|
Step 1
|
Click on the
Configure
icon
 in the Configure
column for the Interface you want to configure. The Edit Interface
window is displayed. |
For general information on interfaces, see Network > Interfaces .
Static means that you assign a fixed IP address to the interface.
|
Step 1
|
Click on the
Configure
icon
in the Configure
column for the Interface you want to configure. The Edit Interface
window is displayed. |
|
•
|
|
•
|
If you want to create a new zone, select
Create new zone
. The Add Zone
window is displayed. See Chapter 18, Network > Zones
for instructions on adding a zone.
|
|
Step 2
|
|
Step 3
|
|
Step 4
|
|
Step 5
|
Enter any optional comment text in the
Comment
field. This text is displayed in the Comment
column of the Interface
table.
|
|
Step 6
|
If you want to enable remote management of the SonicWALL security appliance from this
interface, select the supported management protocol(s): HTTP
, HTTPS
, SSH
, Ping
, SNMP
, and/or SSH
.
|
To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created. See “Allowing WAN Primary IP Access from the LAN Zone” for more information.
|
Step 7
|
If you want to allow selected users with limited management rights to log in to the security
appliance, select HTTP
and/or HTTPS
in User Login
.
|
|
Step 8
|
Click
OK
.
|
|
Note
|
The administrator password is required to regenerate encryption keys after changing the
SonicWALL security appliance’s address.
|
If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab.
The Ethernet Settings section allows you to manage the Ethernet settings of links connected to the SonicWALL. Auto Negotiate is selected by default as the Link Speed because the Ethernet links automatically negotiate the speed and duplex mode of the Ethernet connection. If you want to specify the forced Ethernet speed and duplex, select one of the following options from the Link Speed menu:
You can choose to override the Default MAC Address for the Interface by selecting Override Default MAC Address and entering the MAC address in the field.
Check Enable Multicast Support to allow multicast reception on this interface.
|
Caution
|
If you select a specific Ethernet speed and duplex, you must force the connection speed and
duplex from the Ethernet card to the SonicWALL security appliance as well.
|
Transparent Mode enables the SonicWALL security appliance to bridge the WAN subnet onto an internal interface. To configure an interface for transparent mode, complete the following steps:
|
Step 1
|
Click on the
Configure
icon in the Configure
column for Unassigned
Interface you want to configure. The Edit Interface
window is displayed.
|
|
Step 2
|
|
•
|
|
•
|
If you want to create a new zone for the configurable interface, select
Create a new zone
. The Add Zone
window is displayed. See Chapter 18, Network > Zones
for instructions on adding a zone.
|
|
Step 3
|
|
Step 4
|
From the
Transparent Range
menu, select an address object that contains the range of IP addresses you want to have access through this interface. The address range must be within the WAN zone and must not include the WAN interface IP address. If you do not have an address object configured that meets your needs:
|
|
a.
|
In the
Transparent Range
menu, select Create New Address Object.
|
|
b.
|
In the
Add Address Object
window, enter a name for the address range.
|
|
a.
|
For
Zone Assignment
, select WAN.
|
|
b.
|
For
Type
, select:
|
|
•
|
Network to specify a subnet by entering the beginning value and the subnet mask.
The subnet must be within the WAN address range and cannot include the WAN interface IP address.
|
|
c.
|
Enter the IP address of the host, the beginning and ending address of the range, or the
IP address and subnet mask of the network.
|
|
d.
|
See Chapter 19, Network > Address Objects for more information.
|
Step 5
|
Enter any optional comment text in the
Comment
field. This text is displayed in the Comment
column of the Interface
table.
|
|
Step 6
|
If you want to enable remote management of the SonicWALL security appliance from this
interface, select the supported management protocol(s): HTTP
, HTTPS
, SSH
, Ping
, SNMP
, and/or SSH
.
|
To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created. See “Allowing WAN Primary IP Access from the LAN Zone” for more information.
|
Step 7
|
If you want to allow selected users with limited management rights to log directly into the
security appliance through this interface, select HTTP
and/or HTTPS
in User Login
.
|
|
Step 8
|
Click
OK
.
|
|
Note
|
The administrator password is required to regenerate encryption keys after changing the
SonicWALL security appliance’s address.
|
If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab. The Ethernet Settings section allows you to manage the Ethernet settings of links connected to the SonicWALL. Auto Negotiate is selected by default as the Link Speed because the Ethernet links automatically negotiate the speed and duplex mode of the Ethernet connection. If you want to specify the forced Ethernet speed and duplex, select one of the following options from the Link Speed menu:
You can choose to override the Default MAC Address for the Interface by selecting Override Default MAC Address and entering the MAC address in the field.
Check Enable Multicast Support to allow multicast reception on this interface.
|
Caution
|
If you select a specific Ethernet speed and duplex, you must force the connection speed and
duplex from the Ethernet card to the SonicWALL security appliance as well.
|
A Wireless interface is an interface that has been assigned to a Wireless zone and is used to support SonicWALL SonicPoint secure access points.
|
Step 1
|
Click on the
Configure
icon
in the Configure
column for the Interface you want to configure. The Edit Interface
window is displayed. |
|
Step 2
|
In the
Zone
list, select WLAN or a custom Wireless zone.
|
|
Step 3
|
|
Note
|
The upper limit of the subnet mask is determined by the number of SonicPoints you select
in the SonicPoint Limit field. If you are configuring several interfaces or subinterfaces as Wireless interfaces, you may want to use a smaller subnet (higher) to limit the number of potential DHCP leases available on the interface. Otherwise, if you use a class C subnet (subnet mask of 255.255.255.0) for each Wireless interface you may exceed the limit of DHCP leases available on the security appliance.
|
|
Step 4
|
In the
SonicPoint Limit
field, select the maximum number of SonicPoints allowed on this interface.
|
|
•
|
This value determines the highest subnet mask you can enter in the
Subnet Mask
field. The following table shows the subnet mask limit for each SonicPoint Limit
selection and the number of DHCP leases available on the interface if you enter the maximum allowed subnet mask.
|
|
•
|
Available Client IPs assumes 1 IP for the SonicWALL gateway interface, in addition to the
presence of the maximum number of SonicPoints allowed on this interface, each consuming an IP address.
|
|
Total Usable
IP addresses
|
Available
Client IPs
|
||
|
30 bits – 255.255.255.252 |
|||
|
29 bits – 255.255.255.248 |
|||
|
29 bits – 255.255.255.248 |
|||
|
28 bits – 255.255.255.240 |
|||
|
16 SonicPoints
|
27 bits – 255.255.255.224 |
||
|
32 SonicPoints
|
26 bits – 255.255.255.192 |
||
|
48 SonicPoints
|
|||
|
64 SonicPoints
|
|||
|
96 SonicPoints
|
|||
|
128 SonicPoints
|
|
Note
|
The above table depicts the maximum subnet mask sizes allowed. You can still use class-
full subnetting (class A, class B, or class C) or any variable length subnet mask that you wish on WLAN interfaces. You are encouraged to use a smaller subnet mask (e.g. 24-bit class C - 255.255.255.0 - 254 total usable IPs), thus allocating more IP addressing space to clients if you have the need to support larger numbers of wireless clients.
|
|
Step 5
|
Enter any optional comment text in the
Comment
field. This text is displayed in the Comment
column of the Interface
table.
|
|
Step 6
|
If you want to enable remote management of the SonicWALL security appliance from this
interface, select the supported management protocol(s): HTTP
, HTTPS
, SSH
, Ping
, SNMP
, and/or SSH
.
|
To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created. See “Allowing WAN Primary IP Access from the LAN Zone” for more information.
|
Step 7
|
If you want to allow selected users with limited management rights to log in to the security
appliance, select HTTP
and/or HTTPS
in User Login
.
|
|
Step 8
|
Click
OK
.
|
If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab.
The Ethernet Settings section allows you to manage the Ethernet settings of links connected to the SonicWALL. Auto Negotiate is selected by default as the Link Speed because the Ethernet links automatically negotiate the speed and duplex mode of the Ethernet connection. If you want to specify the forced Ethernet speed and duplex, select one of the following options from the Link Speed menu:
|
Warning
|
If you select a specific Ethernet speed and duplex, you must force the connection speed
and duplex from the Ethernet card to the SonicWALL security appliance as well.
|
You can choose to override the Default MAC Address for the Interface by selecting Override Default MAC Address and entering the MAC address in the field.
Check Enable Multicast Support to allow multicast reception on this interface.
On SonicWALL NSA series appliances, select the Enable 802.1p tagging checkbox to tag information passing through this interface with 802.1p priority information for Quality of Service (QoS) management. Packets sent through this interface are tagged with VLAN id=0 and carry 802.1p priority information. In order to make use of this priority information, devices connected to this interface should support priority frames. QoS management is controlled by access rules on the Firewall > Access Rules page. For information on QoS and bandwidth management, see “Firewall > QoS Mapping (Not Supported on TZ platforms nor the NSA 240)” .
Configuring the WAN interface enables Internet connect connectivity. You can configure up to two WAN interfaces on the SonicWALL security appliance.
|
Step 1
|
Click on the
Edit
icon in the Configure
column for the Interface you want to configure. The Edit Interface
window is displayed. |
|
Step 2
|
If you’re configuring an Unassigned Interface, select
WAN
from the Zone
menu. If you selected the Default WAN
Interface, WAN
is already selected in the Zone
menu.
|
|
Step 3
|
Select one of the following WAN Network Addressing Mode from the
IP Assignment
menu. Depending on the option you choose from the IP Assignment menu, complete the corresponding fields that are displayed after selecting the option.
|
|
•
|
Static
- configures the SonicWALL for a network that uses static IP addresses.
|
|
•
|
DHCP
- configures the SonicWALL to request IP settings from a DHCP server on the Internet. NAT with DHCP Client is a typical network addressing mode for cable and DSL customers.
|
|
•
|
PPPoE
- uses Point to Point Protocol over Ethernet (PPPoE) to connect to the Internet. If desktop software and a username and password is required by your ISP, select NAT with PPPoE. This protocol is typically found when using a DSL modem.
|
|
•
|
PPTP
- uses PPTP (Point to Point Tunneling Protocol) to connect to a remote server. It supports older Microsoft Windows implementations requiring tunneling connectivity.
|
|
•
|
L2TP
- uses IPsec to connect a L2TP (Layer 2 Tunneling Protocol) server and encrypts all data transmitted from the client to the server. However, it does not encrypt network traffic to other destinations.
|
|
Note
|
For Windows clients, L2TP is supported by Windows 2000 and Windows XP. If you are
running other versions of Windows, you must use PPTP as your tunneling protocol.
|
|
Step 4
|
If you want to enable remote management of the SonicWALL security appliance from this
interface, select the supported management protocol(s): HTTP
, HTTPS
, SSH
, Ping
, SNMP
, and/or SSH
. You can also select HTTP
for management traffic. However, bear in mind that HTTP traffic is less secure than HTTPS.
|
To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created. See “Allowing WAN Primary IP Access from the LAN Zone” for more information.
|
Step 5
|
If you want to allow selected users with limited management rights to log directly into the
security appliance from this interface, select HTTP
and/or HTTPS
in User Login
.
|
|
Step 6
|
Check
Add rule to enable redirect from HTTP to HTTPS
, if you want an HTTP connection automatically redirected to a secure HTTPS connection to the SonicWALL security appliance management interface.
|
The Advanced tab includes settings for forcing an Ethernet speed and duplex, overriding the Default MAC address, setting up bandwidth management, and creating a default NAT policy automatically.
If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab. The Ethernet Settings section allows you to manage the Ethernet settings of links connected to the SonicWALL. Auto Negotiate is selected by default as the Link Speed because the Ethernet links automatically negotiate the speed and duplex mode of the Ethernet connection. If you want to specify the forced Ethernet speed and duplex, select one of the following options from the Link Speed menu:
You can choose to override the Default MAC Address for the Interface by selecting Override Default MAC Address and entering the MAC address in the field.
|
Caution
|
If you select a specific Ethernet speed and duplex, you must force the connection speed and
duplex from the Ethernet card to the SonicWALL as well.
|
Check Enable Multicast Support to allow multicast reception on this interface.
On SonicWALL NSA series appliances, check Enable 802.1p tagging to tag information passing through this interface with 802.1p priority information for Quality of Service (QoS) management. Packets sent through this interface are tagged with VLAN id=0 and carry 802.1p priority information. In order to make use of this priority information, devices connected to this interface should support priority frames. QoS management is controlled by access rules on the Firewall > Access Rules page. For information on QoS and bandwidth management, see Bandwidth Management .
You can also specify any of these additional Ethernet Settings :
|
•
|
Interface MTU
- Specifies the largest packet size that the interface can forward without fragmenting the packet.
|
|
•
|
Fragment non-VPN outbound packets larger than this Interface’s MT
U - Specifies all non-VPN outbound packets larger than this Interface’s MTU be fragmented. Specifying the fragmenting of VPN outbound packets is set in the VPN > Advanced
page.
|
|
•
|
Ignore Don’t Fragment (DF) Bit
- Overrides DF bits in packets.
|
|
•
|
Do not send ICMP Fragmentation Needed for outbound packets over the Interface
MTU
- blocks notification that this interface can receive fragmented packets.
|
SonicOS Enhanced can apply bandwidth management to both egress (outbound) and ingress (inbound) traffic on the interfaces in the WAN zone. Outbound bandwidth management is done using Class Based Queuing. Inbound Bandwidth Management is done by implementing ACK delay algorithm that uses TCP’s intrinsic behavior to control the traffic.
Class Based Queuing (CBQ) provides guaranteed and maximum bandwidth Quality of Service (QoS) for the SonicWALL security appliance. Every packet destined to the WAN interface is queued in the corresponding priority queue. The scheduler then dequeues the packets and transmits it on the link depending on the guaranteed bandwidth for the flow and the available link bandwidth.
Use the Bandwidth Management section of the Edit Interface screen to enable or disable the ingress and egress bandwidth management. Egress and Ingress available link bandwidth can be used to configure the upstream and downstream connection speeds in kilobits per second.
|
Note
|
The Bandwidth Management settings are applied to all interfaces in the WAN zone, not just
to the interface being configured.
|
|
•
|
Enable Egress Bandwidth Management
- Enables outbound bandwidth management.
|
|
–
|
Available Interface Egress Bandwidth (Kbps)
- Specifies the available bandwidth for WAN interfaces in Kbps.
|
|
•
|
Enable Ingress Bandwidth Management
- Enables inbound bandwidth management.
|
|
–
|
Available Interface Ingress Bandwidth (Kbps)
- Specifies the available bandwidth for WAN interfaces in Kbps.
|