Web Management Settings

If you wish to use HTTP management, an Allow management via HTTP checkbox is available to allow you to enable/disable HTTP management globally.

The default port for HTTPS management is 443. You can add another layer of security for logging into the SonicWALL security appliance by changing the default port. To configure another port for HTTPS management, type the preferred port number into the Port field, and click Update. For example, if you configure the HTTPS Management Port to be 700, then you must log into the SonicWALL using the port number as well as the IP address, for example, <https://192.168.168.1:700> to access the SonicWALL.

The default port for HTTP is port 80, but you can configure access through another port. Type the number of the desired port in the Port field, and click Accept. However, if you configure another port for HTTP management, you must include the port number when you use the IP address to log into the SonicWALL security appliance. For example, if you configure the port to be 76, then you must type <LAN IP Address>:76 into the Web browser, i.e. <http://192.168.168.1:76>.

The Certificate Selection menu allows you to use a self-signed certificate (Use Self-signed Certificate), which allows you to continue using a certificate without downloading a new one each time you log into the SonicWALL security appliance. You can also choose Import Certificate to select an imported certificate from the System > Certificates page to use for authentication to the management interface.

The Delete Cookies button removes all browser cookies saved by the SonicWALL appliance. Deleting cookies will cause you to lose any unsaved changes made in the Management interface.

To see the Dashboard > Threat Reports page first when you login, select the Use System Dashboard View as starting page checkbox.

On the System > Administration page, under Web Management Settings, you can enable a Client Certificate Check for use with or without a Common Access Card (CAC).

A Common Access Card (CAC) is a United States Department of Defense (DoD) smart card used by military personnel and other government and non-government personnel that require highly secure access over the internet. A CAC uses PKI authentication and encryption.

	NOTE: Using a CAC requires an external card reader that is connected on a USB port.

The Client Certificate Check was developed for use with a CAC; however, it is useful in any scenario that requires a client certificate on an HTTPS/SSL connection. CAC support is available for client certification only on HTTPS connections.

	NOTE: CACs may not work with browsers other than Microsoft Internet Explorer.

The Enable Client Certificate Check box allows you to enable or disable client certificate checking and CAC support on the SonicWALL security appliance.

The Client Certificate Issuer drop-down menu contains a list of the Certification Authority (CA) certificate issuers that are available to sign the client certificate. If the appropriate CA is not in the list, you need to import that CA into the SonicWALL security appliance.

The Enable OCSP Checking box allows you to enable or disable the Online Certificate Status Protocol (OCSP) check for the client certificate to verify that the certificate is still valid and has not been revoked.

The OCSP Responder URL field contains the URL of the server that will verify the status of the client certificate. The OCSP Responder URL is usually embedded inside the client certificate and does not need to be entered. If the client certificate does not have an OCSP link, you can enter the URL link. The link should point to the Common Gateway Interface (CGI) on the server side which processes the OCSP checking. For example: http://10.103.63.251/ocsp

If you use the client certificate check without a CAC, you must manually import the client certificate into the browser.

If you use the Client Certificate Check with a CAC, the client certificate is automatically installed on the browser by middleware. When you begin a management session through HTTPS, the certificate selection window is displayed asking you to confirm the certificate.

After you select the client certificate from the drop-down menu, the HTTPS/SSL connection is resumed, and the SonicWALL security appliance checks the Client Certificate Issuer to verify that the client certificate is signed by the CA. If a match is found, the administrator login page is displayed. If no match is found, the browser displays a standard browser connection fail message, such as:

If OCSP is enabled, before the administrator login page is displayed, the browser performs an OCSP check and displays the following message while it is checking.

If a match is found, the administrator login page is displayed, and you can use your administrator credentials to continue managing the SonicWALL security appliance.

If no match is found, the browser displays the following message:

When using the client certificate feature, these situations can lock the user out of the SonicWALL security appliance:

•

Enable Client Certificate Check is checked, but no client certificate is installed on the browser.

•

Enable Client Certificate Check is checked and a client certificate is installed on the browser, but either no Client Certificate Issuer is selected or the wrong Client Certificate Issuer is selected.

•

Enable OSCP Checking is enabled, but either the OSCP server is not available or a network problem is preventing the SonicWALL security appliance from accessing the OSCP server.

To restore access to a user that is locked out, the following CLI commands are provided:

The Dell SonicWALL Management Interface allows you to control the display of large tables of information across all tables in the management Interface. You can change the default table page size in all tables displayed in the Management Interface from the default 50 items per page to any size ranging from 1 to 5,000 items. Some tables, including Active Connections Monitor, VPN Settings, and Log View, have individual settings for items per page which are initialized at login to the value configured here. Once these pages are viewed, their individual settings are maintained. Subsequent changes made here will only affect these pages following a new login.

SonicOS introduced embedded tool tips for many elements in the SonicOS UI. These Tooltips are small pop-up windows that are displayed when you hover your mouse over a UI element. They provide brief information describing the element. Tooltips are displayed for many forms, buttons, table headings and entries.

	NOTE: Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse over an element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip.

When applicable, Tooltips display the minimum, maximum, and default values for form entries. These entries are generated directly from the SonicOS firmware, so the values will be correct for the specific platform and firmware combination you are using.

Tooltips are enabled by default. To disable Tooltips, clear the Enable Tooltip checkbox. You can configure the duration of time before Tooltips display:

•

Form Tooltip Delay - Duration in milliseconds before Tooltips display for forms (boxes where you enter text). The default is 2000 ms.

•

Button Tooltip Delay - Duration in milliseconds before Tooltips display for radio buttons and checkboxes. The default is 3000 ms.

•

Text Tooltip Delay - Duration in milliseconds before Tooltips display for UI text. The default is 500 ms.