SonicWALL TZ 100/200 Series Getting Started Guide

Page 13

Enabling Security Services

In this Section:

Security services are an essential component of a secure network deployment. This section provides instructions for registering and

enabling security services on your SonicWALL TZ 100/200 series appliance.

•

Enabling Security Services in SonicOS

- page 14

•

Verifying Security Services on Zones

- page 19

3

Page 14

Enabling Security Services in SonicOS

Enabling Security Services in SonicOS

After completing the registration process in SonicOS, perform

the tasks listed below to activate your licenses and enable your

licensed services from within the SonicOS user interface.

SonicWALL security services are key components of threat

management in SonicOS. The core security services are

Gateway Anti-Virus, Intrusion Prevention Services, and Anti-

Spyware.

You must enable each security service individually in the

SonicOS user interface. See the following procedures to enable

and configure your security services:

•

Verifying Licenses

- page 14

•

Enabling Gateway Anti-Virus

- page 15

•

Enabling Intrusion Prevention Services

- page 16

•

Enabling Anti-Spyware

- page 17

•

Enabling Content Filtering Service

- page 18

Verifying Licenses

Verify that your security services are licensed on the

System

>

Status

page.

If services that are already activated on MySonicWALL do not

display as licensed, you need to synchronize your SonicWALL

with the licensing server.

If initial setup is already complete, click the

Synchronize

button

to synchronize licenses from the

System

>

Licenses

page.

SonicWALL TZ 100/200 Series Getting Started Guide

Page 15

Enabling Gateway Anti-Virus

To enable Gateway Anti-Virus (GAV) in SonicOS:

1.

Navigate to the

Security

Services

>

Gateway

Anti-Virus

page.

2.

Select the

Enable Gateway Anti-Virus

checkbox and click

Accept

to apply changes.

3.

Verify that the

Enable Inbound Inspection

checkboxes

are selected for the protocols you wish to inspect. See the

following table for an explanation of these protocols.

The following table gives descriptions and default values for

GAV-enforced protocols:

4.

Click the

Accept

button to apply changes.

GAV contains many other useful features, including:

•

Outbound SMTP Inspection

scans outbound email

•

User Notification

notifies users when content is blocked

•

File-Type Restrictions

blocks various non-scannable files

•

Exclusion Lists

for network nodes where Gateway Anti-

Virus enforcement is not necessary.

Tip:

For a complete overview of GAV features, refer to the

SonicOS Enhanced Administrator’s Guide.

Protocol

Default

Description

HTTP

Enabled

Hyper-Text Transfer Protocol, common Web-browsing

traffic

FTP

Enabled

File Transfer Protocol, dedicated file download servers

IMAP

Enabled

Internet Message Access Protocol, standard method

for accessing email

SMTP

Enabled

Simple Mail Transfer Protocol, standard method for

accessing email

POP3

Enabled

Post Office Protocol 3, standard method for accessing

email

CIFS/

Netbios

Disabled

Intra-network traffic on Windows operating system

(network file-sharing)

TCP Stream

Disabled

Any other non-standard type of network data transfer

Page 16

Enabling Security Services in SonicOS

Enabling Intrusion Prevention Services

To enable Intrusion Prevention (IPS) in SonicOS:

1.

Navigate to the

Security Services

>

Intrusion Prevention

page.

2.

Select the

Enable Intrusion Prevention

checkbox.

3.

In the Signature Groups

table, select the

Prevent All

and

Detect All

checkboxes based on attack priority.

Note:

Prevent All

blocks attacks of the chosen priority, and

Detect All

saves a log of these attacks that can be

viewed on the

Log

>

View

page. A common setting is

to enable

Prevent f

or High and Medium Priority

threats, and

Detect

for all threats.

4.

Click the

Accept

button to apply changes.

Intrusion Prevention contains other useful features, including:

•

Exclusion Lists

for network nodes where IPS

enforcement is not necessary.

•

Log Redundancy

to control log size during high-volume

intrusion attack attempts by enforcing a delay between log

entries.

Tip:

For a complete overview of IPS features, refer to the

SonicOS Enhanced Administrator’s Guide.

SonicWALL TZ 100/200 Series Getting Started Guide

Page 17

Enabling Anti-Spyware

To enable Anti-Spyware in SonicOS:

1.

Navigate to the

Security Services

>

Anti-Spyware

page.

2.

Select the

Enable Anti-Spyware

checkbox.

3.

In the Signature Groups

table, select the

Prevent All

and

Detect All

checkboxes for each spyware danger level that

you want to prevent.

Note:

Prevent all blocks attacks of the chosen priority, Detect

All saves a log of these attacks which can be viewed in

the

Log

>

View

screen.

4.

Click the

Accept

button to apply changes.

Anti-Spyware contains other useful features, including:

•

Exclusion Lists

excludes network nodes when

Anti-Spyware enforcement is not necessary.

•

Log Redundancy

controls log size during high-volume

intrusion attack attempts by enforcing a delay between log

entries.

•

Clientless Notification

displays messages to users when

content is blocked by SonicWALL Anti-Spyware.

•

Outbound Inspection

enables scanning and logging of

outbound spyware communication attempts.

•

Disable SMTP Responses

suppresses the sending of

email messages to clients when spyware is detected.

Tip:

For a complete overview of Anti-Spyware features,

refer to the SonicOS Enhanced Administrator’s Guide.