Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
How to enable the Security Services?
03/26/2020 
456 
11058
DESCRIPTION:
Enabling the security services on the firewall is an essential part of Firewall configuration. The Security Services that are essential are Gateway Anti-Virus, Intrusion Prevention and Anti-Spyware.
SonicWall Gateway Anti-Virus integrates a high performance Real-Time Virus Scanning Engine and dynamically updated signature database to deliver continuous protection from malicious virus threats at the gateway.
SonicWall Intrusion Prevention integrates a high-performance Deep Packet Inspection architecture and dynamically updated signature database to deliver complete network protection from application exploits, worms and malicious traffic.
SonicWall firewalls provide an innovative multi-layered anti-malware strategy consisting of a patented Reassembly-Free Deep Packet Inspection anti-malware solution.
RESOLUTION:
Once you have purchased the License for the Security Services and activated it in your mySonicWall.com, you will see the licenses showing up on the SonicWall under System | Status/Licenses page. Even though the Security Services show licensed on the device you would still have to enable the Security Services and apply it on the required zones.
Enabling the Security Services in the Security Services tab:
Navigate to Security Services | Gateway Anti-Virus tab. Check the Box 'Enable Gateway Anti-Virus'. By default the inbound Inspection for HTTP, FTP, IMAP, SMTP, POP3 is enabled. You can enable the outbound inspection as well if required.
If you want to exclude some IP addresses from being inspected from gateway Anti-Virus, you can do the same by clicking on Configure Gateway AV Settings button. You have an option to Exclude based on address objects or a Range.
Once the GAV is enabled, navigate to Security Services | Intrusion Prevention. Check the box 'Enable IPS'. You will have three Signature Groups " High Priority Attacks, Medium Priority Attacks and Low Priority Attacks. You can enable the Detection and Prevention as per your requirement but the recommended settings is to leave the prevention disabled and just enable the detection for low priority attacks.
Note: Enabling the Prevention for low priority attacks will drop ICMP as well hence you will not be able to do ping tests for troubleshooting.
Similarly, Navigate to Security Services | Anti-Spyware and enable the Anti-Spyware checkbox and you can leave the Low Danger Level Spyware disabled for prevention and enabled for detection.
This completes enabling the Security Services and you will have to apply these in to appropriate zones for the Security Services to take effect.
Applying the Security Services on the required Zones:
Navigate to Network | Zones. Edit the appropriate zone required by clicking on 
icon and apply the security services by enabling the check boxes for "Enable Gateway Anti-Virus Service" "Enable IPS" and "Enable Anti-Spyware Service". The below screenshot shows the Security Services being applied on the LAN zone.
Click on OK to save the setting. Similarly you need to apply the same on the WAN zone and additional zones if required.
Resolution for SonicOS 6.5 and Later
SonicOS 6.5 was released September 2017. This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 and later firmware.
Once you have purchased the License for the Security Services and activated it in your mySonicWall.com, you will see the licenses showing up on the SonicWall under System | Status/Licenses page. Even though the Security Services show licensed on the device you would still have to enable the Security Services and apply it on the required zones.
Enabling the Security Services in the Security Services tab:
Navigate to Manage | Security Services | Gateway Anti-Virus tab. Check the Box 'Enable Gateway Anti-Virus'. By default the inbound Inspection for HTTP, FTP, IMAP, SMTP, POP3 is enabled. You can enable the outbound inspection as well if required.
If you want to exclude some IP addresses from being inspected from gateway Anti-Virus, you can do the same by clicking on Configure Gateway AV Settings button. You have an option to Exclude based on address objects or a Range.
Once the GAV is enabled, navigate to Manage | Security Services | Intrusion Prevention. Check the box 'Enable IPS'. You will have three Signature Groups " High Priority Attacks, Medium Priority Attacks and Low Priority Attacks. You can enable the Detection and Prevention as per your requirement but the recommended settings is to leave the prevention disabled and just enable the detection for low priority attacks.
Note: Enabling the Prevention for low priority attacks will drop ICMP as well hence you will not be able to do ping tests for troubleshooting.
Similarly, Navigate to Manage | Security Services | Anti-Spyware and enable the Anti-Spyware checkbox and you can leave the Low Danger Level Spyware disabled for prevention and enabled for detection.
This completes enabling the Security Services and you will have to apply these in to appropriate zones for the Security Services to take effect.
Applying the Security Services on the required Zones:
Navigate to Manage | Network | Zones. Edit the appropriate zone required by clicking on icon and apply the security services by enabling the check boxes for "Enable Gateway Anti-Virus Service" "Enable IPS" and "Enable Anti-Spyware Service". The below screenshot shows the Security Services being applied on the LAN zone.
Click on OK to save the setting. Similarly you need to apply the same on the WAN zone and additional zones if required.
