9/22/2019

Sonicwall Serial Number

System_systemAdministrationView
  1. Sonicwall Authentication Code
  2. Sonicwall Console Port Settings
  3. Kumpulan Serial Number Idm
  4. Sonicwall Serial Number Check

The Firewall Name uniquely identifies the SonicWALL security appliance and defaults to the serial number of the SonicWALL. The serial number is also the MAC address of the unit. To change the Firewall Name, type a unique alphanumeric name in the Firewall Name field. It must be at least 8 characters in length. Administrator Name & Password. Hi all, I recently purchased off someone a SonicWall TZ210 - Upon registering it was saying that 'This serial number has been used in an upgrade/RMA program and cannot be registered, please contact sonicwall for technical assistance'.

If you have selected the wrong option you will need to email customersupport@SonicWall.com for help, or call SonicWalls helpdesk on 0800 028 0488. Give them the serial number of the SonicWall device and details of the AV activation keys involved plus the number of users and the date it should expire and they will adjust the settings. The authentication code is a set of 8 characters in the format XXXX-XXXX. Each authentication code corresponds to the Serial Number of the device it is generated for, and each Serial Number has only one authentication code. The authentication code is present on all new SonicWall products beginning with the SOHO TZW. Video Tutorials. Our Support Videos help you set-up, manage and troubleshoot your SonicWall appliance or software. Registering Your SonicWall Internet Security Appliance - Serial Number This is a 12-character string found on the bottom or outside of all SonicWall branded units. Lasso Logic branded units ship with a 6- to 8-digit serial number on the side of the unit.

System > Administration

The System Administration page provides settings for the configuration of SonicWALL security appliance for secure and remote management. You can manage the SonicWALL using a variety of methods, including HTTPS, SNMP or SonicWALL Global Management System (SonicWALL GMS). This chapter contains the following sections

Firewall Name

The Firewall Name uniquely identifies the SonicWALL security appliance and defaults to the serial number of the SonicWALL. The serial number is also the MAC address of the unit. To change the Firewall Name, type a unique alphanumeric name in the Firewall Name field. It must be at least 8 characters in length.

Administrator Name & Password

The Administrator Name can be changed from the default setting of admin to any word using alphanumeric characters up to 32 characters in length. To create a new administrator name, type the new name in the Administrator Name field. Click Accept for the changes to take effect on the SonicWALL.

Changing the Administrator Password

To set a new password for SonicWALL Management Interface access, type the old password in the Old Password field, and the new password in the New Password field. Type the new password again in the Confirm New Password field and click Accept. Once the SonicWALL security appliance has been updated, a message confirming the update is displayed at the bottom of the browser window.

It is recommended you change the default password “password” to your own custom password.

One-Time Password (OTP) is a two-factor authentication scheme that utilizes system-generated, random passwords in addition to standard user name and password credentials. Once users submit the correct basic login credentials, the system generates a one-time password which is sent to the user at a pre-defined email address. The user must retrieve the one-time password from their email, then enter it at the login screen.

Login Security Settings

The internal SonicWALL Web-server now only supports SSL version 3.0 and TLS with strong ciphers (12 -bits or greater) when negotiating HTTPS management sessions. SSL implementations prior to version 3.0 and weak ciphers (symmetric ciphers less than 128-bits) are not supported. This heightened level of HTTPS security protects against potential SSLv2 rollback vulnerabilities and ensures compliance with the Payment Card Industry (PCI) and other security and risk-management standards.

By default, Mozilla Firefox 2.0 and Microsoft Internet Explorer 7.0 enable SSL 3.0 and TLS, and disable SSL 2.0. SonicWALL recommends using these most recent Web browser releases. If you are using a previous release of these browsers, you should enable SSL 3.0 and TLS and disable SSL 2.0. In Internet Explorer, go to Tools > Internet Options, click on the Advanced tab, and scroll to the bottom of the Settings menu. In Firefox, go to Tools > Options, click on the Advanced tab, and then click on the Encryption tab.

SonicOS Enhanced 5.0 introduced password constraint enforcement, which can be configured to ensure that administrators and users are using secure passwords. This password constraint enforcement can satisfy the confidentiality requirements as defined by current information security management systems or compliance requirements, such as Common Criteria and the Payment Card Industry (PCI) standard.

The Password must be changed every (days) setting requires users to change their passwords after the designated number of days has elapsed. When a user attempts to login with an expired password, a pop-up window will prompt the user to enter a new password. The User Login Status window now includes a Change Password button so that users can change their passwords at any time.

The Bar repeated passwords for this many changes setting requires users to use unique passwords for the specified number of password changes.

The Enforce a minimum password length of setting sets the shortest allowed password.

The Enforce password complexity pulldown menu provides the following options:

The Apply these password constraints for checkboxes specify which classes of users the password constraints are applied to. The administrator checkbox refers to the default administrator with the username admin.

The Log out theAdministrator Inactivity Timeout after inactivity of (minutes) setting allows you to set the length of inactivity time that elapses before you are automatically logged out of the Management Interface. By default, the SonicWALL security appliance logs out the administrator after five minutes of inactivity. The inactivity timeout can range from 1 to 99 minutes. Click Accept, and a message confirming the update is displayed at the bottom of the browser window.

If the Administrator Inactivity Timeout is extended beyond five minutes, you should end every management session by clicking Logout to prevent unauthorized access to the SonicWALL security appliance’s Management Interface.

The Enable administrator/user lockout setting locks administrators out of accessing the appliance after the specified number of incorrect login attempts.

Failed login attempts per minute before lockout specifies the number of incorrect login attempts within a one minute time frame that triggers a lockout.
Lockout Period (minutes) specifies the number of minutes that the administrator is locked out.

Multiple Administrators

The On preemption by another administrator setting configures what happens when one administrator preempts another administrator using the Multiple Administrators feature. The preempted administrator can either be converted to non-config mode or logged out. For more information on Multiple Administrators, see “Multiple Administrator Support Overview” section in User Management.

Drop to non-config mode - Select to allow more than one administrator to access the appliance in non-config mode without disrupting the current administrator.
Log Out - Select to have the new administrator preempt the current administrator.

Allow preemption by a lower priority administrator after inactivity of (minutes) - Enter the number of minutes of inactivity by the current administrator that will allow a lower-priority administrator to preempt.

Enable inter-administrator messaging - Select to allow administrators to send text messages through the management interface to other administrators logged into the appliance. The message will appear in the browser’s status bar.

Messaging polling interval (seconds) - Sets how often the administrator’s browser will check for inter-administrator messages. If there are likely to be multiple administrators who need to access the appliance, this should be set to a reasonably short interval to ensure timely delivery of messages.

Enable Administrator/User Lockout

You can configure the SonicWALL security appliance to lockout an administrator or a user if the login credentials are incorrect. Select the Enable Administrator/User Lockout on login failure checkboxto prevent users from attempting to log into the SonicWALL security appliance without proper authentication credentials. Type the number of failed attempts before the user is locked out in the Failed login attempts per minute before lockout field. Type the length of time that must elapse before the user attempts to log into the SonicWALL again in the Lockout Period (minutes) field.

If the administrator and a user are logging into the SonicWALL using the same source IP address, the administrator is also locked out of the SonicWALL. The lockout is based on the source IP address of the user or administrator.

Web Management Settings

The SonicWALL security appliance can be managed using HTTP or HTTPS and a Web browser. Both HTTP and HTTPS are enabled by default. The default port for HTTP is port 80, but you can configure access through another port. Type the number of the desired port in the Port field, and click Accept. However, if you configure another port for HTTP management, you must include the port number when you use the IP address to log into the SonicWALL security appliance. For example, if you configure the port to be 76, then you must type <LAN IP Address>:76 into the Web browser, i.e. <http://192.168.168.1:76>. The default port for HTTPS management is 443.

You can add another layer of security for logging into the SonicWALL security appliance by changing the default port. To configure another port for HTTPS management, type the preferred port number into the Port field, and click Update. For example, if you configure the HTTPS Management Port to be 700, then you must log into the SonicWALL using the port number as well as the IP address, for example, <https://192.168.168.1:700> to access the SonicWALL.

The Certificate Selection menu allows you to use a self-signed certificate (Use Self-signed Certificate), which allows you to continue using a certificate without downloading a new one each time you log into the SonicWALL security appliance. You can also choose Import Certificate to select an imported certificate from the System > Certificates page to use for authentication to the management interface.

The Delete Cookies button removes all browser cookies saved by the SonicWALL appliance. Deleting cookies will cause you to lose any unsaved changes made in the Management interface.

To see the System > Dashboard page first when you login, select the Use System Dashboard View as starting page checkbox.

Changing the Default Size for SonicWALL Management Interface Tables

The SonicWALL Management Interface allows you to control the display of large tables of information across all tables in the management Interface. You can change the default table page size in all tables displayed in the SonicWALL Management Interface from the default 50 items per page to any size ranging from 1 to 5,000 items. Some tables, including Active Connections Monitor, VPN Settings, and Log View, have individual settings for items per page which are initialized at login to the value configured here. Once these pages are viewed, their individual settings are maintained. Subsequent changes made here will only affect these pages following a new login.

Enter the desired number of items per page in the Default Table Size field.
Sonicwall serial number search
Enter the desired interval for background automatic refresh of Monitor tables (including Process Monitor, Active Connections Monitor, and Interface Traffic Statistics) in seconds in the Auto-updated Table Refresh Interval field.

Tooltips

SonicOS Enhanced 5.0 introduced embedded tool tips for many elements in the SonicOS UI. These Tooltips are small pop-up windows that are displayed when you hover your mouse over a UI element. They provide brief information describing the element. Tooltips are displayed for many forms, buttons, table headings and entries.

Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse over an element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip.

When applicable, Tooltips display the minimum, maximum, and default values for form entries. These entries are generated directly from the SonicOS firmware, so the values will be correct for the specific platform and firmware combination you are using.

The behavior of the Tooltips can be configured on the System > Administration page.

Tooltips are enabled by default. To disable Tooltips, uncheck the Enable Tooltip checkbox. The duration of time before Tooltips display can be configured:

Form Tooltip Delay - Duration in milliseconds before Tooltips display for forms (boxes where you enter text).
Button Tooltip Delay - Duration in milliseconds before Tooltips display for radio buttons and checkboxes.
Text Tooltip Delay - Duration in milliseconds before Tooltips display for UI text.

SSH Management Settings

If you use SSH to manage the SonicWALL appliance, you can change the SSH port for additional security. The default SSH port is 22.

Advanced Management

You can manage the SonicWALL security appliance using SNMP or SonicWALL Global Management System. The following sections explain how to configure the SonicWALL for management by these two options.

For more information on SonicWALL Global Management System, go to http://www.sonicwall.com.

CLIguide

CLI Guide

The SonicOS Enterprise Command Line Interface (E-CLI) provides a concise and powerful way to configure Dell SonicWALL network security appliances without using the SonicOS Web based management interface. You can use the CLI commands individually on the command line, or in scripts for automating configuration tasks.

This appendix contains a categorized listing of Command Line Interface (CLI) commands for SonicOS 6.1 firmware. Each command is described, and where appropriate, an example of usage is included.

For a listing of Command Line Interface (CLI) commands for SonicOS 6.1 firmware, refer to the SonicOS 6.1 CLI Reference Guide.

This introduction contains the following sections:

Text Conventions

Input Data Format Specification

CLI Prompt Specification

Editing and Completion Features

Command Hierarchy

Passwords

Factory Reset to Defaults

Logging in to the SonicOS CLI

Configuring the Dell SonicWALL Network Security Appliance

Example: Configuring a Site-to-Site VPN Using the CLI

Note The complete SonicWALL CLI Command Reference is included in the SonicOS online help. To access the Command Reference, click the Help button from the SonicOS GUI, and then navigate to Appendices > CLI Guide.

Text Conventions

Bold text indicates a command executed by interacting with the user interface.

Courier bold text indicates commands and text entered using the CLI.

Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text. In this command summary, items presented in italics represent user-specified information.

Items within angle brackets (“< >”) are required information.

Items within square brackets (“[ ]”) are optional information.

Items separated by a “pipe” (“ ”) are options. You can select any of them.

Note Though a command string may be displayed on multiple lines in this guide, it must be entered on a single line with no carriage returns except at the end of the complete command.

Input Data Format Specification

The table below describes the data formats acceptable for most commands. H represents one or more hexadecimal digit (0-9 and A-F). D represents one or more decimal digit.

Table 21

Data

Data Format

MAC Address

HH:HH:HH:HH:HH:HH

MAC Address

HHHH.HHHH.HHHH

IP Address

D.D.D.D

IP Address

0xHHHHHHHH

Integer Values

D

Integer Values

0xH

Integer Range

D-D

Input Data Formats

CLI Prompt Specification

The firewall name, configurable via the SonicOS Web UI on the System > Administration page, is used in the prompts throughout the CLI, rather than the generic product name like NSA3600 or SM9600.

This allows the administrator to more easily identify which firewall is currently being managed, and to identify which firewalls are being used for which departments in a business structure. For example, the administrator could name several NSA3600s with names like Marketing, Tech Pubs, Engineering, Testing, etc.

If no firewall name is configured, the default is the serial number or MAC address of the device, resulting in a prompt such as:

C0EAE4599008>

In the examples in this document, we use NSA3600 as the configured name of the device and consequently as the prompt in the examples.

Editing and Completion Features

You can use individual keys and control-key combinations to assist you with the CLI. The table below describes the key and control-key combination functions.

Table 22

Key(s)

Function

Tab

Completes the current word

?

Displays possible command completions

CTRL+A

Moves cursor to the beginning of the command line

CTRL+B

Moves cursor to the previous character

CTRL+C

Exits the Quick Start Wizard at any time

CTRL+E

Moves cursor to the end of the command line

CTRL+F

Moves cursor to the next character

CTRL+K

Erases characters from the cursor to the end of the line

CTRL+N

Displays the next command in the command history

CTRL+P

Displays the previous command in the command history

CTRL+W

Erases the previous word

Left Arrow

Moves cursor to the previous character

Right Arrow

Moves the cursor to the next character

Up Arrow

Displays the previous command in the command history

Down Arrow

Displays the next command in the command history

Key Reference

Most configuration commands require completing all fields in the command. For commands with several possible completing commands, the Tab or ? key display all options.

: : : : myDevice> show [TAB]

alerts

interface

network

tech-support

arp

log

processes

tsr

content-filter

memory

route

web-management

cpu

messages

security-
services

zone

device

nat

status

zones

gms

netstat

system

The Tab key can also be used to finish a command if the command is uniquely identified by user input.

myDevice> showal [TAB]

displays

myDevice> show alerts

Additionally, commands can be abbreviated as long as the partial commands are unique. The following text:

myDevice> sho int inf

is an acceptable abbreviation for

myDevice> show interface info

Command Hierarchy

The CLI configuration manager allows you to control hardware and firmware of the appliance through a discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown below.

To configure items in a submode, activate the submode by entering a command in the mode above it.

For example, to set the default LAN interface speed or duplex, you must first enter configure, then interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.

Configuration Security

SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the security of their configuration or your network.

Passwords

The SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devices are shipped with a default password of password. Setting passwords is important in order to access the SonicWALL and configure it over a network.

Factory Reset to Defaults

If you are unable to connect to your device over the network, you can use the command restore to reset the device to factory defaults during a serial configuration session.

CAUTION The restore command erases all the settings on the appliance, leaving it in a factory default state.

Management Methods for the SonicWALL Network Security Appliance

You can configure the SonicWALL appliance using one of three methods:

• Using a serial connection and the configuration manager

– An IP address assignment is not necessary for appliance management.

– A device must be managed while physically connected via a serial cable.

• Web browser-based User Interface

– An IP address must have been assigned to the appliance for management or use the default of 192.168.168.168.

Initiating a Management Session using the CLI

Serial Management and IP Address Assignment

Follow the steps below to initiate a management session via a serial connection and set an IP address for the device.

Note The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end of the null modem cable to a serial port on the configuring computer.

2. Launch any terminal emulation application that communicates with the serial port connected to the appliance. Use these settings:

• 115,200 baud

• 8 data bits

• no parity

• 1 stop bit

• no flow control

3. Press Enter/Return. Initial information is displayed followed by a DEVICE NAME> prompt.

Initiating an SSH Management Session via Ethernet

Midas gen manual. View & download of more than 112 Midas PDF user manuals, service manuals, operating guides. Music mixer user manuals, operating guides & specifications. Midas Gen V7.6.1 On-line Manual-General structure design system-E-mail: MIDASoft@MidasUser.com MIDASoft@MidasUser.com. Intuitive Modeling midas Gen enables us to readily create nodes and elements as if we were drawing drawings using the majority of functions used in CAD programs. Structures of regular patterns such as Truss, Arch and Frame can be readily created by Structure Wizard and inserted into the desired location on the global model. MIDAS is designed to analyse microdust particles collected in the interplanetary - and cometary environment, irrespective of their electrical conductivity and shape by means of atomic force microscopy.

Note This option works for customers administering a device that does not have a cable for console access to the CLI.

Follow the steps below to initiate an SSH management session through an Ethernet connection from a client to the appliance.

1. Attach an Ethernet cable to the interface port marked XO. Attach the other end of the Ethernet cable to an Ethernet port on the configuring computer.

2. Launch any terminal emulation application (such as PuTTY) that communicates via the Ethernet interface connected to the appliance.

3. Within the emulation application, enter the IP destination address for the appliance and enter 22 as the port number.

4. Select SSH as the connection type and open a connection.

Logging in to the SonicOS CLI

When the connection is established, log in to the security appliance:

1. At the User prompt enter the Admin’s username. Only the admin user will be able to login from the CLI. The default Admin username is admin. The default can be changed.

2. At the Password prompt, enter the Admin’s password. If an invalid or mismatched username or password is entered, the CLI prompt will return to User:, and a “CLI administrator login denied due to bad credentials” error message will be logged. There is no lockout facility on the CLI.

Configuring the Dell SonicWALL Network Security Appliance

You can configure the Dell SonicWALL network security appliance using one of three methods:

Configuring Features using the CLI on a Serial Connection via the Console Port

Configuring Features using the CLI in an SSH Management Session via Ethernet

Configuring Features using the Management Interface (Web UI)

Note To use the CLI on a serial connection or in an SSH management session, you need to use a terminal emulation application (such as Tera Term) or an SSH Client application (such as PuTTY). You can find suitable, free terminal emulators on the Internet.

Configuring Features using the Management Interface (Web UI)

Note To use the CLI on a serial connection or in an SSH management session, you need to use a terminal emulation application (such as Tera Term) or an SSH Client application (such as PuTTY). You can find suitable, free terminal emulators on the Internet.

Configuring Features using the CLI on a Serial Connection via the Console Port

You do not need to assign an IP address to the firewall to use the CLI on a serial connection to the Console port.

Note The default terminal settings on the firewall are 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

To configure features using the CLI on a serial connection via the console port:

1. Attach an RJ-45 to DB-9 serial cable to the appliance port marked CONSOLE. Attach the other end of the cable to a serial port on the configuring computer.

The RJ-45 to DB-9 serial cable pin assignments are as follows:

RJ-45 connector

DB9 connector

Pin 1

Pin 9

Pin 2

Pin 1

Pin 3

Pin 4

Pin 4

Pin 5

Pin 5

Pin 2

Pin 6

Pin 3

Pin 7

Pin 8

Pin 8

Pin 7

Pin 6 – not used

The RJ-45 to DB-9 serial cable pin diagram is shown below:

2. Launch a terminal emulation application that communicates with the serial port connected to the appliance. Use these settings:

• 115,200 baud

• 8 data bits

• no parity

• 1 stop bit

• no flow control

3. Press Enter/Return. Initial information is displayed followed by a DEVICE NAME> prompt.

Configuring Features using the CLI in an SSH Management Session via Ethernet

You can use an SSH client to access the CLI by connecting to the appliance with an Ethernet cable. This option is useful for customers that do not have access to an RJ-45 to DB-9 serial cable for the Console port on the firewall.

To use SSH management, you must assign an IP address to X0 (LAN) or X1 (WAN), or use the default LAN IP address of 192.168.168.168.

To configure features using the CLI in an SSH management session via Ethernet:

1. Attach an Ethernet cable to the interface port marked X0. Attach the other end of the Ethernet cable to an Ethernet port on the configuring computer.

2. Launch a terminal emulation application or SSH client that communicates via Ethernet.

3. In the emulation application, enter the IP destination address for the X0 interface and enter 22 as the port number.

4. Select SSH as the connection type and open a connection.

Configuring Features using the Management Interface (Web UI)

You can manage the appliance securely from your Web browser using HTTPS by connecting to either the LAN or WAN IP address of the appliance, directly or over the network. Refer to the SonicOS 6.1 Administrator's Guide for complete information about the SonicOS management interface (Web UI).

There are a number of features in SonicOS that cannot be configured using the CLI. The following features can only be configured in the SonicOS management interface (Web UI):

Category

Features

Dashboard

All features

System

License, Certificates, Settings (import, upload/download)

SonicPoint

All features

Firewall

App Rules

Firewall Settings

BWM

DPI-SSL

All features

Anti-Spam

All features

Users

Guest Services, Guest Accounts, Guest Status Security

Security Services

Summary, Content Filter, Client AV Enforcement, Anti-Spyware,
Geo-IP filter, Botnet Filter

WAN Acceleration

All features

AppFlow

All features

Log

All features

SafeMode

SafeMode is a limited Web management interface that provides a way to upload firmware from your computer and reboot the appliance.

The SafeMode feature allows you to recover quickly from uncertain configuration states with a simplified management interface that includes the same settings available on the System > Settings page.

For instructions on how to restart your firewall in SafeMode, refer to the Getting Started Guide for your appliance.

Note You cannot use the CLI commands in SafeMode.

Example: Configuring a Site-to-Site VPN Using the CLI

This section describes how to create a VPN policy using the Command Line Interface. You can configure all of the parameters using the CLI, and enable the VPN without using the Web management interface.

Note In this example, the VPN policy on the other end has already been created.

CLI Access

1. Use a DB9 to RJ45 connector to connect the serial port of your PC to the console port of your firewall.

2. Using a terminal emulator program (such as PuTTY or Tera Term) use the following parameters:

• 115,200 baud

• 8 bits

• No parity

• 1 stop bit

• No flow control

3. You may need to hit return two to three times to get to a command prompt, which will look similar to the following:

• NSA3600>

or

• SM9200>

4. If you have used any other CLI, such as Unix shell or Cisco IOS, this process should be relatively easy and similar. It has auto-complete so you do not have to type in the entire command.

5. When you need to make a configuration change, you must be in configure mode. To enter configure mode, type configure.

• NSA3600> configure

• (config[NSA3600])>

6. The command prompt changes and adds the word config to distinguish it from the normal mode. Now you can configure all the settings, enable and disable the VPNs, and configure the firewall.

Configuration

In this example, a site-to-site VPN is configured between two NSA 3600 appliances, with the following settings:

Local NSA 3600 (home):
WAN IP: 10.50.31.150
LAN subnet: 192.168.61.0
Mask 255.255.255.0
Remote NSA 3600 (office):
WAN IP: 10.50.31.104
LAN subnet: 192.168.15.0
Mask: 255.255.255.0
Authentication Method: IKE using a Pre-Shared Key
Phase 1 Exchange: Main Mode
Phase 1 Encryption: 3DES
Phase 1 Authentication SHA1
Phase 1 DH group: 2
Phase 1 Lifetime: 28800
Phase 2 Protocol: ESP
Phase 2 Encryption: 3DES
Phase 2 Authentication: SHA1
Phase 2 Lifetime: 28800
No PFS

1. In configure mode, create an address object for the remote network, specifying the name, zone assignment, type, and address. In this example, we use the name OfficeLAN:

(config[NSA3600]> address-object Office LAN
(config-address-object[OfficeLAN])>

Note The prompt has changed to indicate the configuration mode for the address object.

(config-address-object[OfficeLAN])> zone VPN
(config-address-object[OfficeLAN])> network 192.168.15.0 255.255.255.0
(config-address-object[OfficeLAN])> finished

2. To display the address object, type the command show address-object [name]:

NSA3600 > show address-object OfficeLAN

The output will be similar to the following:

address-object OfficeLAN
network 192.168.15.0 255.255.255.0
zone VPN

3. To create the VPN policy, type the command:

vpn policy [name] [authenticationmethod]

(config[NSA3600])> vpn policy OfficeVPN pre-shared
(config-vpn[OfficeVPN])>

Note The prompt changes to indicate the configuration mode for the VPN policy. All the settings regarding this VPN will be entered here.

Sonicwall Authentication Code

4. Configure the Pre-Shared Key. In this example, the Pre-Shared Key is sonicwall:

(config-vpn[OfficeVPN])> pre-shared-secret sonicwall

5. Configure the IPSec gateway:

(config-vpn[OfficeVPN])> gw ip-address 10.50.31.104

6. Define the local and the remote networks:

(config-vpn[OfficeVPN])> network local address-object 'LAN Primary Subnet'
(config-vpn[OfficeVPN])> network remote address-object 'OfficeLAN'

7. Configure the IKE and IPSec proposals:

(config-vpn[OfficeVPN])> proposal ike main encr triple-des auth sha1 dh 2
: lifetime 28800
(config-vpn[OfficeVPN])> proposal ipsec esp encr triple-des auth sha1 dh no
: lifetime 28800

8. In the Advanced tab in the UI configuration, enable keepalive on the VPN policy:

(config-vpn[OfficeVPN])> advanced keepalive

9. To enable the VPN policy, use the command vpn enable [name]:

(config[NSA3600])> vpn enable 'OfficeVPN'

10. Use the finished command to save the VPN policy and exit from the VPN configure mode:

(config-vpn[OfficeVPN])> finished
(config[NSA3600])>

The configuration is complete.

Note The command prompt goes back to the configure mode prompt.

Viewing a VPN Configuration

To view a list of all the configured VPN policies:

1. Type the command show vpn policy. The output will be similar to the following:

(config[NSA3600])> show vpn policy

Policy: WAN GroupVPN (Disabled)
Key Mode: Pre-shared
Pre Shared Secret: DE65AD2228EED75A

Proposals:
IKE: Aggressive Mode, 3DES SHA, DH Group 2, 28800 seconds
IPSEC: ESP, 3DES SHA, No PFS, 28800 seconds

Advanced:
Allow NetBIOS OFF, Allow Multicast OFF
Management: HTTP OFF, HTTPS OFF
Lan Default GW: 0.0.0.0
Require XAUTH: ON, User Group: Trusted Users

Client:
Cache XAUTH Settings: Never
Virtual Adapter Settings: None
Allow Connections To: Split Tunnels
Set Default Route OFF, Apply VPN Access Control List OFF
Require GSC OFF
Use Default Key OFF

Sonicwall Console Port Settings

Policy: OfficeVPN (Enabled)
Key Mode: Pre-shared
Primary GW: 10.50.31.104
Secondary GW: 0.0.0.0
Pre Shared Secret: sonicwall

IKE ID:
Local: IP Address
Peer: IP Address

Network:
Local: LAN Primary Subnet
Remote: OfficeLAN

Proposals:
IKE: Main Mode, 3DES SHA, DH Group 2, 28800 seconds
IPSEC: ESP, 3DES SHA, No PFS, 28800 seconds

Advanced:
Keepalive ON, Add Auto-Rule ON, Allow NetBIOS OFF
Allow Multicast OFF
Management: HTTP ON, HTTPS ON
User Login: HTTP ON, HTTPS ON
Lan Default GW: 0.0.0.0
Require XAUTH: OFF
Bound To: Zone WAN

2. To view the configuration for a specific policy, specify the policy name in double quotes.
For example:

(config[NSA3600])> show vpn policy 'OfficeVPN'

The output will be similar to the following:

Policy: OfficeVPN (Enabled)
Key Mode: Pre-shared
Primary GW: 10.50.31.104
Secondary GW: 0.0.0.0
Pre Shared Secret: sonicwall

IKE ID:
Local: IP Address
Peer: IP Address

Network:
Local: LAN Primary Subnet
Remote: OfficeLAN

Proposals:
IKE: Main Mode, 3DES SHA, DH Group 2, 28800 seconds
IPSEC: ESP, 3DES SHA, No PFS, 28800 seconds

Advanced:
Keepalive ON, Add Auto-Rule ON, Allow NetBIOS OFF
Allow Multicast OFF
Management: HTTP ON, HTTPS ON
User Login: HTTP ON, HTTPS ON
Lan Default GW: 0.0.0.0
Require XAUTH: OFF
Bound To: Zone WAN

3. Type the command show vpn sa [name]to see the active SA:

(config[NSA3600])> show vpn sa 'OfficeVPN'

Policy: OfficeVPN
IKE SAs

GW: 10.50.31.150:500 --> 10.50.31.104:500
Main Mode, 3DES SHA, DH Group 2, Responder
Cookie: 0x0ac298b6328a670b (I), 0x28d5eec544c63690 (R)
Lifetime: 28800 seconds (28783 seconds remaining)

Kumpulan Serial Number Idm

IPsec SAs

Sonicwall Serial Number Check

GW: 10.50.31.150:500 --> 10.50.31.104:500
(192.168.61.0 - 192.168.61.255) --> (192.168.15.0 - 192.168.15.255)
ESP, 3DES SHA, In SPI 0xed63174f, Out SPI 0x5092a0b2
Lifetime: 28800 seconds (28783 seconds remaining)