Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Key Features... 2 Known Issues...

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Key Features... 2 Known Issues..."

Transcription

1 SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Key Features... 2 Known Issues Release Purpose SonicOS is the initial release for the Dell SonicWALL SuperMassive 9000 Series Next-Generation, Reassembly-Free Deep Packet Inspection security appliances. Platform Compatibility The SonicOS release is supported on the following Dell SonicWALL security appliances: SuperMassive 9600 SuperMassive 9400 SuperMassive 9200 The Dell SonicWALL WXA series appliances (WXA 500 Live CD, WXA 5000 Virtual Appliance, WXA 2000/4000 Appliances) are also supported for use with Dell SonicWALL SuperMassive appliances running The minimum recommended firmware version for the WXA series appliances is Upgrading Information For information about obtaining the latest firmware, upgrading the firmware image on your Dell SonicWALL appliance, and importing configuration settings from another appliance, see the SonicOS 6.1 Upgrade Guide on the Product Documentation page for the SuperMassive series, at Browser Support SonicOS uses advanced browser technologies such as HTML5, which are supported in most recent browsers. Dell SonicWALL recommends using the latest Chrome, Firefox, Internet Explorer, or Safari browsers for administration of SonicOS. This release supports the following Web browsers: Chrome 18.0 and higher (recommended browser for dashboard real-time graphics display) Firefox 16.0 and higher Internet Explorer 8.0 and higher (do not use compatibility mode) Safari 5.0 and higher Mobile device browsers are not recommended for Dell SonicWALL appliance system administration.

2 Key Features Release Notes SonicOS 6.1 includes a number of major key features, described in this section. Real-Time Visualization Dashboard Enhancements... 3 Multi-Core Monitor... 3 Real-Time Monitor... 4 AppFlow Monitor... 5 Application Intelligence + Control... 5 AppFlow Reports... 6 User Monitor... 7 BWM Monitor... 7 Connection Monitor... 8 AppFlow Server... 9 App Control Policy Configuration Using App Flow Monitor Application Usage and Risk Report IPFIX and NetFlow Reporting Global BWM Ease of Use Enhancements Networking Enhancements Wire Mode (2-Port Wire) Tap Mode (1-Port Tap) BGP Advanced Routing High Availability Active-Active Clustering High Availability Active-Active Clustering Full-Mesh Redundancy Link Aggregation Port Redundancy User Management Enhancements LDAP User Group Mirroring LDAP Primary Group Attribute LDAP Group Membership by Organizational Unit Auto-Configuration of URLs to Bypass User Authentication NTLM Authentication with Mozilla Browsers SSL VPN NetExtender Update Enhanced Connection Limiting Current Users and Detail of Users Options for TSR Security Services Enhancements One-Touch Configuration Content Filtering Enhancements Reassembly-Free Regular Expressions for DPI Engine UDP and ICMP Flood Protection Deep Packet Inspection of SSL Encrypted Data (DPI-SSL) Gateway Anti-Virus Enhancements (Cloud GAV) General Enhancements NTP Authentication DHCP Scalability Enhancements SIP Application Layer Gateway Enhancements Enhanced CLI

3 Real-Time Visualization Dashboard Enhancements With the new visualization dashboard monitoring improvements, administrators are able to respond more quickly to network security vulnerabilities and network bandwidth issues. Administrators can see what websites their employees are accessing, what applications and services are being used in their networks and to what extent, in order to police content transmitted in and out of their organizations. The Dell SonicWALL Visualization Dashboard offers administrators an effective and efficient interface to visually monitor their network in real time, providing effective flow charts of real-time data, customizable rules, and flexible interface settings. With the Visualization Dashboard, administrators can efficiently view and sort real-time network and bandwidth data in order to: Identify applications and websites with high bandwidth demands View application usage on a per-user basis Anticipate attacks and threats encountered by the network Multi-Core Monitor The Multi-Core Monitor displays dynamically updated statistics on utilization of the individual cores of a single Dell SonicWALL SuperMassive or a High-Availability cluster. To maximize processor flexibility, functions are not dedicated to specific cores; instead all cores can process all data plane tasks. Memory is shared across all cores. Each core can process a separate flow simultaneously, allowing for up to 32 flows to be processed in parallel, depending on the appliance model. On the Multi-Core Monitor, the core allocated for the control plane is displayed in green, and the remaining cores allocated for the data plane are displayed in blue. On the SuperMassive 9000 Series, core 1 handles the control plane, and the remaining cores handle the data plane. 3

4 Real-Time Monitor The Real-Time Monitor provides administrators an inclusive, multi-functional display with information about applications, bandwidth usage, packet rate, packet size, connection rate, connection count, multi-core monitoring, and memory usage. Applications Monitor: The Applications data flow provides a visual representation of the current applications accessing the network. Ingress and Egress Bandwidth Flow Monitor: The Ingress and Egress Bandwidth data flow provides a visual representation of incoming and outgoing bandwidth traffic. The current percentage of total bandwidth used, average flow of bandwidth traffic, and the minimum and maximum amount of traffic that has gone through each interface is available in the display. Packet Rate Monitor: The Packet Rate Monitor provides the administrator with information on the ingress and egress packet rate in kilo-packet per second (KPps). Packet Size Monitor: The Packet Size Monitor provides the administrator with information on the ingress and egress packet rate in kilobytes per second (KB). Connection Rate Monitor: The Connection Rate Monitor provides the administrator with information on the number of connections per second (Cps). Connection Count Monitor: The Connection Count data flow provides the administrator a visual representation of current total number of connections, peak number of connections, and maximum. In this example, the y-axis displays the total number of connections from 0C (zero connections) to 1KC (one kilo connections). Multi-Core Monitor: The Multi-Core Monitor displays dynamically updated statistics on utilization of the individual cores of the Dell SonicWALL SuperMassive. 4

5 AppFlow Monitor AppFlow Monitor provides administrators with real-time, incoming and outgoing network data. Various views and customizable options in the AppFlow Monitor interface assist in visualizing the traffic data by applications, users, URLs, initiators, responders, threats, VoIP, VPN, devices, or by contents. Application Intelligence + Control This feature has two components for more network security: (a) Identification: Identify applications and track user network behaviors in real-time. (b) Control: Allow/deny application and user traffic based on bandwidth limiting policies. Administrators can now more easily create network policy object-based control rules to filter network traffic flows based on: o o o Blocking signature-matching Applications, which are notoriously dangerous and difficult to enforce Viewing the real-time network activity of trusted Users and User Groups and guest services Matching Content-rated categories Network security administrators now have application-level, user-level, and content-level real-time visibility into the traffic flowing through their networks. Administrators can take immediate action to re-traffic engineer their networks, and quickly identify Web usage abuse, and protect their organizations from infiltration by malware. Administrators can limit access to bandwidth-hogging websites and applications, reserve higher priority to critical applications and services, and prevent sensitive data from escaping the Dell SonicWALL secured networks. 5

6 AppFlow Reports The Dashboard > AppFlow Reports page provides administrators with configurable scheduled reports by applications, viruses, intrusions, spyware, and URL rating. AppFlow Reports statistics enable network administrators to view a top-level aggregate report of what is going on in your network. This enables network administrators to answer the following questions with a quick glance: What are the top most used applications running in my network? Which applications in terms of total number of sessions and bytes consume my network bandwidth? Which applications have viruses, intrusions, and spyware? What website categories are my users visiting? The report data can be viewed from the point of the last system restart, since the system reset, or by defining a schedule range. The page also provides the ability to schedule a report sent by FTP or by . The following reports are currently supported: Applications Viruses Intrusions Spyware Location Botnets URL Rating NOTE: These features must be licensed and enabled in order to get a complete AppFlow report. To enable and configure this feature, go to the AppFlow > Flow Reporting page. 6

7 User Monitor The Dashboard > User Monitor page provides a quick and easy method to monitor the number of active users on the Dell SonicWALL security appliance. The tool provides several options for setting the scale of time over which user activity is displayed. The tool can display all users, only users who logged in through the web portal, or only users who logged in remotely through GVC or L2TP. BWM Monitor The Dashboard > BWM Monitor page displays per-interface bandwidth management for ingress and egress network traffic. The BWM monitor graphs are available for real-time, highest, high, medium high, medium, medium low, low and lowest ingress/egress policy settings. The view range is configurable in 60 seconds, 2 minutes, 5 minutes, and 10 minutes (default). The refresh interval rate is configurable from 3 to 30 seconds. The bandwidth management priority is depicted by guaranteed, maximum, and dropped. 7

8 Connection Monitor The Dashboard > Connection Monitor page displays details on all active connections to the Dell SonicWALL SuperMassive. You can filter the results to display only connections matching certain criteria. You can filter by Source IP, Destination IP, Source Port, Destination Port, Source Interface, Destination Interface, and Protocol. Export the list of active connections to a file. Click Export Results, and select if you want the results exported to a plain text file, or a Comma Separated Value (CSV) file for importing to a spreadsheet, reporting tool, or database. 8

9 AppFlow Server The new AppFlow > AppFlow Server page provides the ability to configure an external collector for AppFlow and real-time data reporting and analysis. Network administrators can configure a central AppFlow Server to support multiple SonicWALL security appliances. To configure an AppFlow Server, perform the following steps: 1. To automatically retrieve status updates on your AppFlow server, select the Enable Keep-Alive with AppFlow Server checkbox. 2. In the AppFlow Server Address field, enter the IP address. 3. In the Source IP to use over VPN Tunnel field, enter the IP address reachable through a VPN tunnel. 4. In the AppFlow Server Max Flows field, enter the maximum number of flows stored in a single database file. 5. In the Server Communication Timeout field, enter the number of seconds to wait to receive a response from the AppFlow server for AppFlow Monitor data. The range accepted is between 60 to 180 seconds. 6. Enter the name of your Dell SonicWALL security appliance. This name must be unique if more than one Dell SonicWALL security appliance is used with a single AppFlow server. 7. In the Connection Passphrase field, enter the password for your AppFlow Server to respond to the Dell SonicWALL security appliance. 8. Select the Auto-Synchronize AppFlow Server checkbox. This will enable the Dell SonicWALL security appliance to send static flows to the AppFlow Server each time the Dell SonicWALL security appliance is rebooted. 9. Click the Test Connectivity button. This starts a hello packet transmission to the AppFlow Server. If the AppFlow Server responds, a green status message displays Up. If the Dell SonicWALL security appliance is registered on mysonicwall.com, a green status message displays Registered. A time stamp displays the 9

10 last time the Dell SonicWALL security appliance sent a hello packet and received an acknowledgment hello packet back from the AppFlow Server. 10. Click the Synchronize Server button. The Dell SonicWALL security appliance will start sending static flows to the AppFlow Server. 11. In the Discovered Servers section, the Discovery button displays all the AppFlow Servers directly connected to your Dell SonicWALL security appliance. In the Action column, click the Select button to autofill AppFlow Server IP address and settings information as the selected AppFlow Server for your Dell SonicWALL security appliance. The Flush All and Flush buttons clear the discovery list. Once AppFlow Server is configured and UP and registered, the appliance can use the AppFlow server for AppFlow Monitor and Real-Time Monitor pages. This is configured on the AppFlow > Flow Reporting page by selecting AppFlow Server for the Enable Flow Reporting and Visualization type. App Control Policy Configuration Using App Flow Monitor The Dashboard > App Flow Monitor page now provides a Create Rule button that allows the administrator to quickly configure App Rules policies for application blocking, bandwidth management, or packet monitoring. First, select the checkbox next to the item in the list for which you want to create a rule, and then click Create Rule. After you click Create Rule and select the options in the Create Rule popup, the new policy appears on the Firewall > App Rules page. Application Usage and Risk Report The Sonic OS Application Usage and Risk Report feature provides downloadable reports from the Dashboard > App Flow Monitor page. It uses as input the combined results of Dell SonicWALL Application Intelligence and Control, and Application Visualization to create a detailed application report based on your network traffic. The Dell SonicWALL Application Intelligence and Control feature allows administrators to maintain granular control of applications and users by creating bandwidth management and other policies based on local pre-defined categories, individual applications or signatures, users and groups, or custom match objects. With the Application 10

11 Visualization feature, administrators are able to view real-time graphs of applications, ingress and egress bandwidth, websites visited, and all user activity. Administrators are able to adjust network policies based on these critical observations. The SonicOS Application Usage and Risk Report combines the results of these two features in a downloadable report that provides the following information: Identify vulnerabilities detected List high-risk applications and protocols Present traffic distribution statistics by geographic location, URL category and traffic type Highlight the top 25 high-risk applications found Highlight the top 25 high-bandwidth applications found An example of the Top URL Categories in Use section of the report is shown below: IPFIX and NetFlow Reporting This feature enables administrators to gain visibility into traffic flows and volume through their networks, helping them with tracking, auditing and billing operations. This feature provides standards-based support for NetFlow Reporting and IPFIX. The data exported through IPFIX contains information about network flows such as applications, users, and URLs extracted through Application Intelligence, along with standard attributes such as source/destination IP address (includes support for IPv6 networks), source/destination port, IP protocol, ingress/egress interface, sequence number, timestamp, number of bytes/packets, and more. 11

12 Global BWM Ease of Use Enhancements Global Bandwidth Management improves ease of use for bandwidth management (BWM) configuration, and increases throughput performance of managed packets for ingress and egress traffic on all interfaces, not just WAN. The Firewall Settings > BWM page allows network administrators to specify guaranteed minimum bandwidth, maximum bandwidth, and control the number of different priority levels for traffic. These global settings are used in firewall access rules and application control policies. Global BWM provides: Simple bandwidth management on all interfaces. Bandwidth management of both ingress and egress traffic. Support for specifying bandwidth management priority per firewall rules and application control rules. Default bandwidth management queue for all traffic. Support for applying bandwidth management directly from the Dashboard > App Flow Monitor page. Global bandwidth management provides 8 priority queues, which can be applied to each physical interface. You can select either Global or None as the Bandwidth Management Type. In the global priority queue table, you can configure the Guaranteed and Maximum\Burst rates for each Priority queue. The rates are specified as a percentage. The actual rate is determined dynamically while applying BWM on an interface. The configured bandwidth on an interface is used in calculating the absolute value. The sum of all guaranteed bandwidth must not exceed 100%, and guaranteed bandwidth must not be greater than maximum bandwidth per queue. 12

13 Per interface bandwidth is configured for both ingress and egress directions from the Network > Interfaces page: Per Firewall Rule bandwidth settings are configured in the rule configuration screens available from the Firewall > Access Rules page, by enabling the direction in which to apply the bandwidth management, and setting the priority queue. 13

14 You can select Global BWM actions when configuring App Rules policies for application control: On the Firewall > Action Objects page, you can configure custom bandwidth management actions. When Global BWM is enabled, the global guaranteed and maximum bandwidth settings are used, but you can select the priority. If a selected priority is not enabled, the default enabled priority will be used. 14

15 Networking Enhancements Release Notes Wire Mode (2-Port Wire) Wire Mode is a deployment option where the Dell SonicWALL appliance can be deployed as a Bump in the Wire. It provides a least-intrusive way to deploy the appliance in a network. Wire Mode is very well suited for deploying behind a pre-existing Stateful Packet Inspection (SPI) Firewall. Wire Mode is a simplified form of Layer 2 Bridge Mode. A Wire Mode interface does not take any IP address and it is typically configured as a bridge between a pair of interfaces. None of the packets received on a Wire Mode interface are destined to the firewall, but are only bridged to the other interface. Wire Mode can be configured with the following Wire Mode Types: Bypass (via Internal Switch / Relay) - Bypass Mode allows for the quick and relatively non-interruptive introduction of SuperMassive Series hardware into a network. Upon selecting a point of insertion into a network (e.g. between a core switch and a perimeter firewall, in front of a VM server farm, at a transition point between data classification domains) the SuperMassive is inserted into the physical data path, requiring a very short maintenance window. One or more pairs of switch ports on the SuperMassive are used to forward all packets across segments at full line rates, with all the packets remaining on the SuperMassive s 240Gbps switch fabric rather than getting passed up to the multi-core inspection and enforcement path. While Bypass Mode does not offer any inspection or firewalling, this mode allows the administrator to physically introduce the SuperMassive into the network with a minimum of downtime and risk, and to obtain a level of comfort with the newly inserted component of the networking and security infrastructure. The administrator can then transition from Bypass Mode to Inspect or Secure Mode instantaneously through a simple user-interface driven reconfiguration. Bypass Mode can be configured between a pair of interfaces. All traffic received is bridged to the paired interface. There is no SPI or Deep Packet Inspection (DPI) processing of traffic in this mode. There is no Application Visibility or Control in Bypass Mode. Inspect (Passive DPI of Mirror Traffic) - Inspect Mode extends Bypass Mode without functionally altering the low-risk, zero-latency packet path. Packets continue to pass through the SuperMassive s switch fabric, but they are also mirrored to the multicore RF-DPI engine for the purposes of passive inspection, classification, and flow reporting. This reveals the SuperMassive s Application Intelligence and threat detection capabilities without any actual intermediate processing. Inspect Mode can be configured for a single interface. All traffic received is never sent out of the firewall, but the firewall performs full SPI and DPI processing. There is full Application Visibility, but no Application Control in Inspect Mode. Typically, a mirror port is set up on the switch to mirror the network traffic to the firewall. Secure (Active DPI of Inline Traffic) - Secure Mode is the progression of Inspect Mode, actively interposing the SuperMassive s multi-core processors into the packet processing path. This unleashes the inspection and policy engines full-set of capabilities, including Application Intelligence and Control, Intrusion Prevention Services, Gateway and Cloud-based Anti-Virus, Anti- Spyware, and Content Filtering. Secure Mode affords the same level of visibility and enforcement as conventional NAT or L2 Bridge mode deployments, but without any L3/L4 transformations, and with no alterations of ARP or routing behavior. Secure Mode thus provides an incrementally attainable NGFW deployment requiring no logical and only minimal physical changes to existing network designs. Secure Mode can be configured between a pair of interfaces. All traffic received is fully processed by the firewall. There is full Application Visibility and Control in Secure Mode. 15

16 Wire Mode is available as an additional option under the IP Assignment pull-down menu. Wire Mode is only available for interfaces in the LAN zone: In the Paired Interface drop-down menu, select the interface that will connect to the upstream firewall. The paired interfaces must be of the same type (two 1 GB interfaces or two 10 GB interfaces). In the Paired Interface Zone drop-down menu, select the destination zone. Access rules are applied to the Wire Mode pair based on the direction of traffic between the source Zone and its Paired Interface Zone. For example, if the source Zone is WAN and the Paired Interface Zone is LAN, then WAN to LAN and LAN to WAN rules are applied, depending on the direction of the traffic. Tap Mode (1-Port Tap) Tap Mode provides the same visibility as Inspect Mode, but differs from the latter in that it ingests a mirrored packet stream using a single switch port on the SuperMassive, eliminating the need for physically intermediated insertion. Tap Mode is designed for use in environments employing network taps, smart taps, port mirrors, or SPAN ports to deliver packets to external devices for inspection or collection. Similar to Wire Mode, Tap Mode can operate on multiple concurrent port instances, supporting discrete streams from multiple taps. Tap Mode is configured for a specific interface from the Network > Interfaces page. 16

17 BGP Advanced Routing Border Gateway Protocol (BGP) advanced routing is a large-scale routing protocol used to communicate routing information between Autonomous Systems (AS s), which are well-defined, separately administered network domains. BGP support allows for Dell SonicWALL security appliances to provide BGP functionality at the edge of a network's AS. The current Dell SonicWALL implementation of BGP is most appropriate for "single-provider / single-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. Dell SonicWALL BGP is also capable of supporting "single-provider / multi-homed" environments, where the network uses a single ISP but has a small number of separate routes to the provider. Because BGP transmits packets in the clear, SonicOS supports using an IPsec tunnel for secure BGP sessions. The IPsec tunnel is configured independently within the VPN configuration section of the SonicOS Web-based management interface, while BGP is enabled on the Network > Routing page and then configured on the SonicOS Command Line Interface. High Availability Active-Active Clustering Active/Active Clustering is the most recent addition to the High Availability feature set in SonicOS. A typical Active/Active Clustering deployment includes four firewalls of the same Dell SonicWALL model configured as two Cluster Nodes, where each node consists of one Stateful High Availability pair. For larger deployments, the cluster can include eight firewalls, configured as four Cluster Nodes. With Active/Active Clustering, you can assign certain traffic flows to each node in the cluster, providing load sharing in addition to redundancy, and supporting a much higher throughput without a single point of failure. Earlier High Availability features, such as Stateful Synchronization and Active/Active DPI (previously called Active/Active UTM), continue to be supported and are recommended for use in conjunction with Active/Active Clustering. High Availability Active-Active Clustering Full-Mesh Redundancy Active/Active Clustering Full-Mesh configuration is an enhancement to the Active/Active Clustering configuration option and prevents any single point of failure in the network. All firewall and other network devices are partnered for complete redundancy. Full-Mesh ensures that there is no single point of failure in your deployment, whether it is a device (firewall/switch/router) or a link. Every device is wired twice to the connected devices. Active/Active Clustering with Full-Mesh provides the highest level of availability possible with high performance. Link Aggregation Link Aggregation provides the ability to group multiple Ethernet interfaces to form a trunk which looks and acts like a single physical interface. SonicOS 6.1 supports Static Link Aggregation, in which the two ends of the trunk have the same configuration. Up to 4 ports can be grouped to form a single aggregate link. If any of the ports fail, SonicOS continues to pass traffic (at a diminished throughput) while there is at least one active interface. Link Aggregation is useful in deployments requiring more than 1 Gbps throughput for traffic flowing between two interfaces. This feature is available on all Dell SonicWALL SuperMassive appliances. Port Redundancy Port Redundancy provides the ability to configure a second, redundant, physical interface for any Ethernet interface on a Dell SonicWALL SuperMassive appliance. When the primary interface is active, it handles all traffic to and from the interface. If the primary interface fails, the backup interface takes over and handles all incoming and outgoing traffic. When the primary interface comes up again, it takes over all the traffic handling duties from the backup interface. This is very useful in high end deployments to avoid a single point of failure, such as the connection to a switch. With Port Redundancy, a second interface can be connected to the same or another switch to provide an alternate path for the traffic. 17

18 User Management Enhancements Release Notes LDAP User Group Mirroring LDAP User Group Mirroring provides the ability to manage LDAP User Groups only on the LDAP server without needing to do any duplication of that on the SonicWALL appliance. The groups and group-group memberships will be periodically read from the LDAP server via the existing import mechanism and local user groups will be created to mirror them. The name of the local user group that is auto-created to mirror one on the LDAP server will include the domain where the group is located, formatted This will ensure that we have a unique user group name when mirroring user groups from multiple domains. The following will apply for these auto-created mirror user groups: They will not be user-deletable, and the group name and comment will not be editable (the latter will show as Mirrored from LDAP ). The appliance administrator will be able to add local users to them as members, but will not be able to add any member groups (member groups can only be set on the LDAP server). They will allow setting VPN client access networks, CFS policy, SSLVPN bookmarks and other settings as per other user groups. They will be selectable in access rules, App rules, IPS policies, etc. If a user group is deleted on the LDAP server its mirror group will be automatically deleted if it is not being used by anything, but it will not be deleted if it has been set in any access rules, App rules, IPS policies, etc. On disabling LDAP user group mirroring the local mirror user groups will not be deleted, but they will be changed to be user-deletable. If it is subsequently re-enabled then they will be changed back. If a mirrored group name matches a user-created (non-mirrored) local user group the latter will not get replaced, but its group memberships will get updated to reflect any group nestings set on the LDAP server. If a user group name is found on the LDAP server with a name that matches one of the default user groups on the Dell SonicWALL SuperMassive appliance, then no local mirror user group will be created for it. Instead the memberships in that default user group will be updated to reflect any user group nestings present in the group read from LDAP. For backwards compatibility with local user groups created pre-user group mirroring, when setting memberships on login, if a local user group exists with a simple name (no domain component) that matches the LDAP user group name, the user will be given membership to that group as well as to the mirror group. For example, if a user is a member of Group1 in somedomain.com then there will be a mirror user group named which the user will get membership to. If a local user group named Group1 also exists then the user will get membership to that too. LDAP Primary Group Attribute To allow Domain Users to be used when configuring policies, membership of the Domain Users group can be looked up via an LDAP "Primary group" attribute, and SonicOS 6.1 provides a new attribute setting in the LDAP schema configuration for using this feature. 18

19 LDAP Group Membership by Organizational Unit The LDAP Group Membership by Organizational Unit feature provides the ability to set LDAP rules and policies for the users who are located in certain Organizational Units (OUs) on the LDAP server. This is accomplished through the new "Set membership for LDAP users at/under location" setting in local user groups. When a user logs in or is authenticated via SSO and user groups are being set via LDAP, when the user object is found on the LDAP server the user will be made a member of any such groups that its location matches. It will now be possible to set any local user group, including the default user groups (apart from Everyone or Trusted Users) as one whose member users are set from their location in the LDAP directory tree, and to configure the location in the group object. When groups are configured this way: When a user's group memberships are looked up via LDAP during login or after SSO authentication, their location in the LDAP tree is learned. That will now be checked against any local user groups set this way. If it matches any then the user will be set as a member of those groups for the login session. On login success or failure, the event log will now include the user s distinguished name in the notes when that has been learned from LDAP. This is to help with troubleshooting should a user fail to get memberships of these groups as expected. Auto-Configuration of URLs to Bypass User Authentication SonicOS 6.1 introduces a new auto-configuration utility to temporarily allow traffic from a single, specified IP address to bypass authentication. The destinations that traffic accesses are then recorded and used to allow that traffic to bypass user authentication. Typically this is used to allow traffic such as anti-virus updates and Windows updates. To use this feature, navigate to Users > Settings and click the Auto-configure button in the Other Global User Settings section. NTLM Authentication with Mozilla Browsers As an enhancement to Single Sign-On, SonicOS can now use NTLM authentication to identify users who are browsing using Mozilla-based browsers (including Internet Explorer, Firefox, Chrome and Safari). NTLM is part of a browser authentication suite known as Integrated Windows Security and should be supported by all Mozilla-based browsers. It allows a direct authentication request from the Dell SonicWALL appliance to the browser with no SSO agent involvement. NTLM authentication works with browsers on Windows, Linux and Mac OS, and provides a mechanism to achieve Single Sign-On with Linux and Mac OS that are not able to interoperate with the SSO agent. SSL VPN NetExtender Update This enhancement supports password change capability for SSL VPN users, along with various fixes. When the password expires, the user is prompted to change it when logging in via the NetExtender client or SSL VPN portal. It is supported for both local users and remote users (RADIUS and LDAP). Enhanced Connection Limiting Connection Limiting enhancements expand the original Connection Limiting feature which provided global control of the number of connections for each IP address. This enhancement is designed to increase the granularity of this kind of control so that the SonicOS administrator can configure connection limitation more flexibly. Connection Limiting uses Firewall Access Rules and Policies to allow the administrator to choose which IP address, which service, and which traffic direction when configuring connection limiting. 19

20 Current Users and Detail of Users Options for TSR SonicOS 6.1 provides two new checkboxes, Current users and Detail of users, in the Tech Support Report section of the System > Diagnostics page. These options allow the currently connected users to be omitted from the TSR, included as a simple summary list, or included with full details. The options work together to provide different levels of user information in the TSR, as described in the following matrix: Current users Selected Current users Not Selected Detail of users Selected The TSR includes a list of all currently logged in users, including local and remote users no matter how they were authenticated, and gives 8 to 9 lines of detailed information on each user. The information varies according to the type of user, but includes things like timers, privileges, management mode if managing, group memberships, CFS policies, and VPN client networks. No information about current users is included in the TSR. Detail of users Not Selected The TSR includes the list of current users, but with just one line of summary information for each user. This includes the IP address, user name, type of user and, for administrative users who are currently managing, their management mode. For example: Users currently connected: : Web user admin logged in (managing in Config mode) : Auto user Administrator (SD80\Administrator) auto logged in No information about current users is included in the TSR. 20

21 Security Services Enhancements Release Notes One-Touch Configuration The One-Touch configuration helper resides on the System > Settings page and allows for automatic setting of a number of security features based on the deployment profile chosen. Using the One-Touch DPI and Stateful Firewall high security applies the following configurations to the system. Note: A system restart is required for the updates to take full effect. SonicOS Setting System > Administration One-Touch Configuration Password must be changed every 90 days Bar repeated password changes for 4 changes Enforce password complexity: Require alphabetic, numeric and symbolic characters Apply the above password constraints for: all user categories Enable administrator/user lockout Failed Login attempts per minute before lockout: 7 Enable inter-administrator messaging Inter-administrator Messaging polling interval (seconds): 10 Network > Interfaces Network > Zones Network > DNS Firewall > Access Rules Firewall > App Rules Any interface allowing HTTP management is replaced with HTTPS Management Any setting to 'Add rule to enable redirect from HTTP to HTTPS' is disabled Ping Management is disabled on all interfaces Intrusion Prevention is enabled on all applicable default Zones Gateway Anti-Virus protection is enabled on all applicable default Zones Anti-Spyware protection is enabled on all applicable default Zones App Rules is enabled on all applicable default Zones SSL Control is enabled on all default Zones Enable DNS Rebinding protection DNS Rebinding Action: Log Attack & Drop DNS Reply Any Firewall policy with an Action of Deny, the Action is changed Discard Source IP Address connection limiting with a threshold of 128 connections is enabled for all firewall policies If licensed, the Enable App Rules setting is turned on 21

22 Firewall Settings > Advanced Firewall Settings > Flood Protection Firewall Settings > Flood Protection VPN > Advanced Security Services > Gateway Anti-Virus Security Services > Intrusion Prevention Turn on Enable Stealth Mode Turn on Randomize IP ID Turn off Decrement IP TTL for forwarded traffic Turn on Never generate ICMP Time-Exceeded packets Connections are set to: Recommended for normal deployments with DPI services enabled Turn on Enable IP header checksum enforcement Turn on Enable UDP checksum enforcement Turn on Enforce strict TCP compliance with RFC 793 and RFC 1122 Turn on Enable TCP handshake enforcement Turn on Enable TCP checksum enforcement Turn on Enable TCP handshake timeout SYN Flood Protection Mode: Always proxy WAN client connections Turn on Enable SSL Control Set Action to: Block connection and log the event For Configuration, enable all categories Turn on Enable IKE Dead Peer Detection Turn on Enable Dead Peer Detection for Idle VPN sessions Turn on Enable Fragmented Packet Handling Turn on Ignore DF (Don t Fragment) Bit Turn on Enable NAT Traversal Turn on Clean up Active tunnels when Peer Gateway DNS name resolves to a different address Turn on Preserve IKE port for Pass Through Connections If licensed, Enable Gateway Antivirus Configure Gateway AV Settings: Turn on Disable SMTP Responses Configure Gateway AV Settings: Turn off Disable detection of EICAR test virus Configure Gateway AV Settings: Turn on Enable HTTP Byte- Range requests with Gateway AV Configure Gateway AV Settings: Turn on Enable FTP REST request with Gateway AV Configure Gateway AV Settings: Turn off Do not scan parts of files with high compression ratios Configure Gateway AV Settings: Turn off Disable HTTP Clientless Notification Alerts If licensed, Enable IPS Turn on Prevent All and Detect All for High Priority Attacks Turn on Prevent All and Detect All for Medium Priority Attacks Turn on Prevent All and Detect All for Low Priority Attacks 22

23 Security Services > Anti-Spyware AppFlow > Flow Reporting Log > Categories Log > Name Resolution Internal Settings If licensed, Enable Anti-Spyware Turn on Prevent All and Detect All for High Priority Attacks Turn on Prevent All and Detect All for Medium Priority Attacks Turn on Prevent All and Detect All for Low Priority Attacks Configure Anti-Spyware Settings: Turn on Disable SMTP Responses Configure Anti-Spyware Settings: Turn off Disable HTTP Clientless Notification Alerts Turn on Enable Flow Reporting and Visualization Set Logging Level: Debug Set Alert Level: Warning Set Name Resolution Method to: DNS then NetBIOS Turn on Protect against TCP State Manipulation DoS Turn on Apply IPS Signatures Bidirectionally Enable ability to launch monitor pages in stand-alone browser frames Enable Visualization UI for Non-Admin/Config users Content Filtering Enhancements The CFS enhancements provide policy management of network traffic based on Application usage, User activity, and Content type. Administrators are now able to create multiple CFS policies per user group and set restrictive Bandwidth Management Policies based on CFS categories. Reassembly-Free Regular Expressions for DPI Engine Dell SonicWALL has added reassembly-free regular expression functionality to the SonicWALL Reassembly-Free Deep Packet Inspection (RF-DPI) engine. This proprietary implementation of regular expression matching does not require any buffering of the input content and works across packet boundaries. Users can now apply regular expressions to match objects in App Rules and use them across all currently supported application protocols and policy types. SonicWALL supports Perl-compatible regular expressions syntax. A few typical regular expression features are not supported in this release: Back-references are not supported, as they cannot be performed in linear time with respect to the network packet length. SonicOS does not provide substitution or translation functionality, since regular expressions are used only for inspection of network traffic not for modifying any part of the traffic. 23

24 UDP and ICMP Flood Protection UDP and ICMP Flood attacks are two types of denial-of-service (DoS) attacks. These can be initiated by sending a large number of UDP or ICMP (ping) packets to random ports on a remote host. The UDP and ICMP Flood Protection feature defends against these attacks by monitoring UDP and ICMP traffic that passes through the appliance for UDP and ICMP Flood attacks. UDP and ICMP Flood Protection are configured on the Firewall Settings > Flood Protection page: Enable UDP (or ICMP) Flood Protection Enables or disables UDP or ICMP Flood Protection. UDP (or ICMP) Flood Attack Threshold Specifies the maximum number of allowed UDP or ICMP packets per second that can be sent to a Host, Range, or Subnet. UDP (or ICMP) Flood Attack Blocking Time Specifies the time to block UDP or ICMP traffic after detecting a flood attack, in the unit of second. UDP (or ICMP) Flood Attack Protected Destination List Specifies the destination addresses list which will be protected from UDP or ICMP Flood Attack. Default UDP Connection Timeout Moved to the Flood Protection page to be consistent with TCP settings. Deep Packet Inspection of SSL Encrypted Data (DPI-SSL) DPI-SSL provides the ability to transparently decrypt HTTPS and other SSL-based traffic, scan it for threats using Dell SonicWALL s Deep Packet Inspection technology, then re-encrypt (or optionally SSL-offload) the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both client and server deployments. It provides additional security, application control, and data leakage prevention functionality for analyzing encrypted HTTPS and other SSL-based traffic. The following security services and features are capable of utilizing DPI-SSL: Gateway Anti-Virus, Gateway Anti-Spyware, Intrusion Prevention, Content Filtering, Application Control, Packet Monitor and Packet Mirror. Gateway Anti-Virus Enhancements (Cloud GAV) The Cloud Gateway Anti-Virus feature introduces an advanced malware scanning solution that compliments and extends the existing Gateway AV scanning mechanisms present on Dell SonicWALL firewalls to counter the continued growth in the number of malware samples in the wild. Cloud Gateway Anti-Virus expands the Reassembly-Free Deep Packet Inspection engine capabilities by consulting with the data center based malware analysis servers. This approach keeps the foundation of RFDPI-based malware detection by providing a lowlatency, real-time solution that is capable of scanning unlimited numbers of files of unlimited size on all protocols that are presently supported without adding any significant incremental processing overhead to the appliances themselves. With this additional layer of security, Dell SonicWALL s Next Generation Firewalls are able to extend their current protection to cover multiple millions of pieces of malware. 24

25 General Enhancements NTP Authentication When adding a Network Time Protocol server, the Add NTP Server dialog box provides a field to specify the NTP authentication type, such as MD5. Fields are also available to specify the trust key ID, the key number and the password. DHCP Scalability Enhancements The DHCP server in Dell SonicWALL appliances has been enhanced to provide between 2 to 4 times the number of leases previously supported. To enhance the security of the DHCP infrastructure, the SonicOS DHCP server now provides server side conflict detection to ensure that no other device on the network is using the assigned IP address. Conflict detection is performed asynchronously to avoid delays when obtaining an address. SIP Application Layer Gateway Enhancements SonicOS 6.1 provides SIP operational and scalability enhancements. The SIP feature-set remains equivalent to previous SonicOS releases, but provides drastically improved reliability and performance. The SIP Settings section under the VoIP > Settings page is unchanged. SIP ALG support has existed within SonicOS firmware since very early versions on legacy platforms. Changes to SIP ALG have been added over time to support optimized media between phones, SIP Back-to-Back User Agent (B2BUA), additional equipment vendors, and operation on a multi-core system. The SIP protocol is now in a position of business critical importance protecting the voice infrastructure, including VoIP. To accommodate the demands of this modern voice infrastructure, SIP ALG enhancements include the following: SIP Endpoint Information Database The algorithm for maintaining the state information for known endpoints is redesigned to use a database for improved performance and scalability. Endpoint information is no longer tied to the user ID, allowing multiple user IDs to be associated with a single endpoint. Endpoint database access is flexible and efficient, with indexing by NAT policy as well as by endpoint IP address and port. Automatically Added SIP Endpoints User-configured endpoints are automatically added to the database based on user-configured NAT policies, providing improved performance and ensuring correct mappings, as these endpoints are pre-populated rather than learned. SIP Call Database A call database for maintaining information about calls in progress is implemented, providing improved performance and scalability to allow SonicOS to handle a much greater number of simultaneous calls. Call database entries can be associated with multiple calls. B2BUA Support Enhancements SIP Back-to-Back User Agent support is more efficient with various algorithm improvements. Connection Cache Improvements Much of the data previously held in the connection cache is offloaded to either the endpoint database or the call database, resulting in more efficient data access and corollary performance increase. Graceful Shutdown Allows SIP Transformations to be disabled without requiring the firewall to be restarted or waiting for existing SIP endpoint and call state information to time out. 25

26 Enhanced CLI SonicOS 6.1 introduces a new, more-robust, enterprise-level Command Line Interface (CLI). The CLI can be accessed via the console and SSH. The new CLI is designed to follow the organization of the SonicOS management GUI. For example, the user related commands are categorized as follows: Commands for user authentication settings These are commands to do with managing settings governing user authentication and maintenance of user sessions, as per settings on the Users / Settings page in the management GUI. Commands for local users and user groups These are commands to do with users and user groups in the appliance s local database, as per settings on the Users / Local Users and Local Groups pages in the management GUI. Commands for displaying user status These are commands to do with displaying information on current user sessions etc., equivalent to the information shown on the Users / Status page in the management GUI. Commands for guest services These are commands to do with configuring guest services, as per settings on the Users / Guest Services and Guest Accounts pages in the management GUI. Commands for displaying guest status These are commands to do with displaying information on current guest sessions, equivalent to the information shown on the Users / Guest Status page in the management GUI. Commands for user other authentication related features These are commands for configuring and displaying information about the following other features related to user authentication (RADIUS, LDAP, Single Sign On). 26

27 Known Issues Release Notes This section contains a list of known issues in the SonicOS release. Note: Current LCD functionality is limited to the display of the product name. DPI-SSL Symptom Condition / Workaround Issue DPI-SSL does not take effect for a wireless guest user. The certificate from the remote server is not rewritten using the designated certificate. Occurs when guest services are enabled on the WLAN zone and a guest user logs in and attempts to access a website using HTTPS, such as High Availability Symptom Condition / Workaround Issue The virtual IP address for a Stateful HA pair becomes unresponsive to ping or other access attempts, then the monitoring IP address becomes unresponsive, then a failover occurs and all IP addresses are responsive again. Active-Active Clustering Link interfaces are still assigned and cannot be removed after some nodes are removed from the cluster. The master node continues to own all other nodes in the original cluster. On a Stateful HA pair, gratuitous ARP packets are not sent during failback to the primary unit, causing transactions to fail until the ARP entry is deleted or timed out. Dynamic routes are not synchronized on the idle unit in a Stateful HA pair. Occurs when a configuration change, such as disabling port redundancy, is made to the X4 interface of the active firewall. The change is synchronized to the idle firewall, but the virtual IP address becomes unresponsive. X4 is configured as the WAN interface and is assigned the virtual IP address, as well as distinct monitoring IP addresses on each firewall in the HA pair. Physical/link monitoring and logical monitoring are both enabled on X4. Occurs when Active-Active Clustering is configured using 4 nodes, all Active-Active Clustering Links are configured, and then two nodes are deleted from the cluster. The interfaces all show an Active- Active Clustering Link, even though the HA > Setting page shows only 2 links left that can be configured. Occurs when Preempt Mode is enabled and the primary unit is restarted. A gratuitous ARP is seen before the secondary unit takes over, but not when the primary unit takes over again. Occurs when using Advanced Routing, with OSPF and Redistribute Connected Networks enabled on a physical interface (X3) and on a router connected to the same hub used by X3. Routes advertised by OSPF appear in the routing table of the active unit, but the idle unit does not show dynamic routes in the SonicOS UI, TSR, or CLI

SonicOS 5.9 One Touch Configuration Guide

SonicOS 5.9 One Touch Configuration Guide SonicOS 5.9 One Touch Configuration Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential

More information

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues... SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues... 5 Release Purpose SonicOS 6.1.1.5 is a maintenance

More information

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues...

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues... SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues... 5 Release Purpose SonicOS 6.1.1.3 is a maintenance

More information

Release Notes. SonicOS 6.1.2.0 is the initial release for the Dell SonicWALL NSA 2600 network security appliance.

Release Notes. SonicOS 6.1.2.0 is the initial release for the Dell SonicWALL NSA 2600 network security appliance. SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Feature Information... 2 Known Issues... 2 Resolved Issues... 4 Release Purpose

More information

Contents. Platform Compatibility. Browser Support. SonicOS Release Notes for the NSA 220/250M Series Appliances. SonicOS

Contents. Platform Compatibility. Browser Support. SonicOS Release Notes for the NSA 220/250M Series Appliances. SonicOS SonicOS Contents Contents...1 Platform Compatibility...1 Browser Support...1 New Features in SonicOS 5.8.1.2...2 Supported Features by Appliance Model...3 Known Issues...4 Upgrading SonicOS Image Procedures...8

More information

Contents. Platform Compatibility. SonicOS

Contents. Platform Compatibility. SonicOS SonicOS Contents Platform Compatibility... 1 Licensing... 2 Key Features... 2 Known Issues... 5 Resolved Issues... 7 Upgrading SonicOS Image Procedures... 8 Related Technical Documentation... 13 Platform

More information

SSL-VPN 200 Getting Started Guide

SSL-VPN 200 Getting Started Guide Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN

More information

Platform Compatibility... 1 Key Features... 2 Known Issues... 4 Upgrading SonicOS Image Procedures... 6 Related Technical Documentation...

Platform Compatibility... 1 Key Features... 2 Known Issues... 4 Upgrading SonicOS Image Procedures... 6 Related Technical Documentation... SonicOS SonicOS Enhanced 5.6.5.0 Early Field Trial Release Notes Contents Platform Compatibility... 1 Key Features... 2 Known Issues... 4 Upgrading SonicOS Image Procedures... 6 Related Technical Documentation...

More information

SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging

SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION:

More information

WXA Release Notes

WXA Release Notes WAN Acceleration Contents Platform Compatibility...1 Enhancements in WXA 1.1.0...2 Browser Support...6 Deployment Considerations...6 Known Issues...7 Resolved Issues...7 Upgrading WXA Image Procedures...10

More information

Steps for Basic Configuration

Steps for Basic Configuration 1. This guide describes how to use the Unified Threat Management appliance (UTM) Basic Setup Wizard to configure the UTM for connection to your network. It also describes how to register the UTM with NETGEAR.

More information

Contents. Release Purpose. Platform Compatibility. SonicOS 5.8.4.0 TZ 105 / TZ 205 Series Release Notes. SonicOS

Contents. Release Purpose. Platform Compatibility. SonicOS 5.8.4.0 TZ 105 / TZ 205 Series Release Notes. SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Browser Support... 2 Enhancements in SonicOS 5.8.4.0... 2 Supported Features by Appliance Model... 3 Known Issues... 5 Resolved Issues...

More information

SonicOS Enhanced 5.7.0.2 Release Notes

SonicOS Enhanced 5.7.0.2 Release Notes SonicOS Contents Platform Compatibility... 1 Key Features... 2 Known Issues... 3 Resolved Issues... 4 Upgrading SonicOS Enhanced Image Procedures... 6 Related Technical Documentation... 11 Platform Compatibility

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

SonicOS 5.8.1.2 Release Notes

SonicOS 5.8.1.2 Release Notes SonicOS Contents Contents... 1 Platform Compatibility... 1 Geo-IP and Botnet Filter are Now Licensed Services... 2 Supported Features by Appliance Model... 4 Browser Support... 6 Known Issues... 7 Resolved

More information

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

CCNP Security Firewall version 1.0 Deploying Cisco ASA Firewall Features Volume 1

CCNP Security Firewall version 1.0 Deploying Cisco ASA Firewall Features Volume 1 Deploying Cisco ASA Firewall Features Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms You re Training Curriculum Introduction to

More information

Chapter 4 Managing Your Network

Chapter 4 Managing Your Network Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration

More information

SonicOS Enhanced 3.8.0.6 Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

SonicOS Enhanced 3.8.0.6 Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007 SonicOS Enhanced 3.8.0.6 TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007 CONTENTS PLATFORM COMPATIBILITY SONICWALL RECOMMENDATIONS KNOWN ISSUES RESOLVED KNOWN ISSUES UPGRADING

More information

Release Notes. SonicOS Release Notes

Release Notes. SonicOS Release Notes SonicOS SonicOS Contents Release Purpose...1 Platform Compatibility...1 Upgrading Information...1 Browser Support...2 New Features...2 Known Issues...21 Related Technical Documentation...25 Release Purpose

More information

Content Filtering Client Policy & Reporting Administrator s Guide

Content Filtering Client Policy & Reporting Administrator s Guide Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION

More information

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture Packet Capture Document Scope This solutions document describes how to configure and use the packet capture feature in SonicOS Enhanced. This document contains the following sections: Feature Overview

More information

Dell SonicWALL SonicOS

Dell SonicWALL SonicOS Dell SonicWALL SonicOS 5.9.1.6 May 2016 These release notes provide information about the Dell SonicWALL SonicOS 5.9.1.6 release. About SonicOS 5.9.1.6 Supported platforms New features s s System compatibility

More information

NETASQ MIGRATING FROM V8 TO V9

NETASQ MIGRATING FROM V8 TO V9 UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting... Global VPN Client SonicWALL Global VPN Client 4.7.3 Release Notes Contents Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting... 4

More information

Chapter 9 Monitoring System Performance

Chapter 9 Monitoring System Performance Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important

More information

Configuring PA Firewalls for a Layer 3 Deployment

Configuring PA Firewalls for a Layer 3 Deployment Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

SonicOS Enhanced 3.2.0.0 Release Notes SonicWALL, Inc. Software Release: May 3, 2006

SonicOS Enhanced 3.2.0.0 Release Notes SonicWALL, Inc. Software Release: May 3, 2006 SonicWALL, Inc. Software Release: May 3, 2006 CONTENTS PLATFORM COMPATIBILITY KEY FEATURES KNOWN ISSUES RESOLVED KNOWN ISSUES UPGRADING SONICOS ENHANCED IMAGE PROCEDURES RELATED TECHNICAL DOCUMENTATION

More information

Contents. Platform Compatibility. Browser Support. SonicOS

Contents. Platform Compatibility. Browser Support. SonicOS SonicOS Contents Platform Compatibility...1 Browser Support...1 Supported Features by Appliance Model...2 Supported SonicWALL NSA Modules...3 Enhancements...4 Licensing Geo-IP and Botnet Filtering...8

More information

Chapter 7 Additional System Configuration

Chapter 7 Additional System Configuration Chapter 7 Additional System Configuration This chapter describes additional network and configuration management functions provided by the Web Management Interface. The additional functions include: Configuring

More information

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset) Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset) Version: 1.4 Table of Contents Using Your Gigabyte Management Console... 3 Gigabyte Management Console Key Features and Functions...

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0 GMS SonicWALL Global Management System 5.0 Contents Platform Compatibility...1 New Features and Enhancements...2 Known Issues...6 Resolved Issues...6 Installation Procedure...7 Related Technical Documentation...8

More information

Gigabyte Content Management System Console User s Guide. Version: 0.1

Gigabyte Content Management System Console User s Guide. Version: 0.1 Gigabyte Content Management System Console User s Guide Version: 0.1 Table of Contents Using Your Gigabyte Content Management System Console... 2 Gigabyte Content Management System Key Features and Functions...

More information

Analysis: SonicOS Management SessionID Brute Force Vulnerability

Analysis: SonicOS Management SessionID Brute Force Vulnerability SonicOS Contents SonicWALL Analysis of PenTest Vulnerability Reports...1 Platform Compatibility...4 Licensing...5 Key Features...5 Known Issues...8 Resolved Issues...10 Upgrading SonicOS Image Procedures...11

More information

Collax Firewall and Security Basics

Collax Firewall and Security Basics Collax Firewall and Security Basics Howto This howto describes the configuration of the Collax firewall for the purpose of controlling the behavior and logging of network services. The Collax server monitors

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuring SSL VPN on the Cisco ISA500 Security Appliance Application Note Configuring SSL VPN on the Cisco ISA500 Security Appliance This application note describes how to configure SSL VPN on the Cisco ISA500 security appliance. This document includes these

More information

Release Notes. Contents. Release Purpose. Pre-Installation Recommendations. Platform Compatibility. Dell SonicWALL Global VPN Client 4.

Release Notes. Contents. Release Purpose. Pre-Installation Recommendations. Platform Compatibility. Dell SonicWALL Global VPN Client 4. Global VPN Client Dell SonicWALL Global VPN Client 4.9 Release Notes SonicOS Contents Release Purpose... 1 Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues...

More information

Nokia digital optical network unit (ONU) mobile application user guide

Nokia digital optical network unit (ONU) mobile application user guide Nokia digital optical network unit (ONU) mobile application user guide Contents Getting started.... 3 Login... 4 Dashboard... 5 Basic setup How to set up your wireless network... 6 Where to find basic

More information

SonicOS Release Notes

SonicOS Release Notes SonicOS Contents Platform Compatibility and Enhancements... 1 Key Features... 2 Known Issues... 4 Resolved Issues in SonicOS 5.6.0.10... 6 Resolved Issues in SonicOS 5.6.0.9... 6 Upgrading SonicOS Image

More information

Virtual Data Centre. User Guide

Virtual Data Centre. User Guide Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10

More information

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2? TM SSL-VPN: How to setup SSL-VPN feature (NetExtender Access)... of 6 1/12/2013 11:46 PM Question/Title UTM SSL-VPN: How to setup SSL-VPN feature (NetExtender Access) on SonicOS Enhanced (SonicOS 5.6 and

More information

SonicOS Enhanced 5.2.0.1 Release Notes

SonicOS Enhanced 5.2.0.1 Release Notes SonicOS Contents Platform Compatibility... 1 New Features in SonicOS 5.2... 2 End of Support for N2H2... 2 Known Issues... 3 Resolved Issues... 5 Upgrading SonicOS Enhanced Image Procedures... 7 Related

More information

SonicWALL Global Management System Configuration Guide Standard Edition

SonicWALL Global Management System Configuration Guide Standard Edition SonicWALL Global Management System Configuration Guide Standard Edition Version 2.3 Copyright Information 2002 SonicWALL, Inc. All rights reserved. Under copyright laws, this manual or the software described

More information

SonicWALL WAN Acceleration FAQ Document

SonicWALL WAN Acceleration FAQ Document SonicWALL WAN Acceleration FAQ Document Technology, Models, Licensing 1. What is SonicWALL s WAN Acceleration solution and how is it deployed? The SonicWALL WXA series available as live CD, Hardware and

More information

Packet Monitor in SonicOS 5.8

Packet Monitor in SonicOS 5.8 Packet Monitor in SonicOS 5.8 Document Contents This document contains the following sections: Packet Monitor Overview on page 1 Configuring Packet Monitor on page 5 Using Packet Monitor and Packet Mirror

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

Cisco AnyConnect Secure Mobility Solution Guide

Cisco AnyConnect Secure Mobility Solution Guide Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

SSL VPN Portal Options

SSL VPN Portal Options 1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the SSL VPN Wizard to configure SSL VPN portals on the ProSecure Unified Threat Management (UTM) Appliance. The Secure Sockets

More information

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client. WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Pharos Control User Guide

Pharos Control User Guide Outdoor Wireless Solution Pharos Control User Guide REV1.0.0 1910011083 Contents Contents... I Chapter 1 Quick Start Guide... 1 1.1 Introduction... 1 1.2 Installation... 1 1.3 Before Login... 8 Chapter

More information

SonicWALL GMS Aventail EX-Series Appliance Management Feature Module

SonicWALL GMS Aventail EX-Series Appliance Management Feature Module SonicWALL GMS Aventail EX-Series Appliance Management Feature Module Document Scope This document describes how to use the SonicWALL Global Management System (GMS) to manage single or multiple deployments

More information

UIP1868P User Interface Guide

UIP1868P User Interface Guide UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting

More information

Wireless LAN Controller Web Authentication Configuration Example

Wireless LAN Controller Web Authentication Configuration Example Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process

More information

Chapter 6 Maintenance

Chapter 6 Maintenance Chapter 6 Maintenance This chapter describes how to use the maintenance features of your RangeMax 240 Wireless Router WPNT834. These features can be found by clicking on the Maintenance heading in the

More information

Analyzer 7.1 Administrator s Guide

Analyzer 7.1 Administrator s Guide Analyzer 7.1 Administrator s Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage

More information

Funkwerk UTM Release Notes (english)

Funkwerk UTM Release Notes (english) Funkwerk UTM Release Notes (english) General Hints Please create a backup of your UTM system's configuration (Maintenance > Configuration > Manual Backup) before you start to install the software update.

More information

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update Secure Remote Access Dell SonicWALL SRA 7.5.0.9 Contents Release Purpose...1 Platform Compatibility...1 Licensing on the Dell SonicWALL SRA Appliances and Virtual Appliance...2 Important Differences between

More information

System Compatibility. Enhancements. Email Security. SonicWALL Email Security 7.3.2 Appliance Release Notes

System Compatibility. Enhancements. Email Security. SonicWALL Email Security 7.3.2 Appliance Release Notes Email Security SonicWALL Email Security 7.3.2 Appliance Release Notes System Compatibility SonicWALL Email Security 7.3.2 is supported on the following SonicWALL Email Security appliances: SonicWALL Email

More information

Configuring the BIG-IP system for FirePass controllers

Configuring the BIG-IP system for FirePass controllers Deployment Guide Configuring the BIG-IP System with FirePass Controllers for Load Balancing and SSL Offload Configuring the BIG-IP system for FirePass controllers Welcome to the Configuring the BIG-IP

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your Wireless-G Router Model WGR614v9. You can access these features by selecting the items under

More information

Cradlepoint to Paloalto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Cradlepoint to Paloalto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions Cradlepoint to Paloalto VPN Example Summary This configuration covers an IPSec VPN tunnel setup between a Cradlepoint Series 3 router and a Paloalto firewall. IPSec is customizable on both the Cradlepoint

More information

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update Secure Remote Access Dell SonicWALL SRA 7.5.0.12 Contents Release Purpose... 1 Platform Compatibility... 1 Licensing on the Dell SonicWALL SRA Appliances and Virtual Appliance... 2 Important Differences

More information

Release Notes. Contents. Platform Compatibility. Microsoft Windows Server Operating Systems. Dell SonicWALL GMS 7.2 Service Pack 1 Release Notes

Release Notes. Contents. Platform Compatibility. Microsoft Windows Server Operating Systems. Dell SonicWALL GMS 7.2 Service Pack 1 Release Notes Management and Reporting Dell SonicWALL GMS 7.2 Service Pack 1 Release Notes SonicOS Contents Platform Compatibility...1 Browser Support...4 Enhancements in GMS 7.2 SP1...5 Known Issues...7 Resolved Issues...9

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Chapter 5 Advanced Configuration

Chapter 5 Advanced Configuration Chapter 5 Advanced Configuration This chapter describes how to configure the advanced features of your ADSL2+ Modem Wireless Router. Advanced Settings The ADSL2+ Modem Wireless Router provides a variety

More information

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent? What is Network Agent? Websense Network Agent software monitors all internet traffic on the machines that you assign to it. Network Agent filters HTTP traffic and more than 70 other popular internet protocols,

More information

Barracuda Link Balancer Administrator s Guide

Barracuda Link Balancer Administrator s Guide Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks

More information

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet

More information

Chapter 6 Virtual Private Networking Using SSL Connections

Chapter 6 Virtual Private Networking Using SSL Connections Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

Cyberoam SSL VPN Installation and Configuration Guide

Cyberoam SSL VPN Installation and Configuration Guide Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax Wireless-N Gigabit Router WNR3500. You can access these features by selecting the items

More information

BYOD Ate My Network, but My Next Generation Firewall Saved It. Eric Crutchlow Senior Product Manager Dell SonicWALL

BYOD Ate My Network, but My Next Generation Firewall Saved It. Eric Crutchlow Senior Product Manager Dell SonicWALL BYOD Ate My Network, but My Next Generation Firewall Saved It Eric Crutchlow Senior Product Manager Dell BYOD Ate My Network But My Next Generation Firewall Saved It! Eric Crutchlow Senior Product Manager,

More information

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Providing Secure IT Management & Partnering Solution for Bendigo South East College Providing Secure IT Management & Partnering Solution for Bendigo South East College Why did Bendigo South East College engage alltasksit & DELL? BSEC is in the midst of school population growth in 2015,

More information

Release Notes. Contents. Platform Compatibility. Licensing on the SRA Appliances and Virtual Appliance. Secure Remote Access Dell SonicWALL SRA 7.

Release Notes. Contents. Platform Compatibility. Licensing on the SRA Appliances and Virtual Appliance. Secure Remote Access Dell SonicWALL SRA 7. Secure Remote Access Dell SonicWALL SRA 7.0 Contents Platform Compatibility... 1 Licensing on the SRA Appliances and Virtual Appliance... 1 Important Differences between the SRA Appliances... 2 Feature

More information

Chapter 7 Using Network Monitoring Tools

Chapter 7 Using Network Monitoring Tools Chapter 7 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax NEXT Wireless Router WNR854T. These features can be found by clicking on the Maintenance

More information

How To - Deploy Cyberoam in Gateway Mode

How To - Deploy Cyberoam in Gateway Mode How To - Deploy Cyberoam in Gateway Mode Cyberoam appliance can be deployed in a network in two modes: Gateway mode. Popularly known as Route mode Bridge mode. Popularly known as Transparent mode Article

More information

Multi-Homing Gateway. User s Manual

Multi-Homing Gateway. User s Manual Multi-Homing Gateway User s Manual Contents System 5 Admin Setting Date/Time Multiple Subnet Hack Alert Route Table DHCP DNS Proxy Dynamic DNS Language Permitted IPs Logout Software Update 8 12 21 22 33

More information

SonicWALL Directory Services Connector version adds support for.net Framework version 4.0.

SonicWALL Directory Services Connector version adds support for.net Framework version 4.0. Directory Connector SonicWALL Directory Services Connector 3.5.01 Contents Enhancements in Directory Services Connector 3.5.01... 1 Platform Compatibility... 2 Known Issues... 4 Resolved Issues... 5 Overview

More information

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent? What is Network Agent? The Websense Network Agent software component uses sniffer technology to monitor all of the internet traffic on the network machines that you assign to it. Network Agent filters

More information

Deploying F5 with Microsoft Active Directory Federation Services

Deploying F5 with Microsoft Active Directory Federation Services F5 Deployment Guide Deploying F5 with Microsoft Active Directory Federation Services This F5 deployment guide provides detailed information on how to deploy Microsoft Active Directory Federation Services

More information

NMS300 Network Management System

NMS300 Network Management System NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate

More information

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7 Directory Connector SonicWALL Directory Services Connector 3.1.7 Contents Platform Compatibility... 1 New Features... 2 Known Issues... 3 Resolved Issues... 4 Overview... 7 About SonicWALL Single Sign-On

More information

Integrated Traffic Monitoring

Integrated Traffic Monitoring 61202880L1-29.1F November 2009 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of

More information

Applications erode the secure network How can malware be stopped?

Applications erode the secure network How can malware be stopped? Vulnerabilities will continue to persist Vulnerabilities in the software everyone uses everyday Private Cloud Security It s Human Nature Programmers make mistakes Malware exploits mistakes Joe Gast Recent

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites and Keyword Blocking. Parents and network administrators

More information

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560 WatchGuard SSL v3.2 Update 1 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 445469 Revision Date 3 April 2014 Introduction WatchGuard is pleased to announce the release of WatchGuard

More information

User Manual. ALLO STM Appliance (astm) Version 2.0

User Manual. ALLO STM Appliance (astm) Version 2.0 User Manual ALLO STM Appliance (astm) Version 2.0 Table of Contents 1. Introduction... 1 1.1. Overview:... 1 1.2. STM Deployment Considerations... 3 2. Initial Setup & Configuration... 4 2.2. Default Configuration...

More information

WatchGuard Dimension v1.1 Update 1 Release Notes

WatchGuard Dimension v1.1 Update 1 Release Notes WatchGuard Dimension v1.1 Update 1 Release Notes Build Number 442674 Revision Date March 25, 2014 WatchGuard Dimension is the next-generation cloud-ready visibility solution for our Unified Threat Management

More information

Configuring SonicOS for Microsoft Azure

Configuring SonicOS for Microsoft Azure Configuring SonicOS for Microsoft Azure December 2015 Topics: Purpose Deployment Considerations Supported Platforms Configuring a Policy-based VPN Configuring a Route-based VPN Purpose This details how

More information

SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON

SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON You can read the recommendations in the user guide, the technical guide or the installation guide for SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON. You'll find the answers to all your questions on the

More information

Chapter 6 Configuring OSPF

Chapter 6 Configuring OSPF Chapter 6 Configuring OSPF This chapter describes how to configure OSPF on the HP 9308M, HP 9304M, and HP 6308M-SX routing switches using the CLI and Web management interface. To display OSPF configuration

More information