SonicWall Review

SonicWall Administration

SonicWall firewall live Demo page

It is a firewall software, to block or allow things between zone ( aka location or interfaces)
Interface assigned into Zone:
X0 = LAN in to LAN switch or LAN router
X1= WAN out to Router (ISP) internet
X2= DMZ for location for servers that allow access freely from the internet.
X3= WLAN for link into Wireless devices (AP)

Monitor Network and firewall statistics in real time:
AppFlow: Applications statistic
Real-Time: monitoring

Global Malware: reports of the latest threat from SonicWall security organization

Connection Monitor:
Packets Monitor: Packet capture
Log Monitor: device events log
Packet Mirror: send a copy of packet to another devices to analysis later.

Licenses: is what you allow or can do with the product.

Firmware: devices operating system or program to run that devices.

Manage via HTTPS using port 443 (SSL port)

VLAN: is a virtual interface

SNMP client: monitor the device status using UDP port.

NTP: automatically setup time (clock) on the devices from NTP server PC.

Filter: is method of only show that, display out only that information

Certificate: verify identity, without digital certificate VPN users must enter identity.

Diagnostic Tools: for troubleshooting connection, devices issue.
Traceroute: for checking router issue
Ping: Checking devices is turn on and capable of communication to it.

ARP: is program (protocol) to map MAC address to IP address.

Wireless Bridge: a bridge is extended or link the two location together. Example when you bridge zone (location): WLAN to LAN the location WLAN will inherited the property of LAN zone, another word whatever LAN can do, WLAN is now can have access to it. WLAN will have the same subnet, dhcp pool as LAN interface zone location.

VPN: the process of using the internet connection as WAN link. This will save money because it doesn’t need to buy a private T lines, private WAN link. It use the internet as WAN connection. And use SSL to scramble the connection over the internet for security.

UTM SonicWall: is a security layer for virus, spyware, and intrusion detection. Traffic flow from internet ISP into UTM SonicWALL devices before it pass into LAN.

Load Balancing: dual connection or dual device to help with the work, like having two device working at the same time instead of one (X1 is ISP 1, X4 is ISP2)

Fail-over: backup devices, only come online when device 1 is dead.

Aggregation: multiple lines combine into 1 single links to increase speed.

Port Redundancy: backup ports, incase one port is dead.

WAN 3G/4G: a cellular phone data plan network use as fail-over for Ethernet network.

VLAN interface: setup just like the regulars physical interface.

Access Rules: for managing and control traffic for a device into that zone (locations).
Example create a new access rules to allow server to talk another zone. When a match is found the rule will apply.

Route Policy: zone (location / interface) for managing to allow/deny communication between zone to another zone.

Port-Shield Interfaces: a virtual interface create to further separate security by placing zones (location) into virtual interface to protect from other zone. Example to further protect from WAN and DMZ location.

HA: Another devices use a backup or load balancing. You have to disable Port-Shield in order to setup HA.

Address Object: referencing to an object, port, services, application etc..

Address Group: by grouping of Address object into a group, it make it easy to add to Access Rules.

Router feature: device is cable of routing packet, work like a simple router. Example able to act like a router to run: RIP, or OSPF.

Policy Base Routing (PBR):When you have dual ISP (two internet connections).
You can create two Route Policy:
1. Policy for direct all X0(LAN) to X1 (WAN)
2. Policy for direct all X0(LAN) to X3 (WAN)


NAT: map private IP (LAN) to WAN. By default NAT is to allow between X0 (LAN) to X1 (WAN) only.
Type of NAT:
1. Many To One: take a LAN (a group IP) to WAN (a single public IP), example NAT done on X0 (LAN) to X1 (WAN)
2. Many To Many: group of address to another group of address, (range of IP address).
3. One To One: use to map that 1 server private IP address to 1 public IP address. Example Web server, FTP serer, etc.
4. One To Many: use for Load balancing (WAN to LAN). Example one internet connection reaching into 3 servers to process the request faster.


PAT: is another version of NAT. A single WAN IP address, you only have 1 public IP address, now you have to work with all the LAN ip address of 6 difference servers (private LAN) to reach between the LAN to Internet: X0 (LAN) to X1 (WAN).
Step 1: creating custom service
Firewall > Custom Services
Step 2: creating address object
Network > address Object
Step 3: creating NAT policy
Network > NAT Policy
Step 4: apply to Access Rule
Firewall > Access Rules

Original Source: Server1-private-IP-address (From)
Translate Source: WAN-primary-IP-address (To)


Static ARP: map Layer 2 to Layer 3, such as map LAN to DMZ without using NAT.

NAT or PAT or Static ARP: the point to allow traffic between the two location. Example LAN to WAN

NAT + Load Balancing: is concept of spreading the load of incoming traffic onto 3 servers for a faster processing out of those servers.

Packet: has Source(FROM) address and (TO)Destination address.

MAC-IP-Anti-Spoofing: by locking the ARP table, this will prevent any modification and only MAC address inside the ARP table are allow to authorize network access.

Network IP-Helper: point to use that DHCP server, because it doesn’t have a DHCP server of it own.

Web Proxy Sever: instead of client browser access the internet directly, it goes to a proxy server to get internet content store it there instead. A proxy server is act like a middle man on behalf of.

DHCP server: automatically lease IP address to client.

Dynamic DNS: record are update whenever an IP address got changed. Example when you move domain hosting to another company and got a new IP address.

WWAN: 
3G/4G/5-6G: cellular (radio wave) network and modem like devices that provide data network to the company as backup link, incase the ethernet copper line is down.

Wireless (802.11): G, N
Wireless AP: allow connection for wireless devices to connect into the LAN.
You may need to create to Access Rule:
SSID1: WLAN —> WAN -allow
SSID2: WALN —> LAN -not allow access

VOIP (802.1p), DSCP, is away to use the IP network to host phone communication between branches office. This help save money on phones traditional services LAN line.
-Internet
-LAN
-NAT
-Client IP phone and VOIP IP server phone
-Media Protocol: RIP/RTCP
-Port/IP address: this port are dynamic create on the fly.
-Protocol: H.323 or SIP (PBX, voice gateway)

SSL: is a digital signature or certificate of identity. You can put SSL on HTTP this will be HTTPS, or put SSL over SMTP, POP3, IMAP, and LDAP
You can also apply SSL to zone.

DPI-SSL: deep packet inspection over SSL.

White List: allow list
Black List: block or deny list

Blocking a web site:
Security Services > Content Filter: web site domain restriction
Step1: Firewall > Match Object (web site objects)
Step 2: Firewall > Access Rules (create rule or apply to rule

Default CFS: are pre-configure web site restriction from SonicWALL.

Custom CFS: are a modify version of the Default CFS, to create a new filtering to allow or deny a web site. Like in Window GPO, you modify the default GPO.
Step 1: Create new CFS
Step 2: Security > Content Filter > Add

CFS Exclusion List: doesn’t apply to this web site.

Anti-Virus: a program design to stop a virus program that may cause to end user productivity or distractions.

IPS: packet inspection use to detect virus and malware.

Black-List-Geo-Filter: block web site base on country of origin.

WXA: WAN Acceleration devices, increase application performance between two location. Example: Between Data Center (WXA) <—-> Branch office (WXA)

APP-Flow: Statistic and reports about the device

Log: an even log message on the device, similar to Window Event log.

Syslog: a detail even log can setup to sent to remote PC for analysis later.

Log > View Point: A detail reports of the device.

Wizard in SonicWall: is a step by step process to configure a setting like, 3g setup, VPN policy, etc..


Router Protocol:
*RIP: use for smaller network like 15 routers or less.
Prevent looping in RIP:
Split-Horizon: information learned from that interface are not send back.
Poison-Reverse: When a network advertise at 16 hops, this make unreachable because RIP only allow 15 routers or less.

*OSPF: use for a larger network.
*EIGRP: use only within Cisco’s router only, for large network.
*BGP: use within ISP link to other ISP router (isp protocol network)

CDIR: allow subnetting by VLSM, via subnet mask. Example if you have 8 networks like
192.168.0.0/24 to 192.168.7.0/24
Rather then have to input 8 separate network statement into the router protocol. You can just do: 192.168.0.0/21 and this will will cover all the 8 networks.


BWM: Bandwidth management: Ingress and egress, allow to guarantee minimums bandwidth and enable on that interface.
Step 1:
Firewall > Action Objects
Step 2
Firewall > App Rules


What route use first: 
Cost / Type:
1      Static route
     EIGRP summary
20    External BGP
90    EIGRP
100   IGRP
115    IS-IS
120    RIP
140    EGP
170    External EIGRP


Network slash and subnet:
/32 255.255.255.255 has only 1 IP address for like loopback IP, for device.
/31 255.255.255.254 has 2 IP address for point to point to link. 1 device within LAN to WAN. 
/30 or 255.255.255.252 can have 4 IP, this is for connecting 2 devices together, like a router to router within LAN.
/29 or 255.255.255.248 can have 8 IP, 4 devices and 3 extra IP
/28 or 255.255.255.240 can have 16 IP, 8 devices and 5 extra IP
/27 or 255.255.255.224 can have 32 IP, 16 devices and 13 extra IP
/26 or 255.255.255.192 can have 64 IP, 32 devices and 29 extra IP
/25 or 255.255.255.128 can have 128 IP, 48 devices and 61 extra IP
/24 or 255.255.255.0 can have 190 IP, 96 devices and 93 extra IP
/23 or 255.255.254.0 can have 254 IP, 128 devices and 125 extra IP


Firewall work flow: 
Step 1:
Interfaces: are property object setting to the actual physical network card you can do.
SonicWall has 4 interfaces:
-X0 = LAN in to LAN switch or LAN router
-X1= WAN out to Router (ISP) internet
-X2= DMZ for location for servers that allow access freely from the internet.
-X3= WLAN for Wireless devices AP

Step 2:
Zones: or locations which you can assign the above interfaces to belong to.
LAN – (IN) Private
WAN – (OUT) Internet
DMZ- allow access for both LAN and WAN
WLAN – WiFi location, if bridge to LAN will have the same access LAN.

Step 3:
Firewall > APP rules: 
Where you can setup zone (locations) to allow to talk to each others in both directions. Example:
LAN —> WAN is allow (one way allow)
WAN —> LAN is deny (one way allow)

———–
Next,
You can create below object to apply to Access Rules:
Address Object: reference an object or that services
Address Group: grouping object together easy to apply to Access Rule later

Match Object: web site match in CFS
Action Object: BWM


The End…

Published by

Khmer Certified

Welcome to Khmer Certified. We're all about sharing the experienced in Information Technology. Our site is not an introduction to computer. We are more about sharing your journey that may take to get a job in an entry level IT - your first year in IT field

One thought on “SonicWall Review”

  1. Pingback: CCNA REVIEW – Khmer Certified

Leave a comment