Networking

Leverage SonicWALL Wizards to configure firewall settings

The Windows Small Business Server platform may be most responsible for introducing and familiarizing administrators with standardized configuration wizards. SonicWALL routers and firewalls make use of the same principle: leverage configuration wizards to request specific information from an administrator and then configure a variety of respective interconnected settings in the background. Here's how to use SonicWALL's wizards to configure firewall settings and security.

It's taken some time for information technology professionals to discover configuration wizards and become comfortable with their use. Installation, setup and administration wizards have become not only common tools, but also effective methods of administering everything from operating systems to sophisticated routers.

Wizards not only save time, they help busy administrators avoid common errors. In fact, attempts to configure applications or devices outside the wizards sometimes prove disastrous.

The Windows Small Business Server platform may be most responsible for introducing and familiarizing administrators with standardized configuration wizards. SonicWALL routers and firewalls make use of the same principle: leverage configuration wizards to request specific information from an administrator and then configure a variety of respective interconnected settings in the background. Here's how to use SonicWALL's wizards to configure firewall settings and security.

The Setup Wizard

SonicWALL's Setup Wizard walks administrators through the process of configuring router and firewall settings. Working with the common TZ 170 Wireless model, SonicWAL's Setup wizard presents four setup options:

  • Office Gateway – Configures secure access for wired and wireless users.
  • Secure Access Point – Configures secure wireless access to an existing network.
  • Guest Internet Gateway – Configures Guest wireless access to an existing network.
  • Secure Wireless Bridge – Configures a secure WiFiSec bridge between two networks.

For this example, we'll select the most common option: Office Gateway as shown in Figure A. When deploying a SonicWALL router as an office gateway, IT administrators use SonicWALL's Setup Wizard to configure secure access for wired and wireless users to an existing network. In these cases, the SonicWALL device serves as a wireless access point, network switch, router and firewall.

Figure A

You can choose from any of the four basis configurations in the wizard.

To configure a SonicWALL wireless device to serve as the router through which wireless and wired computers connect to a network or the Internet, select Office Gateway.

After selecting Office Gateway to complete the SonicWALL Setup Wizard's first step, the next menu instructs administrators to change the device's default password. Frequently network security devices are deployed with the default password; failure to change the default password makes it exponentially easier for hackers and other unauthorized users to penetrate a network.

Step three addresses the time zone in which the device is deployed. In addition to specifying the time zone, a check box is provided to enable the device to automatically adjust its clock for daylight saving time. Once these elements are complete, administrators must click the provided Next button to continue.

The SonicWALL Setup Wizard's fourth step requires administrators to specify the wide area network mode. The wizard lists four radio button options:

  • Static IP – Use when the wide area network possesses one or more static IP addresses.
  • DHCP – Use when the wide area network IP address is provided by a DHCP server, such as is common on cable modem networks.
  • PPPoE – Use when a username and password is required to authenticate with an ISP, as is common with DSL networks.
  • PPTP - Use when a username, password and server address is required to authenticate with an ISP.

For this example we'll select the Static IP radio button and click the Next button as seen in Figure B.

Figure B

You can use the SonicWALL's Setup Wizard to connect the SonicWALL to networks with Static IP addresses.

The wizard's fifth step requires providing the wide area network IP address and subnet mask, the gateway (or router) IP address and two DNS server IP addresses. Once those values are entered, administrators can click the Next button to proceed to the next step.

Step six specifies the SonicWALL device's local area network IP address and subnet mask. A checkbox, Enable Windows Networking Support, should be left checked by administrators wishing to enable Windows systems on the network to communicate with one another. Once the LAN Settings are entered, administrators can click Next to proceed to step seven.

The SonicWALL Setup Wizard's seventh step addresses the local area network's DHCP configuration. To enable the SonicWALL device to provide DHCP services on the network, the checkbox should be selected for Enable DHCP Server On LAN. Once the box is selected, the LAN Address Range must be set. The starting and ending IP addresses entered within these fields determine the IP range used to create the DHCP address pool. With these values provided, administrators can click the Next button to continue to step eight.

Wireless settings, shown in Figure C, are the subject of step eight. It's during this stage of the setup wizard that the wireless network's Service Set ID (SSID) is specified, along with the radio mode (b, g, both, etc.), country code and radio channel setings. Once the wireless local area network settings are entered, administrators can proceed to step nine by clicking the Next button.

Figure C

Wireless configuration is completed during the Setup Wizard's eighth step.

Step nine involves specifying WiFiSec – VPN Client User Authentication settings. The information entered within this Setup Wizard menu enables creating secure VPN connections for clients connecting via a wireless network. One the values are entered, administrators click Next to continue.

The wizard's tenth step requires that administrators enable or disable wireless guest access. If the Enable Wireless Guest Services checkbox is unchecked, guests will not be able to access the network via a wireless connection.

Once the Enable Wireless Guest Services checkbox is checked, several fields illuminate that must be completed. Administrators must specify an account name and password. Administrators must also specify account and session lifetimes, as well as any comments. The default account (seven days) and session (one hour) lifetime defaults will likely work well for most organizations. However, these values are easily adjusted should an organization's network require shortening or lengthening these timeframes.

Clicking the Next button takes administrators to the wizard's final stage. Step 11 presents a summary screen, seen in Figure D, that confirms the settings and configuration changes the wizard will complete. Clicking the Apply button instructs the SonicWALL Setup Wizard to complete Setup and configure the device using the provided settings.

Figure D

The SonicWALL Configuration Summary lists the settings that will be deployed when the router is restarted.

Upon completing its task, the Setup Wizard will display a confirmation screen. The Setup Wizard Complete menu, in addition to confirming the Wizard is complete, reminds administrators of the URL and user name that must be entered to access the SonicWALL device.

Before the unit can be pressed into service, however, one item remains. Administrators must click the Restart button found on the Setup Wizard Complete screen. Clicking the Restart button forces the SonicWALL device to restart using the new configuration and settings.

Once the Restart button is clicked, the SonicWALL will display a browser window indicating that the device is restarting. Upon rebooting, administrators must log back into the device to review the unit's status and make any other changes or updates. You'll see a screen like the one shown in Figure E.

Figure E

The Status page of the SonicWALL's Web-based administration tool displays critical information about the router. Additional firewall information and settings are found on the Firewall menu (which is reached by clicking the Firewall button found within the left navigation bar).

Configuring Firewall Access Rules

Completing the SonicWALL's Setup Wizard is only the first part of configuring firewall security. When the Setup Wizard is complete, the SonicWALL router goes to work providing access (as specified in its setup). However, because it's a device designed to secure a network and computer systems, it's likely administrators will have to create additional access rules.

For example, if you wish to enable Internet traffic to be able to access a Web server, FTP server, remote desktop connection or other element behind the SonicWALL firewall, you'll have to create an access rule that instructs the SonicWALL router to allow that traffic to pass through the network. In many cases you may need to manually open specific firewall ports, as well. You'll do this on the screen shown in Figure F.

Figure F

Access Rules can be created, edited and deleted from the Firewall | Access Rules menu.

SonicWALL provides another wizard for configuring Access Rules (simple port access is configured manually in a process we'll explore in the next section). To create an Access Rule, administrators must log on to the SonicWALL device and click Firewall from the console that appears on the Web-based administration menu. Clicking the Rule Wizard button starts SonicWALL's Network Access Rule Wizard.

The access rule wizard's first step requires administrators to specify the type of network access rule that is being created. The two radio button options are Public Server Rule and General Rule. There's also a space provided for administrators to enter a comment regarding the rule being created. Once the rule type is selected and a comment is specified, administrators proceed by clicking the Next button.

Step two requires administrators to select the service the rule should use. As the access rule is being used to permit or block specific types of traffic, popular services can be selected from the provided drop-down menu. Note that separate access rules must be created for each service. Among the service options that can be selected are FTP, IPSEC, NNTP, PC Anywhere, Terminal Services and SMTP.

Once the appropriate network access rule service is selected, administrators can click Next to proceed.

The SonicWALL's Network Access Rule Wizard's third step is where administrators state whether the SonicWALL firewall should explicitly block or allow the service the rule addresses. Administrators should select either the Allow or Deny radio button and click Next.

Step four, shown in Figure G, requires that administrators specify the access rule's interface and beginning and ending IP addresses. The access rule will be applied to traffic originating from the IP addresses that are specified in the provided fields. The interface, meanwhile, instructs the SonicWALL as to which interface (LAN or WAN) should pass the specific service for which the access rule is being created. Once these values are set, clicking Next proceeds to step five.

Figure G

When creating access rules, administrators must specify the device interface to be used, as well as a beginning and ending IP address for systems originating connection requests.

Step five is kind of the reverse of step four. It's within this menu that administrators instruct the SonicWALL where to pass the specific service traffic for which the access rule is being created. Just as in step four, administrators must specify the interface (again, LAN or WAN) and beginning and ending IP ranges. Once the values are entered, clicking Next continues to the wizard's sixth step.

Step six enables administrators to specify the time when the access rule is active. Once the active timeframe is provided (the default is always, although administrators can set an active timeframe as granular as a one-minute window on a Sunday, if needed), the Next button proceeds to finish the wizard.

Upon clicking Next, a Congratulations menu appears. Clicking Apply deploys the new access rule. Once created, existing Access Rules are listed within Firewall | Access Rules menu within the SonicWALL router's Web-based administration page as shown in Figure H.

Figure H

Default services appear within the Predefined Services section of the Web-based administration tool. Entries created by users appear within the User Defined (Custom) Services section.

To edit any existing rule, administrators need only click the respective rule's configuration icon (a piece of paper with a pencil above it) and make the changes they require.

Opening Ports

Occasionally it's necessary to simply open firewall ports. You can manually open ports on SonicWALL devices. To do so, log on to the SonicWALL router, click on Firewall from the Web-based administration's left navigation menu and click Services. Next, click the Add button to open the Add Services window.

Within the Add Services window, shown in Figure I, administrators must provide a name for the service for which they're opening the port. Administrators must also specify the port range (the actual port number(s) to be opened) and specify the protocol.

Figure I

Manually opening ports requires that administrators specify a name, the port range and the protocol.

Once those values are provided administrators click OK to create add the service. Clicking OK prompts the SonicWALL router to enable traffic to pass on that port. The entry is added to the top of the Firewall | Services menu (within the section titled User Defined (Custom) Services. Other preset port configurations appear below within the Predefined Services section.

By default, the SonicWALL will log all activity on the specified ports. To disable such logging, clear a service's respective Enable Logging checkbox.

Summary

Just as with many other technology wizards, SonicWALL's configuration wizards simplify complex processes. Using SonicWALL's Setup and Network Access Rules makes it easier to configure security settings as required. In those cases where administrators wish to open ports manually, that option remains available.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

0 comments