SonicWALL TZ 180 Recommends Manual
  1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Firewall
  5. TZ 180
  6. Recommends manual

SonicWALL TZ 180 Recommends Manual

Hide thumbs Also See for TZ 180:
Table of Contents

Advertisement

Quick Links

Download this manual
COMPREHENSIVE INTERNET SECURITY
SonicWALL Internet Security Appliances
SonicWALL TZ 180
Recommends Guide

Advertisement

Table of Contents
loading

Related Manuals for SonicWALL TZ 180

Summary of Contents for SonicWALL TZ 180

  • Page 1 COMPREHENSIVE INTERNET SECURITY SonicWALL Internet Security Appliances SonicWALL TZ 180 Recommends Guide...
  • Page 2 SonicWALL Recommends Guide Recommended Solutions for the SonicWALL TZ 180 SonicOS 3.8 Standard and Enhanced...

  • Page 4: Table Of Contents

    Document Scope ..............................2 SonicWALL TZ 180 Network Topology ......................3 Registering and Enabling Support ........................4 Security Best Practices for TZ 180 Running SonicOS Standard ..............9 Troubleshooting TZ 180 Configuration and Settings Issues ..............13 DMZ/OPT Port Troubleshooting ......................14 Global VPN Client Troubleshooting ..................... 16 Registration Troubleshooting ........................
  • Page 5 SonicWALL TZ 180 Recommends Guide...
  • Page 6 Welcome to the ‘SonicWALL Recommends’ Guide for the SonicWALL TZ 180 security appliance. This guide is designed to help you configure the TZ 180 security appliance to provide reliable, secure, and trouble-free connectivity. This guide is not intended as a replacement for the Getting Started Guide or the Administrator’s Guide, but rather as an addendum to both guides.

  • Page 7: Document Scope

    – “Symptom: I Cannot Get Site-to-Site VPN to Work” section on page 19 “Symptom: I Do Not Have Internet Access from Behind the TZ 180” section on page 25 – “Symptom: I Want to Update the Firmware on the TZ 180” section on page 26 –...

  • Page 8: Sonicwall Tz 180 Network Topology

    SonicWALL TZ 180 Network Topology SonicWALL TZ 180 Network Topology Figure 1 SonicWALL TZ 180 Sample Network Topology Remote Client SonicWALL CDP 2440i SonicWALL TZ 180 GMS 4.0 SonicWALL Security Services link/act 10/100 SSL-VPN 200 SonicWALL SSL-VPN 200 SonicPoint SonicPoint...

  • Page 9: Registering And Enabling Support

    It is critical to register the TZ 180 security appliance. If the TZ 180 security appliance is not registered, you cannot install new firmware or access new firmware updates on the MySonicWALL portal. As with other networking devices, the TZ 180 is shipped with the most current software possible;...
  • Page 10 To register your TZ 180, log into MySonicWALL, enter your username and password, and enter the serial number of the TZ 180 in the Quick Registration field in the lower-left side of the page. Fill out the fields when prompted. A registration code is generated.
  • Page 11 Registering and Enabling Support Step 8 Determine what firmware version is on the TZ 180 security appliance by navigating to the System > Status page of the management interface. Figure 4 provides a view of the System Information tab. Figure 4 Determining the TZ 180 Current Firmware Log into mysonicwall.com and select the TZ 180 security appliance you just registered.
  • Page 12 Save all files on a secure network resource that is backed up on a regular basis. Refer to “SonicWALL Backup and Recovery Solutions” section on page 28 for information about how a SonicWALL CDP appliance to perform this task. If any problems occur, restore using the backup snapshot. If this fails, reload the firmware and preferences manually using SafeMode.
  • Page 13 Keep this small switch depressed and plug the power cable back in. Hold the small switch in for about 20 seconds until the “wrench light” on the front of the TZ 180 flashes, then release it.

  • Page 14: Security Best Practices For Tz 180 Running Sonicos Standard

    Security Best Practices for TZ 180 Running SonicOS Standard Security Best Practices for TZ 180 Running SonicOS Standard By default the TZ 180s security appliance is available with a number of security settings enabled and disabled to provide a moderate level of initial security to protect your network environment and the appliance, while simultaneously allowing basic and commonly used outbound network communications.
  • Page 15 Security Best Practices for TZ 180 Running SonicOS Standard Solution Description Related Information Use Dynamic DNS Navigate to the Network > Dynamic For more information on using (DDNS) to make your DNS page and configure the security Dynamic DNS, refer to the WAN IP address easily appliance for DDNS.
  • Page 16 Security Best Practices for TZ 180 Running SonicOS Standard Solution Description Related Information Optimize your firewall On any firewall rule, enable fragmented For more information on access rules packet handling, and verify that the firewall access, refer to the connection timeout for the rule is “Configuring Network Access...
  • Page 17 Security Best Practices for TZ 180 Running SonicOS Standard Solution Description Related Information Map logged IP address On the Log > Name Resolution page, set For more information on to machine name for it to DNS then NetBIOS and click the...

  • Page 18: Troubleshooting Tz 180 Configuration And Settings Issues

    Symptom: I Am Having Problems Installing a Public Server on the DMZ/OPT Port, page 14 – Symptom: I Have One Public WAN IP Address, the TZ 180 Is Already Using the HTTP and – HTTPS Ports for Management, and the Ports Are Needed for an Internal Server, page 15 Symptom: I Want to Assign a Unique Public IP Address to the Resource on the OPT Interface, –...

  • Page 19: Dmz/Opt Port Troubleshooting

    – Internet Connectivity Troubleshooting, page 25 • Symptom: I Do Not Have Internet Access from Behind the TZ 180, page 25 – – Symptom: Users on the WAN Cannot Get to Servers on the OPT or LAN Interfaces, but the NAT/Firewall Rules Look Fine, page 25 •...

  • Page 20: Symptom: I Have One Public Wan Ip Address, The Tz 180 Is Already Using The Http And Https Ports For Management, And The Ports Are Needed For An Internal Server

    Figure 7 OPT Interface Is Down Symptom: I Have One Public WAN IP Address, the TZ 180 Is Already Using the HTTP and HTTPS Ports for Management, and the Ports Are Needed for an Internal Server Navigate to the System > Administration page and set the HTTP and HTTPS Web management ports to something non -standard, for example, 8080 and 40443.

  • Page 21: Global Vpn Client Troubleshooting

    Troubleshooting TZ 180 Configuration and Settings Issues Symptom: I Want to Assign a Unique Public IP Address to the Resource on the OPT Interface Verify that the OPT interface is in NAT mode, then navigate to the Network > One to One NAT page, check the box next to Enable One to One NAT, and create an entry that associates the public WAN IP address with the private (remapped) internal IP address of the resource on the WAN.

  • Page 22: Symptom: I Cannot Get The Global Vpn Client Working

    Symptom: I Cannot Get the Global VPN Client Working Verify that the TZ 180 has licenses for the GlobalVPN client. The appliance does not have default licenses for SonicWALL’s Global VPN client (GVC), so the appropriate licenses must be purchased and installed.

  • Page 23: Registration Troubleshooting

    Virtual Adapter capability of the GroupVPN policy. The GlobalVPN clients receive the correct IP address in the DHCP lease. Registration Troubleshooting Symptom: I Am Having Registration Problems with the TZ 180 Review the “Registering and Enabling Support” section on page 4, which provides instructions for registering the TZ 180 security appliance.

  • Page 24: Vpn Troubleshooting

    SonicWALL VPN Global Settings with UFI Fix Incorrect UFI Settings If one side of the VPN tunnel is a SonicWALL security appliance with a WAN IP address that is obtained dynamically, then Aggressive Mode must be used. For detailed information about configuring site-to-site SonicWALL security appliances for VPN tunnels, refer to the Configuring VPNs Between SonicOS Standard and SonicOS Enhanced technote document.
  • Page 25 Troubleshooting TZ 180 Configuration and Settings Issues When a SonicWALL security appliance negotiates Aggressive Mode VPN tunnels, it uses the Unique Firewall Identifier (UFI), illustrated in Figure 10, as its identity. Both sides must be set to know the other side’s UFI.
  • Page 26 Traversal is enabled on both SonicWALL security appliances, and that any firewall in between is set to pass UDP port 500 and UDP port 4500. If one of the sides is not a SonicWALL security appliance, it is necessary to open UDP port 500 and IP type 50, since NAT Traversal may not negotiate with the third-party security appliance.

  • Page 27: Symptom: Phase 1 Settings Are Identical On Both Sides, But The Log Displays A Failure In Phase

    Missing ‘Default LAN Gateway’ Option - When running SonicOS Standard or Firmware 6.x on a SonicWALL security appliance at a main site, using the Use this VPN Tunnel as default route for all Internet traffic option (also referred to as tunnel-all mode), a LAN default gateway must be specified on the other side’s VPN.

  • Page 28: Symptom: General, Phase 1, And Phase 2 Settings All Seem Correct On Both Sides But It Still Does Not Negotiate

    NAT security appliance in between is configured to pass UDP port 500 and UDP port 4500. If one of the sides is not a SonicWALL security appliance, it is also necessary to open UDP port 500 and IP type 50, since NAT Traversal may not negotiate with the third-party security appliance.

  • Page 29: Symptom: The Vpn Tunnel Works But Needs To Be Faster

    Click on the Apply button in the upper-right-hand corner, then click on the Close button in the lower-left-hand corner to return to the management interface. Restart the SonicWALL for the changes to take effect. With these settings disabled, the SonicWALL performs cryptography in software, which reduces VPN throughput but is still functional.

  • Page 30: Internet Connectivity Troubleshooting

    Use the tools found on the System > Diagnostics page to determine if the connectivity problem is between the TZ 180 and the upstream gateway, or farther upstream. It may not be an issue with the TZ 180, but with the ISP itself.

  • Page 31: Firmware Update Troubleshooting

    “Registering and Enabling Support” section on page 4 section of this document, as it covers the process of downloading and installing firmware for the SonicWALL TZ 180 security appliance. If you are upgrading to SonicOS Enhanced, refer the SonicOS Standard to SonicOS Enhanced technote on SonicWALL’s support site.

  • Page 32: Sonicwall Solutions Integration

    SonicWALL Solutions Integration SonicWALL Solutions Integration Now that your TZ 180 has been successfully installed on your network, consider these other SonicWALL solutions that are designed for easy integration and quick deployment. The following SonicWALL solutions are described in this section: SonicWALL Security Services, page 27 •...

  • Page 33: Sonicwall Backup And Recovery Solutions

    SonicWALL’s CDP1440i and 2440i appliances are ideal for TZ 180-based networks. Install the CDP appliance directly into one of the LAN interfaces on the TZ 180, install the software-based agents onto your servers and workstations, and immediately benefit from the protection that CDP provides.
  • Page 34 TZ 180 as well as the MySonicWALL account the security appliance is registered under. You can place these into a folder that the CDP Agent monitors, and then mark this file for the SonicWALL Offsite Backup service, ensuring backup of the files necessary for disaster recovery of your TZ 180.

  • Page 35: Sonicwall Secure Remote Access Solutions

    VPN client. You don’t need a separate public IP address, because you can utilize the TZ 180 WAN IP address for access, or you can configure the IP to be dynamically obtained. Figure 17...

  • Page 36: Sonicwall Email Security Solution

    If your internal SMTP-based email server is continually bombarded with spam, install a SonicWALL Email Security 200 or 300 server directly into one of the TZ 180 LAN interfaces.

  • Page 37: Sonicwall Sonicpoint Wireless Access Points

    SonicPoints to the TZ 180 security appliance. SonicWALL’s innovative central management system allows you to create shared wireless profiles on the TZ 180 security appliance, eliminating the need to individually configure each SonicPoint. Just plug them into the PoE switch and they automatically provision themselves with the newest firmware and settings files.Figure 19...

  • Page 38: Sonicwall Global Management System (Gms)

    SonicWALL Global Management System (GMS) SonicWALL Global Management System (GMS) provides organizations, distributed enterprises and service providers with a flexible, powerful and intuitive tool to centrally manage and rapidly deploy SonicWALL appliances and security policy configurations. Organizations can globally manage and collect detailed information from security applications such as gateway anti-virus, anti-spyware, intrusion prevention and content filtering, all from a single console.

  • Page 39: Related Documentation

    Related Documentation Related Documentation To access the SonicWALL technical reference library, visit the SonicWALL Web site at: http://www.sonicwall.com/us/support For detailed information on configuring SonicOS Standard, refer to the SonicOS Standard Administrator’s Guide, available at: http://www.sonicwall.com/us/support/SonicOS_Standard_3.8_Administrator’s_Guide.pdf For detailed information on configuring SonicOS Enhanced, refer to the SonicOS Enhanced Administrator’s Guide, available at:...

  • Page 40: Obtaining Technical Support

    Obtaining Technical Support Obtaining Technical Support If you require technical assistance for your TZ 180 for issues that this guide does not cover, refer to the resources available online at SonicWALL’s North America support Web site at: http://www.sonicwall.com/us/Support.html. http://www.sonicwall.com For international support Web sites, visit and select the appropriate region or country, then click Support on the top navigation bar.

  • Page 41: More Information On Sonicwall Products

    Note telephone numbers. More Information on SonicWALL Products Contact SonicWALL, Inc. for information about SonicWALL products and services at: Web: http://www.sonicwall.com email: sales@sonicwall.com Phone: (408) 745-9600 Fax: (408) 745-9300 SonicWALL TZ 180 Recommends Guide...

  • Page 42: Copyright And Trademarks

    Specifications and descriptions subject to change without notice. Trademarks SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
  • Page 43 Obtaining Technical Support SonicWALL TZ 180 Recommends Guide...
  • Page 44 F +1 408.745.9300 www.sonicwall.com PN: 232-001109-00 Rev A 2/07 ©2007 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.

Table of Contents