en-US
search-icon

SonicOS 5.9 Admin Guide

Introduction

Preface

About this Guide

Welcome to the SonicOS 5.9 Administration Guide. This manual provides the information you need to successfully activate, configure, and administer SonicOS 5.9 for SonicWall security appliances.

 
* 
NOTE: Always check https://support.sonicwall.com/technical-documents for the latest version of this manual as well as other SonicWall products and services documentation.

The SonicOS 5.9 Administration Guide is structured into the following parts that follow the SonicWall Web Management Interface structure. Within these parts, individual chapters correspond to SonicWall security appliance management interface layout.

Topics:

Part 1 Introduction

This part provides an overview of new SonicOS features, guide conventions, support information, and an overview of the SonicWall security appliance management interface.

Part 2 Dashboard

The Visualization Dashboard offers an effective and efficient interface to visually monitor networks in real time by providing effective flow charts of real-time data, customizable rules, and flexible interface settings. The following tools are included in the Dashboard part:

 

Multi-Core Monitor

AppFlow Reports

Connection Monitor

Real-Time Monitor

Threat Reports

Packet Monitor

AppFlow Dash

User Monitor

Log Monitor

AppFlow Monitor

BWM Monitor

 

Part 3 System

This part covers a variety SonicWall security appliance controls for managing system status information, registering the SonicWall security appliance, activating and managing SonicWall Security Services licenses, configuring SonicWall security appliance local and remote management options, managing firmware versions and preferences, and using included diagnostics tools for troubleshooting.

Part 4 Network

This part covers configuring the SonicWall security appliance for your network environment. The Network section of the SonicOS management interface includes:

 

Network control

Function

Interfaces

Configure logical interfaces for connectivity.

Failover and Load Balancing (LB)

Configure one of the user-defined interfaces to act as a secondary WAN port for backup or load balancing.

Zones

Configure security zones on your network.

DNS

Set up DNS servers for name resolution.

Address Objects

Configure host, network, and address range objects.

Services

Configure all services, custom services, or default services.

Routing

View the Route Table, ARP Cache and configure static and dynamic routing by interface.

NAT Policies

Create NAT policies including One-to-One NAT, Many-to-One NAT, Many-to-Many NAT, or One-to-Many NAT.

ARP

View the ARP settings and clear the ARP cache as well as configure ARP cache time.

Neighbor Discovery

Add, configure, and manage Static NDP entries.

MAC-IP Anti-spoof

Configure interface settings, Anti-Spoof cache, and the Spoof Detected list for MAC-IP Anti-spoof.

DHCP Server

Configure the firewall as a DHCP Server on your network to dynamically assign IP addresses to computers on your LAN or DMZ zones.

IP Helper

Configure the firewall to forward DHCP requests originating from the interfaces on the firewall to a centralized server on behalf of the requesting client.

Web Proxy

Configure the firewall to automatically forward all Web proxy requests to a network proxy server.

Dynamic DNS

Configure the firewall to dynamically register its WAN IP address with a DDNS service provider.

Network Monitor

Configure network monitor policies for all policies or custom policies.

Part 5 Switching

This part describes how to configure and manage the Layer 2 (data link layer) switching functionality on the SonicWall NSA 2400MX appliance.

Part 6 3G/4G/Modem

This part covers the configuration of the 3G (Third Generation) and 4G (Fourth Generation) wireless WAN interface on SonicWall network security appliances that support this feature. This allows the firewall to utilize data connections over 3G Cellular networks when a 3G card is plugged into the appliance. This feature can also handle Analog Modem connections when this type of device is connected to the appliance.

Part 7 Wireless

This part covers the configuration of the built-in 802.11 antennas for wireless SonicWall network security appliances.

Part 8 SonicPoint

This part covers the configuration of the SonicWall network security appliance for provisioning, monitoring, and managing SonicWall SonicPoints as part of a SonicWall Distributed Wireless Solution.

Part 9 Firewall

This part describes access rules as well as Application Firewall, which is a set of application-specific policies that gives you granular control over network traffic on the level of users, email users, schedules, and IP-subnets. The primary functionality of this application-layer access control feature is to regulate Web browsing, file transfer, email, and email attachments.

Part 10 Firewall Settings

This part covers tools for managing how the SonicWall security appliance handles traffic through the firewall.

Part 11 DPI-SSL

This part describes the Deep Packet Inspection Secure Socket Layer (DPI-SSL) feature to allow for the inspection of encrypted HTTPS traffic and other SSL-based traffic. Client DPI-SSL is used to inspect HTTPS traffic when clients on the SonicWall security appliance’s LAN access content located on the WAN. Server DPI-SSL is used to inspect HTTPS traffic when remote clients connect over the WAN to access content located on the SonicWall security appliance’s LAN.

Part 12 VoIP

This part provides instructions for configuring the SonicWall security appliance to support H.323 or SIP Voice over IP (VoIP) connections.

Part 13 Anti-Spam

This part provides instructions for configuring the Anti-Spam feature, which provides a quick, efficient, and effective way to add anti-spam and anti-phishing capabilities to your existing SonicWall network security appliance. This feature uses the spam-filtering capabilities of SonicWall Email Security to reduce the amount of junk email the organization delivers to users.

Part 14 VPN

This part covers how to create VPN policies on the SonicWall security appliance to support SonicWall Global VPN Clients as well as creating site-to-site VPN policies for connecting offices running SonicWall security appliances.

Part 15 SSL VPN

This part provides information on how to configure the SSL VPN features on the SonicWall security appliance. SonicWall’s SSL VPN features provide secure, seamless, remote access to resources on your local network using the NetExtender client.

Part 16 Virtual Assist

This part describes the Virtual Assist feature, which allows users to support customer technical issues without having to be on-site with the customer. This capability serves as an immense time-saver for support personnel, while adding flexibility in how they can respond to support needs. Users can allow or invite customers to join a “queue” to receive support, then virtually assist each customer by remotely taking control of a customer’s computer to diagnose and remedy technical issues.

Part 17 User Management

This part covers how to configure the SonicWall security appliance for user-level authentication as well as manage guest services for managed SonicPoints.

Part 18 High Availability

This part explains how to configure the SonicWall security appliance for high availability so that in case of a loss of network connectivity, another SonicWall security appliance resumes all active connections.

Part 19 Security Services

This part includes an overview of available SonicWall Security Services as well as instructions for activating the service, including FREE trials. These subscription-based services include SonicWall Gateway Anti-Virus, SonicWall Intrusion Prevention Service, SonicWall Content Filtering Service, SonicWall Client Anti-Virus, and well as other services.

Part 20 WAN Acceleration

This part provides an overview of the SonicWall WXA series appliance, basic and advanced deployment scenarios, and configuration examples.

Part 21 AppFlow

This part covers managing the SonicWall security appliance’s flow reporting statistics and configurable settings for sending AppFlow and real-time data to local collector or external AppFlow servers. SonicWall AppFlow provides support for external AppFlow reporting formats, such as NetFlow version 5, NetFlow version 9, IPFIX, and IPFIX with extensions.

Part 22 Log

This part covers managing the SonicWall security appliance’s enhanced logging, alerting, and reporting features. The SonicWall security appliance’s logging features provide a comprehensive set of log categories for monitoring security and network activities.

Part 23 Wizards

This part walks you through using the SonicWall Configuration Wizards for configuring the SonicWall security appliance. The SonicWall Configuration Wizards in SonicOS include:

Setup Wizard
Public Server Wizard
VPN Wizard
Application Firewall Wizard
WXA Setup Wizard

Part 24 Appendices

This part contains these appendices:

Command Line Interface (CLI) guide, which describes how to configure the SonicWall security appliance using CLI commands
Border Gateway Protocol (BGP) advanced protocol guide
IPv6 (Internet Protocol version 6) guide

Conventions

Text Conventions

 

Text Conventions

Convention

Use

Bold

Highlights items you can select on the firewall management interface.

Italic

Highlights a value to enter into a field. For example, “enter 192.168.168.168 in the IP Address field.”

Menu Item > Menu Item

Indicates a multiple-step Management Interface menu choice. For example, Security Services > Content Filter means select Security Services, then select Content Filter.

Screen Text

Indicates text as you would see it on a computer screen or would enter on a command line. For example, myDevice> show alerts

Message Icons

These special messages refer to noteworthy information, and include a symbol for quick identification:

* 
WARNING: Important information that warns about a potential for property damage, personal injury, or death
* 
CAUTION: Important information that cautions about features affecting firewall performance, security features, or causing potential problems with your SonicWall.
* 
TIP: Useful information about security features and configurations on your SonicWall.
* 
IMPORTANT: Important information on a feature that requires callout for special attention.
* 
NOTE: Supporting information on a feature.
* 
MOBILE: Useful information about mobile apps for your SonicWall.
* 
VIDEO: Links to videos containing further information about a feature on your SonicWall.

 

About SonicOS

The web-based SonicOS management interface allows you to configure and administer SonicWall network security appliances running SonicOS 5.9: NSA Series, E-Class NSA series, SOHO, and TZ Series network security appliances.

* 
NOTE: The SOHO and TZ series appliances support a subset of SonicOS functions.

SonicOS Management Interface

The SonicWall security appliance’s Web-based management interface provides an easy-to-use, graphical interface for configuring your SonicWall security appliance. The following sections provide an overview of the key management interface objects:

Dynamic User Interface

SonicOS provides a Dynamic User Interface. Table statistics and log entries now dynamically update within the user interface without requiring users to reload their browsers. Active connections, user sessions, VoIP calls, and similar activities can be disconnected or flushed dynamically with a single click on an icon in the appropriate column.

This dynamic interface is designed to have no impact on the SonicWall Web server, CPU utilization, bandwidth, or other performance factors. You can leave your browser window on a dynamically updating page indefinitely with no impact to the performance of your SonicWall security appliance.

Navigating the Management Interface

Navigating the SonicOS management interface includes a hierarchy of menu items on the navigation bar (left side of your browser window). The left navigation bar now expands and contracts dynamically when clicked on. When you click on a top-level menu heading in the left navigation bar, the management interface:

Contracts the heading for the page you are currently on.
Automatically expands the new heading, displaying related management functions as submenu items in the navigation bar.
Displays the page for the first submenu page under the new heading.

Clicking on another submenu item displays the UI page for that item.

If the navigation bar continues below the bottom of your browser, an up-and-down arrow symbol appears in the bottom right corner of the navigation bar. Mouse over the up or down arrow to scroll the navigation bar up or down. You also can use the scroll wheel on your mouse.

Icons and Buttons in the Management Interface

Topics:

Common Icons

The Management Interface uses icons to facilitate certain actions. Some icons are common throughout the Management Interface while others apply to only one or two pages. Common Icons describes the functions of common icons used in the Management Interface:

 

Common Icons

Action

Icon

Description

Edit

Displays a dialog (secondary or popup window) for editing the settings.

Delete

Deletes a table entry.

Comment

Displays text from a field entry.

Export

Exports the data flow into a comma separated variable (.csv) file. The default file name is sonicflow.csv.

Download

Exports a file in one of two images:

spd: required for VPN Clients 8.x and earlier
rcf: required for Global VPN clients

Print

Exports the data flow to a printer or file.

Show Details

Displays information about an item.

Refresh

Updates the real-time data in a table, chart, or other display.

Configure

Allows for customization of the display. The function changes with the page containing the icon.

NOTE: The Configure icon and Configure button have different functions.

Link

Provides a link to another page in the UI. Clicking the link displays the page.

Import

Imports certificate information or images.

Reboots the firewall with the firmware version listed in the same row

Boot

Imports certificate information or images.

Reboots the firewall with the firmware version listed in the same row

Question

Displays pop-up dialogs containing more detailed information than displayed on the page.

Status

Indicates the status of the feature:

Green signifies that the feature is active and operating
Yellow signifies the feature is not active and operating
Red signifies the feature is disabled.

Collapse

or

Hides a chart, table, or section of a management interface page to allow more display room for other data.

Expand

or

Redisplays a hidden chart, table, or section of a management interface page.

Pause

Freezes the data flow. The time and date also freeze.

The Pause icon appears gray if the data flow has been frozen.

Play

Unfreezes the data flow. The time and date refresh as soon as the data flow is updated.

The Play icon appears gray if the data flow is live.

Display Icons

Most submenus in the Dashboard menu have a display icon associated with them. Clicking on the icon for a submenu item opens a new tab in your browser that displays only the report or graph associated with that submenu item. You can display all these submenu items or only the ones of interest. Once a submenu item is in a new tab, you can move the tab to a new browser window to display separately from the management interface.

Other submenus that display sometimes rapidly changing data also have a display icon associated with them. This icon is located at the top of the submenu page near the Mode option. This display icon works the same as those of the Dashboard submenus and is also associated with them.

Common Buttons

The Management Interface uses buttons to facilitate certain actions. Some buttons are common throughout the Management Interface while others apply to only one or two pages. Common Buttons describe the functions of common buttons used in the management interface:

 

Common Buttons

Action

Button

Description

Accept

Applies the changes entered on certain Interface Management pages.

OK

Applies the changes entered on the Interface Management page or for a dialog, applies the changes and closes the dialog.

Apply

Applies the changes made in a dialog, but does not close the dialog.

Cancel

Discards the changes entered on the Interface Management page or for a dialog, discards any changes made in the dialog and closes the dialog.

Help

Displays the SonicWall page.

Add

Displays a dialog that allows you to add elements, such as zones, services, and access/firewall rules, to your appliance.

Configure

Displays a configuration dialog for configuring SonicOS settings.

NOTE: The Configure button and Configure icon have different functions.

Delete

Deletes the selected items from a table.

Delete All

Deletes all items except default and system-generated items in a table.

Preview

Displays the HTML message in a window for verification of how the message looks.

Example Template

Reverts the HTML message code to the default HTML message.

Status Bar

The Status bar at the bottom of the management interface window displays the status of actions executed in the SonicOS management interface.

Applying Changes

Click the Accept button at the top right corner of the SonicOS management interface to save any configuration changes you made on the page.

If the settings are contained in a dialog (secondary window) within the Management Interface, the settings are applied automatically to the firewall when you click OK. To apply the settings without closing the dialog, some dialogs have an Apply button.

To cancel any configuration changes before applying them, click the Cancel button at the top of a management interface page or the bottom of a dialog.

Tooltips

Topics:

Generic Tooltips

SonicOS provides embedded tooltips, or small pop-up windows, that display when you hover your mouse over an element in the management interface or click on a small triangle after the element. They provide brief information describing the element. Tooltips are displayed for many forms, buttons, table headings and entries.

* 
NOTE: Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse over an element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip.

Tooltips with Values

When applicable, Tooltips display the minimum, maximum, and default values for form entries. These entries are generated directly from the SonicOS firmware, so the values will be correct for the specific platform and firmware combination you are using.

Several tables include a tooltip that displays the maximum number of entries that the appliance supports. For example, the following image shows the maximum number of address groups the appliance supports. These entries are generated directly from the SonicOS firmware, so the values will be correct for the specific platform and firmware combination you are using.

Tables that display the maximum entry tooltip include NAT policies, access rules, address objects, and address groups.

Configuring Tooltips

The behavior of the Tooltips can be configured in the Web Management Settings on the System > Administration page.

Tooltips are enabled by default. To disable Tooltips, clear the Enable Tooltip checkbox. The duration of time before Tooltips display can be configured:

Form Tooltip Delay - Duration in milliseconds before Tooltips display for forms (boxes where you enter text).
Button Tooltip Delay - Duration in milliseconds before Tooltips display for radio buttons and checkboxes.
Text Tooltip Delay - Duration in milliseconds before Tooltips display for UI text.

Manipulating Tables

Topics:

Navigating Dynamic Tables

In the SonicOS dynamic user interface, table statistics and log entries now dynamically update within the user interface without requiring users to reload their browsers.You can navigate tables with large number of entries by using the navigation buttons located on the upper right top corner of the table.

Topics:
Navigation Buttons

The table navigation bar includes buttons for moving through table pages. The far right button displays the last page. The far left button displays the first page of the table. The inside left and right arrow buttons move to the previous or next page respectively.

Navigating to a Specific Entry

You can enter an entry number (the number listed before the entry name in the # column) in the Items field to move to a specific entry.

Configuring the Number of Entries Displayed

The default table configuration displays 50 entries per page. You can change this default number of entries for tables on the System > Administration page.

A number of tables now include an option to specify the number of items displayed per page.

Sorting Tables

Many tables can now be re-sorted by clicking on the headings for the various columns. On tables that are sortable, a tooltip will pop-up when you mouseover headings that states Click to sort by. When tables are sorted, entries with the same value for the column are grouped together with the common value shaded as a sub-heading. In the following example, the Active Connections table is sorted by Source IP. Two shaded sub-headings are displayed for 10.0.59.75 and 10.50.166.100.

Removing Table Entries

Active connections, user sessions, VoIP calls, and similar activities can be disconnected or flushed dynamically with a single click on the Delete icon in the Flush or Logout column.

To flush one or more selected items in the table, click the Flush button. To flush all the items in the table, click the Flush All button.

To delete one or more selected FQDN objects from a table, click the Purge button. To flush all the FQDN objects from the table, click the Purge All button.

Displaying Statistics

Several tables include a Statistics icon that displays a brief, dynamically updating summary of information for that table entry. Tables with the Statistics icon are:

NAT policies on the Network > NAT Policies page
Access rules on the Firewall > Access Rules page

To update the real-time data in a table, click the Refresh icon or the Refresh button. To clear the statistics and start statistics collection anew, click the Clear Statistics button.

Management Interface Options

The top-right corner of every management interface page has the following options that you can click:

Alert

This option appears when there is an alert notice on the System > Status page. Clicking Alert displays the System > Status page.

Wizards

Each firewall includes a Setup Wizard option that steps you through various firewall configurations, such as WAN network configuration, LAN network configuration, wireless LAN network configuration, and 3G/4G Modem configuration. Clicking Wizards, accesses the Setup Wizard.

Help

Each firewall includes Web-based online help that explains how to use management interface pages and how to configure the firewall. Clicking Help accesses the context-sensitive help for the page.\

* 
TIP: Accessing the SonicWall network security appliance online help requires an active Internet connection.

Logging Out

Each firewall includes a Logout option that terminates the management interface session and displays the authentication page for logging into the firewall. Clicking Logout, logs you out of the firewall.

Mode

Each firewall includes a Mode: option that toggles the configuration mode of the management interface between Configuration and Non-Config modes. In Configuration mode, you can make changes to the settings of the firewall. In Non-Config mode, you can only view the settings of the firewall.

Clicking the arrow next to the current mode allows you to toggle between configuration mode and non-configuration mode: