Security_Services_ssSettingsView

SonicWALL Security Services

SonicWALL, Inc. offers a variety of subscription-based security services to provide layered security for your network. SonicWALL security services are designed to integrate seamlessly into your network to provide complete protection.

The following subscription-based security services are listed in Security Services on the SonicWALL security appliance’s management interface:

 
SonicWALL Content Filtering Service
 
SonicWALL Client Anti-Virus
 
SonicWALL Gateway Anti-Virus*
 
SonicWALL Intrusion Prevention Service*
 
SonicWALL Anti-Spyware*
 
Note
Included as part of the SonicWALL Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service unified threat management solution. Also included with SonicWALL Client Anti-Virus.
 
Tip
After you register your SonicWALL security appliance, you can try FREE TRIAL versions of SonicWALL Content Filtering Service, SonicWALL Client Anti-Virus, SonicWALL Gateway Anti-Virus, SonicWALL Intrusion Prevention Service, and SonicWALL Anti-Spyware.

You can activate and manage SonicWALL security services directly from the SonicWALL management interface or from https://www.mysonicwall.com .

 
Note
For more information on SonicWALL security services, please visit http://www.sonicwall.com .
 
Note
Complete product documentation for SonicWALL security services are available on the SonicWALL documentation Web site http://www.sonicwall.com/us/Support.html .

Security Services Summary

The Security Services > Summary page lists the available SonicWALL security services and upgrades for your SonicWALL security appliance and provides access to mysonicwall.com for activating services using Activation Keys.

A list of currently available services is displayed in the Security Services Summary table. Subscribed services are displayed with Licensed in the Status column. The service expiration date is displayed in the Expiration column. If the service is limited to a number of users, the number is displayed in the Count column. If the service is not licensed, Not Licensed is displayed in the Status column. If the service license has expired, Expired is displayed in the Status column.

When you access your mysonicwall.com account from this page in the SonicWALL management interface, the Security Services Summary table changes to the Manage Services Online table. This table provides an updated status of your security services and allows you to activate FREE TRIAL versions, and activate or renew security services licenses using Activation Keys.

If your SonicWALL security appliance is not registered, the Security Services > Summary page does not include the Services Summary table. Your SonicWALL security appliance must be registered to display the Services Summary table.

mysonicwall.com

To activate SonicWALL Security Services, you need to have a mysonicwall.com account and your SonicWALL security appliance must be registered. Creating a mysonicwall.com account is easy and free. You can create a mysonicwall.com account directly from the SonicWALL management interface. Simply complete an online registration form. Once your account is created, you can register SonicWALL security appliances and activate SonicWALL Security Services associated with the SonicWALL security appliance.

mysonicwall.com delivers a convenient, one-stop resource for registration, activation, and management of your SonicWALL products and services. Your mysonicwall.com account provides a single profile to do the following:

 
Register your SonicWALL security appliance
 
Try free trials of SonicWALL security services
 
Purchase/Activate SonicWALL security service licenses
 
Receive SonicWALL firmware and security service updates and alerts
 
Manage your SonicWALL security services
 
Access SonicWALL Technical Support

Your mysonicwall.com account is accessible from any Internet connection with a Web browser using the HTTPS (Hypertext Transfer Protocol Secure) protocol to protect your sensitive information. You can also access mysonicwall.com license and registration services directly from the SonicWALL management interface for increased ease of use and simplified services activation.

Managing Security Services Online

Clicking the Manage Licenses button displays the mysonicwall.com Login page for accessing your MySonicWALL.com account licensing information.

Enter your mysonicwall.com username and password in the User Name and Password fields, and then click Submit . The System > Licenses page is displayed with the Manage Services Online table.

The information in the Manage Services Online table is updated from your mysonicwall.com account.

If you are already connected to your mysonicwall.com account from the management interface, the Manage Services Online table is displayed.

Click Synchronize to update the licensing and subscription information on the SonicWALL security appliance from your mysonicwall.com account.

Configuring Security Services

The following sections describe global configurations that are performed on the Security Services > Summary page:

 
“Security Services Settings”
 
“Signature Downloads and Registration Through a Proxy Server”
 
“Security Services Information”
 
“Update Signature Manually”

Security Services Settings

The Security Services Settings section provides the following options for fine-tuning SonicWALL security services:

 
Security Services Settings - This pulldown menu specifies whether SonicWALL UTM security services are applied to maximize security or to maximize performance:
 
Maximum Security (Recommended) - Inspect all content with any threat probability (high/medium/low). For additional performance capacity in this maximum security setting, utilize SonicOS UTM Clustering.
 
Performance Optimized - Inspect all content with a high or medium threat probability. Consider this performance optimized security setting for bandwidth or CPU intensive gateway deployments or utilize SonicOS UTM Clustering.

The Maximum Security setting provides maximum protection. The Performance Optimized setting utilizes knowledge of the currently known threats to provide high protection against active threats in the threat landscape.

 
Reduce Anti-Virus traffic for ISDN connections - Select this feature to enable the SonicWALL Anti-Virus to check only once a day (every 24 hours) for updates and reduce the frequency of outbound traffic for users who do not have an “always on” Internet connection.
 
Drop all packets while IPS, GAV and Anti-Spyware database is reloading - Select this option to instruct the SonicWALL security appliance to drop all packets whenever the IPS, GAV, and Anti-Sypware database is updating.
 
HTTP Clientless Notification Timeout for Gateway AntiVirus and AntiSpyware - Set the timeout duration after which the SonicWALL security appliance notifies users when GAV or Anti-Spyware detects an incoming threat from an HTTP server. The default timeout is one day (86400 seconds).

Signature Downloads and Registration Through a Proxy Server

This section provides the ability for SonicWALL UTM appliances that operate in networks where they must access the Internet through a proxy server to download signatures. This feature also allows for registration of SonicWALL UTM appliances through a proxy server without compromising privacy. To enable signature download or appliance registration through a proxy server, perform the following steps:

1.
Select the Download Signatures through a Proxy Server checkbox.
2.
In the Proxy Server Name or IP Address field, enter the hostname or IP address of the proxy server.
3.
In the Proxy Server Port field, enter the port number used to connect to the proxy server.
4.
Select the This Proxy Server requires Authentication checkbox if the proxy server requires a username and password .
5.
If the appliance has not been registered with mySonicWALL.com, two additional fields are displayed:
 
MySonicWALL Username - Enter the username for the MySonicWALL.com account that the appliance is to be registered to.
 
MySonicWALL Password - Enter the MySonicWALL.com account password.
6.
Click Accept at the top of the page.

Security Services Information

This section includes a brief overview of services available for your SonicWALL security appliance.

Update Signature Manually

The Manual Signature Update feature is intended for networks where reliable, broadband Internet connectivity is either not possible or not desirable (for security reasons). The Manual Signature Update feature provides a method to update the latest signatures at the network administrator’s discretion. The network administrator first downloads the signatures from http://www.mysonicwall.com to a separate computer, a USB drive, or other media. Then the network administrator uploads the signatures to the SonicWALL security appliance. The same signature update file can be used to all SonicWALL security appliances that meet the following requirements:

 
Devices that are registered to the same mysonicwall.com account
 
Devices that belong to the same class of SonicWALL security appliances.

To manually update signature files, complete the following steps:

Step 1
On the Security Services > Summary page, scroll to the Update Signatures Manually heading at the bottom of the page. Note the Signature File ID for the device.
Step 2
Log on to http://www.mysonicwall.com using the mysonicwall.com account that was used to register the SonicWALL security appliance.
 
Note
The signature file can only be used on SonicWALL security appliances that are registered to the mysonicwall.com account that downloaded the signature file.
Step 3
Click on Download Signatures under the Downloads heading.
Step 4
In the pull down window next to Signature ID: , select the appropriate SFID for your SonicWALL security appliance.
Step 5
Download the signature update file by clicking on Click here to download the Signature file .
 
Note
The remaining steps can be performed while disconnected from the Internet.
Step 6
Return to the Security Services > Summary page on the SonicWALL security appliance GUI.
Step 7
Click on the Import Signatures box.
Step 8
In pop-up window that appears, click the browse button, and navigate to the location of the signature update file.
Step 9
Click Import . The signatures are uploaded for the security services that are enabled on the SonicWALL security appliance.

UTM Clustering

UTM Clustering consists of two SonicWALL NSA series appliances setup in series to pass traffic through both units. The first appliance is configured in NAT mode, and takes care of GAV and inbound Anti-Spyware. The second appliance is configured as an L2 Bridge, and runs IPS and outbound Anti-Spyware. This allows for improved performance by splitting up security services amongst the two UTM appliances. The appliances are configured as follows:

 
SonicWALL Appliance 1:
 
IPS: Global enabled
 
GAV: Global Disabled
 
Anti-Spyware: Global enabled, Outbound Anti-Spyware enabled, All of HTTP/POP3/ SMTP/FTP/IMAP is Disabled
 
SonicWALL Appliance 2:
 
IPS: Global Disabled
 
GAV: Global enabled (all protocols can be enabled or just the default ones)
 
Anti-Spyware: Global enabled, Outbound Anti-Spyware is Disabled, Some or all of HTTP/POP3/SMTP/FTP/IMAP is Enabled

Activating Security Services

To activate a SonicWALL Security Service, refer to the specific Security Service chapter.