Policy Configuration : Introduction to Firewall Policies
Introduction to Firewall Policies
To open the Policies Panel, click the Firewall tab at the top of the SonicWALL GMS UI and then click the Policies > System > Status. The SonicWALL appropriate appliance Policies Panel appears:
System
This covers a variety SonicWALL firewall appliance controls for managing system status information, registering the SonicWALL firewall appliance, activating and managing SonicWALL Security Services licenses, configuring SonicWALL firewall appliance local and remote management options, managing firmware versions and preferences, and using included diagnostics tools for troubleshooting. It also describes how to use Dell SonicWALL GMS to configure general System Policy settings on managed SonicWALL appliances. The following sections describe how to configure the system settings:
Status—Provides a comprehensive collection of information to help you manage your SonicWALL security appliances and SonicWALL Security Services licenses. It includes GMS status information on Firewall, Management, Subscription, and Firewall Models. Refer to Viewing System Status .
Administrator—Describes how to change the administrator and password options for one or more SonicWALL appliances. Refer to Configuring Administrator Settings .
Management—Describes how to edit the remote management settings on SonicWALL security appliances for management by GMS or VPN client. Refer to Editing Management Settings .
SNMP—Describes how to configure Simple Network Management Protocol. Refer to Configuring SNMP .
Certificates (Unit-level view only)—Describes how to configure both third-party Certificate Authority (CA) certificates and local certificates. Refer to Navigating the System > Certificates Page .
Time—Describes how to change the time and time options for one or more SonicWALL appliances. Refer to Configuring Time Settings .
Schedules—Describes how to create and configure schedule groups, which are used to apply firewall rules for specify days and hours of the week. Refer to Configuring Schedules .
Tools—Provides a set of common system configuration tasks for restarting an appliance, requesting diagnostic information, inheriting settings, system synchronization, and synchronizing the appliance to mysonicwall.com. Also includes options to generate a Tech Support Report (TSR) and the ability to email the TSR. Refer to Using Configuration Tools .
Info—Describes how to change contact information for one or more SonicWALL appliances. Refer to Configuring Contact Information .
Settings—Describes how to backup and save SonicWALL appliance settings as well as restore them from preferences files. Refer to Configuring System Settings .
Licensed Nodes (Unit-level view only)—Provides a Node License Status table listing the number of nodes your SonicWALL security appliance is licensed to have connected at any one time, how many nodes are currently connected, and how many nodes you have in your Node license Exclusion List. Refer to Configuring Contact Information .
Network
This covers configuring the SonicWALL firewall appliance for your network environment. Describing how to configure network settings for SonicWALL appliances. It is divided into sections for SonicWALL security appliances running SonicOS Enhanced and SonicOS Standard.
Overview of Interfaces
Configuring Network Settings in SonicOS Enhanced
Configuring Network Settings in SonicOS Standard
DHCP
This describes how to use the Global Management System (GMS) to configure SonicWALL appliances as DHCP servers. Dynamic Host Configuration Protocol (DHCP) enables network administrators to automate the assignment of IP addresses from a centralized DHCP server. This conserves IP addresses and make it easy for mobile users to move among different segments of the network without having to manually enter new IP addresses.
Configuring DHCP Over VPN
Configuring Dynamic DHCP IP Address Ranges
Configuring Static IP Addresses
Configuring DHCP Option Objects
Configuring DHCP Option Groups
Configuring General DHCP Settings
Configuring Trusted DHCP Relay Agents
Switching
This describes how to configure switching on a Dell SonicWALL appliance. For GMS, switching is supported only on appliances running SonicOS 5.9 or higher. For an overview of switching and configuration procedures, refer to the following:
Overview of Switching
Configuring VLAN Trunking
Configuring Rapid Spanning Tree
Configuring Link Aggregation
Configuring Port Mirroring
Configuring Layer 2 QoS
Configuring Rate Control
Configuring Port Security
Diagnostics
SonicWALL appliances store information about all devices with which they have communicated. When you generate diagnostic information, only one report can be generated at a time and the information is only maintained during the current session. For example, if you run a firewall log report and then log off or generate another report, the firewall log report data is lost until you run the report again.
Viewing Network Diagnostic Settings
Viewing Connections Monitor
Viewing CPU Monitor
Viewing Process Monitor
3G/4G/Modem
* 
NOTE: For information on configuring wireless WAN (WWAN) settings, see Configuring WWAN Settings .
This describes how to configure the dialup settings for SonicWALL SmartPath (SP) and SmartPath ISDN (SPi) appliances. SonicWALL SP appliances have a WAN Failover feature that enables automatic use of a built-in modem to establish Internet connectivity when the primary broadband connection becomes unavailable. This is ideal when the SonicWALL appliance must remain connected to the Internet, regardless of network speed.
Configuring the Modem Profile
Configuring Modem Settings
Configuring Advanced Modem Settings
WWAN
This describes how to configure the Wireless Wide Area Network (WWAN) settings for SonicWALL security appliances that use 3G and other Wireless WAN functionality to utilize data connections over cellular networks.
About Wireless WAN
Configuring the Connection Profile
Configuring WWAN Settings
Configuring Advanced Settings
SonicPoint
This chapter describes how to configure SonicPoint managed secure wireless access points. Managing SonicPoints
Viewing Station Status
Using and Configuring SonicPoint IDS
Using and Configuring Virtual Access Points
Configuring the RF Monitor
Configuring FairNet
Wireless
This describes how to configure wireless connectivity options for wireless SonicWALL appliances. Configuring General Wireless Settings
Configuring Wireless Security Settings
Configuring Advanced Wireless Settings
Configuring MAC Filter List Settings
Configuring Intrusion Detection Settings
Configuring Wireless Virtual Access Points
WGS
This describes how to configure Wireless Guest Services (WGS) enabled appliances running SonicOS Standard. For appliances running SonicOS Standard, these configuration options are available at the unit level. Wireless Guest Services allows the administrator to configure wireless access points for guest access. Wireless Guest Services is configured with optional custom login pages, user accounts and is compatible with several different authentication methods including those which require external authentication.
Firewall
This describes how to configure Access Rules and App Control policies for Dell SonicWALL firewalls from the Dell SonicWALL GMS management interface. Configuring Access Rules
App Control Overview
Configuring App Rules
Configuring App Control Advanced Policies
Configuring Match Objects
Configuring Action Objects
Configuring Service Objects
Configuring Email Address Objects
Configuring Bandwidth Objects
Firewall Settings
The Firewall settings in SonicWALL GMS are different for SonicWALL security appliances running SonicOS Enhanced and Standard. Understanding the Network Access Rules Hierarchy
Configuring Firewall Settings in SonicOS Enhanced
Configuring Firewall Settings in SonicOS Standard
DPI-SSL
This describes the Deep Packet Inspection Secure Socket Layer (DPI-SSL) feature to allow for the inspection of encrypted HTTPS traffic and other SSL-based traffic. Client DPI-SSL is used to inspect HTTPS traffic when clients on the SonicWALL firewall appliance’s LAN access content located on the WAN. Server DPI-SSL is used to inspect HTTPS traffic when remote clients connect over the WAN to access content located on the SonicWALL firewall appliance’s LAN.
DPI-SSL Overview
Configuring Client SSL
Configuring Server SSL
VoIP
This describes the Voice over IP (VoIP) feature.
Configuring Voice over IP Settings
Anti-Spam
This provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your SonicWALL firewall appliance. There are two primary ways inbound messages are analyzed by the Anti-Spam feature - Advanced IP Reputation Management and Cloud-based Advanced Content Management. IP Address Reputation uses the GRID Network to identify the IP addresses of known spammers, and reject any mail from those senders without even allowing a connection. GRID Network Sender IP Reputation Management checks the IP address of incoming connecting requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled using the collaborative intelligence of the SonicWALL GRID Network. Known spammers are prevented from connecting to the SonicWALL firewall appliance, and their junk email payloads never consume system resources on the targeted systems.
Activating Anti-Spam
Configuring Anti-Spam Settings
Configuring Anti-Spam Real-Time Black List Filtering
VPN
This covers how to create VPN policies on the SonicWALL firewall appliance to support SonicWALL Global VPN Clients as well as creating site-to-site VPN policies for connecting remote offices running SonicWALL firewall appliances. A VPN is a private data network that uses encryption technologies to operate over public networks.
Viewing the VPN Summary
Configuring VPN Settings
Configuring VPNs in SonicOS Enhanced
Configuring VPNs in SonicOS Standard
Setting up the L2TP Server
Monitoring VPN Connections
Management of VPN Client Users
VPN Terms and Concepts
Using OCSP with SonicWALL Security Appliances
SSL VPN
This provides information on how to configure the SMA features on the SonicWALL SMA appliances. SonicWALL’s SMA features provide secure, seamless, remote access to resources on your local network using the NetExtender client.
SSL VPN > Server Settings
SSL VPN > Portal Settings
SSL VPN > Client Settings
SSL VPN > Client Routes
Virtual Assist
Virtual Assist allows users to support customer technical issues without having to be on-site with the customer. This capability serves as an immense time-saver for support personnel, while adding flexibility in how they can respond to support needs.
Configuring Virtual Assist Settings
Users
This covers how to configure the SonicWALL firewall appliances for user level authentication as well as manage guest services. Describing how to use the Dell SonicWALL GMS to configure user and user access settings.
Configuring Users in SonicOS Standard
Web Filters
SonicWALL Content Security Manager (CSM) CF provides appliance-based Internet filtering that enhances security and employee productivity, optimizes network utilization, and mitigates legal liabilities by managing access to objectionable and unproductive Web content. High Availability
This describes how to use Dell SonicWALL GMS to configure High Availability that allows the administrator to specify a primary and secondary SonicWALL appliance. In the case that the connection to the primary device fails, connectivity will transfer to the backup device.
In addition, SonicWALL GMS can utilize the same device pairing technology to implement different forms of load balancing. Load balancing helps regulate the flow of network traffic by splitting that traffic between primary and secondary SonicWALL devices. Configuring High Availability Settings
Configuring Advanced High Availability Settings
Monitoring High Availability
Verifying High Availability Status
Security Services
This includes an overview of available SonicWALL Security Services as well as instructions for activating the service, including FREE trials. These subscription-based services include SonicWALL Gateway Anti-Virus, SonicWALL Intrusion Prevention Service, SonicWALL Content Filtering Service, SonicWALL Client Anti-Virus, and well as other services.
SonicWALL firewall appliances offer several services for protecting networks against viruses and attacks. This provides concept overviews and configuration tasks for deploying these services.
Configuring Security Services Settings
Configuring SonicWALL Network Anti-Virus
Configuring the SonicWALL Content Filter Service
Configuring the SonicWALL Content Filter Service
Configuring the SonicWALL Intrusion Prevention Service
Configuring the SonicWALL RBL Filter
Configuring the SonicWALL Gateway Anti-Virus
Configuring the SonicWALL Anti-Spyware Service
Content Filter
This describes how to use Dell SonicWALL GMS to configure content filtering options for one or more SonicWALL appliances. This functionality can be used to deny access to material supplied by the active content filtering subscription, specific domains, domains by keyword, and Web features such as ActiveX, Java, and cookies.
Configuring Content Filter Settings
Configuring a Custom List
Configuring Content Filtering Policies
Configuring the CFS Exclusion List
Configuring the CFS IP Address Range
Configuring CFS Custom Category
Blocking Web Features
N2H2 and Websense Enterprise Content Filtering
WAN Acceleration
This describes how to view and configure the WAN Acceleration service.
Viewing the WAN Acceleration Status
Configuring TCP Acceleration
Configuring WFS Acceleration
Configuring the Web Cache
Flow Activity
This describes how to configure the Flow Activity feature and contains the following sections:
Configuring a Flow Server Role
Configuring the Firewall for Flow Reporting
Viewing the Flow Reporting Page
Viewing the GMSFlow Server Page Log
* 
NOTE: This feature is only available for SonicWALL security appliances running SonicOS 6.1 and higher firmware.
This covers managing the SonicWALL firewall appliance’s logging, alerting, and reporting features. The SonicWALL firewall appliance’s logging features provide a comprehensive set of log categories for monitoring security and network activities. This describes how to use GMS to configure where the SonicWALL appliance(s) send their logs, how often the logs are sent, and what information is included.
Configuring Log Settings
Configuring Log Settings
Configuring Name Resolution
Register/Upgrades
This describes how to register and upgrade your SonicWALL firewall appliances. Registering SonicWALL Appliances
Upgrading Firmware
Upgrading Licenses
Searching
Creating License Sharing Groups
Viewing Used Activation Codes
Events
This provides an introduction to the SonicOS Event Alerts feature.