of modify.xml.

1109
Modifying SonicWALL Parameters <?xml version="1.0" encoding="UTF-8" standalone="yes" ?> <!DOCTYPE Configure (View Source for full doctype...)> <Configure> <Task displayname="root" viewname="AGENTCompany" description="Modify SP Profiles" arraytable name="SW_PROFILES" indidxcolumnname="dialupProfileInUse_0"> <ArrayIndexColumnName paramName="dialConfigName" /> <ModParam paramName="secPhone" paramValue="%priPhone%" /> <ModParam paramName="priPhone" paramValue="[18005551212]" /> </Task> </Configure>
Preparing a Parameter Modification File

Modification files can be used to change parameters that are normally only accessible from the SonicWALL GMS UI. For example, you can change the DNS Settings of the first DNS server to a specific new address or you can set the IP address of the first DNS server to the IP address of the second server for each selected SonicWALL appliance. The following is the format of an XML modification file:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?> <!DOCTYPE Configure [ <!ELEMENT Configure (Task*)> <!ELEMENT Task (ArrayIndexColumnName*,ModParam*)> <!ATTLIST Task displayname CDATA#REQUIRED viewname CDATA#REQUIRED description CDATA#REQUIRED arraytablename CDATA#REQUIRED indidxcolumnnameCDATA#REQUIRED> <!ELEMENT ArrayIndexColumnNameEMPTY> <!ATTLIST ArrayIndexColumnName paramNameCDATA#REQUIRED> <!ELEMENT ModParamEMPTY> <!ATTLIST ModParam paramNameCDATA#REQUIRED paramValueCDATA#REQUIRED> ]> <Configure> <Task displayname="firewall_parameters" viewname="view_name" description="description" arraytablename="SW_PROFILES" indidxcolumnname="dialupProfileInUse_0"
1110
Modifying SonicWALL Parameters > <ArrayIndexColumnName
paramName="column_name"/> paramValue="param_value"/> paramValue="param_value"/>
<ModParam paramName="secPhone" <ModParam paramName="priPhone" </Task> </Configure>
Table 24:
firewall_parameters
Required. Specifies the firewall or parameters of the firewalls that will updated. To specify a single firewall, enter the firewall name. For example:
displayname="Firewall_42"
To specify more than one firewall, enter each group parameter that applies to the firwall. For example:
displayname="Country=USA:State=California:Department=Engineering"
To specify all firewalls, enter root. For example:

displayname="root"
description view_name
Description of the tasks you are performing. This information will appear in the log files. Specifies the view to which the firewall or group of firewalls belongs. This allows you to apply changes to firewalls within a specific view. For example, to apply the changes to firewalls that meet the parameters that you specified in the view USA_west_coast, enter the following:
viewname=USA_west_coast
column_name Parameter Values
Specifies the array index column name. Used to modify parameters. Modify Parameters Used to set independent firewall parameters. param_namespecifies the name of the parameter. param_valuespecifies the new setting. This can be a variable that refers to another the setting for another paramter. For example, the following string will change the Secondary modem phone number to the value of the Primary modem phone number:
<ModParam paramName="secPhone" paramValue="%priPhone%" />
1111
Configuration Parameters
For the latest list of available CLI configuration parameters, see the SonicWALL GMS CLI Reference Guide, which is available at the following URL: http://www.sonicwall.com/us/Support.html This chapter contains information on how to retrieve parameters that can be used with the command-line interface (CLI) configure command.
System/Time
This section describes parameters that can be configured for the time screen of the System tree. To get firewall parameters list that needs to be configured on firmware, it is necessary to query the back-end database. To configure the time screen, perform the following steps:
1.
Open Query Analyzer select sgmsdb database, then execute following queries:
Select id from screens where name like 'Time'. Output: 1003 Query to get details of parameters. Select prefs_file_name,independent,default_value from params_info
where prefs_file_name in (Select param_name from sub_policy where screen_id = 1003) Table 21 provides the parameters returned for above query.
Table 21 Query Parameters
Prefs file name

addCustomNTPServer ntp_updateInterval ntp_useDst ntp_useNtp ntp_utcLogs timezone useInternational
Default Independent value 0 1 1 1 1 1 1 60 0 0 0 28 0
Min. value Null Null Null Null Null Null Null
Max. value Null Null Null Null Null Null Null
Grouping independent and array parameters from above query results 1112
Independent Parameter list: ntp_updateInterval, ntp_useDst,
ntp_useNtp, ntp_utcLogs, timezone, useInternational (Independent attribute value 0)

Array List: addCustomNTPServer (Independent attribute value 1)
The following provides the XML to configure the Array parameters of the time screen: <!ELEMENT Task (SetParam*,DelParam*,AddParam*)> <!ATTLIST Task displayname CDATA #REQUIRED viewname CDATA #REQUIRED updatetype CDATA #REQUIRED tasktype CDATA #REQUIRED description CDATA #REQUIRED> <!ELEMENT SetParam EMPTY> <!ATTLIST SetParam setParamName CDATA #REQUIRED setParamValue CDATA #REQUIRED> xml_file The XML file that contains configuration instructions. Using the Command Line Interface 27 <!ELEMENT DelParam EMPTY> <!ATTLIST DelParam delParamName CDATA #REQUIRED delParamValue CDATA #REQUIRED> <!ELEMENT AddParam EMPTY> <!ATTLIST AddParam addParamName CDATA #REQUIRED addParamValue CDATA #REQUIRED> ]> <Configure> <Task displayname="firewall_parameters" viewname="view_name" updatetype="update_type"
1113
tasktype="task_type" description="description" > <AddParam addParamName=" addCustomNTPServer " addParamValue="10.0.0.1"/> </Task> </Configure> The following provides the the XML to configure independent parameters for the time screen. <!ELEMENT Task (SetParam*,DelParam*,AddParam*)> <!ATTLIST Task displayname CDATA #REQUIRED viewname CDATA #REQUIRED updatetype CDATA #REQUIRED tasktype CDATA #REQUIRED description CDATA #REQUIRED> <!ELEMENT SetParam EMPTY> <!ATTLIST SetParam setParamName CDATA #REQUIRED setParamValue CDATA #REQUIRED> xml_file The XML file that contains configuration instructions. Using the Command Line Interface 27 <!ELEMENT DelParam EMPTY> <!ATTLIST DelParam delParamName CDATA #REQUIRED delParamValue CDATA #REQUIRED> <!ELEMENT AddParam EMPTY> <!ATTLIST AddParam addParamName CDATA #REQUIRED addParamValue CDATA #REQUIRED> ]> <Configure>
1114
<Task displayname="firewall_parameters" viewname="view_name" updatetype="update_type" tasktype="task_type" description="description" <AddParam setParamName=" ntp_updateInterval " setParamValue="30"/> <AddParam setParamName= " ntp_useDst " setParamValue="1"/> <AddParam setParamName=" ntp_useNtp " setParamValue="1"/> <AddParam setParamName=" ntp_utcLogs " setParamValue="1"/> <AddParam setParamName=" timezone " setParamValue="829"/> <AddParam setParamName=" useInternational " setParamValue="1"/> </Task> </Configure>
1115
1116
SonicWALL, Inc. 2001 Logic Drive San Jose CA 95124-345 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com
PN: 232-001801-00 Rev A

2010 descriptions subject to change without notice.
1/2010
PROTECTION AT THE SPEED OF BUSINESS

GMS-UMA 6 0 Administrators Guide

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

GMS-UMA 6 0 Administrators Guide

Transféré par

Droits d'auteur :

Formats disponibles

Global Management System (GMS) 6.

PROTECTION AT THE SPEED OF BUSINESS

SonicWALL GMS / UMA Administrators Guide

SonicWALL GMS 6.0 Administrators Guide

End User Licensing Agreement For SonicWall Global Management System

SonicWALL GMS 6.0 Administrators Guide

U.S. Government Restricted Rights

SonicWALL GMS 6.0 Administrators Guide

SonicWALL GMS 6.0 Administrators Guide

SonicWALL GMS 6.0 Administrators Guide

SonicWALL GMS 6.0 Administrators Guide

Chapter 3: Using the SonicToday Panel ..........................................................57

Chapter 5: UMH/UMA System Settings ............................................................75

Chapter 6: UMA Network Settings ....................................................................97

Chapter 7: UMH/UMA Deployment Settings ..................................................101

Chapter 9: Configuring SonicOS System Settings .......................................121

Chapter 10: Configuring SonicOS Network Settings ....................................153

Chapter 11: Configuring UTM Appliance Settings ........................................235

Chapter 12: Configuring Log Settings ...........................................................277

Chapter 13: Viewing Diagnostic Information .................................................287

Chapter 14: Configuring Website Blocking ...................................................295

SonicWALL GMS 6.0 Administrators Guide

Chapter 15: Configuring Dynamic Host Configuration Protocol .................321

Chapter 16: Configuring User Settings ..........................................................337

Chapter 17: Configuring Anti-Spam Settings ................................................377

Chapter 18: Configuring Virtual Private Networking ....................................389

Chapter 19: Configuring SSL-VPN Settings ..................................................445

Chapter 20: Configuring Security Services ...................................................457

Chapter 21: Configuring High Availability .....................................................487

Chapter 22: Configuring SonicPoints ............................................................495

Chapter 23: Configuring Wireless Options ....................................................521

Chapter 24: Configuring Wireless Guest Services .......................................537

Chapter 25: Configuring Modem Options ......................................................551

Chapter 26: Configuring Wireless WAN Options ..........................................559

Chapter 27: Managing Inheritance in GMS ....................................................569

Chapter 28: Configuring Web Filters with CSM .............................................575

Chapter 29: Configuring Application Filters for CSM ...................................587

SonicWALL GMS 6.0 Administrators Guide

Chapter 30: Registering and Upgrading SonicWALL Appliances ...............591

Chapter 31: Adding SSL-VPN Appliances to GMS ........................................603

Chapter 32: Using General SSL-VPN Status and Tools ................................611

Chapter 34: CDP / Email Security Appliance Management ..........................623

Chapter 35: GMS Reporting Features ............................................................651

Chapter 36: Scheduling and Configuring Reports ........................................671

Chapter 37: Viewing Reports ..........................................................................689

Chapter 38: SSL-VPN Reporting .....................................................................835

Chapter 39: Viewing SSL-VPN Reports ..........................................................841

Chapter 40: Using Navigation and Monitoring Tools ...................................881

Chapter 41: Configuring User Settings ..........................................................927

Chapter 42: Configuring Log Settings ...........................................................933

View Log ...................................................................................................................................................... 934

Chapter 43: Managing Tasks ...........................................................................937

Chapter 44: Configuring Management Settings ............................................941

SonicWALL GMS 6.0 Administrators Guide

Chapter 45: Managing Reports in the Console Panel ..................................981

Chapter 46: Using Diagnostics .....................................................................1003

Chapter 47: Granular Event Management ...................................................1015

Chapter 48: Managing Licenses ...................................................................1045

Chapter 49: Web Services .............................................................................1053

Chapter 50: Using GMS Help .........................................................................1061

SonicWALL GMS 6.0 Administrators Guide

CHAPTER 1 Introduction to SonicWALL GMS

Overview of SonicWALL GMS