如何配置SonicWALL防火墙

SonicWALL 防火墙配置透明（透传）模式本文适用于：涉及到的Sonicwall防火墙Gen5:NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240 Gen5 TZ系列: TZ 100/W, TZ 200/W, TZ 210/WirelessGen4: PRO系列: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260Gen4: TZ系列: TZ 190/W, TZ 180/W, TZ 170/W/SP/SP Wireless固件/软件版本:所有SonicOS增强版版本服务:DMZ/OPT配置功能与应用Transparent Mode通过控制ARP和路由的行为来模拟WAN口IP地址到内部接口（LAN,DMZ）的桥梁。

Transparent Mode的分配非常灵活，允许不同zone的多个内部接口同时在Transparent Mode模式下工作，只要被分配的地址不重复。

在不可能改变已经存在的IP地址，或者是有必要在不妨碍其他设备的前提下部署一台Sonicwall防火墙，Transparent Mode发挥了重要的作用。

Transparent Mode在Sonicwall防火墙上定义一个和WAN口子网相关的Transparent Range地址对象。

Transparent Range定义哪一个外部地址去连接内部接口。

Transparent Range对象可以是一台主机，一组主机或者是一个地址对象范围。

Transparent Range中的地址不能用来配置NAT Policies，他们保持初始的源IP地址。

步骤：配置端口为Transparent ModeTransparent Mode允许Sonicwall防火墙在WAN口子网和内部接口间进行透传。

Arubaremoteap（RAP）结合SONICWALL防火墙联动详细实验实验目标：本次实验的目标是实现Aruba Remote AP（RAP）与SonicWall防火墙的联动。

通过配置和测试，实现RAP访问本地网络，并通过SonicWall防火墙进行安全访问控制。

实验步骤：1. 初始化Aruba RAP：首先，需要将RAP连接到网络，并进行初始化配置。

通过网线将RAP连接到本地网络，然后使用SSH或串口连接到RAP的控制台。

进行初始化配置，包括设置RAP的IP地址、网关、DNS服务器、SSID等。

2. 配置SonicWall防火墙：在SonicWall防火墙上，需要进行相关配置以允许RAP访问本地网络。

首先，将RAP的IP地址添加到SonicWall防火墙的访问控制列表中，确保RAP可以与防火墙进行通信。

然后，配置防火墙规则以允许RAP访问本地网络中的特定资源，如服务器、打印机等。

3. 配置RAP与SonicWall的VPN连接：接下来，需要配置RAP与SonicWall之间的VPN连接。

打开Aruba RAP的控制台界面，进入VPN配置界面，添加SonicWall防火墙作为VPN网关，并配置相关参数，如VPN协议（IPSec或SSL VPN）、加密算法、预共享密钥等。

在SonicWall防火墙上，也需要配置RAP作为VPN客户端，并设置相应的VPN参数。

4. 测试RAP访问本地网络：完成上述配置后，即可进行RAP访问本地网络的测试。

断开RAP与本地网络之间的有线连接，将RAP放置在需要访问的位置，并将其配置为无线客户端。

使用无线设备连接到RAP所提供的SSID，并尝试访问本地网络的资源。

如果一切配置正确，RAP应该能够安全访问本地网络，并通过SonicWall防火墙进行安全访问控制。

5. 验证安全访问控制：为了验证SonicWall防火墙对RAP的安全访问控制有效，可以尝试访问本地网络的受限资源，如内部服务器。

SonicWALL 防火墙 HA 配置网络连接如下图所示：SonicWALL HA是Active/Passive方式的HA，配置界面相当简单，所有配置只需要在主设备上配置，备用设备会自动同步主设备的配置。

配置主设备时，不要打开备用设备电源，待主设备配置完毕之后，连接好物理线路，打开备用设备电源，备用设备自动与主设备同步全部的配置信息。

注意：备用设备要和主设备采用同样的操作系统版本号。

如果备用设备启用UTM的功能，那么备用设备要提前注册，拿到全部的UTM的授权。

主设备的UTM License不会同步到备用设备。

1．进入主设备的管理界面https://192.168.168.168, 默认的LAN口IP地址，用户名是 admin, 密码password2．进入Network->Interfaces界面，配置X1口（WAN），X0口（LAN）的IP地址。

这里X1口是WAN口，IP 地址218.247.156.9, 这个地址将成为HA发生切换之后WAN口的虚拟地址，从WAN外部通过218.247.156.9能访问到当前工作的设备，即如果主设备宕机，那么通过这个地址访问到的是备用设备。

X0 口IP地址用默认的 192.168.168.168. 这个地址将成为HA发生切换之后LAN口的虚拟地址，从LAN 内部通过192.168.168.168能访问到当前工作的设备，即如果主设备宕机，那么通过这个地址访问到的是备用设备。

3．进入Hardware Failover->Setting 界面，选中Enable Hardware Failover激活HA配置，点右上角的Apply按钮使HA生效。

如果希望主设备恢复后立刻切换回到主设备工作，那么选中Enable Preempt Mode，点右上角的Apply按钮使之生效.4．进入Hardware Failover->Monitoring界面，点X0口的配置按钮，5．在Interface X0 Monitoring Settings界面的Primary IP Address, Backup IP Address分别填写主/备设备的管理IP地址。

SonicWALL 防火墙配置NAT Policy1、简介: 如何配置NAT Policies并发布服务器本文适用于：涉及到的Sonicwall防火墙Gen5:NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NS A 240Gen5 TZ系列:TZ 100/W, TZ 200/W, TZ 210/WirelessGen4: PRO系列:PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260Gen4: TZ系列:TZ 190/W, TZ 180/W, TZ 170/W/SP/SP Wireless固件/软件版本:所有SonicOS增强版版本服务:NAT Policy, Firewall Access Rules, Firewall Services功能与应用NAT(网络地址转换)属接入广域网(WAN)技术,是一种将私有(保留)地址转化为合法IP地址的转换技术,它被广泛应用于各种类型Internet接入方式和各种类型的网络中。

Sonicwall的操作系统允许用户对出入流量定义NAT Policies，本文演示了在Sonicwall防火墙中配置NA T Policies的方法。

步骤配置NAT Policies添加地址对象1、选择Network->Address Objects2、点击Add按钮，为服务器添加一个局域网私有地址和一个公有地址3、点击OK完成添加地址对象定义NAT Policies1、选择Network->NAT Policies2、点击Add按钮，进行相关配置，如下图所示：提示：create a reflexive policy：当选择这个选项，将自动生成一个镜像的出入NAT Policies。

3、点击Add按钮完成配置Loopback Policy:假如想要从另一个内网的zone通过公有IP地址1.1.1.1访问服务器，可以添加一条Loopback Policy：∙Original Source:Firewalled Subnets∙Translated Source:Mywebserver Public∙Original Destination:Mywebserver Public∙Translated Destination:Mywebserver Private∙Original Service:HTTP∙Translated Service:Original∙Inbound Interface:Any∙Outbound Interface:Any∙Comment:Loopback policy∙Enable NAT Policy:Checked∙Create a reflexive policy:unchecked创建防火墙Access Rules1、选择Firewall->Access Rules2、在View style区域选择WAN到LAN的access rules3、点击Add按钮，创建一条访问规则4、点击OK完成配置。

SonicWALL防火墙标准版配置SonicWall标准版网络向导配置 (1)SonicWall标准版规则向导配置 (7)SonicWall标准版一般规则向导配置 (7)SonicWall标准版服务器规则向导配置 (12)SonicWall标准版一般规则直接配置 (15)SonicWall标准版服务器1对1 NA T配置 (18)SonicWall标准版透明模式配置 (19)SonicWall标准版网络向导配置首次接触SonicWALL防火墙设备，我们将电源接上，并开启电源开关，将X0口和你的电脑相连（注：请用交叉线），SonicWALL防火墙默认的IP地址为192.168.168.168，我们也可以通过setuptool.exe这个小工具探知SonicW ALL防火墙的IP地址。

如图所示：当网线和电源等都连接好之后，我们设置一下本机的IP地址，以便和SonicWALL防火墙处于同一个网段。

如图所示：设置好IP地址后，我们在IE浏览器的地址栏输入SonicWALL防火墙的IP地址，点next，提示我们是否修改管理员密码，暂时不修改，点next，提示我们修改防火墙的时区，我们选择中国的时区。

点next，提示我们设置W AN口的地址获取类型，这时候，我们需要和ISP相联系，并选择相关的类型，这里以静态地址为例：我们点next，输入相关的信息，IP地址、掩码、网关、DNS服务器等，如果不知道此处该如何设置，请和你的ISP联系。

点next，提示我们设置LAN口的IP和掩码，我们根据自己的规划和网络的实际情况设置，此处我没有修改。

点next，防火墙询问我们在LAN口是否开启DHCP server的功能，并是否是默认的网段，我们可根据实际情况做调整，决定开始或关闭，以及网段地址等，如下图：点next，防火墙将把前面做的设置做一个摘要，以便我们再一次确认是否设置正确，如果有和实际不符的地方，可以点back返回进行修改。

SonicOS Enhanced HOW TO --- Firewall with Filter 创建日期: 2003年11月20日最后修正: 2003年11月20日•PC_1 (172.16.9.241) 可以访问internet•PC_2 (172.16.9.242) 不能访问internet•SonicOS 2.0.0.1 增强版或者以上版本•浏览器客户端，SMTP客户端，POP3 客户端PRO4060 配置Network 配置1.设置 LAN = 172.16.9.222, 掩码255.255.255.02.设置 WAN = 2.2.2.1, 掩码255.255.255.248 以及对应外网网关对象配置3.接下来，我们需要定义2个地址对象N_Server_1 = 172.16.9.241, 掩码255.255.255.255N_Server_2 = 172.16.9.242, 掩码255.255.255.255进入Network Address Objects页面, 点击Add…按钮6.点击OK完成配置7.重复上述配置，完成对PC_2对象的定义防火墙规则配置8.下面的步骤是添加防火墙规则9.进入Firewall Access Rules页面, 点击From LAN to WAN编辑图标10.点击Ad d…按钮. 参照如下填写11.点击OK完成配置12.配置后的界面如下. 注意：拒绝策略拥有更高的优先级测试13.PC_1 可以ping/HTTP/SMTP/POP3 到 2.2.2.514.PC_2 不可以ping/HTTP/SMTP/POP3到2.2.2.515.进入Log View, 可以看到PING以及HTTP数据包被策略1（LAN->WAN）丢弃* * * e n d * * *。

SonicWALL PRO3060防火墙配置SonicWall网络向导配置 (1)SonicWall规则配置 (7)SonicWall一般规则配置 (7)SonicWall服务器规则向导配置 (10)SonicWall透明模式配置 (13)SonicWall对象配置 (16)SonicWall网络向导配置首次接触SonicW ALL防火墙设备，我们将电源接上，并开启电源开关，将X0口和你的电脑相连（注：请用交叉线），SonicWALL防火墙默认的IP地址为192.168.168.168当网线和电源等都连接好之后，我们设置一下本机的IP地址，以便和SonicWALL防火墙处于同一个网段。

如图所示：设置好IP地址后，我们在IE浏览器的地址栏输入SonicWALL防火墙的IP地址，防火墙将弹出网络配置向导界面点next，提示我们是否修改管理员密码，根据需要我们将密码设置为实际密码，点next，提示我们修改防火墙的时区，我们选择中国的时区。

点next，提示我们设置W AN口的地址获取类型，这时候，我们需要和ISP相联系，并选择相关的类型，这里以静态地址为例：点next，输入相关的信息，IP地址、掩码、网关、DNS服务器等，如果不知道此处该如何设置，请和你的ISP联系。

点next，提示我们设置LAN口的IP和掩码，我们根据自己的规划和网络的实际情况设置，此处我没有修改。

点next，设置DHCP server的相关配置，如果不开启，把勾取消即可。

点next，点apply，设置生效。

点close，回到登陆界面输入帐号密码后，点login当把配置做好以后，我们将防火墙的X1口接到ISP进来的网线上，将X0口接到内网交换机上。

SonicWall规则配置SonicWall一般规则配置这时，我们已经可以访问外网了。

此时的策略是默认允许内网的所有机器可以任意的访问外网，为了符合公司的安全策略，我们如果要相关的安全策略，限制一些访问的协议。

SonicWALL防火墙标准版配置SonicWall标准版网络向导配置 (1)SonicWall标准版规则向导配置 (11)SonicWall标准版一般规则向导配置 (11)SonicWall标准版服务器规则向导配置 (21)SonicWall标准版一般规则直接配置 (25)SonicWall标准版服务器1对1 NAT配置 (29)SonicWall标准版透明模式配置 (31)SonicWall标准版网络向导配置首次接触SonicWALL防火墙设备，我们将电源接上，并开启电源开关，将X0口和你的电脑相连（注：请用交叉线），SonicWALL防火墙默认的IP地址为192.168.168.168，我们也可以通过setuptool.exe这个小工具探知SonicWALL防火墙的IP地址。

如图所示：页脚内容1当网线和电源等都连接好之后，我们设置一下本机的IP地址，以便和SonicWALL防火墙处于同一个网段。

如图所示：设置好IP地址后，我们在IE浏览器的地址栏输入SonicWALL防火墙的IP地址，页脚内容2点next，提示我们是否修改管理员密码，页脚内容3暂时不修改，点next，提示我们修改防火墙的时区，我们选择中国的时区。

页脚内容4点next，提示我们设置WAN口的地址获取类型，这时候，我们需要和ISP相联系，并选择相关的类型，这里以静态地址为例：页脚内容5我们点next，输入相关的信息，IP地址、掩码、网关、DNS服务器等，如果不知道此处该如何设置，请和你的ISP联系。

页脚内容6点next，提示我们设置LAN口的IP和掩码，我们根据自己的规划和网络的实际情况设置，此处我没有修改。

页脚内容7点next，防火墙询问我们在LAN口是否开启DHCP server的功能，并是否是默认的网段，我们可根据实际情况做调整，决定开始或关闭，以及网段地址等，如下图：页脚内容8点next，防火墙将把前面做的设置做一个摘要，以便我们再一次确认是否设置正确，如果有和实际不符的地方，可以点back返回进行修改。

sonicwall防火墙设置方法有哪些sonicwall防火墙想要设置下!用什么方法好呢?下面由店铺给你做出详细的sonicwall防火墙设置方法介绍!希望对你有帮助!sonicwall防火墙设置方法一：假设你要把服务器192.168.3.5的80端口映射出去，其中192.168.3.5做好了花生壳(或者你外网是个固定IP)首先到network→Services里，点击添加新建一个端口。

名称：TCP80，类型TCP，端口范围80-80.然后在SonicWALL右上角你可以看到一个三角形的按钮，叫Wizards ，点击那个按钮。

在弹出的页面中选择Public Server Wizard ，点击next，Server Type选择other，Services 就选择你刚才建立的TCP80，点击下一步Server Name就是你在防火墙上看到服务器的名字(以后可以在防火墙规则以及NAT规则里看到这个)，随便起个自己认识的就行，Server Private IP Address就是你服务器的内网IP(192.168.3.5) 点击下一步之后，会出现Server Public IP Address，这个如果你是ADSL拨号的就不用管(如果是固定IP的话就填你的外网IP，不过这里一般防火墙会帮你自动填入)直接点击下一步，之后就会出来确认信息，点击apply应用设置即可。

等向导弹出结束按钮，按close退出即可。

至此，完成服务器192.168.3.5的80端口发布。

备注：默认情况下80口是被运营商封堵的，如果需要使用80端口直接打开，就必须去运营商处进行备案。

你也可以发布成其他端口，然后采用IP+端口号(例如202.96.133.22:8888)这样的进行访问。

sonicwall防火墙设置方法二：配置连接有三个基本步骤：配置SonicWALL防火墙，创建配置账户，安装和配置SonicWALL Global Client。

sonicwall防火墙如何设置安装了sonicwall防火墙，但不会设置，该怎么办呢?下面由店铺给你做出详细的sonicwall防火墙设置方法介绍!希望对你有帮助!sonicwall防火墙设置方法一：进入管理页面，有一个配置向导，按照那个一步步来，可以初步连接上去，在此基础上你可以再进行其他的管理配置sonicwall防火墙设置方法二：最简单的方法自然是使用向导，登录防火墙之后，右上角有个Wizards，点那个，然后进去之后选择Public Server Wizard，一步一步来就可以了，服务器类型看你要建立哪种服务器，根据需要选择后面那一页是填服务器名字，你服务器内网IP，还有备注。

最后那外网IP防火墙会根据当前WAN口IP自动填写，一般来说没必要改。

最后完成就行了，防火墙会自动创建相关规则，很方便。

如果不使用向导，就得做以下步骤：首先要设置访问规则，在防火墙filewall里的WAN→LAN，设置源IP为any，目的地址是你内网那个IP，然后服务选择相应的端口(例如是网页服务器就选择HTTP什么的，也可以自定义)。

端口any即可。

之后需要在network里做NAT策略，源地址any，不转换;目的地址是你的防火墙外网地址，转换为你的那个内网地址，端口和上面防火墙上设置的一样。

之后如果你想在内网使用外网IP来访问服务器，就需要再做NAT 策略，把内网的地址转换为公网IP，否则你无法在内网使用域名或者外网IP访问服务器(当然内网IP是可以的)。

相关阅读：sonicwall防火墙介绍优点：SonicWALL®网络安全设备(NSA)系列下一代防火墙采用了独特的多核设计以及具有专利的免重组深度包检测®(RFDPI)技术*，让您无需牺牲网络性能即可获得全方位的安全保护。

NSA系列克服了现有安全解决方案的各种局限性它能实时地对每一个数据包执行整体扫描，以检测当前出现的内部及外部威胁。

NSA系列提供了入侵防御、恶意软件保护以及应用智能、控制和可视化功能，同时提供了突破性性能。

Organizations of all sizes depend on their networks to access internal and external mission-critical applications. As advances in networking continueto provide tremendous benefits, organizations are increasingly challenged by sophisticated and financially-motivated attacks designed to disrupt communication, degrade performance and compromise data. Malicious attacks penetrate outdated stateful packet inspection firewalls with advanced application layer exploits. Point products add layers of security, but are costly, difficult to manage, limited in controlling network misuse and ineffective against the latest multipronged attacks.By utilizing a unique multi-core design and patented Reassembly-Free Deep Packet Inspection® (RFDPI) technology*, the Dell™ SonicWALL™ Network Security Appliance (NSA) Series of Next-Generation Firewalls offers complete protection without compromising network performance. The low latency NSA Series overcomes the limitations of existing security solutions by scanning the entirety of each packet for current internal and external threats in real-time. The NSA Series offers intrusion prevention, malware protection, and application intelligence, control and visualization, while delivering breakthrough performance. With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology, the NSA Series adds security, reliability, functionality and productivity to branch offices, central sites and distributed mid-enterprise networks, while minimizing cost and complexity.Comprised of the Dell SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M, NSA 250M Wireless-N, NSA 2400, NSA 3500 and NSA 4500, the NSA Series offers a scalable range of solutions designed to meet the network security needs of any organization.Network SecurityAppliance SeriesNext-Generation Firewall• Next-Generation Firewall• Scalable multi-core hardware andReassembly-Free Deep PacketInspection• Application intelligence, controland visualization• Stateful high availability and loadbalancing• High performance and loweredtco• Network productivity• Advanced routing services andnetworking• Standards-based Voice over IP(VoIP)• Dell Sonicwall clean Wireless• onboard Quality of Service (QoS)• Integrated modules support• Border Gateway Protocol (BGP)support• More concurrent SSL VPN sessionsFeatures and benefitsNext-Generation Firewall features integrate intrusion prevention, gateway anti-virus, anti-spyware and URL filtering with application intelligence and control, and SSL decryption to block threats from entering the network and provide granular application control without compromising performance.Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, with near-zero latency across thousands of connections at wire speed.Application intelligence, control and visualization provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. Stateful high availability and load balancing features maximize total network bandwidth and maintain seamless network uptime, delivering uninterrupted access to mission-critical resources, and ensuring that VPN tunnels and other network traffic will not be interrupted in the event of a failover. High performance and lowered tcoare achieved by using the processingpower of multiple cores in unison todramatically increase throughput andprovide simultaneous inspectioncapabilities, while lowering powerconsumption.Network productivity increases becauseIT can identify and throttle or blockunauthorized, unproductive andnon-work related applications and websites, such as Facebook® or YouTube®,and can optimize WAN traffic whenintegrated with Dell SonicWALL WANAcceleration Appliance (WXA) solutions.Advanced routing services andnetworking features incorporate 802.1qVLANs, multi-WAN failover, zone andobject-based management, loadbalancing, advanced NAT modes, andmore, providing granular configurationflexibility and comprehensive protectionat the administrator’s discretion.Standards-based Voice over IP (VoIP)capabilities provide the highest levels ofsecurity for every element of the VoIPinfrastructure, from communicationsequipment to VoIP-ready devices suchas SIP Proxies, H.323 Gatekeepers andCall Servers.Dell SonicWALL clean Wirelessoptionally integrated into dual-bandwireless models or via Dell SonicWALLSonicPoint wireless access pointsprovides powerful and secure 802.11a/b/g/n 3x3 MIMO wireless, and enablesscanning for rogue wireless accesspoints in compliance with PCI DSS.onboard Quality of Service (QoS)features use industry standard 802.1pand Differentiated Services Code Points(DSCP) Class of Service (CoS)designators to provide powerful andflexible bandwidth management that isvital for VoIP, multimedia content andbusiness-critical applications.Integrated modules support on NSA250M and NSA 250M Wireless-Nappliances reduce acquisition andmaintenance costs through equipmentconsolidation, and add deploymentflexibility.Border Gateway Protocol (BGP)support enables alternate networkaccess paths (ISPs) if one path fails.More concurrent SSL VPN sessions addscalability, while extending End PointControl to Microsoft® Windows® devicesensures anti-malware and firewalls areup-to-date.Best-in-class threat protection Dell SonicWALL deep packetinspection protects against network risks such as viruses, worms, Trojans, spyware, phishing attacks, emerging threats and Internet misuse. Application intelligence and control adds highly controls to prevent data leakage and manage bandwidth at the application level.The Dell SonicWALL Reassembly-Free Deep Packet Inspection (RFDPI) technology utilizes Dell SonicWALL’s multi-corearchitecture to scan packets in real-time without stalling traffic in memory.This functionality allows threats to be identified and eliminated over unlimited file sizes and unrestricted concurrent connections, without interruption.The Dell SonicWALL NSA Series provides dynamic network protection through continuous, automated security updates, protecting against emerging and evolving threats, without requiring any administrator intervention.Dynamic security architectureand managementMobile users32Application intelligence and control Dell SonicWALL Application Intelligence and Control provides granular control, data leakage prevention, and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. An integrated feature of Dell SonicWALL Next-Generation Firewalls, it uses Dell SonicWALL RFDPItechnology to identify and control applications in use with easy-to-use pre-defined application categories (such as social media or gaming)—regardless of port or protocol. Dell SonicWALL Application Traffic Analytics provides real-time and indepth historical analysis of data transmitted through the firewall including application activities by user.1Dell SonicWALL clean VPNDell SonicWALL Clean VPN™ secures the integrity of VPN access for remote devices including those running iOS or Android by establishing trust for remote users and these endpoint devices and applying anti-malware security services, intrusion prevention and application intelligence and control to eliminate the transport of malicious threats• The SonicWALL NSA 2400 is ideal for branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance • The SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M and NSA 250M Wireless-N are ideal for branch office sites in distributed enterprise, small- to medium-sizedbusinesses and retail environmentscentralized policy managementThe Network Security Appliance Series can be managed using the SonicWALL Global Management System, which provides flexible, powerful and intuitive tools to manage configurations, viewreal-time monitoring metrics andintegrate policy and compliancereporting and application traffic analytics,all from a central location.Server Anti-Virusand Anti-SpywareServers anti-threatprotectionVPNVPNClientRemoteAccessUpgradeServiceWeb siteand contentusage control Enforced ClientAnti-Virusand Anti-SpywareClient PCs anti-threat protectionFlexible, customizable deployment options –NSA Series at-a-glanceEvery SonicWALL Network Security Appliance solution delivers Next-Generation Firewall protection, utilizing a breakthrough multi-core hardware design and Reassembly-Free Deep Packet Inspection for internal and external network protection without compromising network performance. Each NSA Series product combineshigh-speed intrusion prevention, file and content inspection, and powerful application intelligence and controlwith an extensive array of advanced networking and flexible configuration features. The NSA Series offers an accessible, affordable platform that is easy to deploy and manage in a wide variety of corporate, branch office and distributed network environments.• The SonicWALL NSA 4500 is ideal for large distributed and corporate central-site environments requiring high throughput capacity and performance • The SonicWALL NSA 3500 is idealfor distributed, branch office and corporate environments needing significant throughput capacity and performanceSecurity services andupgradesGateway Anti-Virus,Anti-Spyware, IntrusionPrevention and ApplicationIntelligence and controlService delivers intelligent,real-time network security protectionagainst sophisticated application layerand content-based attacks includingviruses, spyware, worms, Trojans andsoftware vulnerabilities such as bufferoverflows. Application intelligence andcontrol delivers a suite of configurabletools designed to prevent data leakagewhile providing granular application-level controls along with tools enablingvisualization of network traffic.Enforced client Anti-Virusand Anti-spyware (McAfee)working in conjunction withDell SonicWALL firewalls,guarantees that allendpoints have the latest versions ofanti-virus and anti-spyware softwareinstalled and active.content Filtering Serviceenforces protection andproductivity policies byemploying an innovativerating architecture, utilizingadynamic database to block up to 56categories of objectionable webcontent.Analyzer is a flexible, easyto use web-basedapplication traffic analyticsand reporting tool thatprovides powerful real-time andhistorical insight into the health,performance and security of the network.Virtual Assist is a remotesupport tool that enablesa technician to assumecontrol of a PC or laptopfor the purpose of providingremote technical assistance. Withpermission, the technician can gaininstant access to a computer using aweb browser, making it easy to diagnoseand fix a problem remotely without theneed for a pre-installed “fat” client.Dynamic Support Servicesare available 8x5 or 24x7depending on customerneeds. Features includeworld-class technicalsupport, crucial firmware updates andupgrades, access to extensive electronictools and timely hardware replacementto help organizations get the greatestreturn on their Dell SonicWALLinvestment.Global VPN clientUpgrades utilize a softwareclient that is installed onWindows-based computersand increase workforce productivity byproviding secure access to email, files,intranets, and applications for remoteusers.provide clientlessLinux-based systems. With integratedSSL VPN technology, Dell SonicWALLfirewall appliances enable seamless andsecure remote access to email, files,intranets, and applications from a varietyof client platforms via NetExtender, alightweight client that is pushed onto theuser’s machine.SonicWALL Mobile connect™,a single unified client app forApple® iOS and Google®Android™, provides smartphone andtablet users superior network-levelaccess to corporate and academicresources over encrypted SSL VPNconnections.comprehensive Anti-SpamService (CASS) offerssmall- to medium-sizedbusinesses comprehensiveprotection from spam andviruses, with instant deployment overexisting Dell SonicWALL firewalls. CASSspeeds deployment, eases administrationand reduces overhead by consolidatingsolutions, providing one-click anti-spamservices, with advanced configuration injust ten minutes.Deep Packet Inspection for of SSL-Encrypted traffic (DPI-SSL) transparentlydecrypts and scans both inbound andoutbound HTTPS traffic for threats usingDell SonicWALL RFDPI. The traffic is thenre-encrypted and sent to its originaldestination if no threats or vulnerabilitiesare discovered.Denial of Service attack prevention 22 classes of DoS, DDoS and scanning attacksKey exchange K ey Exchange IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec Route-based VPN Yes (OSPF, RIP)Certificate support Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for Dell SonicWALL-to-Dell SonicWALL VPN, SCEP Dead peer detection Yes DHCP over VPN Yes IPSec NAT TraversalYes Redundant VPN gatewayYesGlobal VPN client platforms supported Microsoft Windows 2000, Windows XP, Microsoft Vista 32/64-bit, Windows 7 32/64-bitSSL VPN platforms supportedMicrosoft Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSEMobile Connect platforms supported iOS 4.2 and higher, Android 4.0 and higherSecurity servicesDeep Packet Inspection Service Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence and Control Content Filtering Service (CFS) HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and cookie blocking bandwidth management on filtering categories, allow/forbid lists Gateway-enforced Client Anti-Virus and Anti-Spyware McAfee Comprehensive Anti-Spam Service Supported Application Intelligence Application bandwidth management and control, prioritize or block application and Control by signatures, control file transfers, scan for key words or phrasesDPI SSL Provides the ability to decrypt HTTPS traffic transparently, scan this traffic for threats using Dell SonicWALL’s Deep Packet Inspection technology (GAV/AS/IPS/ Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both clients and workingIP Address assignment Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay NAT modes1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent modeVLAN interfaces (802.1q) 25352550200Routing OSPF, RIPv1/v2, static routes, policy-based routing, MulticastQoS Bandwidth priority, maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1pIPv6Yes AuthenticationXAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix Internal database/single sign-on users 100/100 Users150/150 Users250/250 Users300/500 Users1,000/1,000 UsersVoIPFull H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devicesSystemZone security Yes SchedulesOne time, recurring Object-based/group-based management Yes DDNSYesManagement and monitoring Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v3: Global management with Dell SonicWALL GMSLogging and reporting Analyzer, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with extensions, real-time visualizationHigh availabilityOptional Active/Passive with State SyncLoad balancing Yes, (Outgoing with percent-based, round robin and spill-over); (Incoming with round robin,random distribution, sticky IP, block remap and symmetrical remap)StandardsTCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3Wireless standards802.11 a/b/g/n, WPA2, WPA, TKIP, 802.1x, EAP-PEAP, EAP-TTLS WAN acceleration supportYesFlash memory32 MB compact Flash 512 MB compact Flash3G wireless/modem * With 3G/4G USB adapter or modem — With 3G/4G USB adapter or modemPower supply 36W external Single 180W ATX power supplyFansNo fan/1 internal fan 2 internal fans 2 fansPower input10-240V, 50-60Hz Max power consumption 11W/15W 12W/16W 42W 64W 66W Total heat dissipation 37BTU/50BTU 41BTU/55BTU 144BTU 219BTU 225BTUCertificationsVPNC, ICSA Firewall 4.1 EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1, IPv6 Phase 1, IPv6 Phase 2Certifications pending EAL4+, FIPS 140-2 Level 2, IPv6 Phase 1, IPv6 Phase 2 —Form factor 1U rack-mountable/ 1U rack-mountable/ 1U rack-mountable/ and dimensions 7.125 x 1.5 x 10.5 in/ 17 x 10.25 x 1.75 in/ 17 x 13.25 x 1.75 in/18.10 x 3.81 x 26.67 cm 43.18 x 26 x 4.44 cm 43.18 x 33.65 x 4.44 cmWeight 1.95 lbs/0.88 kg/ 3.05 lbs/1.38 kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/ 5.14 kg2.15 lbs/0.97 kg3.15 lbs/1.43 kg WEEE weight V 3.05 lbs/1.38 kg/4.4 lbs/2.0kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/5.14 kg3.45 lbs/1.56 kg4.65 lbs/2.11 kgMajor regulatoryF CC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE Environment 40-105° F, 0-40° C 40-105° F, 5-40° CMTBF 28 years/15 years 23 years/14 years 14.3 years 14.1 years 14.1 yearsHumidity5-95% non-condensing 10-90% non-condensingcertificationsSpecificationsTesting methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Full DPI Performance/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Actual maximum connection counts are lower when Next-Generation Firewall services are enabled. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. Supported on the NSA 3500 and higher. Not available on NSA 2400. *USB 3G card and modem are not included. See http://www.Dell /us/products/cardsupport.html for supported USB devices. The Comprehensive Anti-Spam Service supports an unrestricted number of users but is recommended for 250 users or less. With Dell SonicWALL WXA Series Appliance.Network Security Appliance 3500 01-SSC-7016NSA 3500 TotalSecure* (1-year) 01-SC-7033Network Security Appliance 450001-SSC-7012NSA 4500 TotalSecure* (1-year) 01-SC-7032Network Security Appliance 2400 01-SSC-7020NSA 2400 TotalSecure* (1-year) 01-SC-7035Network Security Appliance 250M 01-SSC-9755Network Security Appliance 250M Wireless-N 01-SSC-9757 (US/Canada)Network Security Appliance 250M TotalSecure* 01-SSC-9747Network Security Appliance 250M Wireless-N TotalSecure*01-SSC-9748 (US/Canada)Network Security Appliance 220 01-SSC-9750Network Security Appliance 220 Wireless-N 01-SSC-9752 (US/Canada)Network Security Appliance 220 TotalSecure* 01-SSC-9744Network Security Appliance 220 Wireless-N TotalSecure*01-SSC-9745 (US/Canada)For more information on Dell SonicWALL network security solutions, please visit .*Includes one-year of Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, andApplication Intelligence and Control Service, Content Filtering Service and Dynamic Support 24x7.Security Monitoring Services from Dell SecureWorks are available for thisappliance Series. For more information, visit /secureworks。

SonicWall防火墙透明模式配置（三层交换机）用户要求防火墙配置成透明模式接入到网络，要求达到的配置
如下图示
配置步骤：
1、配置防火墙WAN网卡
2、建立透明模式下的地址对象
（注意：透明范围不能够包含了防火墙本身的地址（192.168.254.21）以及防火墙的网关地址(192.168.254.1) ，同时也不能够包含防火墙WAN口外面的地址，即如果防火墙WAN外面还有其他的地址如192.168.254.200 则Transparent Range 不能够包含该地址, 否则可能会引发安全问题！！）
3、建立内网地址对象（注意：本范例中仅示例了2 个内网网段，可根据实际情况增加）
4、建立地址对象组
5、配置内网3 层交换机的地址对象
6、配置完成后的界面显示如下：
7、配置内网地址访问外网的回程路由（必须配置！！）
8、配置防火墙LAN网卡配置透明模式
9、关闭防火墙DHCP服务器
配置完成！。

如何在SonicWALL防火墙上配置L2TP_G5_Enhanced如何在如何在 SonicWALL 防火墙上配置 L2TP配置手册版本 1.0.0Question/T opicUTM: 如何在 SonicWALL 防火墙上配置 L2TPAnswer/Article本文适用于：涉及到的 Sonicwall 防火墙Gen5: NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA2400, NSA 240Gen5 TZ 系列 TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 系列:WirelessGen4: PRO 系列 PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 系列:1260Gen4: TZ 系列 TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 系列:SP, TZ 170 SP Wireless固件/软件版本固件软件版本: 所有 SonicOS 增强版版本软件版本服务: 服务 L2TP Server功能与应用本文介绍了如何在SonicWALL 防火墙上配置L2TP 服务器以及Microsoft L2TP VPN 客户端。

本文适用于所有 SonicOS 增强版版本以及 Windows XP Service Pack 2（SP2）用户步骤配置 L2TP Server1. 进入 Network->Address Objects 页面2. 添加地址对象 L2TP Subnet3. 进入 VPN->L2TP Server 页面，启动 L2TP Server 服务，点击Configure 按钮，如图所示添加 DNS 服务器地址以及本地 L2TP IP 地址池提示：L2TP IP 地址池应该包含在局域网地址范围内4. 进入Users->Local Users 页面 5. 添加一个地址对象， VPN Access 选项卡将LAN Subnets，在WAN RemoteAccess Networks 和L2TP Subnet 加入到 Access List 方框中6. 进入 Network->NAT Policies 页面，添加一条 NAT Policy7. 进入 VPN->Settings 页面，点击 WAN GroupVPN policy 右边的 configure 按钮，在 General 选项卡，输入 Shared Secret8. Proposals 和 Advanced 选项卡保持不变。

如何配置SonicWALL防火墙SonicWALL防火墙在中小型企业市场中非常的常见。

从那些小型的非营利公司，到中型公司的企业生意，都在依赖于SonicWALL的设备来保护他们的网络通信安全。

SonicWall使用专用的SonicOS操作系统驱动它的防火墙设备。

绝大多数SonicWALL设备现在都使用由SonicOS增强的操作系统。

这两个操作系统之间的主要区别在于，增强版启用了系统的固件（Firmware）来提供ISP失败恢复服务，区域管理以及广域网负载平衡。

安装向导SonicWALL随它的防火墙设备提供了多种向导。

根据型号不同，可用的菜单也各有差异（举例来说，像“WEP/WAP加密功能设置”菜单就只有那些具备无线功能的型号才有）安装向导是个节约时间的工具，可以简化新路由器的部署。

或当网络被重新设计后，一台SonicWALL设备可被复位成刚出厂的默认设置，这时可以使用安装向导对设备重新设置。

要使用安装向导，登录进入SonicWALL防火墙后，再点击“安装向导（Wizard）”按钮。

该向导按钮（图A）可以在主要的“系统|状态”（System | Status）页中找到。

图A:SonicWALL系统状态页提供了关于防火墙设置的大量信息下面是使用一台SonicWALL PRO 1260的整个过程。

点击了“向导”按钮后，SonicWALL配置向导提供4个选择（图B）图B图B注：SonicWALL配置向导提供4个选择。

管理员可以选择安装向导（用于配置SonicWALL设备来加密网络连接），或者端口防护接口向导（PortShield Interface Wizard，用于分割网络），或者公用服务器向导（用于提供内部服务器给公众使用），或者VPN向导（用于配置一个VPN网络）。

考虑好你是否打算选择安装向导，端口防护接口向导，公用服务器向导或是VPN向导。

就本例而言，我们将选择安装向导，并点击下一步。

安装向导出现。

sonicwall防火墙设置主要方法有哪些sonicwall防火墙设置要怎么样设置才能发挥最大的功效呢？下面由店铺给你做出详细的sonicwall防火墙设置主要方法介绍!希望对你有帮助!sonicwall防火墙设置主要方法一：SonicWALL防火墙的默认管理IP为192.168.168.168，需要把网线接到X0口(默认的LAN口)帐号admin，密码password。

如果实在进不去可以reset，使用回形针或者其他的什么东西去戳一下那个小孔(一般在电源旁边，有的型号是在正面)按住大约10秒左右，之后可以看到test灯闪烁，然后就可以通过默认的帐号和密码进去管理了。

不过需要注意的是reset之后一切配置都没有了，如果不是万不得已，最好还是别这样做。

sonicwall防火墙设置主要方法二：sonicwaLL IP：192,168.168.168user：adminpassword：password要是该过忘记了，就重置吧用针按着reset孔20秒左右开始重置，reset是，test灯会闪烁红色。

ip一般都是192,168.168.168如果不是用抓包软件测试一下就行，获取个arp request的数据包，就知道了sonicwaLL的原始ip sonicwall防火墙设置主要方法三：选择network→interface之后你可以看到各个接口，点击外网(WAN)口后面的编辑然后你可以看到一个manageent 后面有些HTTP HTTPS PING SSH等的，这里你只需要将HTTP和HTTPS勾选上即可。

这样，在你外网畅通的情况下别人就可以远程通HTTP或者HTTPS来管理这台设备。

例如你在WAN端口上看到的地址是51.123.21.8,那么当你打开管理后，别人就能通过来管理你的防火墙。