Suggestions to follow when HTTPS management is enabled on the WAN interface

Description

Below are the steps or suggestions to follow in order to secure the firewall when HTTPS management is enabled on the WAN interface to access the firewall interface from outside the network.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.



  1. Kindly have a strong complex password.

  2. Change the default management HTTPS port from 443 to any custom port to manage or access the firewall.

  3. Secure the connection to the firewall over the Internet by having a SSL Certificate. (How to use the SSL certificate for WAN Management)

  4. Navigate to Policy | Rules | Access rules | Zone WAN to WAN Access rules with service HTTPS management. Kindly edit the rule and in Optional settings, enable Enable connection threshold for each source IP addresses and enter the limit.

    Image

  5. Kindly enable TCP flood protection and have the SYN Flood protection mode to Proxy WAN Client Connections When Attack is Suspected.
    Image

  6. Make sure all the security services are enabled.



Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.



  1. Kindly have a strong complex password.

  2. Change the default management HTTPS port from 443 to any custom port to manage or access the firewall.

  3. Secure the connection to the firewall over the Internet by having a SSL Certificate. (How to use the SSL certificate for WAN Management)

  4. Navigate to Manage | Rules | Access rules | Zone WAN to WAN Access rules with service HTTPS management. Kindly edit the rule and in Optional settings, enable Enable connection threshold for each source IP addresses and enter the limit.

    Image

  5. Kindly enable TCP flood protection and have the SYN Flood protection mode to Proxy WAN Client Connections When Attack is Suspected.

    Image

  6. Make sure all the security services are enabled.






Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
TZ Series
not finding your answers?
Ask the Community