SonicWALL ½ day hands on workshop

Content
Part 1 – System Setup
- 1.1 Initial Setup
- 1.2 Registration
- 1.3 Sonic OS fundamental
Part 2 – Security features
- 2.1 Antivirus
- 2.2 Intrusion Prevention
- 2.3 Anti-spyware
- 2.4 URL filtering
- 2.5 Application control
Part 3 – Backup and Restore
- 3.1 System Backup
- 3.2 System Restore
- 3.3 Factory Default
Part 1 – System Setup
1.1 Initial Setup

This is a very important step as we need to do this first before we can move on to other configuration.

Initial setup is simple, we need to enable the firewall with an internet connection for registration.

Login to the firewall using any web browser, connect to X0 and access https://192.168.168.168

Click “here” to access the management interface.

Default Login is

Username: admin

Password: password

NOTE: DHCP server is enable on X0, when you connect your workstation to X0 with DHCP enabled. You
should be able to get an IP address from the firewall.
Go to Network -> Interface

Click on the configure button for X1

Change Settings to DHCP

Or choose Static if your ISP has given you a fixed IP address.

Click Ok

Your device X1 interface will be assigned with an IP address

Change DNS to Google or Singtel and renew your workstation DHCP setting

Click “Accept” to complete changes.

Verify internet connections are working

Go to system -> diagnostics > Diagnostic Tools

Use Check Network settings, select all the check boxes and click on Test all selected
You should get successful test result for all except Content Filtering as that requires valid license.

Once we can get respond from License manager it means the device is setup and we are ready for
registration.

1.2 Registration

Before we can register the device. We need to have a mysonicwall account.

https://www.mysonicwall.com/
Click on Register Now.

Once you have your MySonicWALL account. We are ready to register the firewall.

Access the device by going to https://192.168.168.168 using the X0 interface

Unregistered devices will be prompted after login. Click on Register

Login with MySonicWALL ID

This shows Registration is successful

1.3 Sonic OS fundamental

The firewall primary use is to provide access control.

To do this we need to create the objects we want to control.

Address object

Examples of Address object

1) IP Address of workstation e.g. 192.168.1.1

2) IP Address range e.g. 192.168.1.2 – 192.168.1.20
3) Subnets e.g. 192.168.1.0/24
4) MAC address e.g. fe80::804c:8100:cafa
5) FQDN e.g. www.sonicwall.com

Service object

Examples of Service Object

1) HTTPS TCP/443
2) DNS TCP/53
3) SSH TCP/22

Creating the objects

Go to Firewall > Address objects

Click on Add at the bottom of the screen.

In the pop up window.

Key in the name of your object

Select the zone, choose the type of the object and the IP Address

Example

To Create Service objects Go to firewall > Service objects

Click Add

Key in Name of object

The protocol type

Port range. If object is for single port then the range for start and end will be the same

Click Add to complete

Challenge Task 1
Hands on Exercise

Create these address objects

Network > Address objects

1)

Name: workstation

Zone: LAN

Type: Host

IP Address: 192.168.168.1 (use the IP address assigned to your workstation by the DHCP)

2)

Name: Internal network

Zone: LAN

Type: network

IP Address: 192.168.168.0 mask 255.255.255.0

Challenge Task 2

Create these service objects

Firewall > service objects

1) Web browsing group containing these default services ICMP, DNS, http & https

2) Custom port

Name: test service

Protocol: TCP

Port: 8888
Firewall policy

Go to Firewall > Access Rules

Understanding the firewall view

There are 3 styles of viewing the rules. Matrix view is easiest for rule creation

Interfaces are tied to Zone, depending on the interface they are coming FROM and going TO

We select the correct button and click it.

Example: Creating rules from LAN to WAN

All traffic are allowed by default for LAN to WAN

To provide access control, we need to tighten the firewall by only allowing services authorized.

Click on the configure button

Change the action to Deny and click ok

Your traffic from LAN to WAN is now being blocked by the firewall.

Hands on Exercise

Allowing your workstation to access internet.

Click on Add
Save the policy

And verify your access to internet is working again.

Part 2 – Security features

The Firewall has many security features that can be easily turned on to provide protection for the
network.

1.1 Anti-Virus/Malware

Go to Security Services > Gateway Anti-virus

Check that your device has a valid subscription and the signature base is updated.
Enable the service by checking the checkbox Enable Gate Anti-Virus

We can enable the service for inbound/outbound

Testing with Eicar

Click Configure Gateway AV settings

The default settings disable detection of EICAR test virus. This is to save the system resource. If you are
doing any testing please uncheck this.

Hands on Exercise

Enable the detection for EICAR test virus. Go to Eicar website and download a file.

Go to Log Monitor to see the detection.

 2.2 Intrusion Prevention

Go to Security Services > Intrusion Prevention

Check Signature database is updated.

Configuration for Intrusion prevention is simple

Enable the service by checking “Enable IPS”

Turn on blocking by checking Prevent All

Turn on logging by checking Detect All

Attacks level are set to High, Medium and low

Recommended settings. Prevent and Detect for High and Medium

Hands on Exercise

Open up your command prompt and Ping 8.8.8.8 Google’s DNS server.

You should get a reply coming back.

Now turn on Prevent all and Detect All for Low priority attacks

Your Ping starts to drop and there will be a record in the Log Monitor.
2.3 Anti-spyware

Go to Security Services > Anti-Spyware

Check Signature database is updated.

To turn on the services

Check the Enable Anti-Spyware to activate the service.

Anti-Spyware is set to High, Medium and Low level

Enable all

2.4 URL filtering

Go to Security Service > Content Filter

Ensure that license is activated with a valid subscription.

Enable the service by checking the Enable Content Filtering Service

Enable the rule CFS Default Policy for LAN to WAN.

The rule is currently using Default Profile and Action

Create new CFS profile and CFS Action object by clicking on the highlighted blue words

Firewall > Content Filter Objects

Default action shows a block page. So there is nothing to change unless you need to customize.

EXAMPLE:

Configure the CFS Default Profile to control what categories to block.

Click on the configure button.

Under the Category Configuration.

12 Category has already been selected to block by default.

Challenge task

Try to block twitter.com

Which category would you use?

 2.5 Application control

Go to Firewall > App Control Advanced

Check the license and signature base is updated.

To control application

Enable the App Control function by checking the tick box

Example to block facebook.

Under Category select Social-Networking

Application: Facebook

Click on Configure

Enable blocking and logging.

Click ok to confirm changes.

Now try to access facebook in the web browser.

You will not be able to establish a connection.

You can view the logs in Log Monitor

Did you notice?

Blocking Facebook in app control has precedence over CFS

Part 3 – Backup and Restore

- 3.1 System Backup

Go to System > Settings

Click on export Settings to retrieve the running configuration

Click Export to save the file to your computer.

To create a system backup

Click Create Backup Settings

You will see “Current firmware with backup settings” created.

This file can be downloaded and store as a known good system backup.
 - 3.2 System Restore

Click on import setting to restore known good configuration

Choose the file that you exported previously.

NOTE: Reboot will happen immediately after you click import.

Restoring the system.

Click Upload New Firmware. Import the backup settings created previously. 3 new boot option will
appear. Click on Uploaded firmware with Backup setting to restore the system.
 - 3.3 Factory Default

Step 1. Connect your management station to a LAN port on the SonicWALL security appliance and
configure you management workstation IP address to192.168.168.20.

Do a continuous ping to 192.168.168.168

Step 2. Use a narrow, straight object, like a straightened paper clip or a toothpick, to press and hold the
reset button on the back of the security appliance for five to ten seconds. The reset button is in a small
hole next to the console port or next to the power supply, depending on your SonicWALL security
appliance model.

The device will reboot and you should get ping reply from 192.168.168.168 after a while.

Access the default setting by going to http://192.168.168.168

You cannot access the device with https it will not response.

Once you are in the default setting page.

Green Arrow > Restore device to factory default setting

Red Arrow> Restore device with backup setting

Black Arrow > upload a new firmware