SonicWALL TZ-205 Router Manual PDF (Setup & Configuration Guide)

Page 26 / 44 Scroll up to view Page 21 - 25

SonicWALL TZ 100/200 Series Getting Started Guide

Page 23

SonicWALL Wireless Firewalling

When a wireless device uses an access point to communicate

with a device on another subnet or on a completely different

network, traffic between the devices is forced to traverse the

network gateway. This traversal enables Unified Threat

Management (UTM) services to be enforced at the gateway.

Standard practice for wireless firewalling (where one wireless

client is communicating with another) bypasses many of the

critical UTM security services. The illustration below shows the

standard practice for wireless firewalling.

Many security products on the market share this potential

vulnerability when two users connected by a common hub or

wireless access point wish to exchange data.

SonicWALL addresses this security shortcoming by managing

the SonicPoint access points from the UTM appliance. This

allows complete control of the wireless space, including zone

enforcement of security services and complete firewalling

capabilities, as shown in the illustration below.

WLAN Zone

Security Services

?

Content Filtering Service

Client Anti-Virus Enforcement

Gateway Anti-Virus

Gateway Anti-Spyware

Intrusion Prevention Service

Other Security Appliance

WLAN Zone

Security Services

SonicWALL TZ 100/200

series appliance

SonicWALL

SonicPoint*

*SonicPoint needed for wireless access on wired-only models

Content Filtering Service

Client Anti-Virus Enforcement

Gateway Anti-Virus

Gateway Anti-Spyware

Intrusion Prevention Service

SONICPOINT

Page 27 / 44

Page 24

Configuring Interfaces

Interfaces, also known as ports, are physical network

connections that can be configured to provide different

networking and security features based on your network needs.

Note:

For more information on Zone types, see “An

Introduction to Zones and Interfaces” on page 22.

This section contains the following sub-sections:

•

Configuring an Interface

- page 24

•

PortShield Wizard

- page 25

•

Manual PortShield Configuration

- page 26

Configuring an Interface

The SonicOS Enhanced Web-based management interface

allows you to configure each individual Ethernet port (from X2-

X5) with its own security settings through the use of zones.

To configure a network interface:

1.

In the

Network > Interfaces

panel, click the

Configure

button for the interface you wish to configure. The Edit

Interface window displays.

Note:

If only X0 and X1 interfaces are displayed in the

Interfaces list, click the

Show PortShield Interfaces

button to show all interfaces.

2.

Select

a

Zone Type

for this interface.

3.

Select an

IP assignment

for this interface. If you intend to

create a new network segment on this interface such as a

DMZ or secondary LAN, this value should be set to

Static

.

4.

Enter a static

IP Address

for the interface. For private and

semi-private network segments, any private static IP

address such as 10.10.20.1 is appropriate. Ensure that the

static IP address you choose does not conflict with any

currently existing interfaces. The newly created interface

appears in the Interfaces list. You may now connect the

appropriate network resources to this interface.

Page 28 / 44

SonicWALL TZ 100/200 Series Getting Started Guide

Page 25

PortShield Wizard

With PortShield, multiple ports can share the network settings of

a single interface. The SonicWALL PortShield feature enables

you to easily configure the ports on the SonicWALL TZ 100/200

series appliance into common deployments.

Tip:

Zones can always be applied to multiple interfaces in

the

Network > Interfaces

page, even without the use

of PortShield groupings. However, these interfaces will

not share the same network subnet unless they are

grouped using PortShield.

To configure ports using the SonicWALL PortShield Wizard:

1.

Click the

Wizards

button on the top-right of the SonicOS

management interface.

2.

Choose

PortShield Interface Wizard

and click Next.

3.

Select from the following:

4.

WAN/LAN or WAN/LAN/DMZ and click

continue.This will prompt a configuration summary to

appear. Verify that the ports assigned are correct.

5.

Click

Apply

to change port assignments.

Note:

For more information about PortShield interfaces, see

the SonicOS Enhanced Administrator’s Guide.

Selection

Port Assignment

Usage

WAN/LAN

X1: WAN

All Other Ports: LAN

Connect Internet connection to X1

Connect network devices to any remaining

portfor local and Internet connectivity.

WAN/LAN/

DMZ

X1: WAN

X2: DMZ

All Other Ports: LAN

Connect Internet connection to X1.

Connect public-facing servers or other

semi-public resources to X2.

Connect network devices to any remaining

port for local and Internet connectivity.

Page 29 / 44

Page 26

Creating Network Access Rules

A Zone is a logical grouping of one or more interfaces designed

to make management a simpler and more intuitive process than

following a strict physical interface scheme.

By default, the SonicWALL security appliance’s stateful packet

inspection allows all communication from the LAN to the

Internet, and blocks all traffic from the Internet to the LAN. The

following behaviors are defined by the “Default” stateful

inspection packet access rule enabled in the SonicWALL

security appliance:

To create an access rule:

1.

On the

Firewall

>

Access

Rules

page in the matrix view,

select two zones that will be bridged by this new rule.

2.

On the Access Rules page, click

Add

.

The access rules are sorted from the most specific to the

least specific at the bottom of the table. At the bottom of the

table is the

Any

rule.

Note:

SonicWALL’s default firewall rules are set in this way

for ease of initial configuration, but do not reflect best

practice installations. Firewall rules should only allow

the required traffic and deny all other traffic.

Originating Zone

Destination Zone

Action

LAN, WLAN

WAN, DMZ

Allow

DMZ

WAN

Allow

WAN

DMZ

Deny

WAN and DMZ

LAN or WLAN

Deny

Page 30 / 44

SonicWALL TZ 100/200 Series Getting Started Guide

Page 27

3.

In the Add Rule page on the

General

tab, select

Allow

or

Deny

or

Discard

from the

Action

list to permit or block IP

traffic.

4.

Configure the other settings on the

General

tab as

explained below:

•

Select the service or group of services affected by the

access rule from the

Service

drop-down

list. If the

service is not listed, you must define the service in the

Add Service

window. Select

Create New Service

or

Create New Group

to display the

Add Service

window or

Add Service Group

window.

•

Select the source of the traffic affected by the access

rule from the

Source

drop-down

list. Selecting

Create

New Network

displays the

Add Address Object

window.

•

Select the destination of the traffic affected by the

access rule from the

Destination

drop-down

list.

Selecting

Create New Network

displays the

Add

Address Object

window.

•

Select a user or user group from the

Users Allowed

drop-down

list.

•

Select a schedule from the

Schedule

drop-down

list.

The default schedule is

Always on

.

•

Enter any comments to help identify the access rule in

the

Comments

field.

Rate

Popular SonicWALL Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share