• No results found

SonicOS 5.9 One Touch Configuration Guide

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SonicOS 5.9 One Touch Configuration Guide"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

| 1

SonicOS 5.9

(2)

Notes, Cautions, and Warnings

© 2013 Dell Inc.

Trademarks: Dell™, the DELL logo, SonicWALL™, SonicWALL GMS™, SonicWALL Analyzer™, Reassem-bly-Free Deep Packet Inspection™, Dynamic Security for the Global Network™, SonicWALL Clean VPN™, SonicWALL Clean Wireless™, SonicWALL Comprehensive Gateway Security Suite™, SonicWALL Mobile Connect™, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc. 2013 – 07 P/N 232-00223-00 Rev. C

NOTE: A NOTE indicates important information that helps you make better use of your system.

CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed.

(3)

| 3

One-Touch Configuration Overrides

Document Scope

This solutions document describes how to understand and implement the One-Touch Configuration Override feature.

This document contains the following sections:

“Feature Overview” on page 3

“Configuring One-Touch Configuration Override” on page 7

Feature Overview

This section provides an introduction to the One-Touch Configuration Override feature. This section contains the following subsections:

“What is One-Touch Configuration Override?” on page 3 “Benefits of One-Touch Configuration Override” on page 4 “How Does One-Touch Configuration Override Work?” on page 5 “Supported Platforms” on page 7

What is One-Touch Configuration Override?

The One-Touch Configuration Override feature can be thought of us as a quick tune-up for your Dell SonicWALL appliance’s security settings. With a single click, One-Touch Configuration Override applies over sixty configuration settings over sixteen pages of the SonicOS management interface to implement Dell SonicWALL’s recommended best practices. These settings ensure that your appliance is taking advantage of the security features in SonicOS. There are two sets of One-Touch Configuration Override settings:

DPI and Stateful Firewall Security – For network environments with Deep Packet

Inspection (DPI) security services enabled, such as Gateway Anti-Virus, Intrusion Prevention, Anti-Spyware, and App Rules.

Stateful Firewall Security – For network environments that do not have DPI security

(4)

Both of the One-Touch Configuration Override deployments implement the following configurations:

Configure Administrator security best practices Enforce HTTPS login and disables ping

Configure DNS Rebinding

Configure Access Rules best practices Configure Firewall Settings best practices

Configure Firewall Flood Protection best practices Configure VPN Advanced settings best practices Configure Log levels

Enable Flow Reporting and Visualization

The DPI and Stateful Firewall Security deployment also configures the following DPI-related configurations:

Enable DPI services on all applicable zones Enable App Rules

Configure Gateway Anti-Virus best practices Configure Intrusion Prevention best practices Configure Anti-Spyware best practices

The full list of configuration settings is described in “How Does One-Touch Configuration Override Work?” on page 5.

Caution Be aware that the One-Touch Configuration Override may change the behavior of your Dell

SonicWALL security appliance. Review the list of configurations before applying One-Touch Configuration Override. 

In particular, the following configurations may affect the experience of the administrator: - Administrator password requirements on the System > Administration page.

- Requiring HTTPS management. - Disabling HTTP to HTTPS redirect. - Disabling Ping management.

Benefits of One-Touch Configuration Override

The One-Touch Configuration Override provides the following benefits:

Dell SonicWALL-recommended configuration Best Practices – Applies a number of the

most important security settings across sixteen pages of the SonicOS management interface, ensuring that the appliance is taking advantage of many of Dell SonicWALL’s most powerful security features.

Ease of Use – Saves times and avoids mistakes by applying a large number of

(5)

| 5

How Does One-Touch Configuration Override Work?

The following table lists the configuration settings that are applied as part of One-Touch Configuration Override for both the DPI and Stateful Firewall Security deployment and the Stateful Firewall Security Deployment.

Configuration Setting

DPI and Stateful Firewall Security

Stateful Firewall Security

System > Administration

Password must be changed every 90 days X X

Bar repeated password changes for 4 changes X X

Enforce password complexity: Require alphabetic, numeric and symbolic characters X X

Apply the above password constraints for: all user categories X X

Enable administrator/user lockout X X

Failed Login attempts per minute before lockout: 7 X X

Enable inter-administrator messaging X X

Inter-administrator Messaging polling interval (seconds): 10 X X

Network > Interfaces

Any interface allowing HTTP management is replaced with HTTPS Management X X Any setting to 'Add rule to enable redirect from HTTP to HTTPS' is disabled X X

Ping Management is disabled on all interfaces X X

Network > Zones

Intrusion Prevention is enabled on all applicable default Zones X Gateway Anti-Virus protection is enabled on all applicable default Zones X Anti-Spyware protection is enabled on all applicable default Zones X

App Rules is enabled on all applicable default Zones X

SSL Control is enabled on all default Zones X

Network > DNS

Enable DNS Rebinding protection X X

DNS Rebinding Action: Log Attack & Drop DNS Reply X X

Firewall > Access Rules

Any Firewall policy with an Action of Deny, the Action is changed Discard X X Source IP Address connection limiting with a threshold of 128 connections is

ena-bled for all firewall policies X X

Firewall > App Rules

If licensed, the Enable App Rules setting is turned on X

Firewall Settings > Advanced

Turn on Enable Stealth Mode X X

Turn on Randomize IP ID X X

Turn off Decrement IP TTL for forwarded traffic X X

Turn on Never generate ICMP Time-Exceeded packets X X

Connections are set to: Recommended for normal deployments with UTM services

enabled X X

Turn on Enable IP header checksum enforcement X X

Turn on Enable UDP checksum enforcement X X

Firewall Settings > Flood Protection

Turn on Enforce strict TCP compliance with RFC 793 and RFC 1122 X X

Turn on Enable TCP handshake enforcement X X

(6)

Turn on Enable TCP handshake timeout X X

SYN Flood Protection Mode: Always proxy WAN client connections X X

Firewall Settings > Flood Protection

Turn on Enable SSL Control X X

Set Action to: Block connection and log the event X X

For Configuration, enable all categories X X

VPN > Advanced

Turn on Enable IKE Dead Peer Detection X X

Turn on Enable Dead Peer Detection for Idle VPN sessions X X

Turn on Enable Fragmented Packet Handling X X

Turn on Ignore DF (Dont Fragment) Bit X X

Turn on Enable NAT Traversal X X

Turn on Clean up Active tunnels when Peer Gateway DNS name resolves to a

differ-ent address X X

Turn on Preserve IKE port for Pass Through Connections X X

Security Services > Gateway Anti-Virus

If licensed, Enable Gateway Antivirus X

Configure Gateway AV Settings: Turn on Disable SMTP Responses X Configure Gateway AV Settings: Turn off Disable detection of EICAR test virus X Configure Gateway AV Settings: Turn on Enable HTTP Byte-Range requests with

Gateway AV X

Configure Gateway AV Settings: Turn on Enable FTP REST request with Gateway

AV X

Configure Gateway AV Settings: Turn off Do not scan parts of files with high

com-pression ratios X

Configure Gateway AV Settings: Turn off Disable HTTP Clientless Notification Alerts X Security Services > Intrusion Prevention

If licensed, Enable IPS X

Turn on Prevent All and Detect All for High Priority Attacks X Turn on Prevent All and Detect All for Medium Priority Attacks X Turn on Prevent All and Detect All for Low Priority Attacks X Security Services > Anti-Spyware

If licensed, Enable Anti-Spyware X

Turn on Prevent All and Detect All for High Priority Attacks X Turn on Prevent All and Detect All for Medium Priority Attacks X Turn on Prevent All and Detect All for Low Priority Attacks X Configure Anti-Spyware Settings: Turn on Disable SMTP Responses X Configure Anti-Spyware Settings: Turn off Disable HTTP Clientless Notification

Alerts X

Log > Categories

Set Logging Level: Debug X X

Set Alert Level: Warning X X

Log > Flow Reporting

Turn on Enable Flow Reporting and Visualization X X

Log > Name Resolution

Set Name Resolution Method to: DNS then NetBIOS X X

Configuration Setting

DPI and Stateful Firewall Security

(7)

| 7

Supported Platforms

One-Touch Configuration Override is available on all Dell SonicWALL security appliances running SonicOS release 5.9 that are licensed for the SSL VPN feature.

Configuring One-Touch Configuration Override

To configure One-Touch Configuration override, perform the following steps:

Step 1 Navigate to the System > Settings page of the SonicOS management interface. Step 2 Scroll down to the One-Touch Configuration Override section.

Step 3 Click either the DPI and Stateful Firewall Security button or the Stateful Firewall Security

button.

Step 4 A warning pop-up window reminds you that if you are connected over HTTP, you will have to

manually reconnect using HTTPS after the appliance reboots. Click OK.

Step 5 When the configuration has been apply, the Status Bar displays “Restart Firewall for changes

to take effect.” Click Restart.

Step 6 After the appliance restarts, navigate to the management URL of the appliance, ensuring that

you are using HTTPS, and login to the appliance.

Turn on Protect against TCP State Manipulation DoS X X

Turn on Apply IPS Signatures Bidirectionally X

Enable ability to launch monitor pages in stand-alone browser frames X X

Enable Visualization UI for Non-Admin/Config users X X

Configuration Setting

DPI and Stateful Firewall Security

(8)

References

Download now ( PDF - 8 Page - 331.36 KB )

Related documents

Emotion in Adoption Narratives: Links to Close Relationships in Emerging Adulthood

feelings of adopted persons about their adoption and meaning in their life are expected to relate to how adoptees interpret early relationships and thus, lead to an internal

Introduction. The Logic of Backward Design

We hope and trust that the Exercises, Examples, Templates, Design Tools, and Stan- dards will lead to improved curriculum designs—units and courses focused explicitly on

Effects of Yoga on Arm Volume among Women with Breast Cancer Related Lymphedema: A Pilot Study

Secondary objectives were to determine the effect of yoga on QOL and self-reported arm function, and grip strength in breast cancer survivors with lymphedema.. We hypothesized

Conversion to Surface Water Continues

Conversion to Surface Water Continues While the West Harris County Regional Water Authority continues pushing pipeline west to more new water districts, equally important work goes

Hanging Out or Hooking Up: Improving Adolescent Relationship Abuse Management

o Nurse practitioner (specify specialty area __________________________) o Physician assistant (specify specialty area __________________________) o Registered Nurse (RN) o

Islamic Studies in Higher Education in Indonesia: Challenges, Impact and Prospects for the World Community

In terms of perspective of Islamic studies in Indonesian higher education, unity and interconnection between ‘Ulūm al-dīn (the traditional religious sciences), al-Fikr

Theoretical calculation of the heat capacity

Based on equipartition principle, we can calculate heat capacity of the ideal gas of atoms - each atom has 3 degrees of freedom and internal energy of 3/2k B T.. The molar