Policies_Policies_PolicyList_Snwls
SonicWALL GMS Policy Configuration Overview
The appliance panels enable administrators to add, delete, configure and view various SonicWALL appliance types managed by SonicWALL GMS.
The policy panels include:
• Firewall Panel—For management and reporting on compatible firewall appliances.
• SRA Panel—For management and reporting on SonicWALL SRA and Aventail appliances.
• CDP Panel—For management of SonicWALL Continuous Data Protection appliances.
• ES Panel—For management of SonicWALL Email Security appliances.
The policy panels are used to configure SonicWALL appliances. From these pages, you can apply settings to all SonicWALL appliances being managed by Dell SonicWALL GMS, all SonicWALL appliances within a group, or individual SonicWALL appliances.
Introduction to Firewall Policies
To open the Policies Panel, click the Firewall tab at the top of the SonicWALL GMS UI and then click the Policies subtab. The SonicWALL appropriate appliance Policies Panel appears:
System
describes how to use Dell SonicWALL GMS to configure general System Policy settings on managed SonicWALL appliances. The following sections describe how to configure the system settings:
• Status—Provides a comprehensive collection of information to help you manage your SonicWALL security appliances and SonicWALL Security Services licenses. It includes GMS status information on Firewall, Management, Subscription, and Firewall Models. Refer to the Viewing System Status.
• Time—Describes how to change the time and time options for one or more SonicWALL appliances. Refer to the Configuring Time Settings.
• Licensed Nodes (Unit-level view only)—Provides a Node License Status table listing the number of nodes your SonicWALL security appliance is licensed to have connected at any one time, how many nodes are currently connected, and how many nodes you have in your Node license Exclusion List. Refer to the Viewing Licensed Node Status.
• Administrator—Describes how to change the administrator and password options for one or more SonicWALL appliances. Refer to the Configuring Administrator Settings.
• Tools—Provides a set of common system configuration tasks for restarting an appliance, requesting diagnostic information, inheriting settings, system synchronization, and synchronizing the appliance to mysonicwall.com. Also includes options to generate a Tech Support Report (TSR) and the ability to email the TSR. Refer to the Using Configuration Tools.
• Info—Describes how to change contact information for one or more SonicWALL appliances. Refer to the Configuring Contact Information.
• Settings—Describes how to backup and save SonicWALL appliance settings as well as restore them from preferences files. Refer to the Configuring System Settings.
• Schedules—Describes how to create and configure schedule groups, which are used to apply firewall rules for specify days and hours of the week. Refer to the Configuring Schedules.
• Management—Describes how to edit the remote management settings on SonicWALL security appliances for management by GMS or VPN client. Refer to the Editing Management Settings.
• SNMP—Describes how to configure Simple Network Management Protocol. Refer to the Configuring SNMP.
• Certificates (Unit-level view only)—Describes how to configure both third-party Certificate Authority (CA) certificates and local certificates. Refer to the Navigating the System > Certificates Page.
Network
describes how to configure network settings for SonicWALL appliances. It is divided into sections for SonicWALL security appliances running SonicOS Enhanced and SonicOS Standard.
Firewall
describes access rules, which is a set of application-specific policies that gives you granular control over network traffic on the level of users, email users, schedules, and IP-subnets. The primary functionality of this application-layer access control feature is to regulate Web browsing, file transfer, email, and email attachments. The Firewall settings in SonicWALL GMS are different for SonicWALL security appliances running SonicOS Enhanced and Standard.
Log
describes how to use Global Management System to configure where the SonicWALL appliance(s) send their logs, how often the logs are sent, and what information is included.
Diagnostics
SonicWALL appliances store information about all devices with which they have communicated. When you generate diagnostic information, only one report can be generated at a time and the information is only maintained during the current session. For example, if you run a firewall log report and then log off or generate another report, the firewall log report data will be lost until you run the report again.
Content Filtering
describes how to use Dell SonicWALL GMS to configure content filtering options for one or more SonicWALL appliances. This functionality can be used to deny access to material supplied by the active content filtering subscription, specific domains, domains by keyword, and Web features such as ActiveX, Java, and cookies.
DHCP
describes how to use the Global Management System (Dell SonicWALL GMS) to configure SonicWALL appliances as DHCP servers. Dynamic Host Configuration Protocol (DHCP) enables network administrators to automate the assignment of IP addresses from a centralized DHCP server. This conserves IP addresses and make it easy for mobile users to move among different segments of the network without having to manually enter new IP addresses.
Users
describes how to use the Dell SonicWALL GMS to configure user and user access settings.
Firewall
describes how to configure App Control policies for SonicWALL firewall appliances from SonicWALL GMS.
Anti-Spam
This provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your SonicWALL firewall appliance. There are two primary ways inbound messages are analyzed by the Anti-Spam feature - Advanced IP Reputation Management and Cloud-based Advanced Content Management. IP Address Reputation uses the GRID Network to identify the IP addresses of known spammers, and reject any mail from those senders without even allowing a connection. GRID Network Sender IP Reputation Management checks the IP address of incoming connecting requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWALL GRID Network. Known spammers are prevented from connecting to the SonicWALL firewall appliance, and their junk email payloads never consume system resources on the targeted systems.
VPN
This covers how to create VPN policies on the SonicWALL firewall appliance to support SonicWALL Global VPN Clients as well as creating site-to-site VPN policies for connecting remote offices running SonicWALL firewall appliances. A VPN is a private data network that uses encryption technologies to operate over public networks.
SSL VPN
This provides information on how to configure the SRA features on the SonicWALL SRA appliances. SonicWALL’s SRA features provide secure, seamless, remote access to resources on your local network using the NetExtender client.
DPI-SSL
This describes the Deep Packet Inspection Secure Socket Layer (DPI-SSL) feature to allow for the inspection of encrypted HTTPS traffic and other SSL-based traffic. Client DPI-SSL is used to inspect HTTPS traffic when clients on the SonicWALL firewall appliance’s LAN access content located on the WAN. Server DPI-SSL is used to inspect HTTPS traffic when remote clients connect over the WAN to access content located on the SonicWALL firewall appliance’s LAN.
Security Services
This includes an overview of available SonicWALL Security Services as well as instructions for activating the service, including FREE trials. These subscription-based services include SonicWALL Gateway Anti-Virus, SonicWALL Intrusion Prevention Service, SonicWALL Content Filtering Service, SonicWALL Client Anti-Virus, and well as other services.
SonicWALL firewall appliances offer several services for protecting networks against viruses and attacks. This chapter provides concept overviews and configuration tasks for deploying these services.
High Availability
This describes how to use Dell SonicWALL GMS to configure High Availability, which allows the administrator to specify a primary and secondary SonicWALL appliance. In the case that the connection to the primary device fails, connectivity will transfer to the backup device.
In addition, SonicWALL GMS can utilize the same device pairing technology to implement different forms of load balancing. Load balancing helps regulate the flow of network traffic by splitting that traffic between primary and secondary SonicWALL devices.
SonicPoints
This describes how to configure SonicPoint managed secure wireless access points.
Wireless
This describes how to configure wireless connectivity options for wireless SonicWALL appliances.
WAN Acceleration
This describes how to view and configure the WAN Acceleration service.
Flow Activity
This describes how to configure the Flow Activity feature and contains the following sections:
This feature is only available for SonicWALL security appliances running SonicOS 6.1 and higher firmware.
WGS
Thisdescribes how to configure Wireless Guest Services (WGS) enabled appliances running SonicOS Standard. For appliances running SonicOS Standard, these configuration options are available at the unit level. Wireless Guest Services allows the administrator to configure wireless access points for guest access. Wireless Guest Services is configured with optional custom login pages, user accounts and is compatible with several different authentication methods including those which require external authentication.
Modem
Note For information on configuring wireless WAN (WWAN) settings, see Configuring WWAN Settings, page 369.
This describes how to configure the dialup settings for SonicWALL SmartPath (SP) and SmartPath ISDN (SPi) appliances. SonicWALL SP appliances have a WAN Failover feature that enables automatic use of a built-in modem to establish Internet connectivity when the primary broadband connection becomes unavailable. This is ideal when the SonicWALL appliance must remain connected to the Internet, regardless of network speed.
WWAN
This describes how to configure the Wireless Wide Area Network (WWAN) settings for SonicWALL security appliances that use 3G and other Wireless WAN functionality to utilize data connections over cellular networks.
Web Filters
SonicWALL Content Security Manager (CSM) CF provides appliance-based Internet filtering that enhances security and employee productivity, optimizes network utilization, and mitigates legal liabilities by managing access to objectionable and unproductive Web content.
Application Filters
This provides configuration tasks for deploying SonicWALL CSM application filtering services. SonicWALL Content Security Manager (CSM) provides appliance-based application filtering that enhances security and employee productivity and optimizes network utilization.
This chapter contains the Configuring Application Filter Settings.
Register/Upgrades
Thisdescribes how to register and upgrade your SonicWALL firewall appliances.
Events
This section provides an introduction to the SonicOS Event Alerts feature. This chapter contains the Adding Alerts.
This chapter provides instructions for modifying the general status and tools for SonicWALL SRA platforms. To modify the general status and tools of a SRA appliance using SonicWALL GMS, click the SRA tab the at the top of the screen, then select the Policies subtab. In the center pane, select General. You will see the options Status, Tools and Info.
General
• The General > Status section provides the current status of the SRA appliance and allows for an instant update of appliance information using the Fetch Information button.
• The General > Tools section provides the following options: Restart Appliance, Synchronize Now, Synchronize the Appliance with mysonicwall.com.
Note The Restart Appliance option is not available for SonicWALL Aventail SRA appliances.
• The General > Info section provides the ability to update the contact information for the SRA appliance.
Register/Upgrades
• The Register/Upgrades > Register screen provides the ability to register CDP appliances with your mysonicwall.com account.
Note Registering SonicWALL Aventail SRA appliances from GMS is not supported.
Events
• The Events > Alerts screen allows you to add, edit, or delete a Unit Status alert for managed CDP appliances.
• The Events > Current Alerts screen displays all active alerts for this appliance.
After a SonicWALL CDP appliance has been added to GMS, the unit can be managed through the CDP Policies panel.
General
• The General > Status status window displays information about all CDP devices in the current GMS deployment when in the global view.
– When an individual appliance is selected, the status window displays information about the currently selected CDP appliance.
• The General > Info screen allows you to edit CDP appliance information on a global or unit level.
• The General > Tools section provides options to synchronize both the static and dynamic information.
Register/Upgrades
• The Register/Upgrades > Register screen provides the ability to register CDP appliances with your mysonicwall.com account.
Events
• The Events > Alerts screen allows you to add, edit, or delete a Unit Status alert for managed CDP appliances.
• The Events > Current Alerts screen displays all active alerts for this appliance.
Introduction to Email Security Policies
After a SonicWALL Email Security appliance has been added to SonicWALL GMS, the unit can be managed through the ES Policies panel.
General
The General > Status windows displays both general deployment status, as well as individual appliance status for Email Security appliances.
The General > Tools section provides options to force your SonicWALL ES appliance to synchronize its license and subscription information with mySonicWALL.com immediately.
The General > Info screen allows you to edit Email Security appliance information on a global or unit level.
Register/Upgrades
The Register/Upgrades > Register ESA screen provides the ability to register CDP appliances with your mysonicwall.com account.
Events
• The Events > Alerts screen allows you to add, edit, or delete a Unit Status alert for managed ES appliances.
• The Events > Current Alerts screen displays all active alerts for this appliance.