User manual SONICWALL SONICOS ENHANCED 5.7 ADMINISTRATOR GUIDE
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual SONICWALL SONICOS ENHANCED 5.7. We hope that this SONICWALL SONICOS ENHANCED 5.7 user guide will be useful to you.
Manual abstract: user guide SONICWALL SONICOS ENHANCED 5.7ADMINISTRATOR GUIDE
Detailed instructions for use are in the User's Guide.
[. . . ] SonicOS Enhanced 5. 7 Administrator's Guide
PROTECTION AT THE SPEED OF BUSINESSTM
Table of Contents
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Part 1: Introduction
Chapter 1: Preface . . 37
Part 2: System
Chapter 3: Viewing the SonicWALL Security Dashboard . . 52
SonicOS Enhanced 5. 7 Administrator Guide
iii
System Information . 88
iv
SonicOS Enhanced 5. 7 Administrator Guide
Firmware Management . [. . . ] Firewall packets are user-generated packets that always pass through the BWM module. Real time packets are usually firewall generated packets that are not processed by the BWM module, and are implicitly given the highest priority. Real Time (firewall generated) packets include:
· · · · · · · · · ·
WAN Load Balancing Probe ISAKMP Web CFS PPTP and L2TP control packets DHCP ARP Packets Web Sense Syslog NTP Security Services (AV, signature updates, license manager)
Outbound BWM Packet Processing Path
a. Queue the packet in the appropriate rule queue.
544
SonicOS Enhanced 5. 7 Administrator Guide
Firewall > QoS Mapping (Not Supported on TZ platforms nor the NSA 240)
Guaranteed Bandwidth Processing
This algorithm depicts how all the policies use up the GBW.
a. If that packet length is less than or equal to the class credit, transmit the packet and
deduct the length from class credit and link credit.
d. Choose the next packet from queue and repeat step c until class credit is lesser or rule
queue is empty.
e. Choose the next rule queue and repeat steps b through d.
Maximum Bandwidth Processing
This algorithm depicts how the unutilized link BW is used up by the policies. We start with the highest priority ring and transmit packets from all the rule queues in a round robin fashion until link credit is exhausted or all queues are empty. Then we move on to the next lowest priority ring and repeat the same.
a. Start with the link credit equal to the left over link BW after GBW utilization. Check if the length of a packet from the rule queue is below class credit as well as link
credit.
e. If yes, transmit the packet and deduct the length from class credit and link credit. Choose the next rule queue and repeat steps c through f until link credit gets exhausted
or this priority ring has all its queues empty.
g. Choose the next lowest priority ring and repeat steps c through f.
SonicOS Enhanced 5. 7 Administrator Guide
545
Firewall > QoS Mapping (Not Supported on TZ platforms nor the NSA 240)
Example of Outbound BWM
Priority 0
Priority 1
Priority 6
Priority 7
Priority Ring 0
Priority Ring 7
Rule 1 Rule 2
Rule 4 Rule 3
Default Queue
BWM Queue Structure
The above diagram shows 4 policies are configured for OBWM with a link capacity of 100 Kbps. BWM values FTP GBW 1280 MBW 2560 H323 2560 5120 Yahoo Messenger 640 1920 VNC 2560 3200
a. For GBW processing, we start with the first queue in the rule queue list which is FTP.
Link credit is 12800 and class credit is 1280. Pkt1 of 400B is sent out on the WAN link and link credit becomes 12400 and class credit becomes 880. Pkt2 is not sent out because there is not enough class credit to send 1500 Bytes. The remaining class credit is carried over to the next time slice.
b. Pkt1 of 1500B is sent
out and link credit becomes 10900 and class credit for H323 becomes 1060. Pkt2 is also sent from queue hence link credit = 10200 and class credit = 360. The remaining class credit is carried over to the next time slice.
c. [. . . ] If super-g is selected, all clients must use access cards that support this mode Sets the RTS threshold in bytes Sets Service Set Identifier identifying a particular SonicPoint Sets the on/off schedule string for 802. 11g radio Sets a convenient time to schedule an Intrusion Detection Scan (IDS) Allows clients to disassociate and re-associate more quickly Sets Transmit Power Control strength
Sets the IP address location of the RADIUS authentication server Sets the port for authentication through the RADIUS server Sets the secret passcode for the RADIUS authentication server Sets the IP address for the backup RADIUS authentication server Sets the port for authentication through the backup RADIUS server Sets the secret passcode for the backup RADIUS authentication server
SonicOS Enhanced 5. 7 Administrator Guide
1117
SonicOS Enhanced Command Listing
Command SSH SUB-COMMANDS ssh enable <interface> ssh genkey ssh port <port> ssh restore ssh terminate SSL VPN SUB-COMMANDS sslvpn client sslvpn portal sslvpn settings TIMEOUT SUB-COMMAND timeout <minutes> VPN SUB-COMMANDS [no] vpn <enable|disable> <policy name> [no] vpn policy <policy-name> [preshared| manual|cert] VPN SUB-COMMANDS (PRE-SHARED SECRET) abort [no] advanced apply-nat <local|remote> <translated address object> [no] advanced auto-addrule advanced bound-to interface <interface> advanced bound-to zone <zone> [no] advanced defaultlan-gw <ip address> [no] advanced keepalive
Description Enables SSH management for the specified interface Creates a new key to use with SSH Assigns the SSH port or resets to the default port Restores SSH management settings to defaults Stops all SSH sessions, disables all SSH management, and resets the port Configures or modifies SSL VPN client settings Configures or modifies SSL VPN portal settings Configures or modifies SSL VPN settings Sets login timeout in minutes Enables or disables VPN for a specific policy Enables or disables a specific VPN policy
Exits to top-level menu and cancels changes where needed Enable or disable translation of the local and/or remote networks communicating with this VPN tunnel Enables or disables the auto-add access rule Binds VPN policy to specific interface Binds VPN policy to a specific zone Sets the default LAN domain gateway for VPN tunnel traffic Enables or disables heartbeat messages between peers on this VPN tunnel Enables or disables HTTP as the management method security association Enables or disables HTTPS as the management method security association
[no] advanced management http [no] advanced management https
1118
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Command [no] advanced multicast [no] advanced netbios [no] advanced use-xauth <group-name> [no] advanced user-login http [no] advanced user-login https cancel end exit finished gw domain-name <domain name> gw ip-address <ip address> id local <domainname|email address|ipaddress|sonicwall-id> <our id> id remote <domain name|email address|ipaddress|sonicwall-id> <their id> info network local <addressobject> <address object string>|any|dhcp> network remote <addressobject<address object string>|any|dhcp> pre-shared-secret <string> proposal ike [<main|aggressive|ikev2>] [encr <des|triple-des|aes128|aes-192|aes-256>] [auth <md5|sha1>] [dh <1|2|5>] [lifetime <seconds>]
Description Enables IP multicasting traffic to pass through the VPN tunnel Enables or disables Windows Networking (NetBIOS) Broadcast Configures or removes the specified user group for XAUTH users Enables or disables required user login through HTTP Enables or disables required user login through HTTPS Cancel from menu without applying changes Exits VPN configuration mode Exits menu and applies changes Exits to top-level and applies changes where needed Sets the primary gateway domain name Sets the primary gateway IP address Sets the name and IP address of the local connection
Sets the name and IP address of the remote connection
Displays information on a specific VPN policy Sets a local network for the VPN tunnel, or configures the network to obtain IP addresses using DHCP Sets a specific VPN tunnel as the default route for all incoming Internet traffic Established specified preshared secret Sets the desired IKE encryption suite configurations for VPN tunnel traffic
SonicOS Enhanced 5. 7 Administrator Guide
1119
SonicOS Enhanced Command Listing
Command proposal ipsec [<esp|ah>] [encr <des|tripledes|aes-128|aes-192|aes256>] [auth <md5|sha1>] [dh <1|2|5>] [lifetime <seconds>] sec-gw domain-name <domain name> sec-gw ip-address <ip address>
Description Sets encryption settings for IPSec proposal
Sets the secondary gateway domain name Sets the secondary gateway's IP address
1120
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Command VPN SUB-COMMANDS (MANUAL KEY) abort [no] advanced apply-nat <local|remote> <translated address object> [no] advanced auto-addrule advanced bound-to interface <interface> advanced bound-to zone <zone> [no] advanced keepalive
Description Exits to top-level menu and cancels changes where needed Enable or disable translation of the local and/or remote networks communicating with this VPN tunnel Enables or disables the auto-add access rule Binds VPN policy to specific interface Binds VPN policy to a specific zone Enables or disables heartbeat messages between peers on this VPN tunnel Enables or disables HTTP as the management method security association Enables or disables HTTPS as the management method security association Enables IP multicasting traffic to pass through the VPN tunnel Enables or disables Windows Networking (NetBIOS) Broadcast Configures or removes the specified user group for XAUTH users Enables or disables required user login through HTTP Enables or disables required user login through HTTPS Cancel from menu without applying changes Exits configuration mode Exits menu and applies changes Exits to top-level and applies changes where needed Sets the primary gateway domain name Sets the primary gateway IP address Displays information on a specific VPN policy Sets a local network for the VPN tunnel, or configures the network to obtain IP addresses using DHCP Sets a specific VPN tunnel as the default route for all incoming Internet traffic
[no] advanced management http [no] advanced managment https [no] advanced multicast [no] advanced netbios [no] advanced use-xauth <group name> [no] advanced user-login http [no] advanced user-login https cancel end exit finished gw domain-name <domain name> gw ip-address <ip address> info network local <address object <address object string> | any> network remote <address object <address object string> | any>
SonicOS Enhanced 5. 7 Administrator Guide
1121
SonicOS Enhanced Command Listing
Command proposal ipsec [<esp|ah>] [encr <des|tripledes|aes-128|aes-192|aes256>] [auth <md5|sha1>] [dh <1|2|5>] [lifetime <seconds>] sa [in-spi <Incoming SPI>] [out-spi <Outgoing SPI>] [encr-key <Encryption Key>] [auth-key <Authentication Key>] VPN SUB-COMMANDS (3rd PARTY CERTIFICATE) abort [no] advanced apply-nat
Description Sets encryption settings for IPSec proposal
Sets hexidecimal incoming and outgoing Security Parameter Index (SPI) to allow the SonicWALL to uniquely identify all security associations Exits to top-level menu and cancels changes where needed Enable or disable translation of the local and/or remote networks communicating with this VPN tunnel Enables or disables the auto-add access rule Binds VPN policy to specific interface Binds VPN policy to a specific zone Sets the default LAN gateway for VPN tunnel traffic Enables or disables heartbeat messages between peers on this VPN tunnel Enables or disables HTTP as the management method security association Enables or disables HTTPS as the management method security association Enables IP multicasting traffic to pass through the VPN tunnel Enables or disables Windows Networking (NetBIOS) Broadcast Enables use of Online Certificate Status Protocol (OCSP) to check VPN certificate status and specifies the URL where to check the certificate status Configures or removes the specified user group for XAUTH users Enables or disables required user login through HTTP Enables or disables required user login through HTTPS Cancel from menu without applying changes
[no] advanced auto-addrule advanced bound-to interface <interface> advanced bound-to zone <zone> [no] advanced defaultlan-gw <ip address> [no] advanced keepalive
[no] advanced management http [no] advanced managment https [no] advanced multicast [no] advanced netbios [no] advanced ocsp <url>
[no] advanced use-xauth <group name> [no] advanced user-login http [no] advanced user-login https cancel
1122
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Command cert <certname> end exit finished gw domain-name <domain name> gw ip-address <ip address> id remote <domain name | email address | distinguished name> <peer-id> info network local <address object <address object string> | any> network remote <address object <address object string> | any> proposal ike [<main|aggressive|ikev2>] [encr <des|triple-des|aes128|aes-192|aes-256>] [auth <md5|sha1>] [dh <1|2|5>] [lifetime <seconds>] proposal ipsec [<esp|ah>] [encr <des|tripledes|aes-128|aes-192|aes256>] [auth <md5|sha1>] [dh <1|2|5>] [lifetime <seconds>] sec-gw domain-name <domain name> sec-gw ip-address <ip address>
Description Selects a certificate for the SonicWALL Exits configuration mode Exits menu and applies changes Exits to top-level and applies changes where needed Sets the primary gateway domain name Sets the primary gateway IP address Sets peer IKE ID type
Displays information on a specific VPN policy Sets a local network for the VPN tunnel, or configures the network to obtain IP addresses using DHCP Sets a specific VPN tunnel as the default route for all incoming Internet traffic Sets the desired IKE encryption suite configurations for VPN tunnel traffic
Sets encryption settings for IPSec proposal
Sets the secondary gateway domain name Sets the secondary gateway's IP address
SonicOS Enhanced 5. 7 Administrator Guide
1123
SonicOS Enhanced Command Listing
Command SSL VPN CLIENT SUB-COMMANDS abort
Description
Exits to top-level menu without applying changes address <start ip Sets the global IP address pool from address> <end ip address> which NetExtender clients are <interface> assigned an IP address [no] auto-update Enables/Disables auto-update which assists users in updating their NetExtender client when a newer version is required to establish a connection cache-username-password Sets the user name and password <username-only | passcache policy used for the NetExtender word-username | prohibit> client cancel Exits from menu without applying changes [no] client-communicate Enables/Disables traffic between hosts connecting to server with NetExtender [no] create-connectionEnables/Disables NetExtender client's profile ability to create a connection profiles dns-domain <DNS domain Sets the DNS domain which is the name> NetExtender client DNS-specific suffix dns1 <ip address> Sets the primary DNS server IP address to be used by all NetExtender clients dns2 <ip address> Sets the secondary DNS server IP address to be used by all NetExtender clients end Exits SSL VPN configuration mode exit Exits menu and applies changes [no] exit-after-disconEnables/Disables the forcing of a nect NetExtender client to exit after disconnecting from the server finished Exits to top-level and applies changes where needed help Displays available sub-commands for SSL VPN client configuration info Displays SSL VPN client settings no Inverts sense of a command show Invokes show commands sslvpn-access Enables SSL VPN access on specified <LAN|WAN|DMZ|WLAN> zone [no] uninstall-after-exit Enables/Disables automatic uninstall of NetExtender clients after exit user-domain <user domain Sets the user domain to which all SSL name> VPN users belong wins1 <ip address> Sets the primary WINS server IP address wins2 <ip address> Sets the secondary WINS server IP address
1124
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Command SSL VPN PORTAL SUB-COMMANDS abort [no] auto-launch
Description Exits to top-level menu without applying changes Enables/Disables automatic launch of NetExtender after a user logs into the portal Sets the portal banner title that displays next to the logo on the portal home page Enables/Disables the use of some HTML META tags to tell browser to cache UI files in portal pages Exits the menu without applying changes Sets a customized logo to be used on the portal page. Enables/Disables the use of the default SonicWALL logo on the portal page Enables/Disables the display of the button to import the SSL VPN server certificate Exits SSL VPN portal configuration Exits menu and applies changes Exits to top-level menu and applies changes Displays available subcommands for SSL VPN portal settings Displays current SSL VPN portal settings Inverts sense of a command Invokes show commands Sets the portal HTML page title that displays in the browser window's title
banner-title <portal banner title name> [no] cache-control
cancel custom logo <url>
[no] default-logo [no] display-cert
end exit finished help info no show site-title <portal site title name>
SonicOS Enhanced 5. 7 Administrator Guide
1125
SonicOS Enhanced Command Listing
Command SSL VPN ROUTE SUB-COMMANDS abort add-routes <address object name> cancel delete-routes <address object name> end exit finished help info no show [no] tunnel-all
Description Exits to top-level menu without applying changes Adds an address object as a client route entry Exits from menu without applying changes Deletes specified SSL VPN client route entry, identified as an address object Exits SSL VPN client routes configuration mode Exits menu and applies changes Exits to top-level menu and applies changes Displays available subcommands for SSL VPN client routes settings Displays current SSL VPN client routes settings Inverts sense of a command Invokes show commands Enables/Disables tunnel all mode which configures the NetExtender client to tunnel all traffic over the SSL VPN connection Configures one-time password for VPN user access to the appliance
WEB MANAGEMENT SUB-COMMANDS [no] web-management otp enable
1126
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Table 8
LAN Interface Configuration
Description Assigns zone and enters the configuration mode for the interface Sets the interface to auto negotiate Adds comment as part of the port configuration duplex <full|half> Sets the interface duplex speed end Exits the configuration mode finished Exits configuration mode to the top menu help <command> Displays the command and description [no] https-redirect Enables or disables https redirect on enable the interface info Displays information about the interface show interface all Displays the configuration of all interfaces [no] management Enables or disables specified manage<http|https|ping|snmmp|ss ment protocol on the interface h> enable [no] user-login Configures user-login protocol for the <http|https> interface LAN MODE Enters the LAN configuration mode <lan> end Exits configuration mode finished Exits configuration mode to top menu level help <command> Displays the command and description info Displays information about the interface ip <IP Address> netmask Sets the IP address for the interface <mask> name <interface name> Sets the name for the interface speed <10|100> Sets the interface speed
Command interface <x0|x1|x2|x3|x4|x5> [<lan|wan|dmz>] auto comment <string>
SonicOS Enhanced 5. 7 Administrator Guide
1127
SonicOS Enhanced Command Listing
Table 9
WAN Interface Configuration
Command <wan>
auto bandwidth-management enable bandwidth-management size <uvalue> comment <string> duplex <full|half> end finished fragment-packets ignore-df-bit help <command> [no] https-redirect enable info
Description Sets the interface to auto-negotiate Enables bandwidth management Sets the bandwidth management size Adds comment as part of the port configuration Sets the interface duplex speed Exits the configuration mode Exits configuration mode to the top menu Enables/disables fragmentation of packets larger than the interface MTU Enables/disables ignoring the don't fragment bit Displays the command and description Enables or disables https redirect on the interface Displays information about the interface Enables or disables specified management protocol on the interface Configures user-login protocol for the interface Sets the mode for the WAN interface and enters the mode configuration
[no] management <http|https|ping|snmmp| ssh> enable [no] user-login <http|https> mode <static|dhcp|pptp|l2tp|pppoe> Mode Static WAN Interface Configuration [no] dns <IP Address> end finished gateway <IP Address> help <command> info [no] ip <IP Address>
Enters or removes IP address of DNS servers Exits configuration mode Exits configuration mode to top menu Sets or removes default gateway for the interface Displays help for given command Displays IP information about the interface Sets the IP address for the interface
1128
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Command Mode DHCP WAN Interface Configuration end finished help <command> info [no] hostname <string> release renew Mode PPTP WAN Interface Configuration [no] dynamic end finished help <command> [no] hostname <string> [no] inactivity timeout <uvalue> info [no] ip <IP Address> [no] password <quoted string> [no] server ip <IP Address> start stop [no] username <string> L2TP WAN Configuration Mode [no] dynamic end finished help <command> [no] hostname <string> [no] inactivity timeout <uvalue>
Description
Exits configuration mode Exits configuration mode to top menu Displays help for given command Displays IP information about the interface Sets the hostname for the interface Releases IP address information Renews IP address information
Sets the SonicWALL to obtain the IP address dynamically Exits configuration mode Exits configuration mode to top menu Displays help for given command Clears/Sets PPTP hostname Enables/disables the PPTP inactivity timer Sets/Clears the PPTP inactivity timeout Displays IP information about the interface Sets/Clears the IP address for the interface Sets/Clears the PPTP password Sest/Clears the PPTP server IP address
Sets/Clears the PPTP username
Sets the SonicWALL to obtain the IP address dynamically Exits configuration mode Exits configuration mode to top menu Displays help for given command Clears/Sets L2TP hostname Enables/disables the L2TP inactivity timer Sets/Clears the L2TP inactivity timeout
SonicOS Enhanced 5. 7 Administrator Guide
1129
SonicOS Enhanced Command Listing
Command info [no] ip <IP Address> [no] password <quoted string> [no] server ip <IP Address> start stop [no] username <string> mtu <uvalue> name <interface name> speed <10|100> Other Interface Configuration
Description Displays IP information about the interface Sets/Clears the IP address for the interface Sets/Clears the L2TP password Sets/Clears the L2TP server IP address
Sets/Clears the L2TP username Sets the MTU of the interface Sets the name for the interface Sets the interface speed
Sets the interface to autonegotiate Adds a comment as part of the force configuration duplex <full|half> Sets the interface duplex speed end Exits configuration mode finished Exits configuration mode to top menu help <command> Displays help for given command info Displays IP information about the interface name <interface name> Sets the name for the interface speed <10|100> Sets the interface to autonegotiate [no] log categories [all] Assigns/clears logging categories auto comment <string> Log Category Information [no] all [no] attack [no] blocked-code [no] blocked-sites [no] connection [no] conn-traffic [no] debug end finished help <command> [no] icmp Assigns/clears all logging categories Assigns/clears attack logging category Assigns/clears blocked code logging category Assigns/clears blocked sites logging category Assigns/clears connection logging category Assigns/clears conn traffic logging category Assigns/clears debug logging category Exits configuration mode Exits configuration mode to top menu Displays help for given command Assigns/clears ICMP logging category
1130
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Command info [no] lan-icmp [no]lan-tcp [no]lan-udp [no]maintenance [no] mgmt-80211b [no] modem-debug [no] sys-env [no] sys-err [no] tcp [no] udp [no] user-activity [no] vpn-stat [no] vpn-tunnel-status [no] log filter-time <uvalue> log ordering <choices> [invert] name <string> [no] route default <IP address> [no] route <Destination> <Netmask> <Gateway> [metric <route metric>] [no] web-management http enable <x0 | x1 | x2 | x3 | x4 | x5> web-management http port <tcp port or 'default'> [no] web-management https enable <x0 | x1 | x2 | x3 | x4 | x5> web-management https port <tcp port or 'default'> web-management restore
Description Displays IP information about the interface Assigns/clears LAN-ICMP logging category Assigns/clears LAN-TCP logging category Assigns/clears LAN-UDP logging category Assigns/clears maintenance logging category Assigns/clears 80211b management logging category Assigns/clears modem debugging logging category Assigns/clears sys env logging category Assigns/clears sys error logging category Assigns/clears TCP logging category Assigns/clears UDP logging category Assign/clear user-activity logging category Assigns/clears vpn-stat logging category Assigns/clears vpn tunnel status logging category Assigns/clears log filter time Assign/clear ordering method when displaying log entries Sets/clears the firewall name Assigns clear default route Assigns clear static routes Enables/disables HTTP web management Assigns the HTTP web management port or reset to default Enables/disables HTTPS web management Assigns the HTTPS web management port or resets to default Restores default web-management port and interface assignments
SonicOS Enhanced 5. 7 Administrator Guide
1131
SonicOS Enhanced Command Listing
Command zone <wan|lan|dms> end finished [no] intrazone-communications auto bandwidth-management enable bandwidth-management size <uvalue> comment <string> duplex <full|half> end finished fragment-packets ignore-df-bit show zone all [no] sslvpn-access
Description Enters the zone configuration menu Exits configuration mode Exits configuration mode to top menu Enables/disables intra-zone communications Sets the interface to autonegotiate Enables bandwidth management Sets the bandwidth management size Adds comment as part of the port configuration Sets the interface duplex speed Exit the configuration mode Exit configuration mode to the top menu Enable/disable fragmentation of packets larger than the interface MTU Enable/disable ignoring the don't fragment bit Displays the configuration of all zones Configures SSL VPN access on the zone
1132
SonicOS Enhanced 5. 7 Administrator Guide
SonicOS Enhanced Command Listing
Command <guest services> SUB-COMMANDS abort bypass antivirus bypass auth <string|identifier custom enable custom footer-text <string|identifier custom footer-type <text|url> custom header-text <string|identifier> custom header-type <text|url> deny <string|identifier> enable end exit finished help info maxguests <value> no pass <string|identifier> post enable post url <string|identifier> show smtp-redirect <string|identifier>
Description
Exits to top-level menu and cancels changes where needed Configures the zone's bypass settings for anti-virus Configures the zone's bypass authentication based on string or identifier input Enables custom authentication page settings Configures custom footer text for the authentication page Configures custom footer text font for the authentication page Configures custom header text for the authentication page Configures custom header text font for the authentication page Configures deny settings for access to the zone Enables WGS Exits upon configuring WGS settings Exits menu and applies changes Exits to top-level menu and applies changes where needed Displays help commands for this menu Displays current WGS configuration state Sets maximum guest limit for the zone at specified value Inverts sense of a command Allows traffic through zone from the specified network Enables guests to be directed to a landing page post-authentication Configures which URL guests are directed to after authentication Invoke show commands Configures SMTP redirect settings for the zone
SonicOS Enhanced 5. 7 Administrator Guide
1133
Configuring Site-to-Site VPN Using CLI
Configuring Site-to-Site VPN Using CLI
This section describes how to create a VPN policy using the Command Line Interface. The examples used are a SonicWALL TZ 170 appliance with SonicOS Enhanced 3. 2 firmware. You can configure all of the parameters using the CLI, and enable the VPN without using the Web management interface.
Note
In this example, the VPN policy on the other end has already been created.
CLI Access
1. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE SONICWALL SONICOS ENHANCED 5.7
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual SONICWALL SONICOS ENHANCED 5.7 will begin.