Security

How do I... Configure firewall security on a SonicWALL device?

SonicWALL firewalls are a staple of network security in the small and medium business market. SonicWALL's proprietary SonicOS operating system powers its firewall devices, which means the mechanisms and procedures required to configure their security settings is similar for all of them. Here are the basic to configuring SonicWALL firewalls.

This article is also available as a TechRepublic download. A supporting photo gallery is also available.

SonicWALL firewalls are a staple of the small and medium business market. Everyone from small nonprofit organizations to medium-size and enterprise class businesses depend upon SonicWALL devices to secure their network communications.

SonicWALL's proprietary SonicOS operating system powers its firewall devices. Most every SonicWALL device is now powered by the SonicOS Enhanced operating system. The main difference between the two operating systems is the Enhanced version enables the system's firmware to provide ISP failover services, zone management and WAN load balancing.

The setup wizard

SonicWALL includes numerous wizards with its firewall devices. Available menus differ by model (for example, the WEP/WAP Encryption settings menu is available only on those models possessing wireless features).

The Setup Wizard is a time-saving tool that simplifies new router deployment. Or, if a network is being redesigned, a SonicWALL device can be reset to factory defaults and the Setup Wizard can be used to roll the device out anew.



Click this tag search to find other How do I… articles and downloads.




To use the Setup Wizard, log in to a SonicWALL firewall and click the Wizards button. The Wizards (Figure A) button can be found on the main System | Status page.

Figure A

The SonicWALL System Status page provides a wealth of information regarding a firewall's configuration.

Here’s a walkthrough of the process using a SonicWALL PRO 1260.

After clicking the Wizards button, the SonicWALL Configuration Wizard presents four options (Figure B).

Figure B

The SonicWALL Configuration Wizard presents four options. Administrators can either choose to select the Setup Wizard (used to configure the SonicWALL device to secure network connections), the PortShield Interface Wizard (for segmenting networks), the Public Server Wizard (used to provide internal server access to the public) or the VPN Wizard (for configuring access to a virtual private network).

Specify whether you wish to select the Setup Wizard, PortShield Interface Wizard, Public Server Wizard or VPN Wizard. For this example, we’ll choose Setup Wizard and click Next. The Setup Wizard appears.

  1. Step 1: The Change Password screen appears. Enter the default or old password, then enter a new password and confirm the new entry. When finished, click Next.
  2. Step 2: The Change Time Zone menu appears. Specify the applicable time zone, and check the box if you want the firewall to automatically adjust for daylight saving time, and click Next.
  3. Step 3: The WAN Network Mode screen appears. Select the radio button indicating the method used to connect to your ISP (Static IP, DHCP, PPPoE or PPTP). Then, click Next. For this example we’ll select Static IP. (Figure C)

Figure C

The WAN Network Mode menu enables specifying the most appropriate ISP connection method.
  1. Step 4: The WAN Network Mode: NAT Enabled menu appears. Enter the SonicWALL WAN IP Address, WAN Subnet Mask, Gateway (Router) Address, DNS Server Address and a secondary DNS address, and click Next. (Figure D)

Figure D

Specify WAN settings using the WAN Network Mode screen.
  1. Step 5: The LAN Settings menu appears. Supply an IP address for the SonicWALL’s LAN. Be sure to provide a subnet mask, and then click Next. (Figure E)

Figure E

Specify LAN settings using the SonicWALL’s LAN Network Settings screen.
  1. Step 6: The LAN DHCP Settings screen appears. Check the Enable DHCP Server On LAN box if you wish for the SonicWALL device to provide DHCP services. If you check the box, you’ll also have to enter the valid LAN address range. When done, click Next. (Figure F)

Figure F

Specify DHCP settings using the DHCP Server menu.
  1. Step 7: The SonicWALL Configuration Summary (Figure G). Review the information the wizard provides, and if all settings are correct, click Apply. If the configuration requires adjustment, click the Back button.

Figure G

Review the Confirmation Summary carefully before proceeding; clicking Apply triggers the settings reviewed on this menu.

A screen will appear indicating that the SonicWALL configuration is being saved, and you’ll be asked to wait. When the configuration is completed, you’ll see a Congratulations message stating the changes have been made and the Setup Wizard has completed.

SonicWALL Log In

Once the Setup Wizard is complete, log in to the firewall by entering the IP address you assigned to the SonicWALL device in Step 5 (on the LAN Settings menu). You’ll be greeted with a standard name and password dialog box. Enter the name and password you supplied for the firewall and click the Login button.

By default, the SonicWALL device displays the System | Status menu. To configure additional firewall settings, click the Firewall button from the menu appearing on the SonicWALL interface screen’s left edge.

The Firewall | Access Rules | All menu appears. The SonicWALL application displays important information about the firewall’s configuration within this screen. In addition to revealing zone and priority information, the Access Rules menu displays source and destination data, service type, action status, and user information (Figure H).

Figure H

Administrators can review SonicWALL’s Access Rules using three different views; here the All Rules view is displayed.

Traffic statistics for each access rule can be obtained simply by mousing-over the graph icon that appears toward the end of each access rule line. Access rule configurations can be tweaked by clicking the pencil and paper icon, or an access rule can be deleted by clicking its trash can icon.

Creating access rules

To create an access rule:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Click the Matrix or Drop-down Boxes View Style radio button. (See Figure I)
  4. Click the appropriate From And To Zone (such as WAN to LAN).
  5. Click the Add button that appears at the bottom of the menu.

Figure I

When creating an access rule, you must specify the appropriate criteria. SonicWALL’s firmware provides pre-populated drop-down boxes for configuring most settings.
  1. Using the General tab, specify the action to be taken to traffic matching the access rule’s settings; Allow, Deny and Discard are the three options.
  2. Select the appropriate service from the Service drop-down box. Do the same for the Source, Destination, Users Allowed and Schedule drop-down boxes.
  3. Enter a comment that describes the access rule or its purpose.
  4. Uncheck the Enable Logging checkbox if you don’t wish to log events related to the new access rule.
  5. Configure any advanced options (such as a timeout for TCP connection inactivity or the number of connections permitted) using the Advanced tab.
  6. Click OK.

Editing access rules

To edit an access rule:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Select Access Rules.
  4. Click the pencil and paper icon for the access rule you wish to edit.
  5. Use the resulting drop-down boxes to adjust the access rule as required (Figure J). Alternatively, you can click an access rule’s corresponding trash can icon to delete it.

Figure J

SonicWALL’s drop-down boxes make quick work when editing access rules.
  1. Click OK to apply the edits (if you delete an access rule, the deletion occurs upon confirming the action). The SonicWALL firmware will write the changes and update the firewall’s configuration.

Editing service groups

SonicWALL devices, by default, include service objects and groups designed to simplify firewall administration. Using SonicWALL firewalls, service groups and objects are used to make common applications and services (such as PC Anywhere, ShoreTel, VNC and Yahoo Messenger) available to network users.

To review a firewall’s services settings:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Select Services.

Numerous service groups are provided by default (Figure K). To add additional groups or objects:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Select Services.
  4. Click the Custom Services radio button.
  5. Click Add Group to create a new Service Group or Add to create a new service (Figure L).

Figure K

SonicWALL’s firmware provides numerous pre-populated service groups to simplify firewall configuration.

Figure L

Administrators needing to create their own firewall services can do so by specifying the appropriate criteria.
  1. If you click Add Group, numerous options are pre-populated in the left pane. You can choose to select one of those or enter your own name and click OK; to configure its settings, click its subsequent pencil and paper icon. To create a new service, click the Add button, provide a name, specify the appropriate protocol, enter the port range or sub type if required and click OK.
18 comments
anil150875
anil150875

For Sonci wall configuration you can visit www.pecon.co.in or dialĀ 

18002456888

Rhodesr29
Rhodesr29

I need to create an Access Rule that would force traffic thru a specific router like "Any traffic going to Goodridge sites go via MPLS/Verizon Router". There's a Verizon router to connect my location to the UK location, and then there's a Windstream router providing ISP functions to the internet.

olas2004
olas2004

i'm trying to setup my sonicwall via wizard mode but i coulnt cause i have this error message: " Subnet on this interface overlaps with another interface". What that mean? what i have to do please help me. my first time to work with sonicwall. Thank you,

dima1
dima1

when i set my destination as for example X0 IP or X0 subnet, the access rules do not work, while when i use the IP address of the PC it works.. what am i missing? setting the user as ALL works with me, while when i try to specify a guest name or even administrator, the rule doesn't work, do i have to modify something in the user accounts ?

nadarajan007
nadarajan007

thanks for information its really helpfull for me

wtorres
wtorres

i configure a interface , then conect un pc in the interface by it don?t ping.

Mark W. Kaelin
Mark W. Kaelin

What is your current firewall? Has it and is it working for you? Are you looking to change? What feature would you like to see implemented in your next firewall?

wizard57m-cnet
wizard57m-cnet

rather than tagging on to a 6 year old article. Try reposting this in the 'Q&A' forum. The 'Discussion' forum is for matters of general discussion, not specific problems in search of a solution. The 'Water Cooler' is for non-technical discussions. You can submit a question to 'Q&A' here: http://www.techrepublic.com/forum/questions/post?tag=mantle_skin;content There are TR members who specifically seek out problems in need of a solution. Although there is some overlap between the forums, you'll find more of those members in 'Q&A' than in 'Discussions' or 'Water Cooler'. Be sure to use the voting buttons to provide your feedback. Voting a '+' does not necessarily mean that a given response contained the complete solution to your problem, but that it served to guide you toward it. This is intended to serve as an aid to those who may in the future have a problem similar to yours. If they have a ready source of reference available, perhaps won't need to repeat questions previously asked and answered. If a post did contain the solution to your problem, you can also close the question by marking the helpful post as "The Answer".

jnkmail
jnkmail

The interfaces are x0 x1 and so forth and they are bound to external ports on the router. If you examine the interface configuration it will show you info on the ones that are configured. Just do not overlap existing. Overlap can happen if the range of addresses are overlapped with the same mask or they can be a bit less obvious if you are using nonstandard masks. If it is something resembling a CLASS C network of say 192.168.1.0 with mask 255.255.255.0 then you do not want to see any in that range on another interface or it is not routing. Routing requires different networks. so you can have 192.168.1.0 and 192.168.2.0 on different interfaces but not the same on both.

dima1
dima1

make sure your windows firewall settings is switched off, windows firewall doesn't allow pinging make sure your network allows pinging

susika
susika

yes i can help you regarding on sonicwall security configuration please let me know your firmware version and sonicwall type i will help you

uberg33k50
uberg33k50

We used to have a Cisco 1700 which was a real pain because you had to load the entire configuration back in every time you wanted to make a change. The final blow came when it stopped working and we called to get some support and they refused because it was EOL on service. They would not help at any price. We went to the Sonic Wall and I love it. It is easy to configure. You don't have to know a special configuration syntax. You can make changes easily and it has a very reasonable price.

CG IT
CG IT

we use ISA 2004 as our perimeter firewall and proxy server. After using Cisco PIX, and assorted business class routers built in firewalls, I like ISA 2004. It works for us and has a wealth of configuration parameters I can use to filter content, sites, domains, and who can access what where and when.

PurpleSkys
PurpleSkys

that the op got it by now; it's only been a year and a half....please don't wake the dead

basheerkkmb
basheerkkmb

give all configuration of NSA2400 including site to site VPN and GVPN client

rsettlemire
rsettlemire

Hello, We are having bandwidth issues. Not sure what it could be I have tried everything. Here is the specs: Firmware Version: SonicOS Enhanced 4.0.0.2-51e ROM Version: SonicROM 2.1.0.0 CPU (10s average): 4.50% - 800MHz VIA C3 Processor Total Memory: 128MB RAM, 64MB Flash System Time: 02/27/2008 19:27:11 Up Time: 0 Days 00:38:40 Connections: 2508 We are running Fiber 50MBdown /20MB up. We are not pushing anywhere near this.

NewBeeAdmin
NewBeeAdmin

I havent had chance to manage different firewalls but out of few that i have i would have to say Sonicwall's are very easy to configure. We have over 15 TZ170's across our offices and couple of big one's at our server location. Configuring a one of those smaller units is like configuring home based router at times i had guided an end user in configuring the firewall/router from factory default at least to the point where i can take over the configuration remotely. They do have issues at times with their OS but who dosen't.

Editor's Picks