How do I... Configure firewall security on a SonicWALL device?

SonicWALL firewalls are a staple of network security in the small and medium business market. SonicWALL's proprietary SonicOS operating system powers its firewall devices, which means the mechanisms and procedures required to configure their security settings is similar for all of them. Here are the basic to configuring SonicWALL firewalls.

This article is also available as a TechRepublic download. A supporting photo gallery is also available.

SonicWALL firewalls are a staple of the small and medium business market. Everyone from small nonprofit organizations to medium-size and enterprise class businesses depend upon SonicWALL devices to secure their network communications.

SonicWALL's proprietary SonicOS operating system powers its firewall devices. Most every SonicWALL device is now powered by the SonicOS Enhanced operating system. The main difference between the two operating systems is the Enhanced version enables the system's firmware to provide ISP failover services, zone management and WAN load balancing.

The setup wizard

SonicWALL includes numerous wizards with its firewall devices. Available menus differ by model (for example, the WEP/WAP Encryption settings menu is available only on those models possessing wireless features).

The Setup Wizard is a time-saving tool that simplifies new router deployment. Or, if a network is being redesigned, a SonicWALL device can be reset to factory defaults and the Setup Wizard can be used to roll the device out anew.

Click this tag search to find other How do I… articles and downloads.

To use the Setup Wizard, log in to a SonicWALL firewall and click the Wizards button. The Wizards (Figure A) button can be found on the main System | Status page.

Figure A

The SonicWALL System Status page provides a wealth of information regarding a firewall's configuration.

Here’s a walkthrough of the process using a SonicWALL PRO 1260.

After clicking the Wizards button, the SonicWALL Configuration Wizard presents four options (Figure B).

Figure B

The SonicWALL Configuration Wizard presents four options. Administrators can either choose to select the Setup Wizard (used to configure the SonicWALL device to secure network connections), the PortShield Interface Wizard (for segmenting networks), the Public Server Wizard (used to provide internal server access to the public) or the VPN Wizard (for configuring access to a virtual private network).

Specify whether you wish to select the Setup Wizard, PortShield Interface Wizard, Public Server Wizard or VPN Wizard. For this example, we’ll choose Setup Wizard and click Next. The Setup Wizard appears.

  1. Step 1: The Change Password screen appears. Enter the default or old password, then enter a new password and confirm the new entry. When finished, click Next.
  2. Step 2: The Change Time Zone menu appears. Specify the applicable time zone, and check the box if you want the firewall to automatically adjust for daylight saving time, and click Next.
  3. Step 3: The WAN Network Mode screen appears. Select the radio button indicating the method used to connect to your ISP (Static IP, DHCP, PPPoE or PPTP). Then, click Next. For this example we’ll select Static IP. (Figure C)

Figure C

The WAN Network Mode menu enables specifying the most appropriate ISP connection method.
  1. Step 4: The WAN Network Mode: NAT Enabled menu appears. Enter the SonicWALL WAN IP Address, WAN Subnet Mask, Gateway (Router) Address, DNS Server Address and a secondary DNS address, and click Next. (Figure D)

Figure D

Specify WAN settings using the WAN Network Mode screen.
  1. Step 5: The LAN Settings menu appears. Supply an IP address for the SonicWALL’s LAN. Be sure to provide a subnet mask, and then click Next. (Figure E)

Figure E

Specify LAN settings using the SonicWALL’s LAN Network Settings screen.
  1. Step 6: The LAN DHCP Settings screen appears. Check the Enable DHCP Server On LAN box if you wish for the SonicWALL device to provide DHCP services. If you check the box, you’ll also have to enter the valid LAN address range. When done, click Next. (Figure F)

Figure F

Specify DHCP settings using the DHCP Server menu.
  1. Step 7: The SonicWALL Configuration Summary (Figure G). Review the information the wizard provides, and if all settings are correct, click Apply. If the configuration requires adjustment, click the Back button.

Figure G

Review the Confirmation Summary carefully before proceeding; clicking Apply triggers the settings reviewed on this menu.

A screen will appear indicating that the SonicWALL configuration is being saved, and you’ll be asked to wait. When the configuration is completed, you’ll see a Congratulations message stating the changes have been made and the Setup Wizard has completed.

SonicWALL Log In

Once the Setup Wizard is complete, log in to the firewall by entering the IP address you assigned to the SonicWALL device in Step 5 (on the LAN Settings menu). You’ll be greeted with a standard name and password dialog box. Enter the name and password you supplied for the firewall and click the Login button.

By default, the SonicWALL device displays the System | Status menu. To configure additional firewall settings, click the Firewall button from the menu appearing on the SonicWALL interface screen’s left edge.

The Firewall | Access Rules | All menu appears. The SonicWALL application displays important information about the firewall’s configuration within this screen. In addition to revealing zone and priority information, the Access Rules menu displays source and destination data, service type, action status, and user information (Figure H).

Figure H

Administrators can review SonicWALL’s Access Rules using three different views; here the All Rules view is displayed.

Traffic statistics for each access rule can be obtained simply by mousing-over the graph icon that appears toward the end of each access rule line. Access rule configurations can be tweaked by clicking the pencil and paper icon, or an access rule can be deleted by clicking its trash can icon.

Creating access rules

To create an access rule:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Click the Matrix or Drop-down Boxes View Style radio button. (See Figure I)
  4. Click the appropriate From And To Zone (such as WAN to LAN).
  5. Click the Add button that appears at the bottom of the menu.

Figure I

When creating an access rule, you must specify the appropriate criteria. SonicWALL’s firmware provides pre-populated drop-down boxes for configuring most settings.
  1. Using the General tab, specify the action to be taken to traffic matching the access rule’s settings; Allow, Deny and Discard are the three options.
  2. Select the appropriate service from the Service drop-down box. Do the same for the Source, Destination, Users Allowed and Schedule drop-down boxes.
  3. Enter a comment that describes the access rule or its purpose.
  4. Uncheck the Enable Logging checkbox if you don’t wish to log events related to the new access rule.
  5. Configure any advanced options (such as a timeout for TCP connection inactivity or the number of connections permitted) using the Advanced tab.
  6. Click OK.

Editing access rules

To edit an access rule:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Select Access Rules.
  4. Click the pencil and paper icon for the access rule you wish to edit.
  5. Use the resulting drop-down boxes to adjust the access rule as required (Figure J). Alternatively, you can click an access rule’s corresponding trash can icon to delete it.

Figure J

SonicWALL’s drop-down boxes make quick work when editing access rules.
  1. Click OK to apply the edits (if you delete an access rule, the deletion occurs upon confirming the action). The SonicWALL firmware will write the changes and update the firewall’s configuration.

Editing service groups

SonicWALL devices, by default, include service objects and groups designed to simplify firewall administration. Using SonicWALL firewalls, service groups and objects are used to make common applications and services (such as PC Anywhere, ShoreTel, VNC and Yahoo Messenger) available to network users.

To review a firewall’s services settings:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Select Services.

Numerous service groups are provided by default (Figure K). To add additional groups or objects:

  1. Log on to the SonicWALL firewall.
  2. Click the Firewall button.
  3. Select Services.
  4. Click the Custom Services radio button.
  5. Click Add Group to create a new Service Group or Add to create a new service (Figure L).

Figure K

SonicWALL’s firmware provides numerous pre-populated service groups to simplify firewall configuration.

Figure L

Administrators needing to create their own firewall services can do so by specifying the appropriate criteria.
  1. If you click Add Group, numerous options are pre-populated in the left pane. You can choose to select one of those or enter your own name and click OK; to configure its settings, click its subsequent pencil and paper icon. To create a new service, click the Add button, provide a name, specify the appropriate protocol, enter the port range or sub type if required and click OK.