Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Management and Reporting

How to enable the Security Services?

08/11/2020 654 17045

DESCRIPTION:

Enabling the security services on the firewall is an essential part of Firewall configuration. The Security Services that are essential are Gateway Anti-Virus, Intrusion Prevention and Anti-Spyware.

SonicWall Gateway Anti-Virus integrates a high performance Real-Time Virus Scanning Engine and dynamically updated signature database to deliver continuous protection from malicious virus threats at the gateway.

SonicWall Intrusion Prevention integrates a high-performance Deep Packet Inspection architecture and dynamically updated signature database to deliver complete network protection from application exploits, worms and malicious traffic.

SonicWall firewalls provide an innovative multi-layered anti-malware strategy consisting of a patented Reassembly-Free Deep Packet Inspection anti-malware solution.

RESOLUTION:

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Once you have purchased the License for the Security Services and activated it in your mySonicWall.com, you will see the licenses showing up on the SonicWall under System | Status/Licenses page. Even though the Security Services show licensed on the device you would still have to enable the Security Services and apply it on the required zones.

Enabling the Security Services in the Security Services tab

Navigate to Policy| Security Services | Gateway Anti-Virus .
Under GATEWAY ANTI-VIRUS GLOBAL SETTINGS, Enable the option Enable Gateway Anti-Virus.
By default the inbound Inspection for HTTP, FTP, IMAP, SMTP, POP3 is enabled. You can enable the outbound inspection as well if required.
If you want to exclude some IP addresses from being inspected from gateway Anti-Virus, you can do the same by clicking on Configure button. You have an option to Exclude based on Address objects.
Navigate to Policy| Security Services | Intrusion Prevention.
Under IPS GLOBAL SETTINGS, Enable the option'Enable IPS'.
You will have three Signature Groups " High Priority Attacks, Medium Priority Attacks and Low Priority Attacks. You can enable the Detection and Prevention as per your requirement but the recommended settings is to leave the prevention disabled and just enable the detection for low priority attacks.

NOTE: Enabling the Prevention for low priority attacks will drop ICMP as well hence you will not be able to do ping tests for troubleshooting.
Navigate to Policy| Security Services | Anti-Spyware.
Under ANTI-SPYWARE GLOBAL SETTINGS, enable the option Enable Anti-Spyware.
This completes enabling the Security Services and you will have to apply these in to appropriate zones for the Security Services to take effect.

Applying the Security Services on the required Zones:

Navigate to Object|Match Objects|Zones. Edit the appropriate zone required by clicking on configure icon and apply the security services by enabling the check boxes for "Enable Gateway Anti-Virus Service" "Enable IPS" and "Enable Anti-Spyware Service". The below screenshot shows the Security Services being applied on the LAN zone.
Click on Save to save the setting. Similarly you need to apply the same on the WANzone and additional zones if required.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Navigate to Manage | Security Services | Gateway Anti-Virus tab. Check the Box 'Enable Gateway Anti-Virus'. By default the inbound Inspection for HTTP, FTP, IMAP, SMTP, POP3 is enabled. You can enable the outbound inspection as well if required.
If you want to exclude some IP addresses from being inspected from gateway Anti-Virus, you can do the same by clicking on Configure Gateway AV Settings button. You have an option to Exclude based on address objects or a Range.
Once the GAV is enabled, navigate to Manage | Security Services | Intrusion Prevention. Check the box 'Enable IPS'. You will have three Signature Groups " High Priority Attacks, Medium Priority Attacks and Low Priority Attacks. You can enable the Detection and Prevention as per your requirement but the recommended settings is to leave the prevention disabled and just enable the detection for low priority attacks.

NOTE: Enabling the Prevention for low priority attacks will drop ICMP as well hence you will not be able to do ping tests for troubleshooting.
Similarly, Navigate to Manage | Security Services | Anti-Spyware and enable the Anti-Spyware checkbox and you can leave the Low Danger Level Spyware disabled for prevention and enabled for detection.

This completes enabling the Security Services and you will have to apply these in to appropriate zones for the Security Services to take effect.

Applying the Security Services on the required Zones:

Navigate to Manage | Network | Zones. Edit the appropriate zone required by clicking on icon and apply the security services by enabling the check boxes for "Enable Gateway Anti-Virus Service" "Enable IPS" and "Enable Anti-Spyware Service". The below screenshot shows the Security Services being applied on the LAN zone.
Click on OK to save the setting. Similarly you need to apply the same on the WAN zone and additional zones if required.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Navigate to Security Services | Gateway Anti-Virus tab. Check the Box 'Enable Gateway Anti-Virus'. By default the inbound Inspection for HTTP, FTP, IMAP, SMTP, POP3 is enabled. You can enable the outbound inspection as well if required.I
f you want to exclude some IP addresses from being inspected from gateway Anti-Virus, you can do the same by clicking on Configure Gateway AV Settings button. You have an option to Exclude based on address objects or a Range.
Once the GAV is enabled, navigate to Security Services | Intrusion Prevention. Check the box 'Enable IPS'. You will have three Signature Groups " High Priority Attacks, Medium Priority Attacks and Low Priority Attacks. You can enable the Detection and Prevention as per your requirement but the recommended settings is to leave the prevention disabled and just enable the detection for low priority attacks.

NOTE: Enabling the Prevention for low priority attacks will drop ICMP as well hence you will not be able to do ping tests for troubleshooting.
Similarly, Navigate to Security Services | Anti-Spyware and enable the Anti-Spyware checkbox and you can leave the Low Danger Level Spyware disabled for prevention and enabled for detection.
This completes enabling the Security Services and you will have to apply these in to appropriate zones for the Security Services to take effect.

Applying the Security Services on the required Zones:

Navigate to Network | Zones. Edit the appropriate zone required by clicking on icon and apply the security services by enabling the check boxes for "Enable Gateway Anti-Virus Service" "Enable IPS" and "Enable Anti-Spyware Service". The below screenshot shows the Security Services being applied on the LAN zone.
Click on OK to save the setting. Similarly you need to apply the same on the WAN zone and additional zones if required.

Was This Article Helpful?

Yes No

Not Finding Your Answer?

ASK THE COMMUNITY

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal