icon in the Flush or Logout column.Introduction
NSA E-Class, NSA Series, and TZ Series
SonicOS provides deep packet inspection, application intelligence and control with real-time visualization, intrusion prevention, high-speed virtual private networking (VPN) technology and other robust security features. SonicOS 5.8 provides a wide variety of feature enhancements over previous versions of the SonicOS operating system.
Topics:
• SonicWALL Management Interface
SonicOS 5.8 includes the following key features:
• Visualization Enhancements — A number of enhancements have been added to the Dashboard pages in the SonicOS management interface:
– Dashboard > AppFlow Dash — A new Dashboard > AppFlow Dash page provides graphs for Top Applications, Top Users, Top Viruses, Top Intrusions, Top Spyware, Top URL Ratings, Top Locations, and Top IP Addresses that are tracked with AppFlow.
– App Control Policy Configuration via App Flow Monitor — The Dashboard > AppFlow Monitor page provides a Create Rule button that allows the administrator to quickly configure App Rule policies for application blocking, bandwidth management, or packet monitoring.
– Dashboard > AppFlow Reports — A new Dashboard > AppFlow Reports page provides aggregate AppFlow reports on last firewall restart, last reset of counter, and scheduled reports.
– AppFlow > Flow Reporting — A new AppFlow > Flow Reporting page provides the information (with enhancements) previously displayed in the Log > Flow Reporting page. The Log > Flow Reporting page is removed.
– AppFlow pages — The following AppFlow pages display the corresponding Dashboard pages of the same names: Real-Time Monitor, AppFlow Dash, AppFlow Monitor, AppFlow Reports.
– User Monitor Tool — The User Monitor tool provides a quick and easy method to monitor the number of active users on the SonicWALL security appliance. To view the User Monitor tool, navigate to the Dashboard > User Monitor page. The tool provides several options for setting the scale of time over which user activity is displayed. The tool can display all users, only users who logged in through the web portal, or only users who logged in remotely through GVC or L2TP.
• Geo-IP & Botnet Filtering — This feature allows the administrator to block connections to or from a geographic location based on IP address(es), and to or from a Botnet command and control server. Two new pages: Security Services > Geo-IP and Security Services > Botnet Filter have been added to the management interface.
You can look up an IP address to find out the domain, DNS server, and check whether it is part of a Botnet. The Security Services > Geo-IP and Security Services > Botnet Filter pages provide this functionality at the bottom of the page. The System > Diagnostics and Dashboard > App Flow Monitor pages also provide this capability.
The Security Services > Geo-IP Filter and the Security Services > Botnet Filter pages each have a new Diagnostics section containing a Show Resolved Locations button and a table displaying cache statistics.
• Global BWM Ease of Use Enhancements — Several enhancements are provided in this release to improve ease of use for Bandwidth Management (BWM) configuration, and also to increase throughput performance of managed packets. BWM now supports:
– Simple bandwidth management on all interfaces.
– Bandwidth management on both ingress and egress.
– Specifying bandwidth management priority per firewall rules and app rules.
– Default bandwidth management queue for all traffic.
– Applying BWM via AppFlow monitor page.
Global bandwidth management provides 8 priority queues. The Guaranteed rate and Maximum\Burst rate are user configurable.
An Interface BWM Settings tooltip on the Firewall Settings > BWM page displays all network interfaces and shows whether bandwidth management is enabled for them.
The Dashboard > BWM Monitor page has the following usability improvements:
– A chart for each possible BWM setting for the selected interface. It displays [Disabled] if BWM is not enabled.
– A text line near the top of the page showing the available bandwidth for the interface selected in the drop-down list at the top left.
– In each chart, an information box now shows the values for Current bandwidth, Dropped bandwidth, Guaranteed bandwidth, and Max bandwidth for the interface selected at the top of the page.
• WAN Acceleration — SonicOS 5.8 supports SonicWALL WXA 1.2.2 and 1.3, which contains several enhancements over WXA 1.1.1:
– Unsigned SMB Acceleration — In previous versions of WXA, SMB signing was the only supported method for shared access to files, which required joining the WXA series appliance to the domain and manually configuring shares. However, some networks do not need to use SMB signing. For these types of network environments, WXA 1.2 introduces support for Unsigned SMB, which allows the WXA series appliance to accelerate traffic without joining the domain. This greatly simplifies the configuration procedure for WFS Acceleration. Just click the Unsigned SMB checkbox, apply the changes, and shared files start accelerating between sites.
If your network uses unsigned and signed SMB traffic, the Unsigned SMB and Support SMB Signing checkboxes can be enabled to use both features simultaneously.
– Web Cache — The Web Cache feature stores copies of frequently and recently requested Web content as it passes through the network. When a user requests this Web content, it is retrieved from the local web cache instead of the Internet, which can result in significant reductions in downloaded data and bandwidth usage.
– YouTube Web Caching — The Web Cache feature also provides caching for YouTube content. This feature is only available when using Moderate (default) and Aggressive web caching strategies.
• Wire/Tap Mode — Wire Mode is a deployment option where the SonicWALL appliance can be deployed as a "Bump in the Wire." It provides a least-intrusive way to deploy the appliance in a network. Wire Mode is very well suited for deploying behind a pre-existing Stateful Packet Inspection (SPI) Firewall. Wire Mode operates in any one these 4 different modes: Bypass Mode, Inspect Mode, Secure Mode, Tap Mode.
• YouTube for School Content Filtering Support — YouTube for Schools is a service that allows for customized YouTube access for students, teachers, and administrators. YouTube Education (YouTube EDU) provides schools access to hundreds of thousands of free educational videos. These videos come from a number of respected organizations. You can customize the content available in your school. All schools get access to all of the YouTube EDU content, but teachers and administrators can also create playlists of videos that are viewable only within their school's network.
• Content Filtering — Numerous updates have been added to the content filtering pages and dialogs. You can customize the content filtering features from the Filter Properties dialog, which is accessed from the Security Services > Content Filter page.
• IKEv2 — The IKEv2 section in Configuring VPN Policies has been updated. IKEv2 is the default proposal type for new VPN policies. Secondary gateways are supported with IKEv2. IKEv2 is not compatible with IKE v1. If using IKEv2, all nodes in the VPN must use IKEv2 to establish the tunnels. DHCP over VPN is not supported in IKEv2.
• ADTRAN Consolidation — Beginning in 5.8.1.11, ADTRAN NetVanta units run the same SonicOS firmware as SonicWALL units. Upon upgrading a NetVanta unit to SonicOS 5.8.1.11, the management interface will change from the previous NetVanta look and feel (color scheme, icons, logos) to the standard SonicWALL SonicOS look and feel. The Content Filter block page will look the same as that used by SonicWALL models.
NetVanta units now support additional features compared to previous releases, including:
– SonicPoint
– Comprehensive Anti-Spam Service
– WAN Acceleration
– Enforced Client AV with Kaspersky Anti-Virus
– Solera
– Firmware Auto Update
The following features are enhanced from previous NetVanta releases to provide the full capabilities of equivalent SonicWALL models:
– DHCP Leases
– Maximum Schedule Object Group Depth
– Maximum SonicPoints per Interface
– SSLVPN Licenses
– Virtual Assist Licenses
Previously, ADTRAN NetVanta units used netvantasecurityportal.com based URLs for backend communication, such as to the License Manager. Starting with SonicOS 5.8.1.11, they will use the same URLs as are used by SonicWALL models.
With SonicOS 5.8.1.11, the following are the now only differences between SonicOS running on an Adtran NetVanta model and that running on the equivalent SonicWALL model:
Product Name — When running on an Adtran NetVanta unit, SonicOS will use the SonicWALL model name followed by "OEM", as in the following examples:
• NetVanta 2830 now appears as NSA 2400 OEM
• NetVanta 2730 now appears as NSA 240 OEM
• NetVanta 2730 EX now appears as NSA 240 OEM EX
• NetVanta 2630 now appears as TZ 210 OEM
• NetVanta 2630W now appears as TZ 210 wireless-N OEM
Default SSID — When running on an ADTRAN NetVanta unit, SonicOS will continue to use the default wireless SSID of “adtran”. SonicWALL models use a default wireless SSID of “sonicwall”.
HTTPS management self-signed certificate — When running on an ADTRAN NetVanta unit, SonicOS will continue to use an ADTRAN specific HTTPS management self-signed certificate.
• Current Users and Detail of Users Options for TSR — In SonicOS 5.8, on the System > Diagnostics page, in the Tech Support Report section, three new checkboxes are provided: Current users, Detail of users, and Geo-IP/Botnet Cache.
• These options allow the currently connected users to be omitted from the TSR, included as a simple summary list, or included with full details.
• Customizable Login Page — SonicOS 5.8 provides the ability to customize the language of the login authentication pages that are presented to users. Administrators can translate the login related pages with their own wording and apply the changes so that they take effect without rebooting.
Although the entire SonicOS interface is available in different languages, sometimes the administrator does not want to change the entire UI language to a specific local one. However, if the firewall requires authentication before users can access other networks, or enables external access services (e.g. VPN, SSL-VPN), those login related pages usually should be localized to make them more usable for normal users.
• LDAP "Primary group" Attribute — To allow Domain Users to be used when configuring policies, membership of the Domain Users group can be looked up via an LDAP "Primary group" attribute, and SonicOS 5.8 provides a new attribute setting in the LDAP schema configuration for using this feature.
• Management Traffic Only Option for Network Interfaces — SonicOS 5.8 provides a Management Traffic Only option on the Advanced tab of the interface configuration window, when configuring an interface from the Network > Interfaces page. When selected, this option prioritizes all traffic arriving on that interface. The administrator should enable this option ONLY on interfaces intended to be used exclusively for management purposes. If this option is enabled on a regular interface, it will still prioritize the traffic, but that may not be the desirable result. It is up to the administrator to limit the traffic to just management; the firmware does not have the ability to prevent pass- through traffic.
The purpose of this option is to provide the ability to access the SonicOS management interface even when the appliance is running at 100% utilization.
• Preservation of Anti-Virus Exclusions After Upgrade — SonicOS 5.8 provides an enhancement to detect if the starting IP address in an existing range configured for exclusion from anti-virus enforcement belongs to either LAN, WAN, DMZ or WLAN zones. After upgrading to a newer firmware version, SonicOS applies the IP range to a newly created address object. Detecting addresses for other zones not listed above, including custom zones, is not supported.
Anti-virus exclusions which existed before the upgrade and which apply to hosts residing in custom zones will not be detected. IP address ranges not falling into the supported zones will default to the LAN zone. Conversion to the LAN zone occurs during the restart booting process. There is no message in the SonicOS management interface at login time regarding the conversion.
• SNMP — SNMP reporting is now available for VLAN interfaces. You enable SNMP on an interface under Network > Interfaces.
• SonicWALL Enforced Client Anti Virus — SonicOS 5.8 supports Kaspersky AV as a choice for SonicWALL Enforced Client Anti-Virus. With Enforced Client, the SonicWALL firewall does not allow clients to connect and access the Internet unless they have client anti-virus installed.
SonicWALL Management Interface
The SonicWALL security appliance’s Web-based management interface provides an easy-to-use graphical interface for configuring your SonicWALL security appliance. The following sections provide an overview of the key management interface objects:
• Navigating the Management Interface
• Common Icons in the Management Interface
• Tooltips
• Wizards
In the SonicOS’s Dynamic User Interface, table statistics and log entries now dynamically update within the user interface without requiring users to reload their browsers. Active connections, user sessions, VoIP calls, and similar activities can be disconnected or flushed dynamically with a single click on the Delete icon in the Flush or Logout column.
This lightweight dynamic interface is designed to have no impact on the SonicWALL Web server, CPU utilization, bandwidth or other performance factors. You can leave your browser window on a dynamically updating page indefinitely with no impact to the performance of your SonicWALL security appliance.
Navigating the Management Interface
On the left side of your browser window is a navigation pane that lists the SonicWALL Web Management Interface structure as links. When you click a menu item, related management functions are displayed as submenu items in the navigation pane.
When you click on a top-level item in the navigation pane, it automatically expands that heading and contracts the heading for the page you are currently on.
If the navigation pane continues below the bottom of your browser, an up-and-down arrow symbol appears in the bottom right corner of the navigation pane, just above the status bar. Mouse over the up or down arrow to scroll the navigation pane up or down.
Common Icons in the Management Interface
The following describe the functions of common icons used in the SonicWALL management interface:
• Clicking on the Edit 
icon displays a window for editing the settings.
• Clicking on the Delete 
icon deletes a table entry
• Moving the pointer over the Comment 
icon displays text in a pop-up window.
The Status bar at the bottom of the management interface window displays the status of actions executed in the SonicWALL management interface.
Pages in which you configure a tool or specify settings now have an Accept button at the top of the page. To save any configuration or setting changes you made on the page, click the Accept button.
If the settings are contained in a secondary window within the management interface, when you click OK, the settings are automatically applied to the SonicWALL security appliance.
Many elements, such as forms, buttons, table headings and entries, in the SonicOS UI have embedded tooltips. These Tooltips are small pop-up windows that are displayed when you hover your mouse over a UI element. They provide brief information describing the element.
Note Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse over an element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip.
When applicable, Tooltips display the minimum, maximum, and default values for form entries. These entries are generated directly from the SonicOS firmware, so the values will be correct for the specific platform and firmware combination you are using.
Tooltips are enabled by default. To disable Tooltips or change their behavior, see Tooltips.
In the SonicOS UI, table statistics and log entries dynamically update within the user interface without requiring you to reload your browser.You can navigate tables in the management interface with large number of entries by using the navigation buttons located on the upper right corner of the table.
The table navigation bar includes buttons for moving through table pages.
A number of tables now include an option to specify the number of items displayed per page.
Active connections, user sessions, VoIP calls, and similar activities can be disconnected or flushed dynamically with a single click on the 
Delete icon in the Flush or Logout column.
Several tables include a new table Statistics icon 
that displays a brief, dynamically updating summary of information for that table entry. Tables with the new statistics icon include:
• NAT policies on the Network > NAT Policies page
• Access rules on the Firewall > Access Rules page
Several tables include a tooltip that displays the maximum number of entries that the SonicWALL security appliance supports. For example, the following image shows the maximum number of address groups the appliance supports.
Tables that display the maximum entry tooltip include NAT policies, access rules, address objects, and address groups.
Each SonicWALL security appliance includes Web-based online help available from the management interface.Clicking the question mark button on the right corner of the SonicWALL UI banner accesses the context-sensitive help for the displayed page.
Tip Accessing the SonicWALL security appliance online help requires an active Internet connection.
The wizards can help you configure your firewall by stepping you through such things as WAN network configuration, LAN network configuration, wireless LAN network configuration, and 3G or Analog Modem configuration.
The Wizards button, in the right corner of the SonicWALL UI banner, provides access to the SonicWALL Configuration Wizard, which allows you to easily configure the SonicWALL security appliance using the following sub-wizards:
|
The Logout button, on the top-right corner of the SonicWALL UI banner, terminates the management interface session and displays the authentication page for logging into the SonicWALL security appliance.
