System_systemAdministrationView
The System Administration page provides settings for the configuration of SonicWALL security appliance for secure and remote management. You can manage the SonicWALL using a variety of methods, including HTTPS, SNMP or SonicWALL Global Management System (SonicWALL GMS).
Topics:
• Administrator Name & Password
The Firewall Name uniquely identifies the SonicWALL security appliance and defaults to the serial number of the SonicWALL. The serial number is also the MAC address of the unit. To change the Firewall Name, type a unique alphanumeric name in the Firewall Name field. It must be at least 8 characters in length.
The Administrator Name can be changed from the default setting of admin to any word using alphanumeric characters up to 32 characters in length. To create a new administrator name, type the new name in the Administrator Name field. Click Accept for the changes to take effect on the SonicWALL.
Changing the Administrator Password
To set a new password for SonicWALL Management Interface access, type the old password in the Old Password field, and the new password in the New Password field. Type the new password again in the Confirm New Password field and click Accept. Once the SonicWALL security appliance has been updated, a message confirming the update is displayed in the status field at the bottom of the browser window below the navigation pane.
Tip It is recommended you change the default password “password” to your own custom password.
One-Time Password
One-Time Password (OTP) is a two-factor authentication scheme that utilizes system-generated, random passwords in addition to standard user name and password credentials. Once users submit the correct basic login credentials, the system generates a one-time password which is sent to the user at a pre-defined email address. The user must retrieve the one-time password from their email, then enter it at the login screen.
The internal SonicWALL Web-server now only supports SSL version 3.0 and TLS with strong ciphers (12-bits or greater) when negotiating HTTPS management sessions. SSL implementations prior to version 3.0 and weak ciphers (symmetric ciphers less than 128-bits) are not supported. This heightened level of HTTPS security protects against potential SSLv2 rollback vulnerabilities and ensures compliance with the Payment Card Industry (PCI) and other security and risk-management standards.
Tip Your browser must enable SSL 3.0 and TLS, and disable SSL 2.0. If you are using a release of these browsers that enables SSL 2.0, you should enable SSL 3.0 and TLS and disable SSL 2.0.
SonicOS provides password constraint enforcement, which can be configured to ensure that administrators and users are using secure passwords. This password constraint enforcement can satisfy the confidentiality requirements as defined by current information security management systems or compliance requirements, such as Common Criteria and the Payment Card Industry (PCI) standard.
You specify and change password security settings in the Login Security area:
• Password must be changed every (days) — Requires users to change their passwords after the designated number of days has elapsed. When a user attempts to log in with an expired password, a pop-up window will prompt the user to enter a new password. The User Login Status window now includes a Change Password button so that users can change their passwords at any time.
• Bar repeated passwords for this many changes — Requires users to use unique passwords for the specified number of password changes.
• Enforce a minimum password length of — Specifies the shortest allowed password.
• Enforce password complexity — Specifies whether password complexity is to be enforced and if so, the type of complexity. A pull-down menu provides the following options:
– None (default)
– Require both alphabetic and numeric characters
– Require alphabetic, numeric, and symbolic characters
• Apply these password constraints for — Specifies to which classes of users the password constraints are applied:
– Administrator checkbox refers to the default administrator with the username, admin
– Other full administrators
– LImited administrators
– Other local users
• Log out the administrator after inactivity of (minutes) — Allows you to set the length of inactivity that elapses before you are automatically logged out of the Management Interface. By default, the SonicWALL security appliance logs out the administrator after five minutes of inactivity. The inactivity timeout can range from 1 to 99 minutes.
Tip If the administrator inactivity timeout is extended beyond five minutes, you should end every management session by clicking Logout to prevent unauthorized access to the SonicWALL security appliance’s Management Interface.
• Enable administrator/user lockout — Locks administrators and users out of accessing the appliance after the specified number of incorrect login attempts.
– Failed login attempts per minute before lockout — Specifies the number of incorrect login attempts within a one minute time frame that triggers a lockout.
– Lockout Period (minutes) — Specifies the number of minutes that the administrator is locked out.
Note If an administrator and a user are logging into the SonicWALL using the same source IP address, the administrator is also locked out of the SonicWALL. The lockout is based on the source IP address of the user or administrator.
s
• On preemption by another administrator — Configures what happens when one administrator preempts another administrator using the Multiple Administrators feature. The preempted administrator can either be converted to non-config mode or logged out. For more information on Multiple Administrators, see Multiple Administrator Support Overview.
– Drop to non-config mode - Select to allow more than one administrator to access the appliance in non-config mode without disrupting the current administrator.
– Log out - Select to have the new administrator preempt the current administrator.
• Allow preemption by a lower priority administrator after inactivity of (minutes) — Enter the number of minutes of inactivity by the current administrator that will allow a lower-priority administrator to preempt.
• Enable inter-administrator messaging — Select to allow administrators to send text messages through the management interface to other administrators logged into the appliance. The message will appear in the browser’s status bar.
• Messaging polling interval (seconds) — Sets how often the administrator’s browser will check for inter-administrator messages. If there are likely to be multiple administrators who need to access the appliance, this should be set to a reasonably short interval to ensure timely delivery of messages. Clicking on the arrow to the right of the polling interval field displays a tooltip.
The Web Management Settings allow you to control the web-based behavior of SonicWALL security appliance:
• Changing HTTP/HTTPS Settings
• Changing the Default Size for SonicWALL Management Interface Tables
• Tooltips
The SonicWALL security appliance can be managed using HTTP or HTTPS and a Web browser. HTTP web-based management is disabled by default. Use HTTPS to log into the SonicOS management interface with factory default settings.
• Allow management via HTTP checkbox — Allows you to enable/disable HTTP management globally:
– HTTP Port — The default port for HTTP is port 80, but you can configure access through another port. Type the number of the desired port in the Port field, and click Accept.
If you configure another port for HTTP management, you must include the port number when you use the IP address to log into the SonicWALL security appliance. For example, if you configure the port to be 76, then you must type <LAN IP Address>:76 into the Web browser, that is,
<http://192.168.168.1:76>.
– HTTPS Port — The default port for HTTPS management is port 443. You can add another layer of security for logging into the SonicWALL security appliance by changing the default port. To configure another port for HTTPS management, type the preferred port number into the Port field.
If you configure another port for HTTP management, you must include the port number when you use the IP address to log into the SonicWALL security appliance. For example, if you configure the HTTPS Management Port to be 700, then you must log into the SonicWALL using the port number as well as the IP address, for example, <https://192.168.168.1:700> to access the SonicWALL.
• Certificate Selection drop-down menu — Allows you to select where to obtain a certificate for authentication to the user management system:
– Use Self-signed Certificate — Allows you to continue using a certificate without downloading a new one each time you log into the SonicWALL security appliance.
– Import Certificate — Allows you to select an imported certificate from the System > Certificates page to use for authentication to the management interface.
• Delete cookies button — Removes all browser cookies saved by the SonicWALL appliance. Deleting cookies will cause you to lose any unsaved changes made in the Management interface.
• Configuration mode/End config mode button — Toggles Configuration mode on/off.
Changing the Default Size for SonicWALL Management Interface Tables
The SonicWALL Management Interface allows you to control the display of large tables of information across all tables in the management Interface. You can change the default table page size in all tables displayed in the SonicWALL Management Interface from the default 50 items per page to any size ranging from 1 to 5,000 items. Some tables, including Active Connections Monitor, VPN Settings, and Log View, have individual settings for items per page which are initialized at login to the value configured here. Once these pages are viewed, their individual settings are maintained. Subsequent changes made here will only affect these pages following a new login.
To change the default table size:
1. Enter the desired number of items per page in the Default Table Size field.
2. Enter the desired interval for background automatic refresh of Monitor tables, in seconds, in the Auto-updated Table Refresh Interval field.
3. Click Accept.
Specifying the Starting Page
By default, when you log in to your SonicWALL appliance, the starting page for the SonicOS UI is the System > Administration page. You can change this login page to the System > Security Dashboard page by clicking the Use System Dashboard View as starting page checkbox.
SonicOS has embedded tooltips for many elements in the SonicOS UI. These Tooltips are small, pop-up windows that are displayed when you hover your mouse over a UI element. They provide brief information describing the element. Tooltips are displayed for many forms, buttons, table headings and entries.
Note Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse over an element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip. Some elements have a small arrow that activates a tooltip when the cursor hovers over it or you click it.
When applicable, Tooltips display the minimum, maximum, and default values for form entries. These entries are generated directly from the SonicOS firmware, so the values will be correct for the specific platform and firmware combination you are using.
Configuring Tooltip Behavior
The behavior of the Tooltips can be configured on the Enable Tooltip section of Web Management Settings.
Tooltips are enabled by default. To disable Tooltips, uncheck the Enable Tooltip checkbox. The duration of time before Tooltips display can be configured:
• Form Tooltip Delay — Duration in milliseconds (in msec) before Tooltips display for forms (fields where you enter text).
• Button Tooltip Delay — Duration in milliseconds before Tooltips display for radio buttons and checkboxes.
• Text Tooltip Delay — Duration in milliseconds before Tooltips display for UI text.
If you use SSH to manage the SonicWALL appliance, you can change the SSH port for additional security. The default SSH port is 22.
You can manage the SonicWALL security appliance using SNMP or SonicWALL Global Management System (GMS). For more information on SonicWALL Global Management System, go to
http://www.sonicwall.com.
The following sections explain how to configure the SonicWALL for management by these two options: