SonicOS 5.9 One Touch Configuration Guide



Similar documents
SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

SSL-VPN 200 Getting Started Guide

Two Factor Authentication in SonicOS

SonicWALL PCI 1.1 Implementation Guide

Dell SonicWALL Aventail Connect Tunnel User Guide

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

Hosted Security Quick Start Guide

Global VPN Client Getting Started Guide

About Firewall Protection

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

Firewall Defaults and Some Basic Rules

Competitive Testing of the Cisco ISA500 Security Appliance

Firewall Firewall August, 2003

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Content Filtering Client Policy & Reporting Administrator s Guide

Multi-Homing Gateway. User s Manual

A Guide to New Features in Propalms OneGate 4.0

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Chapter 4 Firewall Protection and Content Filtering

Funkwerk UTM Release Notes (english)

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

NETASQ MIGRATING FROM V8 TO V9

Chapter 4 Firewall Protection and Content Filtering

INTRODUCTION TO FIREWALL SECURITY

Packet Monitor in SonicOS 5.8

Multi-Homing Dual WAN Firewall Router

Using SonicWALL NetExtender to Access FTP Servers

Analyzer 7.1 Administrator s Guide

Comprehensive Anti-Spam Service

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Contents. Platform Compatibility. SonicOS

Chapter 4 Managing Your Network

Chapter 4 Security and Firewall Protection

Using the SonicOS Log Event Reference Guide

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Guideline for setting up a functional VPN

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

How To Configure SSL VPN in Cyberoam

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

SonicWALL SSL VPN 3.5: Virtual Assist

Using SYN Flood Protection in SonicOS Enhanced

Kaseya Server Instal ation User Guide June 6, 2008

SonicWALL Security Dashboard

Getting Started Guide

Integrate Astaro Security Gateway

Release Notes. SonicOS is the initial release for the Dell SonicWALL NSA 2600 network security appliance.

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

SonicOS Enhanced Release Notes

Web Application Firewall

SonicOS Enhanced 4.0: NAT Load Balancing

SonicWALL Unified Threat Management. Alvin Mann April 2009

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Contents. Pre-Installation Recommendations. Platform Compatibility. G lobal VPN Client SonicWALL Global VPN Client for 64-Bit Clients

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

Configuring PA Firewalls for a Layer 3 Deployment

Platform Compatibility... 1 Key Features... 2 Known Issues... 4 Upgrading SonicOS Image Procedures... 6 Related Technical Documentation...

TechNote. Configuring SonicOS for MS Windows Azure

Chapter 8 Network Security

BT Business Broadband

NEFSIS DEDICATED SERVER

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

Firewall Log Format. Log ID is a Unique 12 characters code (c1c2c3c4c5c6c7c8c9c10c11c12) e.g ,

SonicWALL NAT Load Balancing

Setting Up Scan to SMB on TaskALFA series MFP s.

Analyzer 7.2 Administrator s Guide

Chapter 8 Router and Network Management

ZyWALL SSL 10. Integrated SSL-VPN Appliance. Support Notes. Revision 2.0 April. 2007

SSL SSL VPN

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

SonicOS Log Event Reference Guide

Firewalls. Network Security. Firewalls Defined. Firewalls

Grandstream Networks, Inc. UCM6100 Security Manual

Vantage Report. User s Guide. Version /2006 Edition 1

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Dell SonicWALL Portfolio

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Firewalls. Chapter 3

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

DIGIPASS Authentication for Check Point Security Gateways

Chapter 8 Security Pt 2

Applications erode the secure network How can malware be stopped?

SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON

Chapter 9 Monitoring System Performance

Firewall. User Manual

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Steps for Basic Configuration

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Configuration Example

Contents. Release Purpose. Platform Compatibility. SonicOS TZ 105 / TZ 205 Series Release Notes. SonicOS

SonicOS Combined Log Event Reference Guide

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

ACP ThinManager Tech Notes Troubleshooting Guide

Transcription:

SonicOS 5.9 One Touch Configuration Guide 1

Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. 2013 Dell Inc. Trademarks: Dell, the DELL logo, SonicWALL, SonicWALL GMS, SonicWALL Analyzer, Reassembly-Free Deep Packet Inspection, Dynamic Security for the Global Network, SonicWALL Clean VPN, SonicWALL Clean Wireless, SonicWALL Comprehensive Gateway Security Suite, SonicWALL Mobile Connect, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc. 2013 07 P/N 232-00223 -00 Rev. C

One-Touch Configuration Overrides Document Scope This solutions document describes how to understand and implement the One-Touch Configuration Override feature. This document contains the following sections: Feature Overview on page 3 Configuring One-Touch Configuration Override on page 7 Feature Overview This section provides an introduction to the One-Touch Configuration Override feature. This section contains the following subsections: What is One-Touch Configuration Override? on page 3 Benefits of One-Touch Configuration Override on page 4 How Does One-Touch Configuration Override Work? on page 5 Supported Platforms on page 7 What is One-Touch Configuration Override? The One-Touch Configuration Override feature can be thought of us as a quick tune-up for your Dell SonicWALL appliance s security settings. With a single click, One-Touch Configuration Override applies over sixty configuration settings over sixteen pages of the SonicOS management interface to implement Dell SonicWALL s recommended best practices. These settings ensure that your appliance is taking advantage of the security features in SonicOS. There are two sets of One-Touch Configuration Override settings: DPI and Stateful Firewall Security For network environments with Deep Packet Inspection (DPI) security services enabled, such as Gateway Anti-Virus, Intrusion Prevention, Anti-Spyware, and App Rules. Stateful Firewall Security For network environments that do not have DPI security services enabled, but still want to employ Dell SonicWALL s stateful firewall security best practices. 3

Both of the One-Touch Configuration Override deployments implement the following configurations: Configure Administrator security best practices Enforce HTTPS login and disables ping Configure DNS Rebinding Configure Access Rules best practices Configure Firewall Settings best practices Configure Firewall Flood Protection best practices Configure VPN Advanced settings best practices Configure Log levels Enable Flow Reporting and Visualization The DPI and Stateful Firewall Security deployment also configures the following DPI-related configurations: Enable DPI services on all applicable zones Enable App Rules Configure Gateway Anti-Virus best practices Configure Intrusion Prevention best practices Configure Anti-Spyware best practices The full list of configuration settings is described in How Does One-Touch Configuration Override Work? on page 5. Caution Be aware that the One-Touch Configuration Override may change the behavior of your Dell SonicWALL security appliance. Review the list of configurations before applying One-Touch Configuration Override. In particular, the following configurations may affect the experience of the administrator: - Administrator password requirements on the System > Administration page. - Requiring HTTPS management. - Disabling HTTP to HTTPS redirect. - Disabling Ping management. Benefits of One-Touch Configuration Override The One-Touch Configuration Override provides the following benefits: Dell SonicWALL-recommended configuration Best Practices Applies a number of the most important security settings across sixteen pages of the SonicOS management interface, ensuring that the appliance is taking advantage of many of Dell SonicWALL s most powerful security features. Ease of Use Saves times and avoids mistakes by applying a large number of configuration settings with a single click. 4 One-Touch Configuration Override

How Does One-Touch Configuration Override Work? The following table lists the configuration settings that are applied as part of One-Touch Configuration Override for both the DPI and Stateful Firewall Security deployment and the Stateful Firewall Security Deployment. DPI and Stateful Configuration Setting Firewall Security System > Administration Password must be changed every 90 days Bar repeated password changes for 4 changes Enforce password complexity: Require alphabetic, numeric and symbolic characters Apply the above password constraints for: all user categories Enable administrator/user lockout Failed Login attempts per minute before lockout: 7 Enable inter-administrator messaging Inter-administrator Messaging polling interval (seconds): 10 Network > Interfaces Any interface allowing HTTP management is replaced with HTTPS Management Any setting to 'Add rule to enable redirect from HTTP to HTTPS' is disabled Ping Management is disabled on all interfaces Network > Zones Intrusion Prevention is enabled on all applicable default Zones Gateway Anti-Virus protection is enabled on all applicable default Zones Anti-Spyware protection is enabled on all applicable default Zones App Rules is enabled on all applicable default Zones SSL Control is enabled on all default Zones Network > DNS Enable DNS Rebinding protection DNS Rebinding Action: Log Attack & Drop DNS Reply Firewall > Access Rules Any Firewall policy with an Action of Deny, the Action is changed Discard Source IP Address connection limiting with a threshold of 128 connections is enabled for all firewall policies Firewall > App Rules If licensed, the Enable App Rules setting is turned on Firewall Settings > Advanced Turn on Enable Stealth Mode Turn on Randomize IP ID Turn off Decrement IP TTL for forwarded traffic Turn on Never generate ICMP Time-Exceeded packets Connections are set to: Recommended for normal deployments with UTM services enabled Turn on Enable IP header checksum enforcement Turn on Enable UDP checksum enforcement Firewall Settings > Flood Protection Turn on Enforce strict TCP compliance with RFC 793 and RFC 1122 Turn on Enable TCP handshake enforcement Turn on Enable TCP checksum enforcement Stateful Firewall Security 5

Configuration Setting DPI and Stateful Firewall Security Turn on Enable TCP handshake timeout SYN Flood Protection Mode: Always proxy WAN client connections Firewall Settings > Flood Protection Turn on Enable SSL Control Set Action to: Block connection and log the event For Configuration, enable all categories VPN > Advanced Turn on Enable IKE Dead Peer Detection Turn on Enable Dead Peer Detection for Idle VPN sessions Turn on Enable Fragmented Packet Handling Turn on Ignore DF (Dont Fragment) Bit Turn on Enable NAT Traversal Turn on Clean up Active tunnels when Peer Gateway DNS name resolves to a different address Turn on Preserve IKE port for Pass Through Connections Security Services > Gateway Anti-Virus If licensed, Enable Gateway Antivirus Configure Gateway AV Settings: Turn on Disable SMTP Responses Configure Gateway AV Settings: Turn off Disable detection of EICAR test virus Configure Gateway AV Settings: Turn on Enable HTTP Byte-Range requests with Gateway AV Configure Gateway AV Settings: Turn on Enable FTP REST request with Gateway AV Configure Gateway AV Settings: Turn off Do not scan parts of files with high compression ratios Configure Gateway AV Settings: Turn off Disable HTTP Clientless Notification Alerts Security Services > Intrusion Prevention If licensed, Enable IPS Turn on Prevent All and Detect All for High Priority Attacks Turn on Prevent All and Detect All for Medium Priority Attacks Turn on Prevent All and Detect All for Low Priority Attacks Security Services > Anti-Spyware If licensed, Enable Anti-Spyware Turn on Prevent All and Detect All for High Priority Attacks Turn on Prevent All and Detect All for Medium Priority Attacks Turn on Prevent All and Detect All for Low Priority Attacks Configure Anti-Spyware Settings: Turn on Disable SMTP Responses Configure Anti-Spyware Settings: Turn off Disable HTTP Clientless Notification Alerts Log > Categories Set Logging Level: Debug Set Alert Level: Warning Log > Flow Reporting Turn on Enable Flow Reporting and Visualization Log > Name Resolution Set Name Resolution Method to: DNS then NetBIOS Internal Settings Stateful Firewall Security 6 One-Touch Configuration Override

Configuration Setting Turn on Protect against TCP State Manipulation DoS Turn on Apply IPS Signatures Bidirectionally DPI and Stateful Firewall Security Enable ability to launch monitor pages in stand-alone browser frames Enable Visualization UI for Non-Admin/Config users Stateful Firewall Security Supported Platforms One-Touch Configuration Override is available on all Dell SonicWALL security appliances running SonicOS release 5.9 that are licensed for the SSL VPN feature. Configuring One-Touch Configuration Override To configure One-Touch Configuration override, perform the following steps: Step 1 Step 2 Step 3 Step 4 Navigate to the System > Settings page of the SonicOS management interface. Scroll down to the One-Touch Configuration Override section. Click either the DPI and Stateful Firewall Security button or the Stateful Firewall Security button. A warning pop-up window reminds you that if you are connected over HTTP, you will have to manually reconnect using HTTPS after the appliance reboots. Click OK. Step 5 When the configuration has been apply, the Status Bar displays Restart Firewall for changes to take effect. Click Restart. Step 6 After the appliance restarts, navigate to the management URL of the appliance, ensuring that you are using HTTPS, and login to the appliance. 7

65

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information