|
NOTE: This Initial Startup Guide (wizard) appears only when you first activate your TZ series appliance. After you have initially set up your appliance through the Startup Guide, the regular Setup Wizard (Guide) appears when you click Wizards in the upper right corner of the SonicOS management interface.
|
You can move backwards and forwards through the dialogs by clicking the Back 
and Next 
keys respectively. As you complete steps and progress through the Setup Guide, the color of the completed dialog title changes color and a checkmark appears.
You can exit the guide at any time by clicking the Exit Guide 
button. If you exit before completing the configuration, a dialog displays requesting confirmation of exiting without saving any settings:
Click OK to exit the wizard, No to continue the configuration.
|
2
|
Click the link in To launch the Dell SonicWAlL Setup Wizard, click here. The Welcome dialog displays.
|
|
3
|
|
IMPORTANT: Each appliance comes with a default username of admin and a default password of password. You cannot change the default username, but it is highly recommended that you change the password.
If the Old Password field is not dimmed, you need to enter password in it. |
|
4
|
Enter your password in the New Password field and again in the Confirm Password field. The password can be up to 32 characters.
|
|
5
|
When the IP configuration of the DHCP server is detected, the Setup Guide populates the IP Configuration dialog with the IP information and displays the dialog.
|
NOTE: If you have not connected your appliance to a WAN interface, the following message displays. Click OK. The IP Configuration – Manual Configuration dialog displays so you can configure the interface manually; see Configuring the WAN Interface Manually .
|
|
NOTE: If you want to customize the WAN settings, click the Manual Config button. The IP Configuration – Manual Configuration dialog displays. For the manual configuration procedure, see Configuring the WAN Interface Manually .
|
|
6
|
You now have internet access and basic settings for your appliance.
|
7
|
Click Done. A message displays saying you are being connected to a secure login page before the login page displays.
|
You can continue configuring your appliance by clicking Wizards in the upper right corner of the SonicOS management interface. A good place to start is the Setup Guide, which is different from the Initial Setup Guide.
If you have not set up a WAN interface or want to customize the settings and clicked Manual Config, the IP Configuration – Manual Configuration dialog displays.
|
1
|
Optionally, click the Retry button.
|
|
•
|
Static (default) – Use a Static IP address or a range of IP addresses for router-based connections. An IP address is a number that identifies each device on your network. An IP address consists of four numbers, separated by periods, ranging from 0 to 254 in value. Examples of IP addresses are 192.168.168.1, 10.0.0.1, or 216.217.36.130.
|
|
•
|
PPPoE – Use PPPoE for ISP client authentication software with DSL connections. Point-to-Point Protocol over Ethernet (PPPoE) is a widely-deployed solution to manage DSL and cable broadband services. PPPoE requires user name and password authentication to connect to the Internet.
|
|
•
|
PPTP – Use PPTP for encrypted VPN connections. Point-to-Point Tunneling Protocol (PPTP) is used to tunnel Point to Point Protocol (PPP) through an IP network. PPTP requires Server IP address, user name and password authentication to connect to the Internet.
|
|
1
|
Enter the WAN IP address in the WAN IP Address field.
|
|
2
|
Enter the WAN subnet mask in the WAN Subnet Mask field.
|
|
3
|
Enter the router address in the Gateway (Router) Address field.
|
|
4
|
Enter the DNS server address in the DNS Server Address field.
|
|
5
|
Optionally, enter a second DNS server address in the DNS Server Address #2 (optional) field.
|
|
2
|
Enter the PPPoE user name in the PPPoE User Name field.
|
|
3
|
Enter the PPPoE password in the PPPoE Password field.
|
|
4
|
Optionally, if the user is to be disconnected after a certain period of activity, select the Inactivity Disconnect (minutes) checkbox; the field becomes active.
|
|
1
|
Enter the PPTP server IP address in the PPTP Server IP Address field.
|
|
2
|
Enter the PPTP user name in the PPTP User Name field.
|
|
3
|
Enter the PPTP password in the PPTP Password field.
|
|
•
|
Obtain an IP Address Automatically – the following fields become dimmed.
|
|
2
|
Enter the WAN IP address in the WAN IP Address field.
|
|
3
|
Enter the WAN subnet mask in the WAN Subnet Mask field.
|
|
4
|
Enter the router address in the Gateway (Router) Address field.
|
|
NOTE: The TZ Series and SOHO W Setup Guide is not the same as the Initial TZ and SOHO W Setup Guide.
|
The TZ Series and SOHO W Setup Guide helps you configure the following settings:
|
1
|
Click Wizard on the top-right corner of the SonicOS management interface.
|
The Welcome page displays.
|
2
|
Select the Setup Wizard (default).
|
|
3
|
Click Next. If you have a:
|
|
•
|
|
•
|
Wired appliance, the Change Administrator Password page displays; see Change Administrator Password .
|
|
TIP: Clicking on the names of the scenarios displays a graphic of a typical deployment. For example, clicking on No Wireless displays:
|
|
•
|
No Wireless (default) – The wireless radio is turned off.
|
|
•
|
Office Gateway – Provides secure access for both wired and wireless users.
|
|
•
|
Wireless Client Bridge – Operates in Wireless Client Bridge mode to securely bridge two networks.
|
|
•
|
Secure or Open Access Point – Adds secure wireless access to an existing wired network.
|
|
2
|
|
IMPORTANT: Each appliance comes with a default username of admin and a default password of password. You cannot change the default username, but it is highly recommended that you change the password.
|
|
1
|
Enter the old password in the Old Password field.
|
|
2
|
|
3
|
|
4
|
Select the appropriate Time Zone from the Time Zone drop-down menu. The SonicWALL’s internal clock is set automatically to the correct time for this time zone by a Network Time Server on the Internet.
|
|
5
|
Optionally, select Automatically adjust clock for daylight savings time. This is selected by default.
|
|
6
|
Click Next.
|
|
•
|
TZ Series wireless appliance, the Configure 3G/4G page displays. To to 3G/4G Modem > Configure 3G/4G .
|
|
•
|
No Wireless, the Configure Modular Device Type page displays. Go to 3G/4G Modem > Configure Modular Device Type
|
|
•
|
Office Gateway or Secure or Open Access Point, the page that displays depends on your appliance:
|
|
•
|
SOHO W appliance, the Configure Modular Device Type page displays. Go to 3G/4G Modem > Configure Modular Device Type
|
|
•
|
|
•
|
|
8
|
Select a device type from the Device Type drop-down menu:
|
|
•
|
None (default)
|
|
9
|
Click Next. The page that displays next depends on your device type selection:
|
|
•
|
|
•
|
|
•
|
|
•
|
For primary or backup internet connectivity, select Yes – I will use 3G/4G for primary or backup internet connectivity. This is the default.
|
|
•
|
If the device is not used at this time, select No – I will not use 3G/4G at this time.
|
|
2
|
Click Next.
|
|
•
|
|
•
|
Yes – The 3G/4G Modem > WAN Failover 3G/4G/Modem Connection page displays. Go to 3G/4G Modem > WAN Failover 3G/4G/Modem Connection (page 1) .
|
|
NOTE: For TZ Series wireless appliances, this page is titled WAN Failover 3G/4G Connection, but otherwise it is the same.
|
|
1
|
Select your country from the Country drop-down menu.
|
|
2
|
Select your service provider from the Service Provider drop-down menu. Options depend on the Country you selected.
|
|
3
|
Select your plan type from the Plan Type drop-down menu. Options depend on the Service Provider you selected.
|
|
4
|
Click Next. If you have a:
|
|
•
|
TZ wired or SOHO W wireless appliance, the second WAN Failover 3G/4G/Modem Connection page displays with the options populated according to your choices for country, service provider, and plan type
|
|
•
|
TZ wireless appliance, the WAN Failover 3G/4G Connection page displays; except for the name, this is the same as the WAN Failover 3G/4G/Modem Connection page
|
|
NOTE: If you selected Other for Country, Plan Type or Service Provider, the second page is not populated with information and you must enter the required information. Go to 3G/4G Modem > WAN Failover 3G/4G/Modem Connection (page 2—Other Country) .
|
|
7
|
|
1
|
If you selected Other for Country, Service Provider, or Plan Type, the second page is not populated with information, and you must provide the required information:
|
|
•
|
Profile Name – Enter a friendly name for the profile in this field; the default is My Connection Profile.
|
|
•
|
Connection Type – Select the connection type from the drop-down menu.
|
|
•
|
Dialed Number – Enter the dialup number the appliance uses to connect to the internet in this field.
|
|
•
|
User Name (optional) – Enter your ISP user name in this field.
|
|
•
|
Password (optional) – Enter your ISP password in this field.
|
|
•
|
Confirm Password (optional) – Reenter your ISP password in this field.
|
|
2
|
|
•
|
For primary or backup internet connectivity, select Yes – I will use dialup account as primary or backup internet connection. This is the default.
|
|
•
|
If the modem is not used at this time, select No – I will not use the modem at this time.
|
|
2
|
Click Next.
|
|
•
|
|
•
|
Yes – The 3G/4G Modem > WAN Failover Dialup Connection page displays.
|
|
•
|
Profile Name – A friendly name for the profile; the default is My Connection Profile.
|
|
•
|
Phone Number – The phone number used for dialup.
|
|
•
|
User Name – Your ISP user name.
|
|
•
|
Password – Your ISP password.
|
|
•
|
Confirm Password – Reenter your ISP password.
|
|
•
|
APN – Your ISP Access Point Name.
|
|
5
|
|
TIP: If you click on the protocol name, a window displays that describes the protocol and why you would use it. For example, if you click on DHCP, a description of DHCP displays:
|
|
•
|
Router-based Connections – Use a Static IP address or a range of IP addresses. – An IP address is a number that will identify each device on your network. An IP address consists of four numbers, separated by periods, ranging from 0 to 254 in value. Examples of IP addresses are 192.168.168.1, 10.0.0.1, or 216.217.36.130. This is the default for TZ Series wired and wireless appliances.
|
|
•
|
Cable/Modem-based Connections – Use DHCP assigned dynamic IP addresses. DHCP stands for Dynamic Host Configuration Protocol. It is used to distribute TCP/IP settings automatically. This is the default for SOHO W wireless appliances.
|
|
•
|
DSL Connections — Use PPPoE for ISP client authentication software. – Point-to-Point Protocol over Ethernet (PPPoE) is a widely-deployed solution to manage DSL and cable broadband services. PPPoE requires user name and password authentication to connect to the Internet.
|
|
•
|
VPN Connections – Use PPTP for encrypted connections. – Point-to-Point Tunneling Protocol (PPTP) is used to tunnel Point to Point Protocol (PPP) through an IP network. PPTP requires Server IP address, user name and password authentication to connect to the Internet.
|
|
2
|
Click Next. What displays next depends on your WAN network mode selection.
|
|
•
|
Dell SonicWALL WAN IP Address – An IP address is a number that identifies each device on your network. An IP address consists of four numbers, separated by periods, ranging from 0 to 254 in value. Examples of IP addresses are 192.168.168.1, 10.0.0.1, or 216.217.36.130.
|
|
•
|
WAN Subnet Mask – The subnet mask defines which IP addresses are located on your local network and which IP addresses are located on the Internet. For example, if you assign your computer the IP address 192.168.168.200 and the subnet mask 255.255.255.0, then your computer will believe that all 192.168.168.X addresses are on the local network, and all other addresses are located on the Internet.
|
|
•
|
Gateway Router Address – The WAN gateway (router) address is the IP address of the router that bridges your network to the Internet. The WAN router may be attached directly to the Dell SonicWALL appliance's WAN port or indirectly through a cable or DSL modem.
|
The WAN Gateway (router) address must be in the same subnet as the Dell SonicWALL appliance WAN IP address. The WAN gateway (router) address often ends with the numbers .1 or .254. So, if your WAN IP address is 216.0.36.128, then your gateway might be 216.0.36.1 or 216.0.36.254. If you do not know your gateway address, contact your ISP.
|
•
|
DNS Server Address – The DNS server address is the IP address of the DNS server.
|
|
•
|
DNS Server Address #2 (optional) – If there is a second DNS server address, enter it in this field.
|
|
2
|
To allow HTTPS, select Allow HTTPS on this WAN Interface. This is selected by default.
|
|
3
|
To allow ping, select Allow Ping on this WAN Interface. This is selected by default.
|
|
4
|
Click NEXT. The page that displays next depends on the type of appliance:
|
|
•
|
|
•
|
|
1
|
To allow HTTPS, select Allow HTTPS on this WAN Interface. This is selected by default.
|
|
2
|
To allow ping, select Allow Ping on this WAN Interface. This is selected by default.
|
|
3
|
Click NEXT. The page that displays next depends on the type of appliance:
|
|
•
|
|
•
|
|
•
|
|
•
|
Manually – Select Use the following IP Address. The field becomes active.
|
|
a
|
Enter the PPPoE IP address in the Use the following IP Address field.
|
|
2
|
Enter your PPPoE user name in the PPPoE User Name field.
|
|
3
|
Enter your PPPoE password in the PPPoE Password field.
|
|
4
|
Optionally, to disconnect after a period of inactivity, select Inactivity Disconnect (minutes). By default, this is not selected. When this option is selected, the field becomes active.
|
|
•
|
Enter the maximum inactivity time, in minutes, before disconnect in the Inactivity Disconnect (minutes) field; the default is 10.
|
|
5
|
To allow HTTPS, select Allow HTTPS on this WAN Interface. This is selected by default.
|
|
6
|
To allow ping, select Allow Ping on this WAN Interface. This is selected by default.
|
|
7
|
|
8
|
Click NEXT. The page that displays next depends on the type of appliance:
|
|
•
|
|
•
|
|
1
|
Enter the iP address of your PPTP server in the PPTP Server IP Address field.
|
An IP address is a number that identifies each device on your network. An IP address consists of four numbers, separated by periods, ranging from 0 to 254 in value. Examples of IP addresses are 192.168.168.1, 10.0.0.1, or 216.217.36.130.
|
2
|
Enter your PPTP server user name in the PPTP User Name field.
|
|
3
|
Enter your PPTP server password in the PPTP Password field.
|
|
•
|
|
•
|
Manually – Select Use the following IP Address.
|
|
5
|
Enter the appliance’s WAN address in the Dell SonicWALL WAN IP Address field.
|
|
6
|
Enter the WAN subnet mask in the WAN Subnet Mask field.
|
|
7
|
Enter the Gateway (router) address in the Gateway (Router) Address field.
|
|
8
|
To allow HTTPS, select Allow HTTPS on this WAN Interface. This is selected by default.
|
|
9
|
To allow ping, select Allow Ping on this WAN Interface. This is selected by default.
|
|
10
|
Click NEXT. The page that displays next depends on the type of appliance:
|
|
•
|
TZ Series wired appliances or TZ Series wireless or SOHO W wireless appliances operating in No Wireless mode, the LAN Settings page displays. Go to LAN Settings .
|
|
•
|
TZ series wireless or SOHO W wireless appliances, the Regulatory Domain Registration page displays. Go to Regulatory Domain Registration
|
The Setup Wizard populates the LAN Settings fields automatically, based on the supplied settings.
|
•
|
Dell SonicWALL LAN IP Address – The IP address of the Dell SonicWALL LAN. Every IP address on your network must be unique. Therefore, do not assign your Dell SonicWALL an IP address that is used by another device on your network.
|
|
•
|
LAN Subnet Mask – The subnet mask defines which IP addresses are located on your local network and which IP addresses are located on the Internet. For example, if you assign your computer the IP address 192.168.168.200 and the subnet mask 255.255.255.0, then your computer believes that all 192.168.168.X addresses are on the local network, and all other addresses are located on the Internet.
|
The LAN subnet mask defines the size of your local network. The LAN subnet mask 255.255.255.0 works for most networks.
|
2
|
|
1
|
Select Enable DHCP Server on LAN checkbox. This is checked by default.
|
|
2
|
The Setup Wizard populates the LAN Address Range fields automatically. Verify the addresses are correct.
|
|
3
|
|
1
|
Select a country from the Country Code drop-down menu.
|
|
2
|
Click Next. An information message about maintaining up-to-date wireless drivers on your client computers displays.
|
|
3
|
|
1
|
Enter a SSID (Service Set ID) in the SSID field. The SSID serves as the primary identifier for your wireless network. You can specify up to 32 alphanumeric characters; the SSID is case sensitive. The appliance generates a default SSID; for example, sonicwall or sonicwall-F2DS.
|
|
2
|
Select your preferred radio mode from the Radio Mode drop-down menu. The wireless security appliance supports the modes shown in Table 165.
|
|
|
TIP: For optimal throughput speed solely for 802.11n clients, SonicWALL recommends the 802.11n Only radio mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication compatibility.
For optimal throughput speed solely for 802.11ac clients, SonicWALL recommends the 802.11ac Only radio mode. Use the 802.11ac/n/a Mixed radio mode for multiple wireless client authentication compatibility. |
|
Select this mode if only 802.11a clients access your wireless network. |
||
|
Select this mode if only 802.11ac clients access your wireless network. |
|
•
|
|
•
|
|
•
|
|
4
|
Only for 802.11a/g: Select the channel for the radio from the Channel drop-down menu:
|
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. Use Auto unless you have a specific reason to use or avoid specific channels.
|
|
•
|
Specific channel: Select a single channel (see Step 166) within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area.
|
|
None 1 |
|
|
Channel 1 (2412 MHz) 2 |
Channel 36 (5180 MHz) 3 |
|
6
|
From the Radio Band drop-down menu, select the radio band for the 802.11a or 802.11ac radio:
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity.
|
|
•
|
|
•
|
Standard - 20 MHz Channel - Specifies that the 802.11ac radio uses only the standard 20 MHz channel. This is the default setting.
|
|
a
|
When this option is selected, from the Channel drop-down menu, select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area. For the available channels, see Table 166. The default channel is Channel 36 (5180MHz).
|
|
•
|
Wide - 40 MHz Channel - Specifies that the 802.11ac radio uses only the wide 40 MHz channel. When this option is selected, the Channel drop-down menu is displayed. See Step a above for selecting a channel.
|
|
•
|
Wide - 80 MHz Channel - Specifies that the 802.11n radio uses only the wide 80 MHz channel. When this option is selected, the Channel drop-down menu is displayed. See Step a above for selecting a channel.
|
|
8
|
For: 802.11n only or 802.11n mixed, the Radio Band, Primary Channel, and Secondary Channel settings are displayed:
|
From the Radio Band drop-down menu, select the band for the 802.11n or 802.11ac radio:
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. This is the default setting.
|
|
•
|
|
•
|
Standard - 20 MHz Channel - Specifies that the 802.11n radio will use only the standard 20 MHz channel. When this option is selected, the Channel drop-down menu is displayed instead of the Primary Channel and Secondary Channel drop-down menus.
|
|
•
|
Standard Channel - By default, this is set to Auto, which allows the appliance to set the optimal channel based on signal strength and integrity. Optionally, you can select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area. The available channels are the same as for 802.11g in Step 4.
|
|
•
|
Wide - 40 MHz Channel - Specifies that the 802.11n radio will use only the wide 40 MHz channel. When this option is selected, the Primary Channel and Secondary Channel drop-down menus are displayed:
|
|
•
|
Primary Channel - By default, this is set to Channel 36 (5180MHz). Optionally, you can specify a specific another channel or Auto. The available channels are the same as for 802.11a in Step 4
|
|
•
|
Secondary Channel - The configuration of this drop-down menu is set to Auto regardless of the primary channel setting.
|
|
9
|
Optionally, select the Enable Short Guard Interval checkbox to specify a short guard interval of 400ns as opposed to the standard guard interval of 800ns. This setting is not selected by default.
|
|
NOTE: This option is not available if 5GHz 802.11g/b Mixed, 5GHz 802.11a Only, or 2.4GHz 802.11g Only mode is selected.
|
|
10
|
|
NOTE: This option is not available if 5GHz 802.11g/b Mixed, 5GHz 802.11a Only, or 2.4GHz 802.11g Only mode is selected.
|
|
TIP: The Enable Short Guard Interval and Enable aggregation options can slightly improve throughput. They both function best in optimum network conditions where users have strong signals with little interference. In networks that experience less than optimum conditions (interference, weak signals, and so on), these options may introduce transmission errors that eliminate any efficiency gains in throughput.
|
|
11
|
|
•
|
WPA/WPA2 Mode – Wi-Fi Protected Access (WPA) mode is the security wireless protocol based on the 802.11i standard. It is the recommended protocol if your wireless clients support WPA/WPA protocol also.
|
|
•
|
Connectivity (default) – This mode allows unrestrained wireless access to the device.
|
|
2
|
|
1
|
One SAP SSID is created automatically (see WLAN Radio Settings ). To create another VAP, select the Yes, I want to create another virtual access point checkbox. More options display.
|
|
2
|
Enter a name for the VAP in the VAP SSID field.
|
|
•
|
WPA/WPA2 Mode – Wi-Fi Protected Access (WPA) mode is the security wireless protocol based on the 802.11i standard. It is the recommended protocol if your wireless clients support WPA/WPA protocol also.
|
|
•
|
Connectivity (default) – This mode allows unrestrained wireless access to the device.
|
|
5
|
|
•
|
Use Current – This setting keeps your current settings. This option is selected by default.
|
|
a
|
To see the current port settings, mouse over the Information
 icon. A popup tooltip displays the current port assignments: |
|
•
|
Default WAN/LAN Switch – This option displays the port configuration at the bottom of the page:
|
|
•
|
WAN/OPT/LAN Switch – This option displays the port configuration at the bottom of the page:
|
|
•
|
WAN/LAN/HA – This option displays the port configuration at the bottom of the page:
|
|
•
|
WAN/LAN/LAN2 Switch – This option displays the port configuration at the bottom of the page:
|
|
2
|
|
NOTE: What is displayed on the Dell SonicWALL Configuration Summary depends on the settings you entered. If you have configured a TZ Series wireless or SOHO W wireless appliance, but selected No Wireless on the Deployment Scenario page, No Wireless is displayed:
|
|
4
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Setup Complete dialog displays.
|
5
|
If you have not registered your appliance, you can do so now by clicking one of the two links in the sentence, Next, you should click here or visit Dell SonicWALL’s Web Site to register your unit. The Setup Wizard closes, and you are redirected to the appropriate location.
|
|
6
|
Click Close.
|
You use the PortShield Interface Guide to select the initial ports assignment in integrated managed LAN switch of the Dell SonicWALL appliance.
|
1
|
Click Wizards in the upper right corner of the SonicWALL management interface. The Wizard Welcome page displays.
|
|
•
|
Clicking the PortShield Interface Guide radio button.
|
|
•
|
Selecting it from the Select a guide drop-down menu.
|
|
3
|
|
•
|
Use Current – This setting keeps your current settings. This option is selected by default.
|
|
a
|
To see the current port settings, mouse over the Information
 icon. A popup tooltip displays the current port assignments: |
|
•
|
Default WAN/LAN Switch – This option displays the port configuration at the bottom of the dialog:
|
|
•
|
WAN/OPT/LAN Switch – This option displays the port configuration at the bottom of the dialog:
|
|
•
|
WAN/LAN/HA – This option displays the port configuration at the bottom of the dialog:
|
|
•
|
WAN/LAN/LAN2 Switch – This option displays the port configuration at the bottom of the dialog:
|
|
2
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
3
|
Click Close.
|
The Public Server Guide allows you to quickly configure your Dell SonicWALL appliance to provide public access to an internal server.
|
1
|
Click Wizards in the upper right corner of the SonicWALL management interface. The Wizard Welcome page displays.
|
|
2
|
Select the Public Server Guide by either:
|
|
•
|
Clicking the Public Server Guide radio button.
|
|
•
|
Selecting it from the Select a guide drop-down menu.
|
|
3
|
|
4
|
Select the server type from the Server Type drop-down menu:
|
|
•
|
Web Server (default)
|
|
•
|
|
5
|
Select the services to use. The choices depend on the server type. You can select more than one service except for FTP Server and Other. By default, all services are selected, except for Other.
|
|
Select a service from the Services drop-down menu. |
|
6
|
|
7
|
Enter a friendly name in the Server Name field.
|
|
8
|
Enter the server’s IP address in the Server Private IP Address field.
|
|
9
|
Optionally, enter a comment to further identify the public server in the Server Comment field.
|
|
10
|
|
11
|
Specify the server's public (external) IP address in the Server Public IP Address field. The default value is that of your Dell SonicWALL appliance's WAN interface.
|
|
Specifying a different address results in a public server Network Object bound to the WAN Zone. If you are uncertain of this address, you are encouraged to leave it at the default. |
|
12
|
|
14
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
15
|
Click Close.
|
The VPN Guide steps you through creating a new site-to-site VPN Policy or configuring the WAN GroupVPN to accept connections from the Global VPN Client.
|
1
|
Click Wizards in the upper right corner of the SonicWALL management interface. The Wizard Welcome page displays.
|
|
2
|
Select the VPN Guide by either:
|
|
•
|
Clicking the VPN Guide radio button.
|
|
•
|
Selecting it from the Select a guide drop-down menu.
|
|
3
|
|
•
|
Site-to-Site – Configure a site-to-site VPN connection to another Dell SonicWALL device. This is the default selection.
|
|
•
|
WAN GroupVPN – Configure a WAN GroupVPN to accept incoming VPN connections from Global VPN Client.
|
|
5
|
Click Next. The dialog that displays depends on your choice of VPN policy type:
|
|
•
|
|
•
|
|
1
|
In the Policy Name field, enter a unique, friendly name to assign to this site-to-site VPN Policy.
|
|
2
|
In the Preshared Key field, enter the preshared key to use for the tunnel. The VPN Guide generates a default key.
|
|
3
|
Optionally, if you know the remote peer IP address or fully-qualified domain name (FQDN), select the I know my Remote Peer IP Address (or FQDN) checkbox.
|
|
a
|
Enter the address or FQDN in the Remote Peer IP Address (or FQDN) field.
|
|
4
|
|
TIP: If you have not already created the network objects for each side of the VPN tunnel, you can select the Create new Address Object…/Create new Address Group… options in the Local Networks and Destination Networks drop-down menus to create new objects.
|
|
5
|
From the Local Networks drop-down menu, select the local networks to be accessible through this site-to-site VPN tunnel. The default is Firewalled Subnets.
|
|
6
|
From the Destination Networks drop-down menu, select the destination networks.
|
|
7
|
|
•
|
DH Group: The Diffie-Hellman (DH) group is the group of numbers used to create the key pair. Each subsequent group uses larger numbers to start with. The VPN Uses the DH group during IKE negotiation to create the key pair. You can choose:
|
|
|||
|
|||
|
|||
|
|||
|
•
|
Encryption: This is the method for encrypting data through the VPN Tunnel. The methods are listed in order of security. DES is the least secure and the and takes the least amount of time to encrypt and decrypt. AES-256 is the most secure and takes the longest time to encrypt and decrypt.The VPN uses this for all data through the tunnel.
|
You can choose: DES, 3DES (default), AES-128, AES-256, or AES-192.
|
•
|
Authentication: This is the hashing method used to authenticate the key, once it is exchanged during IKE negotiation. You can choose MD5 or SHA-1 (default), SHA-256, SHA-384, or SHA-512.
|
|
•
|
Life Time (seconds): This is the length of time the VPN tunnel stays open before needing to re-authenticate. The default is eight hours (28800).
|
|
9
|
|
10
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
11
|
Click Close.
|
|
•
|
Use default key (selected by default)
|
|
a
|
Enter a preshared key in the Use this preshared key field. A default value is given.
|
|
2
|
|
•
|
DH Group: The Diffie-Hellman (DH) group is the group of numbers used to create the key pair. Each subsequent group uses larger numbers to start with. The VPN Uses the DH group during IKE negotiation to create the key pair. You can choose:
|
|
|||
|
|||
|
|||
|
|||
|
•
|
Encryption: This is the method for encrypting data through the VPN Tunnel. The methods are listed in order of security. DES is the least secure and the and takes the least amount of time to encrypt and decrypt. AES-256 is the most secure and takes the longest time to encrypt and decrypt.The VPN uses this for all data through the tunnel.
|
You can choose: DES, 3DES (default), AES-128, AES-256, or AES-192.
|
•
|
Authentication: This is the hashing method used to authenticate the key, once it is exchanged during IKE negotiation. You can choose MD5 or SHA-1 (default), SHA-256, SHA-384, or SHA-512.
|
|
•
|
Life Time (seconds): This is the length of time the VPN tunnel stays open before needing to re-authenticate. The default is eight hours (28800).
|
|
4
|
Click Next. The User Authentication dialog displays.
|
|
a
|
Select the Enable User Authentication checkbox. This is selected by default.
|
The user must enter a valid username and password before connecting to the Dell SonicWALL appliance. Users are authenticated against the internal user database User Group object members specified in the Authenticate User Group Object drop-down menu.
|
b
|
Select the user group to authenticate from the Authenticate User Group Object drop-down menu. The default is Trusted Users.
|
|
a
|
Unselect the Enable User Authentication checkbox, which is selected by default.
|
|
b
|
Select the address group or address object allowed access from the Allow Unauthenticated VPN Client Access drop-down menu. The default is Firewalled Subnets.
|
|
6
|
|
7
|
Configure the virtual IP adapter by clicking the Use Virtual IP Adapter checkbox. This setting is not selected by default.
|
|
8
|
|
10
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
11
|
Click Close.
|
The Wireless Guide steps you through configuring the network settings and security features of the WLAN radio interface.
|
1
|
Click Wizards in the upper right corner of the SonicWALL management interface. The Wizard Welcome page displays.
|
|
2
|
Select the Wireless Guide by either:
|
|
•
|
Clicking the Wireless Guide radio button.
|
|
•
|
Selecting it from the Select a guide drop-down menu.
|
|
3
|
|
1
|
Select a country from the Country Code drop-down menu.
|
|
2
|
Click Next. An information message about maintaining up-to-date wireless drivers on your client computers displays.
|
|
3
|
|
•
|
Static (default)
|
|
•
|
|
a
|
|
b
|
|
•
|
Layer 2 Bridged Mode, a message displays the zone of the interface bridge and the options change:
|
|
a
|
Click OK on the message.
|
|
b
|
Select a bridged-to interface from the Bridged to drop-down menu.
|
|
3
|
Click Next. A message regarding keeping the wireless drivers on client computers up to date displays.
|
|
4
|
|
1
|
Enter a SSID (Service Set ID) in the SSID field. The SSID serves as the primary identifier for your wireless network. You can specify up to 32 alphanumeric characters; the SSID is case sensitive. The appliance generates a default SSID; for example, sonicwall or sonicwall-F2DS.
|
|
2
|
Select your preferred radio mode from the Radio Mode drop-down menu. The wireless security appliance supports the modes shown in Table 165 in WLAN Radio Settings .
|
|
|
TIP: For optimal throughput speed solely for 802.11n clients, SonicWALL recommends the 802.11n Only radio mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication compatibility.
For optimal throughput speed solely for 802.11ac clients, SonicWALL recommends the 802.11ac Only radio mode. Use the 802.11ac/n/a Mixed radio mode for multiple wireless client authentication compatibility. |
|
•
|
|
•
|
|
•
|
|
4
|
Only for 802.11a/g: Select the channel for the radio from the Channel drop-down menu:
|
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. Use Auto unless you have a specific reason to use or avoid specific channels.
|
|
•
|
Specific channel: Select a single channel (see Table 166 in WLAN Radio Settings ) within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area.
|
|
6
|
From the Radio Band drop-down menu, select the radio band for the 802.11a or 802.11ac radio:
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity.
|
|
•
|
|
•
|
Standard - 20 MHz Channel - Specifies that the 802.11ac radio uses only the standard 20 MHz channel. This is the default setting.
|
|
a
|
When this option is selected, from the Channel drop-down menu, select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area. For the available channels, see Table 166 in WLAN Radio Settings . The default channel is Channel 36 (5180MHz).
|
|
•
|
Wide - 40 MHz Channel - Specifies that the 802.11ac radio uses only the wide 40 MHz channel. When this option is selected, the Channel drop-down menu is displayed. See Step a above for selecting a channel.
|
|
•
|
Wide - 80 MHz Channel - Specifies that the 802.11n radio uses only the wide 80 MHz channel. When this option is selected, the Channel drop-down menu is displayed. See Step a above for selecting a channel.
|
|
8
|
For 802.11n only or 802.11n mixed, the Radio Band, Primary Channel, and Secondary Channel settings are displayed:
|
From the Radio Band drop-down menu, select the band for the 802.11n or 802.11ac radio:
|
•
|
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. This is the default setting.
|
|
•
|
|
•
|
Standard - 20 MHz Channel - Specifies that the 802.11n radio will use only the standard 20 MHz channel. When this option is selected, the Channel drop-down menu is displayed instead of the Primary Channel and Secondary Channel drop-down menus.
|
|
•
|
Standard Channel - By default, this is set to Auto, which allows the appliance to set the optimal channel based on signal strength and integrity. Optionally, you can select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area. The available channels are the same as for 802.11g in Step 4.
|
|
•
|
Wide - 40 MHz Channel - Specifies that the 802.11n radio will use only the wide 40 MHz channel. When this option is selected, the Primary Channel and Secondary Channel drop-down menus are displayed:
|
|
•
|
Primary Channel - By default, this is set to Channel 36 (5180MHz). Optionally, you can specify a specific another channel or Auto. The available channels are the same as for 802.11a in Step 4
|
|
•
|
Secondary Channel - The configuration of this drop-down menu is set to Auto regardless of the primary channel setting.
|
|
9
|
Optionally, select the Enable Short Guard Interval checkbox to specify a short guard interval of 400ns as opposed to the standard guard interval of 800ns. This setting is selected by default. For information about the guard interval, see WLAN Radio Settings .
|
|
NOTE: This option is not available if 5GHz 802.11g/b Mixed, 5GHz 802.11a Only, or 2.4GHz 802.11g Only mode is selected.
|
|
10
|
Optionally, to enable 802.11n frame aggregation, which combines multiple frames to reduce overhead and increase throughput, select the Enable Aggregation checkbox. This setting is selected by default. For information about aggregation, see WLAN Radio Settings .
|
|
NOTE: This option is not available if 5GHz 802.11g/b Mixed, 5GHz 802.11a Only, or 2.4GHz 802.11g Only mode is selected.
|
|
TIP: The Enable Short Guard Interval and Enable aggregation options can slightly improve throughput. They both function best in optimum network conditions where users have strong signals with little interference. In networks that experience less than optimum conditions (interference, weak signals, and so on), these options may introduce transmission errors that eliminate any efficiency gains in throughput.
|
|
11
|
|
•
|
WPA/WPA2 Mode – Wi-Fi Protected Access (WPA) mode is the security wireless protocol based on the 802.11i standard. It is the recommended protocol if your wireless clients support WPA/WPA protocol also.
|
|
•
|
Connectivity (default) – This mode allows unrestrained wireless access to the device.
|
|
2
|
Click Next. What page displays depends on the security mode you selected.
|
|
•
|
|
•
|
Connectivity, the WLAN VAP (Virtual Access Point) Settings page displays. Go to WLAN VAP (Virtual Access Point) Settings .
|
|
1
|
From the Authentication Type drop-down menu, select the encryption mode. The options that display depend on the mode you select.
|
|
2
|
From the Cipher Type drop-down menu, select:
|
|
•
|
AES (default)
|
|
•
|
|
•
|
|
3
|
From the Group Key Update drop-down menu select either:
|
|
•
|
By Timeout (default)
|
|
•
|
Disabled; the Interval field does not display.
|
|
4
|
|
6
|
In the Passphrase field, enter the passphrase from which the key is generated.
|
|
7
|
|
9
|
|
10
|
In the Radius Server 1 IP and Port fields, enter the IP address and port number for your primary RADIUS server.
|
|
11
|
In the Radius Server 1 Secret field, enter the password for access to Radius Server
|
|
12
|
Optionally, in the Radius Server 2 IP and Port fields, enter the IP address and port number for your secondary RADIUS server, if you have one.
|
|
13
|
Optionally, in the Radius Server 2 Secret field, enter the password for access to Radius Server
|
|
14
|
Click Next. If you selected an EAP mode, a message about updating the firewall access rule is displayed.
|
|
15
|
|
1
|
|
2
|
|
1
|
One SAP SSID is created automatically; more may have been added during setup. You can create up to six VAPs.To create another VAP, select the Yes, I want to create another virtual access point checkbox. More options display.
|
|
2
|
Enter a name for the VAP in the VAP SSID field.
|
|
•
|
WPA/WPA2 Mode – Wi-Fi Protected Access (WPA) mode is the security wireless protocol based on the 802.11i standard. It is the recommended protocol if your wireless clients support WPA/WPA protocol also.
|
|
•
|
Connectivity (default) – This mode allows unrestrained wireless access to the device.
|
|
5
|
|
1
|
Enter a unique VLAN tag in the WLAN VLAN TAG field. The tag should be one number from 1 to 4094.
|
|
2
|
Enter a unique IP address in the WLAN IP address field.
|
|
3
|
Enter the WLAN subnet mask in the WLAN Subnet Mask field.
|
|
4
|
|
a
|
Click the Create a new zone drop-down menu.
|
|
b
|
Enter the name of the new zone in the Create a new zone field.
|
This new zone is used instead of any zone specified from the WLAN Zone drop-down menu.
|
6
|
|
7
|
|
•
|
|
a
|
To correct any setting, click Back until you reach the appropriate page.
|
|
c
|
|
2
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Wireless Wizard Complete dialog displays.
|
3
|
Click Finish.
|
The App Rule Guide steps you through configuring the security features for App Rule.
|
1
|
Click Wizards in the upper right corner of the SonicWALL management interface. The Wizard Welcome page displays.
|
|
2
|
Select the App Rule Guide by either:
|
|
•
|
Clicking the App Rule Guide radio button.
|
|
•
|
Selecting it from the Select a guide drop-down menu.
|
|
3
|
Click Next. The App Rule Wizard Introduction dialog displays, which describes the purpose of the App Rule Guide.
|
|
4
|
|
•
|
|
6
|
Click Next. The dialog that displays depends on your choice of policy type:
|
|
•
|
|
2
|
Click Next. The dialog that displays depends on the SMTP rule you selected:
|
|
•
|
If you selected Specify maximum e-mail size allowed, the Rule Creation — SMTP > App Rule Object E-mail Size dialog displays; go to Rule Creation — SMPT > App Rule Object E-mail Size .
|
|
•
|
All other SMTP rules, the Rule Creation — App Rule Object Keyword and Policy Direction dialog displays; go to Rule Creation — SMPT > App Rule Object Keyword and Policy Direction .
|
|
1
|
Select the email direction from the Direction drop-down menu:
|
|
•
|
Incoming (default)
|
|
•
|
|
•
|
|
2
|
Enter the maximum size for emails, in bytes, in the Maximum E-mail Size (Bytes) field. The default is 0.
|
|
3
|
Click Next. The Rule Creation — App Rule Action Type dialog displays; go to Rule Creation — App Rule Action Type .
|
|
1
|
Select the email direction from the Direction drop-down menu:
|
|
•
|
Incoming (default)
|
|
•
|
|
•
|
|
2
|
Enter the content to match in the Content field. Each entry must be on a separate line, multiple entries on one line are considered a single entry.
|
|
3
|
To modify an entry in the List table:
|
a
|
|
b
|
Change the entry in the Content field.
|
|
c
|
Click the Update button.
|
To delete all entries in the List table, click the Remove All button.
To delete an entry in the List table:
|
b
|
Click the Remove button.
|
|
TIP: To import content from a predefined text file containing multiple entries (each entry on its own line) for an application object to match, click the Load From File button. The Upload Object Values dialog displays.
|
|
5
|
|
•
|
|
2
|
Click Next. The dialog that displays depends on the type of action selected:
|
|
•
|
For Blocking Action - block and send custom e-mail reply and Add E-mail Banner action types, the Rule Creation — App Rule Action Settings dialog displays; go to Rule Creation — App Rule Action Settings .
|
|
•
|
For all other action types, the Rule Creation — Select name for App Rule Policy dialog displays; go to Rule Creation — Select name for App Rule Policy
|
|
2
|
|
1
|
Enter a friendly name for the App Rule policy in the Policy Name field.
|
|
2
|
|
3
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
4
|
Click Close.
|
|
•
|
Look for specific attachment extensions (default)
|
|
2
|
|
1
|
Select the email direction from the Direction drop-down menu:
|
|
•
|
Incoming (default)
|
|
•
|
|
•
|
|
2
|
Enter the content to match for inclusion or exclusion in the Content field. Each entry must be on a separate line, multiple entries on one line are considered a single entry.
|
|
3
|
To modify an entry in the List table:
|
a
|
|
b
|
Change the entry in the Content field.
|
|
c
|
Click the Update button.
|
To delete all entries in the List table, click the Remove All button.
To delete an entry in the List table:
|
b
|
Click the Remove button.
|
|
TIP: To import content from a predefined text file containing multiple entries (each entry on its own line) for an application object to match, click the Load From File button. The Upload Object Values dialog displays.
|
|
5
|
|
•
|
|
2
|
Click Next. The dialog that displays depends on the type of action selected:
|
|
•
|
For Blocking Action - block and send custom e-mail reply and Add E-mail Banner action types, the Rule Creation — App Rule Action Settings dialog displays; go to Rule Creation — App Rule Action Settings (Page 2) .
|
|
•
|
For all other action types, the Rule Creation — Select name for App Rule Policy dialog displays; go to Rule Creation — Select name for App Rule Policy
|
|
2
|
|
1
|
Enter a friendly name for the App Rule policy in the Policy Name field.
|
|
2
|
|
3
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
4
|
Click Close.
|
|
2
|
Click Next. The dialog that displays depends of the rule selected:
|
|
•
|
For Look for usage of certain web browsers and Look for usage of any web browser, except the ones specified rules, the Rule Creation — App Rule Object Settings dialog displays; go to Rule Creation — App Rule Object Settings (Browser) .
|
|
•
|
For all other rules, the Rule Creation — App Rule Object Keywords and Policy Direction dialog displays; go to Rule Creation — App Rule Object Keywords and Policy Direction .
|
|
1
|
Select the email direction from the Direction drop-down menu:
|
|
•
|
Incoming (default)
|
|
•
|
|
•
|
|
2
|
Select a browser from the Content drop-down menu:
|
|
•
|
Netscape (default)
|
|
•
|
MSIE (Microsoft Internet Explorer)
|
|
•
|
|
•
|
Safari (does not operate on Windows platforms)
|
|
•
|
|
3
|
To modify an entry in the List table:
|
a
|
|
b
|
Change the entry in the Content field.
|
|
c
|
Click the Update button.
|
To delete all entries in the List table, click the Remove All button.
To delete an entry in the List table:
|
b
|
Click the Remove button.
|
|
5
|
Click Next. The Rule Creation — App Rule Action Settings dialog displays; go to Rule Creation — App Rule Action Settings > Attachments .
|
|
1
|
Select the email direction from the Direction drop-down menu:
|
|
•
|
Incoming (default)
|
|
•
|
|
•
|
|
2
|
Enter the content to match for inclusion or exclusion in the Content field. Each entry must be on a separate line, multiple entries on one line are considered a single entry.
|
|
3
|
To modify an entry in the List table:
|
a
|
|
b
|
Change the entry in the Content field.
|
|
c
|
Click the Update button.
|
To delete all entries in the List table, click the Remove All button.
To delete an entry in the List table:
|
b
|
Click the Remove button.
|
|
5
|
Click Next. The dialog that displays depends on your Access Rule selection on the Rule Creation — Select Web Access Rules for App Rule dialog:
|
|
•
|
For Look for attachment name uploaded to a web mail account and Look for attachment extension uploaded to a web mail account access rules, the Rule Creation — App Rule Action Settings > Attachments displays.
|
|
•
|
Blocking Action - reset connection (default)
|
|
•
|
|
2
|
|
•
|
Blocking Action - custom block page (default)
|
|
•
|
|
2
|
Click Next. The dialog that displays depends on the type of action selected:
|
|
•
|
For all other actions, the Rule Creation — Select name for App Rule Policy dialog displays; go to Rule Creation — Select name for App Rule Policy .
|
|
1
|
|
2
|
|
1
|
Enter a friendly name for the App Rule policy in the Policy Name field.
|
|
2
|
|
3
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
4
|
Click Close.
|
|
2
|
|
3
|
Select the email direction from the Direction drop-down menu:
|
|
•
|
Incoming (default)
|
|
•
|
|
•
|
|
NOTE: If you selected an FTP rule of Make all FTP access read-only (no uploads) or Disallow usage of SITE command, the Direction drop-down menu is the only option available. After making your selection, go to Step 7.
|
|
4
|
Enter the content to match for inclusion or exclusion in the Content field. Each entry must be on a separate line, multiple entries on one line are considered a single entry.
|
|
5
|
To modify an entry in the List table:
|
a
|
|
b
|
Change the entry in the Content field.
|
|
c
|
Click the Update button.
|
To delete all entries in the List table, click the Remove All button.
To delete an entry in the List table:
|
b
|
Click the Remove button.
|
|
TIP: To import content from a predefined text file containing multiple entries (each entry on its own line) for an application object to match, click the Load From File button. The Upload Object Values dialog displays.
|
|
7
|
|
•
|
Blocking Action - Add Block Message (default)
|
|
NOTE: If you selected an FTP rule of Make all FTP access read-only (no uploads) or Disallow usage of SITE command, the Direction drop-down menu is the only option available, and it cannot be unselected.
If you selected the FTP rule, Inspect transfer of files with specified file content, this option is Blocking Action - Reset Connection (default). |
|
•
|
|
9
|
|
1
|
Enter a friendly name for the App Rule policy in the Policy Name field.
|
|
2
|
|
3
|
Click Apply. A message displays indicating the configuration is being updated:
|
After the configuration has updated, the Complete dialog displays.
|
4
|
Click Close.
|
The WXA Setup Guide configures the coupled WXA series appliance for WAN Acceleration.
For information about WAN Acceleration, WXA series appliances, and how to configure the WXA series appliance to work with your TZ Series wired and wireless appliances or you SOHO W wireless appliance, see the Dell SonicWALL WXA Clustering 1.3 Administration Guide and the most current Dell SonicWALL WXA for SonicsOS 6.2 Administration Guide.
