English dropdown-ico

Manual SonicWALL SonicWALL UTM Appliance

57 pages 1.5 mb
Download

Go to site of 57

Summary
  • SonicWALL SonicWALL UTM Appliance - page 1

    LDAP Leveraging LDAP Groups/ Use rs with SonicWALL UTM Appliance Contents Contents ....................................................................................................................... ....................................... 1 Integrating LDAP/Active Dire ctory with S onicwall UTM .................................................. ...

  • SonicWALL SonicWALL UTM Appliance - page 2

    2 Blocking IM Traffi c Categorically .............................................................................................. ................. 51 Applying Granular IM Policies .................................................................................................. ................. 52 Applying VPN Access Polici es to Groups/Us ers ...

  • SonicWALL SonicWALL UTM Appliance - page 3

    3 Integrating LDAP/Active Directo ry with Sonicwall UTM SonicOS supports a range of different LDAP se rvers, the most popular being Active Directory (AD). AD i s also an LDAP implementation. Please refer to the followin g pape r as a supplement on how to configure L DAP settings. http://www.sonicwall.com/downloads/LD AP_Integration_Feature_Module.p ...

  • SonicWALL SonicWALL UTM Appliance - page 4

    4 Exporting the CA Certificate fr om the Active Directory Server To export the CA certificate from the AD server: Step 1: Launch the Certification Authority application: Start > Ru n > cer tsrv.msc . Step 2: Right click on the CA you creat ed and select Properties. Step 3: On the General tab, click the View Certificate button. Step 4: On the ...

  • SonicWALL SonicWALL UTM Appliance - page 5

    5 Step 5: On the Settings tab of the LDAP Configuration win do w , configure the following fields: • Name or IP Address – The FQDN or the IP address of the LDA P serve r against which you wish to authenticate. If using a name, be certain that it c an be resolved by your DNS server. Also, if using TLS with the ‘Require valid certificate from s ...

  • SonicWALL SonicWALL UTM Appliance - page 6

    6 • Send LDAP ‘Start TLS’ Request – Some LDAP server implementations suppo rt the Start TLS directive rather than using native LDAP over TLS. This allows the L DAP se rver to listen on o ne port (normally 389) for LDAP connections, and to switch to TLS as direct ed by the client. Active Directory does not use this option, and it should only ...

  • SonicWALL SonicWALL UTM Appliance - page 7

    7 Selecting any of the predefined schemas will automat ically populate the fields used by that schema with their correct values. Selecting ‘User Defined’ will allow you to specif y your own values – use thi s only if you have a specific or proprietary LDAP schem a co nfiguration. • Object class – Select the attribute that represents the i ...

  • SonicWALL SonicWALL UTM Appliance - page 8

    8 • Primary Domain – The user domain used by your LDAP implementation. For AD, this will be the Active Directory domain n ame, e.g. yourADd omain . c om. Chan ges to this field will, optionally, automatically update the tree information in the rest of the page. This is set to mydomain.com by default for all schemas except Novell eDirecto ry, fo ...

  • SonicWALL SonicWALL UTM Appliance - page 9

    9 trees are best ordered with those on the primary server first, and the rest in the same order that they will be referred. NOTE : When working with AD, to determine the location of a user in the dire ctory for the ‘User tree for login to server’ field, the directory can be searched manually from th e Active Directory Users and Settings control ...

  • SonicWALL SonicWALL UTM Appliance - page 10

    10 Step 10: On the LDAP Users tab, configure the following fields: • Allow only users listed locally – Requires that LDAP users al so be present in the SonicWALL local user database for logins to be allowed. • User group membership can be set locally by duplicating LDAP user names – Allows for group membership (and privileges) to be determi ...

  • SonicWALL SonicWALL UTM Appliance - page 11

    11 In the LDAP Import User Groups dialog box, sele ct t he checkbox for ea ch group that you want to import into the SonicWALL, and then click Save. Having user groups on the SonicWALL with the sa me name a s existing LDAP/AD use r grou ps allo ws SonicWALL group membership s an d privileges to be granted upon succe ssful LDAP authentication. Alter ...

  • SonicWALL SonicWALL UTM Appliance - page 12

    12 Step 11: On the LDAP Relay tab, configure the following fields: The RADIUS to LDAP Relay feature is d esig ned for use in a topology where there is a central site with an LDAP/AD server and a central SonicWALL wi th remote satellite sites connected into it via older low-end SonicWALL security appli ances that may not support LDAP. In that case t ...

  • SonicWALL SonicWALL UTM Appliance - page 13

    13 configurable. Step 12: Select the Test tab to test the configured LDAP settings: The Test LDAP Settings page allows for the configured LDAP sett ings to be te sted by attempting authentication with specified user an d p assword credentials. Any user group membershi ps and/or framed IP address configured on the LDAP/AD server for the user will be ...

  • SonicWALL SonicWALL UTM Appliance - page 14

    14 Logon to Appliance – Configuring User Level Authentic ation Settings This is the other method of authenticating users, and requi res the user to login to the appliance. Please refer to the following paper for more details on ULA: http://www.sonicwall.com/downloads/So nicOS_St andard_2.1_User-Level_A uthentication.pdf In this example, the LAN z ...

  • SonicWALL SonicWALL UTM Appliance - page 15

    15 Step 5: Click Add , then create the following two rules as de picted below. The order is importan t. The new first rule allows any DNS queries out. The new second rule forces all users (Everyone) to be challenged before accessing the Intern et for HTTP only. NOTE : This configuration will allow any traffic out othe r than HTTP, even withou t fir ...

  • SonicWALL SonicWALL UTM Appliance - page 16

    16 NOTE : The difference between “All” and “Everyone ” in a polic y rule. Selecting “All” will allow all matching traffic, regardless from an authenticated user or n ot. Se lecting the “Everyone” user group will allow traffic from any logged in user, but not from a user who ha s not lo gged in. ...

  • SonicWALL SonicWALL UTM Appliance - page 17

    17 If everything is working correctly, you should then see users authenticated on the Log>Vie w page. SonicOS Options That Lev erage Groups/Users Now that we have a means of authent i c ating users to the SonicWALL firewall, we can leve rage the groups/users that are in LDAP/Active Directory for a myriad of options: • Create firewall rules fo ...

  • SonicWALL SonicWALL UTM Appliance - page 18

    18 • Rule processing stop s a s soon as there is a match (with some cave ats – see below) • Rule logic first looks at Source, then Destination, Service, and Action. If there is a match the re, rule processing st ops a nd then further subset rule processi ng can happen (rul es set for schedules, users/ groups, or BWM) for that specific rule . ...

  • SonicWALL SonicWALL UTM Appliance - page 19

    19 allowed access throug h it. Matching traffic from the user or me mbers of the user grou p will be given access, and matching traffic from anyone else will be denied access. For multiple user groups to be all owed access, create a single parent gro u p user containing all of them as members and set a si ngle rule specifying that parent group as t ...

  • SonicWALL SonicWALL UTM Appliance - page 20

    20 Firewall Rules with Bandwidth Mana gement & Logging It is possible to leverage FW rules simpl y for logging and/or bandwidth manag ement (BWM). To enable BWM, it is first necessary to go to Network > Interfac es and configure the WAN interface. Click the Advanced tab, and then enable ing ress an d egress rates for your net work. These rat ...

  • SonicWALL SonicWALL UTM Appliance - page 21

    21 After BWM is enabled on the WAN interface, a new ta b is displayed within FW rule creation: the Ethernet BWM tab. You can now enable BWM on a rule by rule basis setting a g uaranteed bandwidth rate (Kbps) or %, a maximum rate or %, priori ty, and tracking of bandwidth usage. In the below screenshot, we have restricted POP email to maximum of 100 ...

  • SonicWALL SonicWALL UTM Appliance - page 22

    22 NOTE : You can create a firewall rule for any given user /group and rest rict that group’s overall bandwidth for any network service/protocol. Con sider also us ing Application Firewall which allows mo re granular control of bandwidth policies. Blocking Websites (Dom ain Names ) for Groups/Users Enhanced SonicOS has a f ew me chanisms at your ...

  • SonicWALL SonicWALL UTM Appliance - page 23

    23 Step 2: Create an AO for yahoo.com. Step 3: Now, create an AO Group and add the ap propriate AOs to this group. ...

  • SonicWALL SonicWALL UTM Appliance - page 24

    24 Step 4: Next, create an FW rule that will deny traffic to the Blocke d Sites AO Group. Allowing Specific Domains and Blocking All Others with Firewall Rules With firewall rules you can block HTTP/HTTPS traffic for all traffic except for the defined list you’ve created. First, create the address objects of the websites you want to allow. In the ...

  • SonicWALL SonicWALL UTM Appliance - page 25

    25 Step 2: Create an AO for Mysonicwall.com. Whil e u sing a FQDN is often more “friendly”, in this example we’ve chosen the IP address. Step 2: Create an AO Group for the Allowed site s. Step 3: Navigate to Firewall > Access Rules . ...

  • SonicWALL SonicWALL UTM Appliance - page 26

    26 Step 4: Create a rule to allow HTTP traffic for your all owed lists. ...

  • SonicWALL SonicWALL UTM Appliance - page 27

    27 Step 5: Do the same for HTTPS. ...

  • SonicWALL SonicWALL UTM Appliance - page 28

    28 Step 6: Create the deny rules for HTTP and HT TPS. ...

  • SonicWALL SonicWALL UTM Appliance - page 29

    29 The firewall rules should now loo k like the belo w pi cture: NOTE: that the downside to using F W rules to block/allow we bsites is that if a user is a member of differe nt groups in LDAP, and if different rules are created for different grou ps, it can cause undesirable behavio r for a given user. Firewall rules are processed from top do wn an ...

  • SonicWALL SonicWALL UTM Appliance - page 30

    30 Blocking HTTPS (SSL) Domains with SSL Control With Secure Socket Layer (SSL) Control it is possi bl e to whitelist an d blacklist HTTPS domains, as well as other SSL services, based on key words i n their certificate. SSL control ca nnot be enforced at the group/user level, only at the ZONE level. For example, if y ou enabled SSL control on the ...

  • SonicWALL SonicWALL UTM Appliance - page 31

    31 ever decreasing cost and complexity of SSL, however , has also spurred the growth of more dubiou s applications of SSL, designed prim arily for the pu rposes of obfuscation or concealment rather than security . An increasingly common camouflage is the use of SSL encrypted Web -based proxy servers for the pu rpose of hiding browsing details, and ...

  • SonicWALL SonicWALL UTM Appliance - page 32

    32 Step 1: To configure the Whitelist and Blacklist naviga te to Firewall > SSL control > click the Configure button to bring up the following window: Entries can be added, edited and delete d with the but tons beneath each list wind ow. List matching will be based on the subject common name in the certificate presen ted in the SSL exchange, ...

  • SonicWALL SonicWALL UTM Appliance - page 33

    33 Applying Differen t CFS Policies to Gr oups It is important to understand what CFS is capabl e of (as of SonicOS 5.2). CFS is a subscri ption based service that allows administrators to block domai ns b as ed on category ratings. The Premium CFS features over 50 different categories to choose from. Soni cWALL maintains and categorizes a list of ...

  • SonicWALL SonicWALL UTM Appliance - page 34

    34 CFS has the ability to allow or block domains by thei r fully qualified domain n ame (FQDN) or by keywords in their FQDN. This functionality does not require a sub scription to CFS. This list is a single master list that can be enforced on any given CFS policy. As you create a dditional CFS policies, ea ch policy ha s the ability to leverage the ...

  • SonicWALL SonicWALL UTM Appliance - page 35

    35 NOTE: If you wish to forbid or allow HTTPS domains, us e of their IP address must be used in CFS. FQDN does not work for HTTPS sites in the CFS Custo m List. For example, I was able to forbid paypal.com with the use of these 3 IP addresses. (This list may not be representative of all IPs for paypal) Using the forbidden domains list doesn’t req ...

  • SonicWALL SonicWALL UTM Appliance - page 36

    36 Step 1: Under the C FS tab, enable the IP based HTTPS content filtering. This enables CFS f or HTTPS domains. This is important if you wish to block sites such a s HTTPS://www.fac ebook.com or proxy sites such as HTTPS://megaproxy.com. Step 2: Navigate to the Policy tab and add a ne w CFS policy. ...

  • SonicWALL SonicWALL UTM Appliance - page 37

    37 Step 3: Create a friendly name for the new poli cy. Step 4: Navigate to the URL List tab and sel ect the categories you want to block or allo w for this policy. Step 5: Navigate to the Settings Tab a nd sel ect if you want to enforce allowed domains, forb idden domains, or keywords in domains. You can also choose to enforce Safe Search (Safe Sea ...

  • SonicWALL SonicWALL UTM Appliance - page 38

    38 default of “moderate” to “strict” filtering on Google however. Step 6: Select if you want the CFS Policy to only run at certain times of the day. For example, you might allow access to social networki ng sites betwe en 12-1 for lun ch brea k, but rest rict access the remainder of the time. ...

  • SonicWALL SonicWALL UTM Appliance - page 39

    39 Step 7: Next nav igate to Users > Local Groups and configure the Group you want the new CFS policy to apply to. Step 8: Select the CFS policy you created under the CFS Policy tab. Repeat this same p ro ce ss fo r every group that requires custom CFS settings. Enforcing CFS Policies without Requiring All Us ers to Authenticate There is one mor ...

  • SonicWALL SonicWALL UTM Appliance - page 40

    40 Step 1: Navigate to Network > Network Interfac es. Configure the respective interfaces you wish to support local authenticatio n on by enabl ing HTTPS user login. Step 2: Navigate to Security Services > Content Filter. At the bottom of the page is the html code that can be customized. Provided below is some sample co de that you can modify ...

  • SonicWALL SonicWALL UTM Appliance - page 41

    41 Basic Sample Code for SonicOS 5.2 ----*snipped*---- (with virtual sci ssors ☺ ) <tr><td align=center nowrap><font size="2" col or="#000000"><br> If you believe the below web site is rated incorrec tly click <a href="HTTP://cfssupport.sonicwall.c om" target='new'>here </a& ...

  • SonicWALL SonicWALL UTM Appliance - page 42

    42 NOTE : Use caution the website you are r edi re cting isn’t on the CFS list or blocked domains. It would create a looping situation. <html> <head> <meta HTTP-equiv="Content-Ty pe" content="text/html"> <title>SonicWALL - Web Site Blocked</title> <style type="t ex t/css"> body { b ...

  • SonicWALL SonicWALL UTM Appliance - page 43

    43 </div> </div> <div id="popup_box_text"> <table align=center cell padding=5 widt h=8 0%> <tr><td align=center><font size="2" colo r=" #000000"> <br> <script> <!-- var blockedURL = new String(docume nt.URL); blockedURL = blockedURL.replace(/</g , "&l ...

  • SonicWALL SonicWALL UTM Appliance - page 44

    44 Sample JavaScript Code for SonicOS 5.2 In this example, “blockedURL” is the variable that refe rences the URL the client wa s trying to browse to. In this example, we are looking for facebo ok, and the n ta king a unique action for that URL. You could use this to redirect users or take custom actions again st a defined list of URLs. if (bloc ...

  • SonicWALL SonicWALL UTM Appliance - page 45

    45 Applying Application Firewa ll Polices to Groups/Users Application Firewall is a very flexible tool to manage application specific traffic. The goal of this guide is to demonstrate how Application Firewall can be applied to different groups/ users. We will use Application Firewall to block domains for spe cific groups in this exam ple. More exam ...

  • SonicWALL SonicWALL UTM Appliance - page 46

    46 When lookin g for a HTTP Hos t, you can get sp ecific wi th a FQDN or leave it more general with a partial match. With the below example, websites with monster in the URL will be blocked. That would be monster.com, monsters. co m, and so fort h. ...

  • SonicWALL SonicWALL UTM Appliance - page 47

    47 Step 3: Navigate to Policies and add a new policy. Give the policy a friendly name. Select the Application Object that was just created “Blocked Domains”. The action we will take in this example is “drop/reset”. You can then select the grou ps you wish to include or exclude from the policy. The direction of traffic will be outgoing. ...

  • SonicWALL SonicWALL UTM Appliance - page 48

    48 When a user attempts to navigate to monster.com, they will be presente d with a page cannot be displayed message. Alternatively, you can have the blocked domains redi rect to another web page or displ ay a custom block page. Step 5: Navigate to Actions under Application Fire wall and create a new Action to redirect users. ...

  • SonicWALL SonicWALL UTM Appliance - page 49

    49 Step 6: Navigate to Application Fire wall > Policies and chang e the action from reset/drop to the new custom action. If you wish to display a block page instead, creat e a new ac tion with HTTP Block Page. You can either insert text in the content or html markup to customize it further . Select the action under the Policy to use the new HTTP ...

  • SonicWALL SonicWALL UTM Appliance - page 50

    50 Tightening Control over the Bro wsing Behavior of Users Now that we’ve looked at the different ways to restrict browsin g and web behavior thro ugh dif ferent mechanisms, I’m sure ide a s are spinning in your head on ho w you can apply these policies i n your environment. I want to close the topic of web browsing with a small bit of advice. ...

  • SonicWALL SonicWALL UTM Appliance - page 51

    51 • Turn on Gateway AV and Antispyware – turn all settings o n. If you really want to block everything, the most drastic step you can take is to unplug the firewall from the wa ll. Applying Intrusion Prevention Serv ice Signatures to Group s/Users There are 2 different methods of leveraging IPS signat ures . The first method is with Applicatio ...

  • SonicWALL SonicWALL UTM Appliance - page 52

    52 NOTE : You can change the Prevention and Detectio n from t he glo bal settings and adjust other setting s such as the schedule when the sign ature i s enabled. For exam ple, some organizati ons want to allow IM traffic for everyone during lunch hours but deny it outside of those ho urs. Applying Granular IM Policies Now if you wanted to prevent ...

  • SonicWALL SonicWALL UTM Appliance - page 53

    53 Applying VPN Access Policies to Groups/Users SonicOS 5.2 supports 2 VPN client s; Gl obal VPN Cli ent (GVC), an IPSec client and NetExtender, a SSL-VPN client. Both clients can utilize LDAP groups/users fo r authentication and access, but each does it in a slightly different manner. Global VPN Client (GVC) We will configure the WAN GroupVPN to s ...

  • SonicWALL SonicWALL UTM Appliance - page 54

    54 NOTE : Depending on how you setup yo ur group member ship, being a member of this group does not automatically grant those users VPN access. Step 2: Navigate to Users > Local Grou ps an d configure the group(s) that require VPN access. Under the VPN Access tab select the ne twork(s) or address obje cts that group wi ll have VPN access to. By ...

  • SonicWALL SonicWALL UTM Appliance - page 55

    55 SSL-VPN (NetExtender) SonicOS 5.2 introduces SSL VPN functionality via NetExtender. NetExtender is a light weight client that can run on Windows, Linux, Mac, and Wi ndo ws Mobile devices. It can easily be installed by directing the client to the URL of the WAN interface. To configure SSL-VPN LDAP authenticati on, place the LDAP group(s) that nee ...

  • SonicWALL SonicWALL UTM Appliance - page 56

    56 Guest Services (Wireless Guest Serv ices) SonicOS supports Guest Services. Gues t services are typically used in wireless hotspot deployments, but they can also be used in scenario s such as guest clients needing to plug into the wired LAN i nfrast ructure. As of SonicOS 5.2, WGS is not supported on the LAN zo ne, ho wever there is workaround. W ...

  • SonicWALL SonicWALL UTM Appliance - page 57

    57 It’s not that hard of a stretch to see that if you are using LDAP integrati on, you could essentially build guest accounts and profiles in LDAP and then leverag e that gue st group in the same ways we’ve shown above. However, that may be more time consuming then ne cessary for administrators, espe cially when guests come and go frequently. S ...

Manufacturer SonicWALL Category Welding System

Documents that we receive from a manufacturer of a SonicWALL SonicWALL UTM Appliance can be divided into several groups. They are, among others:
- SonicWALL technical drawings
- UTM Appliance manuals
- SonicWALL product data sheets
- information booklets
- or energy labels SonicWALL SonicWALL UTM Appliance
All of them are important, but the most important information from the point of view of use of the device are in the user manual SonicWALL SonicWALL UTM Appliance.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals SonicWALL SonicWALL UTM Appliance, service manual, brief instructions and user manuals SonicWALL SonicWALL UTM Appliance. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product SonicWALL SonicWALL UTM Appliance.

Similar manuals

A complete manual for the device SonicWALL SonicWALL UTM Appliance, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use SonicWALL SonicWALL UTM Appliance by users. Manuals are usually written by a technical writer, but in a language understandable to all users of SonicWALL SonicWALL UTM Appliance.

A complete SonicWALL manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual SonicWALL SonicWALL UTM Appliance - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the SonicWALL SonicWALL UTM Appliance, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the SonicWALL SonicWALL UTM Appliance, that we can find in the current document
3. Tips how to use the basic functions of the device SonicWALL SonicWALL UTM Appliance - which should help us in our first steps of using SonicWALL SonicWALL UTM Appliance
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with SonicWALL SonicWALL UTM Appliance
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of SonicWALL SonicWALL UTM Appliance in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning SonicWALL SonicWALL UTM Appliance?

Use the form below

If you did not solve your problem by using a manual SonicWALL SonicWALL UTM Appliance, ask a question using the form below. If a user had a similar problem with SonicWALL SonicWALL UTM Appliance it is likely that he will want to share the way to solve it.

Copy the text from the picture

Captcha
New picture

Comments (0)