In today’s post I am going to walk you through configuring a SonicWALL TZ-105 Network Security Appliance. In part one I will be covering basic connectivity, configuring the LAN and WAN interfaces, setting port assignments, the DHCP Server, Access Rules, Service Objects, Log Automation, exporting your configuration, and upgrading the firmware. Future posts will include more advanced configurations such as L2TP VPN, SSL VPN, Wireless N (available on the TZ-105W), and 3G/4G fail over.
If you haven’t had the privilege of working with one of these devices yet, here is what is included with a standard TZ-105. SonicWALL TZ-105, 12v adapter, power cord, patch cable, and a Quick Start Guide. The Quick Start Guide gives you some brief information about how to connect the device, the default IP, registering the device on www.mysonicwall.com, and where to download the latest firmware. Surprisingly what is not included is the default username and password for the device (unless I am overlooking it somewhere).
Once you have the device unpacked, connect LAN port directly to a workstation and connect the power adapter.
From your workstation release/renew your IP and navigate to http://192.168.168.168. Login with the default username and password admin/password.
From the main System Status page, you should see a handful of warnings/actionable items (The password hasn’t been changed, you have not specified a DNS server address, Log messages cannot be sent, and Your Dell SonicWALL is not registered). This is expected and you can ignore these for now.
The quickest way to get started with the initial configuration is to use the included Wizard. In the top right hand corner, select Wizards.
Select Setup Wizard and click next.
Set your new password and click next.
Set your time zone and click next.
Here we could start the initial configuration of 3G/4G if available. In this case, select None and click next.
Set the WAN Network Mode that matches your environment. In this case, I will be selecting Router-based Connections because I will be using a static IP provided by my ISP.
Enter your WAN IP address, subnet mask, gatway and DNS servers. The bottom two items are optional however, for security reasons, I highly recommend that you do NOT enable “Allow HTTPS on the WAN interface”.
Set the LAN IP and subnet mask and click next.
In my case, I don’t need the SonicWALL to act as a DHCP server. Uncheck Enable and click Next.
For port assignment, select what best suites your environment and click next. I typically use the Default WAN/LAN Switch.
The next screen is a summary of the configuration. Review and click Apply.
At this point, unless you kept the subnet 192.168.168.0/24, you will need to release/renew the IP on your workstation again (if you left DHCP enabled) or set a static IP in the new subnet. From your browser, navigate to the new IP and login using the new password.
The initial configuration of your device is complete. If you need to review or make adjustments to these setting individually you can find them in the locations below.
Change Password: System>Administration
Change Time Zone: System>Time
3G/4G Configuration: 3G/4G/Modem>Settings
LAN/WAN Interfaces: Network>Interfaces
Port Assignments: Network>PortShield Groups
Firewall Configuration (Address Objects, Services, Service Groups, NAT Policies and Access Rules):
Now that the initial configuration is complete, let’s move to configuring the Firewall. Again, the quickest way to get started is to use the included Wizard.
Select Wizards in the top right hand corner.
Select Public Server Wizard and click next.
In my case, I need to allow inbound TCP traffic for SMTP, POP3, HTTP, HTTPS, and PPTP. Because the Wizard is somewhat limited as to what you can specify, I’ll just select Mail Server SMTP and POP3 for now and ill add the remaining services to the Service Object that the Wizard creates. Click Next.
Specify the name of the server (this is just for reference purposes) and specify the internal IP. Click Next.
On the summary screen, review and note the Server Address Objects, Service Group Objects, NAT Policies, and Access Rules that are being created. Click Apply.
Next we need to add the remaining services (HTTP, HTTPS, and PPTP) to the newly created Service Object. In the left hand navigation, Expand Firewall and select Service Objects. Scroll down until you see the Service Group that was created by the wizard and click the Edit button beside that object.
Locate the remaining services and move them to the right hand side. Click OK.
For quick reference, you can hover over the service object to see the service properties which will list the services, protocol and ports assigned to that service object.
SonicWALLs tend to be pretty good about the preexisting services you have to select from; most of the common services are already created however in some cases you may need to create a service if it is not available in the list. To create a service, navigate to Service Objects. Within Services, click Add.
Specify a name for the service for reference and enter the protocol and port range. Click Add. The newly created service will now be available to add to a Service Group.
Configuring Log and Alert Automation:
From the left hand Navigation, select Log and then select Automation.
From the Automation screen you can configure your mail server and where to send Logs and/or Alerts. In my case, I am only going to enable Alerts to Email.
Upgrading SonicWALL Firmware:
You can obtain the latest firmware from your http://www.mysonicwall.com portal. The firmware file will have a .sig extension. To upgrade the firmware navigate to System and then click Settings.
Click Create Backup Settings. You will notice a third line item named “Current Firmware with Backup Settings” will appear.
Next, click Upload New Firmware. Browse to the .sig file and click OK. Click Upload.
If the firmware uploaded successfully, you should now see “Uploaded Firmware with Backup Settings – NEW!”.
On the “Uploaded Firmware with Backup Settings – NEW!” row, click Boot. Review the pop up box and click OK.
The firmware will take a few minutes to install. Once installed you can confirm the update was successful by noting the Current Firmware version in the Firmware Management section.
In the left hand navigation, select System and then Settings. From here you can export your current settings. I highly recommend exporting setting before and after any significant change to the device after it is in production. From the same location, you can import existing configurations.
Well there you have it. Pretty straight forward configuration once you become familiar with SonicWALLs layout and terminology. For more information about SonicWALL please visit http://www.sonicwall.com/us/en/ and/or http://www.mysonicwall.com