delete icon in the Flush
or Logout
column.SonicOS Enhanced 5.6 is the most powerful SonicOS operating system for SonicWALL security appliances. This chapter contains the following sections:
SonicOS Enhanced 5.6 and higher releases include the following key features:
|
•
|
Deep Packet Inspection of SSL encrypted data (DPI-SSL)
- Provides the ability to transparently decrypt HTTPS and other SSL-based traffic, scan it for threats and non-threats using SonicWALL's Deep Packet Inspection technology, then re-encrypt (or optionally SSL-offload) the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both client and server deployments. It provides additional security, application control, and data leakage prevention functionality for analyzing encrypted HTTPS and other SSL-based traffic. The following security services and features are capable of utilizing DPI-SSL: Gateway Anti-Virus, Gateway Anti-Spyware, Intrusion Prevention, Content Filtering, Application Firewall, Packet Capture and Packet Mirror. DPI-SSL is initially available on NSA-3500 and above hardware platforms.
|
|
•
|
Dynamic DNS per Interface
- Provides the ability to assign a Dynamic DNS (DDNS) profile to a specific WAN interface. This allows administrators who are configuring multiple WAN load balancing to advertise a predictable IP address to the DDNS service.
|
|
•
|
Increased UTM Connection Support
- Provides the ability to increases the number of simultaneous connections on which SonicWALL security appliances can apply Unified Threat Management (UTM) services (Application Firewall, Anti-Spyware, Gateway Anti-Virus, and IPS engine). This feature is intended for high-end (E-Class) customers who have a need to support a large number of concurrent connections. (Note: There is a slight performance decrease when this option is enabled.)
|
|
•
|
FairNet for SonicPoint-N
- Provides the ability to create policies that equally distribute bandwidth for all wireless users connected to a SonicPoint-N.
|
|
•
|
MAC-IP Anti-Spoof Detection and Prevention
- Provides additional protection against MAC address and IP address based spoofing attacks (such as Man-in-the-Middle attacks) through configurable Layer 2 and Layer 3 admission control.
|
|
•
|
Packet Mirroring
- Provides the ability to capture copies of specified network packets from other ports. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Customers can now gather data from one of the other ports on a SonicWALL to look for threats and vulnerabilities and help aid with diagnostics and troubleshooting.
|
|
•
|
Route-based VPN with Dynamic Routing Support
- Extends support for advanced routing (either OSPF or RIP) to VPN networks. This can be used to simplify complex VPN deployments by enabling dynamic routing to determine the best path traffic should take over a VPN tunnel.
|
|
•
|
Signature Download through a Proxy Server
- Provides the ability for SonicWALL security appliances that operate in networks where they must access the Internet through a proxy server to download signatures. This feature also allows for registration of SonicWALL security appliances through a proxy server without compromising privacy.
|
|
•
|
Single Sign-on for Terminal Services and Citrix
- Provides support for transparent authentication of users running Terminal Services or Citrix. This transparent authentication enables Application Firewall and CFS policy enforcement in Terminal Services and Citrix environments.
|
|
•
|
SSL-VPN Enhancements
- SonicOS Enhanced 5.6.0.0 provides a number of SSL-VPN enhancements:
|
|
–
|
Bookmarks for SSH and RDP
- Provides support for users to create bookmarks on the SSL -VPN Virtual Office to access systems using SSH, RDP, VNC, and telnet services.
|
|
–
|
Granular User Controls
- Provides network administrators with the ability to configure different levels of policy access for NetExtender users based on user ID.
|
|
–
|
One-Time Password
- Provides additional security by requiring users to enter a randomly generated, single-use password in addition to the standard user name and password credentials.
|
|
–
|
Virtual Assist
- A provides a remote assistance tool to SonicWALL security appliance users. SonicWALL Virtual Assist is a thin client remote support tool provisioned via a Web browser that enables a technician to assume control of a customer's PC or laptop for the purpose of providing remote technical assistance. Note: The SonicOS Virtual Assist client is currently not supported on Windows 7 and Windows Vista platforms.
|
|
•
|
Virtual Access Points for SonicWALL TZ Wireless Platforms
- The SonicWALL TZ 100w, TZ 200w and TZ 210w platforms now support Virtual Access Points (VAPs). VAPs enable users to segment different wireless groups by creating logical segmentation on a single wireless radio.
|
|
•
|
Wireless Bridging for SonicWALL TZ Wireless Platform
s - The SonicWALL TZ 100w, TZ 200w and TZ 210w platforms now support Wireless Bridging, which provides the ability to extend a single wireless network across multiple SonicWALL wireless security appliances.
|
SonicOS Enhanced 5.5 and higher releases include the following key features:
|
•
|
Wireless Layer 2 Bridge Mode
- Security and ease of use continue to integrate with the addition of Layer 2 bridging between wired and wireless network segments. Wireless clients can now share the same subnet and DHCP pool as their wired counterparts.
|
|
•
|
Guest Services for Wired Clients
- SonicWALL User Guest Services has long provided network administrators with an easy solution for creating wireless guest passes and locked-down Internet-only network access. With SonicOS 5.5, this functionality can be extended to wired users on the LAN, DMZ, or public/semi-public zone of your choice.
|
SonicOS Enhanced 5.4 and higher releases include the following key features:
|
•
|
Anti-Spam
- SonicOS Enhanced 5.4 provides support for the anti-spam and anti-phishing capabilities that are available in SonicWALL Email Security.
|
SonicOS Enhanced 5.3 and higher releases include the following key features:
|
•
|
3G Support for Wireless WAN
- SonicOS Enhanced 5.3 expands support for WAN over 3G (Third Generation) cellular connections.
|
SonicOS Enhanced 5.2 and higher releases include the following key features:
|
•
|
Apple Bonjour Support
- SonicOS Enhanced 5.2 introduces support for Apple's Bonjour protocol (also known as Rendevous or zero-configuration networking). Bonjour enables automatic discovery of computers, devices, and services on IP networks without the need to enter IP addresses or configure DNS servers.
|
|
•
|
Apple iPhone Support
- SonicOS Enhanced 5.2 supports L2TP termination from the Apple iPhone.
|
|
•
|
Content Filtering Enhancements
- The following enhancements have been added to SonicWALL Content Filtering Service (CFS):
|
|
–
|
CFS Policy per IP Address
- Appliances with SonicWALL CFS Premium can now assign specific CFS policies to ranges of IP address ranges. This provides the ability to segment CFS policies within a single zone.
|
|
–
|
Fully Customizable Block Page
- The web page that is displayed when a user attempts to access a blocked site can now be fully customized. This enables organizations to brand the block page and display any organization-specific information.
|
|
–
|
Safe Search Enforcement
- Safe Search Enforcement allows you to force Web search sites like Google and Yahoo that have content restriction options always to use their strictest settings.
|
|
•
|
New Firmware Auto-Update
- Firmware Auto-Update helps ensure that your SonicWALL security appliance has the latest firmware release. This feature automatically notifies the administrator when a new firmware release is available, and it can optionally download it automatically.
|
|
•
|
Outbound Inspection for Gateway Anti-Virus
- The SonicWALL Gateway Anti-Virus security service now provides outbound inspection for HTTP, FTP, and TCP traffic.
|
|
•
|
SonicPoint 802.11n Support
- SonicOS Enhanced 5.2 supports the new SonicPoint-N, which provides next-generation 802.11n wireless network connectivity.
|
|
•
|
SonicWALL SSL VPN NetExtender Support
- SonicOS Enhanced 5.2 provides support for SonicWALL's SSL VPN NetExtender, which was previously available only on the SonicWALL SSL VPN platforms. SonicWALL NetExtender is a transparent software application for users that enables remote users to securely connect to the remote network.
|
|
•
|
Support Services Page
- The new Support Services page displays a summary of the current status of support services for the SonicWALL security appliance. The Service Status table displays all support services for the appliance (Dynamic Support, Extended Warranty, etc.), their current status, and their expiration date.
|
SonicOS Enhanced 5.1 and higher releases include the following key features:
|
•
|
Strong SSL and TLS Encryption
- The internal SonicWALL Web server now only supports SSL version 3.0 and TLS with strong ciphers (128-bits or greater) when negotiating HTTPS management sessions. SSL implementations prior to version 3.0 and weak ciphers (symmetric ciphers less than 128-bits) are not supported. This heightened level of HTTPS security protects against potential SSLv2 rollback vulnerabilities and ensures compliance with the Payment Card Industry (PCI) and other security and risk-management standards.
|
|
Tip
|
By default, Mozilla Firefox 2.0 and Microsoft Internet Explorer 7.0 enable SSL 3.0 and TLS,
and disable SSL 2.0. SonicWALL recommends using these most recent Web browser releases. If you are using a previous release of these browsers, you should enable SSL 3.0 and TLS and disable SSL 2.0. In Internet Explorer, go to Tools > Internet Options
, click on the Advanced
tab, and scroll to the bottom of the Settings
menu. In Firefox, go to Tools >
Options
, click on the Advanced
tab, and then click on the Encryption
tab.
|
|
•
|
Single Sign-On User Authentication
- Single Sign-On User Authentication provides privileged access to multiple network resources with a single workstation login. Single Sign-On uses the SonicWALL SSO Agent to identify user activity based on workstation IP addresses. Access to resources is based on policy for the group to which the user belongs.
|
|
•
|
Stateful High Availability
- Stateful High Availability provides improved failover performance. With Stateful High Availability, the primary and backup security appliances are continuously synchronized so that the backup can seamlessly assume all network responsibilities if the primary appliance fails, with no interruptions to existing network connections. Once the primary and backup appliances have been associated as a high availability pair on mysonicwall.com, you can enable this feature by selecting Enable Stateful Synchronization in the High Availability > Advanced
page.
|
|
•
|
Application Firewall
- Application Firewall provides a way to create application-specific policies to regulate Web browsing, file transfer, email, and email attachments. Application Firewall enables application layer bandwidth management, and also allows you to create custom policies for any protocol. It gives you granular control over network traffic on the level of users, email users, and IP subnets.
|
|
•
|
HTTPS Filtering
- HTTPS Filtering allows administrators to control user access to Web sites when using the encrypted HTTPS protocol. HTTPS Filtering is based on the ratings of Web sites, such as Gambling, Online Banking, Online Brokerage and Trading, Shopping, and Hacking/Proxy Avoidance.
|
|
Note
|
HTTPS Filtering is IP-based, so IP addresses must be used rather than domain
names in the Allowed or Forbidden lists. You can use the nslookup
command in a DOS cmd window to convert a domain name to its IP address(es). There may be more than one IP address associated with a domain, and if so, all must be added to the Allowed or Forbidden list.
|
|
•
|
SSL Control
- SSL Control is a system that provides visibility into the handshake of Secure Socket Layer (SSL) sessions, and a method for configuring policies to control the establishment of SSL sessions.
|
|
•
|
Certificate Blocking
- The certificate blocking feature provides a way to specify which HTTPS certificates to block. This feature is closely integrated with SSL Control.
|
|
•
|
Inbound NAT Load Balancing with Server Monitoring
- Inbound NAT Load Balancing with Server Monitoring detects when a server is unavailable and stops forwarding requests to it. Inbound NAT Load Balancing spreads the load across two or more servers. When Stateful High Availability (Stateful High Availability) is configured, during a failover, SonicOS forwards all requests to the alternate server(s) until it detects that the offline server is back online. Inbound NAT Load Balancing also works with SonicWALL SSL VPN appliances.
|
|
•
|
Security Dashboard Web Page
- The Security Dashboard page in the user interface displays a summary of threats stopped by the SonicWALL security appliance. The Security Dashboard shows two types of reports:
|
|
–
|
A Global Report that displays a summary of threat data received from all SonicWALL
security appliances worldwide.
|
|
–
|
An Individual Appliance Report that displays a summary of attacks detected by the local
SonicWALL security appliance.
|
|
•
|
Registration & License Wizard
- As part of the new Security Dashboard, SonicOS Enhanced provides a License Wizard for both firewall registration and the purchase of security service licenses. The available security services are the same as those that enable Global Reports by providing threat data from SonicWALL devices around the world.
|
|
•
|
Multiple SSH Support
- SonicOS Enhanced provides support for multiple concurrent SSH sessions on the SonicWALL security appliance. When connected over SSH, you can run command line interface (CLI) commands to monitor and manage the device. The number of concurrent SSH sessions is determined by device capacity. Note that only one session at a time can configure the SonicWALL, whether the session is on the GUI or the CLI (SSH or serial console). For instance, if a CLI session goes to the config level, it will ask you if you want to preempt an administrator who is at config level in the GUI or an SSH session.
|
|
•
|
Multiple and Read-only Administrator Login
- Multiple Administrator Login provides a way for multiple users to be given administration rights, either full or read-only, for the SonicOS security appliance. Additionally, SonicOS Enhanced allows multiple users to concurrently manage the appliance, but only one user at a time can be in config mode with the ability to change configuration settings. This feature applies to both the graphical user interface (GUI) and the command line interface (CLI).
|
|
•
|
IP-Based Connection Limit
- SonicOS Enhanced provides a way to limit the number of connections on a per-source or per-destination IP address basis. This feature protects against worms on the LAN side that initiate large numbers of connections in denial of service attacks.
|
|
•
|
IKEv2 Secondary Gateway Support
- IKEv2 Secondary Gateway Support provides a way to configure a secondary VPN gateway to act as an alternative tunnel end-point if the primary gateway becomes unreachable. While using the secondary gateway, SonicOS can periodically check for availability of the primary gateway and revert to it, if configured to do so. Configuration for the secondary VPN gateway is available under VPN > Settings > Add
Policy
in the management interface.
|
|
•
|
IKEv2 Dynamic Client Support
- IKEv2 Dynamic Client Support provides a way to configure the Internet Key Exchange (IKE) attributes rather than using the default settings. Previously, only the default settings were supported: Diffie-Hellman (DH) Group 2, the 3DES encryption algorithm, and the SHA1 authentication method. SonicOS now allows the following IKE Proposal settings:
|
These settings are available by pressing the Configure button in the VPN > Advanced screen of the management interface. However, if a VPN Policy with IKEv2 exchange mode and a 0.0.0.0 IPsec gateway is defined, you cannot configure these IKE Proposal settings on an individual policy basis.
|
•
|
Wireless IDS Rogue Detection
- SonicOS Enhanced supports wireless intrusion detection on SonicPoint devices. Wireless IDS Rogue Detection allows you to configure a set of authorized access points, defined by address object groups. If contact is attempted from an unauthorized access point, SonicOS generates an alert.
|
|
•
|
RF Management
- Radio Frequency Management on SonicPoint devices provides detection of eleven types of wireless threats:
|
|
•
|
SMTP Authentication
- SonicOS Enhanced supports RFC 2554, which defines an SMTP service extension that allows the SMTP client to indicate an authentication method to the server, perform an authentication protocol exchange, and optionally negotiate a security layer for subsequent protocol interactions. This feature helps prevent viruses that attack the SMTP server on port 25.
|
|
•
|
Generic DHCP Option Support
- SonicOS Enhanced supports generic DHCP configuration, which allows vendor-specific DHCP options in DHCP server leases.
|
|
•
|
DHCP Server Lease Cross-Reboot Persistence
- DHCP Server Lease Cross-Reboot Persistence provides the ability to record and return to DHCP server lease bindings across power cycles. The SonicWALL security appliance does not have to depend on dynamic network responses to regain its IP address after a reboot or power cycle.
|
|
•
|
Custom IP Type Service Objects
- SonicOS Enhanced supports Custom IP Type Service Objects, allowing administrators to augment the predefined set of Service Objects.
|
|
•
|
Dynamic Address Objects
- SonicOS Enhanced supports two changes to Address Objects:
|
|
–
|
MAC
- SonicOS Enhanced will resolve MAC AOs to an IP address by referring to the ARP cache on the SonicWALL.
|
|
–
|
FQDN
- Fully Qualified Domain Names (FQDN), such as ‘www.sonicwall.com’, will be resolved to their IP address (or IP addresses) using the DNS server configured on the SonicWALL. Wildcard entries are supported through the gleaning of responses to queries sent to the sanctioned DNS servers.
|
|
•
|
Virtual Access Points
- A “Virtual Access Point” (VAP) is a multiplexed instantiation of a single physical Access Point (AP) so that it presents itself as multiple discrete Access Points. To wireless LAN clients, each Virtual AP appears to be an independent physical AP, when there is actually only a single physical AP. Before Virtual AP feature support, wireless networks were relegated to a One-to-One relationship between physical Access Points and wireless network security characteristics, such as authentication and encryption. For example, an Access Point providing WPA-PSK security could not simultaneously offer Open or WPA-EAP connectivity to clients. If Open or WPA-EAP were required, they would need to have been provided by a separate, distinctly configured APs. This forced WLAN network administrators to find a solution to scale their existing wireless LAN infrastructure to provide differentiated levels of service. With the Virtual APs (VAP) feature, multiple VAPs can exist within a single physical AP in compliance with the IEEE 802.11 standard for the media access control (MAC) protocol layer that includes a unique Basic Service Set Identifier (BSSID) and Service Set Identified (SSID). This allows segmenting wireless network services within a single radio frequency footprint of a single physical access point device.
|
VAPs allow the network administrator to control wireless user access and security settings by setting up multiple custom configurations on a single physical interface. Each of these custom configurations acts as a separate (virtual) access point, and can be grouped and enforced on single or multiple physical SonicPoint access points simultaneously. You can configure up to eight VAPs per SonicPoint access point.
|
•
|
Layer 2 Bridge Mode
- SonicOS Enhanced supports Layer 2 (L2) Bridge Mode, a new method of unobtrusively integrating a SonicWALL security appliance into any Ethernet network. L2 Bridge Mode is similar to the SonicOS Enhanced Transparent Mode in that it enables a SonicWALL security appliance to share a common subnet across two interfaces, and to perform stateful and deep-packet inspection on all traversing IP traffic, but it is functionally more versatile.
|
L2 Bridge Mode employs a secure learning bridge architecture, enabling it to pass and inspect traffic types that cannot be handled by many other methods of transparent security appliance integration. Using L2 Bridge Mode, a SonicWALL security appliance can be non-disruptively added to any Ethernet network to provide in-line deep-packet inspection for all traversing IPv4 TCP and UDP traffic. Unlike other transparent solutions, L2 Bridge Mode can pass all traffic types, including IEEE 802.1Q VLANs, Spanning Tree Protocol, multicast, broadcast, and IPv6, ensuring that all network communications will continue uninterrupted.
L2 Bridge Mode provides an ideal solution for networks that already have an existing firewall, and do not have immediate plans to replace their existing firewall but wish to add the security of SonicWALL Unified Threat Management (UTM) deep-packet inspection, such as Intrusion Prevention Services, Gateway Anti-Virus, and Gateway Anti Spyware.
The following feature enhancements are included in SonicOS Enhanced 5.0 and higher:
|
•
|
Enhanced Packet Capture
- Enhanced Packet Capture contains improvements in both functionality and flexibility, including the following:
|
|
–
|
Three-window output in the user interface that provides the packet list, decoded output
of selected packet, and hexadecimal dump of selected packet
|
|
•
|
User Authentication
- There are a number of enhancements to user authentication, including optional case-sensitive user names, optional enforcement of unique login names, support for MSCHAP version 2, and support for VPN and L2TP clients changing expired passwords (when that is supported by the back-end authentication server and protocols used). Note that for this purpose there is a new setting on the VPN > Advanced
page to cause RADIUS to be used in MSCHAP mode when authenticating VPN client users.
|
|
•
|
IP Helper Scalability
- The IP Helper architecture is enhanced to support large networks. Improvements include changes to DHCP relay and Net-BIOS functionality. DHCP relay over VPN is now fully integrated.
|
|
•
|
Diagnostics Page Tool Tips
- Self-documenting mouseover descriptions are provided for diagnostic controls in the graphical user interface.
|
|
•
|
BWM Rate Limiting
- The Bandwidth Management feature is enhanced to provide rate limiting functionality. You can now create traffic policies that specify maximum rates for Layer 2, 3, or 4 network traffic. This enables bandwidth management in cases where the primary WAN link fails over to a secondary connection that cannot handle as much traffic.
|
|
•
|
DHCP Client Reboot Behavior Control
- In SonicOS Enhanced 5.0 and higher, you can configure the WAN DHCP client to perform a DHCP RENEW or a DHCP DISCOVERY query when attempting to obtain a lease. The previous behavior was to always perform a RENEW, which caused lease failures on some networks, particularly certain cable modem service providers. The new behavior it to perform a DISCOVERY, but it is configurable. A checkbox has been added to the Network > Interfaces > WAN >DHCP Client
page:
|
|
–
|
Enabled
: when the appliance reboots, the DHCP client performs a DHCP RENEW query.
|
|
–
|
Disabled
: (Default) when the appliance reboots, the DHCP client performs a DHCP DISCOVERY query.
|
|
•
|
Dynamic Route Metric Recalculation Based on Interface Availability
- To better support redundant or multiple path Advanced Routing configurations, when a default-route's interface is unavailable (due to no-link or negative WAN LB probe response), that default route's metric will be changed to 255, and the route will be instantly disabled. When a default-route's interface is again determined to be available, its metric will be changed back to 20, and the route will be non-disruptively enabled.
|
The SonicWALL security appliance’s Web-based management interface provides an easy-to- use graphical interface for configuring your SonicWALL security appliance. The following sections provide an overview of the key management interface objects:
SonicOS Enhanced 5.0 introduced a new Dynamic User Interface. Table statistics and log
entries now dynamically update within the user interface without requiring users to reload their browsers. Active connections, user sessions, VoIP calls, and similar activities can be disconnected or flushed dynamically with a single click on the delete icon in the Flush
or Logout
column.
This lightweight dynamic interface is designed to have no impact on the SonicWALL Web server, CPU utilization, bandwidth or other performance factors. You can leave your browser window on a dynamically updating page indefinitely with no impact to the performance of your SonicWALL security appliance.
Navigating the SonicWALL management interface includes a hierarchy of menu buttons on the navigation bar (left side of your browser window). When you click a menu button, related management functions are displayed as submenu items in the navigation bar.
The left navigation bar now expands and contracts dynamically when clicked on without automatically navigating to a sub-folder page. When you click on a top-level heading in the left navigation bar, it automatically expands that heading and contracts the heading for the page you are currently on, but it doesn’t not navigate away from your current page. To navigate to a new page, you first click on the heading, and then click on the sub-folder page you want. This eliminates the delay and redundant page loading that occurred in previous versions of SonicOS when clicking on a heading automatically loaded the first sub-folder page.
If the navigation bar continues below the bottom of your browser, an 
up-and-down arrow
symbol appears in the bottom right corner of the navigation bar. Mouse over the up or down arrow to scroll the navigation bar up or down.
The following describe the functions of common icons used in the SonicWALL management interface:
|
•
|
Moving the pointer over the comment
 icon displays text from a
Comment
field entry. |
The Status bar at the bottom of the management interface window displays the status of actions executed in the SonicWALL management interface.
Click the Accept button at the top right corner of the SonicWALL management interface to save any configuration changes you made on the page.
If the settings are contained in a secondary window within the management interface, when you click OK , the settings are automatically applied to the SonicWALL security appliance.
SonicOS Enhanced 5.0 introduced embedded tool tips for many elements in the SonicOS UI. These Tooltips are small pop-up windows that are displayed when you hover your mouse over a UI element. They provide brief information describing the element. Tooltips are displayed for many forms, buttons, table headings and entries.
|
Note
|
Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse
over an element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip.
|
When applicable, Tooltips display the minimum, maximum, and default values for form entries. These entries are generated directly from the SonicOS firmware, so the values will be correct for the specific platform and firmware combination you are using.
The behavior of the Tooltips can be configured on the System > Administration page.
Tooltips are enabled by default. To disable Tooltips, uncheck the Enable Tooltip checkbox. The duration of time before Tooltips display can be configured:
|
•
|
Form Tooltip Delay
- Duration in milliseconds before Tooltips display for forms (boxes
where you enter text).
|
|
•
|
Button Tooltip Delay
- Duration in milliseconds before Tooltips display for radio buttons
and checkboxes.
|
|
•
|
Text Tooltip Delay
- Duration in milliseconds before Tooltips display for UI text.
|
In the SonicOS dynamic user interface, table statistics and log entries now dynamically update within the user interface without requiring users to reload their browsers.You can navigate tables in the management interface with large number of entries by using the navigation buttons located on the upper right top corner of the table.
The table navigation bar includes buttons for moving through table pages.
A number of tables now include an option to specify the number of items displayed per page.
Active connections, user sessions, VoIP calls, and similar activities can be disconnected or
flushed dynamically with a single click on the delete icon in the Flush
or Logout
column.
Several tables include a new table statistics icon 
that displays a brief, dynamically
updating summary of information for that table entry. Tables with the new statistics icon include:
|
•
|
NAT policies on the
Network > NAT Policies
page
|
|
•
|
Access rules on the
Firewall > Access Rules
page
|
Several tables include a tooltip that displays the maximum number of entries that the SonicWALL security appliance supports. For example, the following image shows the maximum number of address groups the appliance supports.
Tables that display the maximum entry tooltip include NAT policies, access rules, address objects, and address groups.
Each SonicWALL security appliance includes Web-based online help available from the management interface.Clicking the question mark ? button on the top-right corner of every page accesses the context-sensitive help for the page.
The Logout button at the bottom of the menu bar terminates the management interface session and displays the authentication page for logging into the SonicWALL security appliance.
icon displays a window for editing the settings.