Mike Ratcliffe

Configuring a SonicWALL TZ-105 Network Security Appliance – Part 1

In today’s post I am going to walk you through configuring a SonicWALL TZ-105 Network Security Appliance. In part one I will be covering basic connectivity, configuring the LAN and WAN interfaces, setting port assignments, the DHCP Server, Access Rules, Service Objects, Log Automation, exporting your configuration, and upgrading the firmware. Future posts will include more advanced configurations such as L2TP VPN, SSL VPN, Wireless N (available on the TZ-105W), and 3G/4G fail over.

If you haven’t had the privilege of working with one of these devices yet, here is what is included with a standard TZ-105. SonicWALL TZ-105, 12v adapter, power cord, patch cable, and a Quick Start Guide. The Quick Start Guide gives you some brief information about how to connect the device, the default IP, registering the device on www.mysonicwall.com, and where to download the latest firmware. Surprisingly what is not included is the default username and password for the device (unless I am overlooking it somewhere).

20150305_091910-225x300

Once you have the device unpacked, connect LAN port directly to a workstation and connect the power adapter.

20150305_133708-225x300

 

From your workstation release/renew your IP and navigate to http://192.168.168.168. Login with the default username and password admin/password.

1-300x182

From the main System Status page, you should see a handful of warnings/actionable items (The password hasn’t been changed, you have not specified a DNS server address, Log messages cannot be sent, and Your Dell SonicWALL is not registered).  This is expected and you can ignore these for now.

ScreenShot005-300x65

The quickest way to get started with the initial configuration is to use the included Wizard. In the top right hand corner, select Wizards.

ScreenShot015

Select Setup Wizard and click next.

ScreenShot016-300x93

Set your new password and click next.

ScreenShot017-300x131

Set your time zone and click next.

ScreenShot018-300x130

Here we could start the initial configuration of 3G/4G if available. In this case, select None and click next.

ScreenShot019-300x151

Set the WAN Network Mode that matches your environment. In this case, I will be selecting Router-based Connections because I will be using a static IP provided by my ISP.

ScreenShot001-300x142

Enter your WAN IP address, subnet mask, gatway and DNS servers. The bottom two items are optional however, for security reasons, I highly recommend that you do NOT enable “Allow HTTPS on the WAN interface”.

ScreenShot002_2-300x187

Set the LAN IP and subnet mask and click next.

ScreenShot003-300x184

In my case, I don’t need the SonicWALL to act as a DHCP server. Uncheck Enable and click Next.

ScreenShot023-300x132

For port assignment, select what best suites your environment and click next. I typically use the Default WAN/LAN Switch.

ScreenShot004-300x199

The next screen is a summary of the configuration. Review and click Apply.

ScreenShot005_2-300x224

Click Close.

ScreenShot006-300x179

At this point, unless you kept the subnet 192.168.168.0/24, you will need to release/renew the IP on your workstation again (if you left DHCP enabled) or set a static IP in the new subnet.  From your browser, navigate to the new IP and login using the new password.

The initial configuration of your device is complete. If you need to review or make adjustments to these setting individually you can find them in the locations below.

Change Password: System>Administration

Change Time Zone: System>Time

3G/4G Configuration: 3G/4G/Modem>Settings

LAN/WAN Interfaces: Network>Interfaces

Port Assignments: Network>PortShield Groups

Firewall Configuration (Address Objects, Services, Service Groups, NAT Policies and Access Rules):

Now that the initial configuration is complete, let’s move to configuring the Firewall. Again, the quickest way to get started is to use the included Wizard.

Select Wizards in the top right hand corner.

Select Public Server Wizard and click next.

ScreenShot010-300x165

In my case, I need to allow inbound TCP traffic for SMTP, POP3, HTTP, HTTPS, and PPTP. Because the Wizard is somewhat limited as to what you can specify, I’ll just select Mail Server SMTP and POP3 for now and ill add the remaining services to the Service Object that the Wizard creates. Click Next.

ScreenShot013-300x200

Specify the name of the server (this is just for reference purposes) and specify the internal IP.  Click Next.

ScreenShot014_2-300x206

On the summary screen, review and note the Server Address Objects, Service Group Objects, NAT Policies, and Access Rules that are being created. Click Apply.

ScreenShot015_2-300x177

Click Close.

ScreenShot016-2-300x138

Next we need to add the remaining services (HTTP, HTTPS, and PPTP) to the newly created Service Object. In the left hand navigation, Expand Firewall and select Service Objects. Scroll down until you see the Service Group that was created by the wizard and click the Edit button beside that object.

ScreenShot018_2-300x86

Locate the remaining services and move them to the right hand side. Click OK.

 

ScreenShot019_2-300x194 ScreenShot020_2-300x234

For quick reference, you can hover over the service object to see the service properties which will list the services, protocol and ports assigned to that service object.

ScreenShot023_2-300x195

SonicWALLs tend to be pretty good about the preexisting services you have to select from; most of the common services are already created however in some cases you may need to create a service if it is not available in the list. To create a service, navigate to Service Objects. Within Services, click Add.

 

3 (1) 4

Specify a name for the service for reference and enter the protocol and port range. Click Add. The newly created service will now be available to add to a Service Group.

ScreenShot028-300x181

Configuring Log and Alert Automation:

From the left hand Navigation, select Log and then select Automation.

ScreenShot031

From the Automation screen you can configure your mail server and where to send Logs and/or Alerts. In my case, I am only going to enable Alerts to Email.

ScreenShot030_2-300x258

Upgrading SonicWALL Firmware:

You can obtain the latest firmware from your http://www.mysonicwall.com portal. The firmware file will have a .sig extension. To upgrade the firmware navigate to System and then click Settings.

ScreenShot032-300x102

Click Create Backup Settings. You will notice a third line item named “Current Firmware with Backup Settings” will appear.

ScreenShot035-300x199

Next, click Upload New Firmware. Browse to the .sig file and click OK. Click Upload.

ScreenShot038-300x220

If the firmware uploaded successfully, you should now see “Uploaded Firmware with Backup Settings – NEW!”.

ScreenShot041-300x102

On the “Uploaded Firmware with Backup Settings – NEW!” row, click Boot. Review the pop up box and click OK.

ScreenShot047-300x99

The firmware will take a few minutes to install. Once installed you can confirm the update was successful by noting the Current Firmware version in the Firmware Management section.

ScreenShot045

Configuration Import/Export:

In the left hand navigation, select System and then Settings. From here you can export your current settings. I highly recommend exporting setting before and after any significant change to the device after it is in production. From the same location, you can import existing configurations.

ScreenShot032

Well there you have it. Pretty straight forward configuration once you become familiar with SonicWALLs layout and terminology. For more information about SonicWALL please visit http://www.sonicwall.com/us/en/ and/or http://www.mysonicwall.com

 

 

Leave a Reply