Page 6
Welcome to the ‘SonicWALL Recommends’ Guide for the SonicWALL TZ 180 security appliance. This guide is designed to help you configure the TZ 180 security appliance to provide reliable, secure, and trouble-free connectivity. This guide is not intended as a replacement for the Getting Started Guide or the Administrator’s Guide, but rather as an addendum to both guides.
– “Symptom: I Cannot Get Site-to-Site VPN to Work” section on page 19 “Symptom: I Do Not Have Internet Access from Behind the TZ 180” section on page 25 – “Symptom: I Want to Update the Firmware on the TZ 180” section on page 26 –...
It is critical to register the TZ 180 security appliance. If the TZ 180 security appliance is not registered, you cannot install new firmware or access new firmware updates on the MySonicWALL portal. As with other networking devices, the TZ 180 is shipped with the most current software possible;...
Page 10
To register your TZ 180, log into MySonicWALL, enter your username and password, and enter the serial number of the TZ 180 in the Quick Registration field in the lower-left side of the page. Fill out the fields when prompted. A registration code is generated.
Page 11
Registering and Enabling Support Step 8 Determine what firmware version is on the TZ 180 security appliance by navigating to the System > Status page of the management interface. Figure 4 provides a view of the System Information tab. Figure 4 Determining the TZ 180 Current Firmware Log into mysonicwall.com and select the TZ 180 security appliance you just registered.
Page 12
Save all files on a secure network resource that is backed up on a regular basis. Refer to “SonicWALL Backup and Recovery Solutions” section on page 28 for information about how a SonicWALL CDP appliance to perform this task. If any problems occur, restore using the backup snapshot. If this fails, reload the firmware and preferences manually using SafeMode.
Page 13
Keep this small switch depressed and plug the power cable back in. Hold the small switch in for about 20 seconds until the “wrench light” on the front of the TZ 180 flashes, then release it.
Security Best Practices for TZ 180 Running SonicOS Standard Security Best Practices for TZ 180 Running SonicOS Standard By default the TZ 180s security appliance is available with a number of security settings enabled and disabled to provide a moderate level of initial security to protect your network environment and the appliance, while simultaneously allowing basic and commonly used outbound network communications.
Page 15
Security Best Practices for TZ 180 Running SonicOS Standard Solution Description Related Information Use Dynamic DNS Navigate to the Network > Dynamic For more information on using (DDNS) to make your DNS page and configure the security Dynamic DNS, refer to the WAN IP address easily appliance for DDNS.
Page 16
Security Best Practices for TZ 180 Running SonicOS Standard Solution Description Related Information Optimize your firewall On any firewall rule, enable fragmented For more information on access rules packet handling, and verify that the firewall access, refer to the connection timeout for the rule is “Configuring Network Access...
Page 17
Security Best Practices for TZ 180 Running SonicOS Standard Solution Description Related Information Map logged IP address On the Log > Name Resolution page, set For more information on to machine name for it to DNS then NetBIOS and click the...
Symptom: I Am Having Problems Installing a Public Server on the DMZ/OPT Port, page 14 – Symptom: I Have One Public WAN IP Address, the TZ 180 Is Already Using the HTTP and – HTTPS Ports for Management, and the Ports Are Needed for an Internal Server, page 15 Symptom: I Want to Assign a Unique Public IP Address to the Resource on the OPT Interface, –...
– Internet Connectivity Troubleshooting, page 25 • Symptom: I Do Not Have Internet Access from Behind the TZ 180, page 25 – – Symptom: Users on the WAN Cannot Get to Servers on the OPT or LAN Interfaces, but the NAT/Firewall Rules Look Fine, page 25 •...
Figure 7 OPT Interface Is Down Symptom: I Have One Public WAN IP Address, the TZ 180 Is Already Using the HTTP and HTTPS Ports for Management, and the Ports Are Needed for an Internal Server Navigate to the System > Administration page and set the HTTP and HTTPS Web management ports to something non -standard, for example, 8080 and 40443.
Troubleshooting TZ 180 Configuration and Settings Issues Symptom: I Want to Assign a Unique Public IP Address to the Resource on the OPT Interface Verify that the OPT interface is in NAT mode, then navigate to the Network > One to One NAT page, check the box next to Enable One to One NAT, and create an entry that associates the public WAN IP address with the private (remapped) internal IP address of the resource on the WAN.
Symptom: I Cannot Get the Global VPN Client Working Verify that the TZ 180 has licenses for the GlobalVPN client. The appliance does not have default licenses for SonicWALL’s Global VPN client (GVC), so the appropriate licenses must be purchased and installed.
Virtual Adapter capability of the GroupVPN policy. The GlobalVPN clients receive the correct IP address in the DHCP lease. Registration Troubleshooting Symptom: I Am Having Registration Problems with the TZ 180 Review the “Registering and Enabling Support” section on page 4, which provides instructions for registering the TZ 180 security appliance.
SonicWALL VPN Global Settings with UFI Fix Incorrect UFI Settings If one side of the VPN tunnel is a SonicWALL security appliance with a WAN IP address that is obtained dynamically, then Aggressive Mode must be used. For detailed information about configuring site-to-site SonicWALL security appliances for VPN tunnels, refer to the Configuring VPNs Between SonicOS Standard and SonicOS Enhanced technote document.
Page 25
Troubleshooting TZ 180 Configuration and Settings Issues When a SonicWALL security appliance negotiates Aggressive Mode VPN tunnels, it uses the Unique Firewall Identifier (UFI), illustrated in Figure 10, as its identity. Both sides must be set to know the other side’s UFI.
Page 26
Traversal is enabled on both SonicWALL security appliances, and that any firewall in between is set to pass UDP port 500 and UDP port 4500. If one of the sides is not a SonicWALL security appliance, it is necessary to open UDP port 500 and IP type 50, since NAT Traversal may not negotiate with the third-party security appliance.
Missing ‘Default LAN Gateway’ Option - When running SonicOS Standard or Firmware 6.x on a SonicWALL security appliance at a main site, using the Use this VPN Tunnel as default route for all Internet traffic option (also referred to as tunnel-all mode), a LAN default gateway must be specified on the other side’s VPN.
NAT security appliance in between is configured to pass UDP port 500 and UDP port 4500. If one of the sides is not a SonicWALL security appliance, it is also necessary to open UDP port 500 and IP type 50, since NAT Traversal may not negotiate with the third-party security appliance.
Click on the Apply button in the upper-right-hand corner, then click on the Close button in the lower-left-hand corner to return to the management interface. Restart the SonicWALL for the changes to take effect. With these settings disabled, the SonicWALL performs cryptography in software, which reduces VPN throughput but is still functional.
Use the tools found on the System > Diagnostics page to determine if the connectivity problem is between the TZ 180 and the upstream gateway, or farther upstream. It may not be an issue with the TZ 180, but with the ISP itself.
“Registering and Enabling Support” section on page 4 section of this document, as it covers the process of downloading and installing firmware for the SonicWALL TZ 180 security appliance. If you are upgrading to SonicOS Enhanced, refer the SonicOS Standard to SonicOS Enhanced technote on SonicWALL’s support site.
SonicWALL Solutions Integration SonicWALL Solutions Integration Now that your TZ 180 has been successfully installed on your network, consider these other SonicWALL solutions that are designed for easy integration and quick deployment. The following SonicWALL solutions are described in this section: SonicWALL Security Services, page 27 •...
SonicWALL’s CDP1440i and 2440i appliances are ideal for TZ 180-based networks. Install the CDP appliance directly into one of the LAN interfaces on the TZ 180, install the software-based agents onto your servers and workstations, and immediately benefit from the protection that CDP provides.
Page 34
TZ 180 as well as the MySonicWALL account the security appliance is registered under. You can place these into a folder that the CDP Agent monitors, and then mark this file for the SonicWALL Offsite Backup service, ensuring backup of the files necessary for disaster recovery of your TZ 180.
VPN client. You don’t need a separate public IP address, because you can utilize the TZ 180 WAN IP address for access, or you can configure the IP to be dynamically obtained. Figure 17...
If your internal SMTP-based email server is continually bombarded with spam, install a SonicWALL Email Security 200 or 300 server directly into one of the TZ 180 LAN interfaces.
SonicPoints to the TZ 180 security appliance. SonicWALL’s innovative central management system allows you to create shared wireless profiles on the TZ 180 security appliance, eliminating the need to individually configure each SonicPoint. Just plug them into the PoE switch and they automatically provision themselves with the newest firmware and settings files.Figure 19...
SonicWALL Global Management System (GMS) SonicWALL Global Management System (GMS) provides organizations, distributed enterprises and service providers with a flexible, powerful and intuitive tool to centrally manage and rapidly deploy SonicWALL appliances and security policy configurations. Organizations can globally manage and collect detailed information from security applications such as gateway anti-virus, anti-spyware, intrusion prevention and content filtering, all from a single console.
Related Documentation Related Documentation To access the SonicWALL technical reference library, visit the SonicWALL Web site at: http://www.sonicwall.com/us/support For detailed information on configuring SonicOS Standard, refer to the SonicOS Standard Administrator’s Guide, available at: http://www.sonicwall.com/us/support/SonicOS_Standard_3.8_Administrator’s_Guide.pdf For detailed information on configuring SonicOS Enhanced, refer to the SonicOS Enhanced Administrator’s Guide, available at:...
Obtaining Technical Support Obtaining Technical Support If you require technical assistance for your TZ 180 for issues that this guide does not cover, refer to the resources available online at SonicWALL’s North America support Web site at: http://www.sonicwall.com/us/Support.html. http://www.sonicwall.com For international support Web sites, visit and select the appropriate region or country, then click Support on the top navigation bar.
Note telephone numbers. More Information on SonicWALL Products Contact SonicWALL, Inc. for information about SonicWALL products and services at: Web: http://www.sonicwall.com email: sales@sonicwall.com Phone: (408) 745-9600 Fax: (408) 745-9300 SonicWALL TZ 180 Recommends Guide...
Specifications and descriptions subject to change without notice. Trademarks SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
Page 43
Obtaining Technical Support SonicWALL TZ 180 Recommends Guide...