Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Part 2. Appendix
SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Topics:
• Node License Status
• Managing Security Services
• Manual Upgrade
• Registering Your SonicWall Appliance
• Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License
• Activating FREE TRIALs
If your SonicWall security appliance is not licensed for unlimited nodes, the Nodes/User entry in the Security
Services Summary table lists how many nodes your security appliance is licensed to have connected at any one
time, how many nodes are currently connected, and how many nodes you have in your Node License Exclusion
List.
Excluding a Node
When you exclude a node, you block it from connecting to your network through the security appliance.
Excluding a node creates an address object for that IP address and assigns it to the Node License Exclusion List
address group.
To exclude a node:
1 Select the node you want to exclude in the Currently Licensed Nodes table on the Updates > Licenses
page.
2 Click the Edit icon in the Exclude column for that node. A warning displays, saying that excluding this
node will create an address object for it and place it in the License Exclusion List address group.
3 Click OK to exclude the node.
You can manage the License Exclusion List group and address objects in the MANAGEMENT | Policies > Objects
> Address Objects page of the management interface. Click the Node License Exclusion List link to jump to the
Objects > Address Objects page. For instructions on managing address objects, see SonicWall SonicOS 6.5
Policies.
When you have established your Internet connection, it is recommended you register your SonicWall security
appliance, which provides the following benefits:
• Try a FREE 30-day trial of SonicWall Intrusion Prevention Service, SonicWall Gateway Anti-Virus, Content
Filtering Service, and Client Anti-Virus
• Activate SonicWall Anti-Spam
• Activate SonicWall security services and upgrades
• Access SonicOS firmware updates
• Get SonicWall technical support
Topics:
• Security Services Summary on page 8
• Managing Security Services Online on page 9
Topics:
• Security Services Table on page 8
• Support Services Table on page 9
• Synchronizing Changes on page 9
• Activating, Upgrading, or Renewing Services on page 10
• Managing Licenses on page 11
The Support Service table displays a summary of the current status of support services for the SonicWall
security appliance. The Support Service table lists all support services for the appliance (such as Dynamic
Support), their current status, and their expiration date.
Topics:
• Synchronizing Changes on page 9
• Activating, Upgrading, or Renewing Services on page 10
Synchronizing Changes
When you make changes to your Security Services, you can synchronize them instead of waiting for the system
to do it automatically.
To synchronize your mysonicwall.com account with the Security Services Summary table:
1 Click SYNCHRONIZE in the Manage Security Services Online section on the Updates > Licenses page.
2 Enter your MySonicWall account username and password in the MySonicWall username/email and
Password fields.
Managing Licenses
To manage your licenses,
1 Navigate to MANAGE | Updates > Licenses.
3 If your username has not been populated in the Username or email field, enter your MySonicWall
account username in the Username or email field.
4 Enter your MySonicWall account password in the Password field.
5 Click LOG IN.
NOTE: If you do not have a MySonicWall account, click Register Now and follow the prompts to
create an account. See Registering Your SonicWall Appliance on page 14 for more information.
Manual Upgrade
Manual Upgrade allows you to activate your service.
3 Click APPLY.
Topics:
• From a Computer Connected to the Internet
• From the SonicOS Management Interface
CAUTION: If the warning message: “SonicWall Registration Update Needed. Please update your
registration information on the System > Status page after you have registered your SonicWall security
appliance” appears. Ignore this message.
See the Quick Start Guide for your security appliance for additional information on applying licenses manually,
synchronizing licenses manually, and upgrading firmware.
Local Table
The Local section of the Firmware Management & Backup table displays the:
• Current Firmware Version - firmware currently loaded on the firewall.
• Firmware Load Date - the date and time the firmware was installed on the appliance
• Firmware Build Date - the date and time the firmware was created
• Configuration Date - the date and time when the configuration of the appliance was last updated
• Comment - an Information icon that, when moused over, displays information about the firmware or
backup file. If you did not specify a comment when creating a backup, a default comment is displayed:
CAUTION: Clicking Boot next to any firmware image overwrites the existing current firmware image
making it the Current Firmware image.
CAUTION: When uploading firmware to the firewall, you must not interrupt the Web browser by closing
the browser, clicking a link, or loading a new page. If the browser is interrupted, the firmware may
become corrupted.
• Firmware Actions - displays the Download icon; clicking the icon saves the firmware to a new location on
your computer or network. Only uploaded firmware can be saved to a different location
The Built-in Storage Module section of the Firmware Management & Backup table displays the:
• Current Firmware Version - firmware currently loaded on the firewall.
• Firmware Load Date - the date and time the firmware was installed on the appliance
• Firmware Build Date - the date and time the firmware was created
• Comment - an Information icon that, when moused over, displays information about the firmware or
backup file. If you did not specify a comment when creating a backup, a default comment is displayed:
CAUTION: Clicking Boot next to any firmware image overwrites the existing current firmware image
making it the Current Firmware image.
CAUTION: When uploading firmware to the firewall, you must not interrupt the Web browser by closing
the browser, clicking a link, or loading a new page. If the browser is interrupted, the firmware may
become corrupted.
The Flexible Storage Module section of the Firmware Management & Backup table displays the:
• Current Firmware Version - firmware currently loaded on the firewall.
• Firmware Load Date - the date and time the firmware was installed on the appliance
• Firmware Build Date - the date and time the firmware was created
• Comment - an Information icon that, when moused over, displays information about the firmware or
backup file. If you did not specify a comment when creating a backup, a default comment is displayed:
CAUTION: Clicking Boot next to any firmware image overwrites the existing current firmware image
making it the Current Firmware image.
CAUTION: When uploading firmware to the firewall, you must not interrupt the Web browser by closing
the browser, clicking a link, or loading a new page. If the browser is interrupted, the firmware may
become corrupted.
Cloud Table
The Cloud table of the Firmware Management & Backup page displays the:
CAUTION: Clicking Boot next to any firmware image overwrites the existing
current firmware image making it the Current Firmware image.
CAUTION: When uploading firmware to the firewall, you must not interrupt the
Web browser by closing the browser, clicking a link, or loading a new page. If the
browser is interrupted, the firmware may become corrupted.
Configuration Actions Displays icons:
• Download – Saves the firmware to a new location on your computer or
network. Only uploaded firmware can be saved to a different location
• Comment Edit – Allows you to edit the default or custom comment.
• Delete – Deletes the backup file.
Use the Backup file for saving good configurations and then booting them if upgrades or future configurations
cause instability or other serious issues. The configuration file is conveniently saved onboard. The date and time
the file was created as well as the firmware version in use at the time is displayed in the Firmware Management
& Backup table. The dates for each item listed in the Firmware Management & Backup table are the build dates
for the firmware images themselves.
• On SonicWall NSA series, NSa series, and SuperMassive 9000 series appliances, the backup feature saves
a copy of the current system state, firmware, and configuration settings on your appliance, protecting all
your existing settings in the event that it becomes necessary to return to a previous configuration state.
• On SonicWall TZ series and SOHO series appliances, you can create a backup of your current
configuration settings on the appliance to be used with the current firmware version or with a newly
uploaded firmware version.
Topics:
• Creating a Local Backup Firmware Image on page 24
• Creating a Secondary Storage Backup Firmware Image on page 25
• Creating a Cloud Backup Firmware Image on page 25
• Scheduling Firmware Image Backups on page 26
3 Click Confirm. It may take a few minutes to create the backup file.
NOTE: For TZ series and SOHO appliances, the Backup file is a small settings file that can be booted with
either Current or Uploaded firmware. It does not contain a firmware image.
• Been disabled, click the checkbox next to Cloud backup disabled or the Enable now link to enable
it.
3 Select Retain Cloud Backup if you want this backup configuration file saved and not overwritten when
you create additional backup configuration files on the cloud.
4 You can use the Comment field to optionally create a comment associated with the backup configuration
file to make it easier to identify later.
5 Click Upload. It may take a few minutes to create the backup file.
To schedule a backup:
1 Click Create Backup.
4 Click OK.
Topics:
• Scheduling a One-Time Backup on page 27
• Scheduling Recurring Backups on page 28
• Deleting Scheduled Backups on page 30
4 In the Once section, set the duration during which you want the backup to be created. Select the Year,
Month, Day, Hour, and Minute from the drop-down menus to set the Start and End period for the
backup.
5 Click OK.
a Select the days on which you want the backup created. Click All to select all of the days at once.
b Enter the Start Time and Stop Time for the report in 24-hour format (for example, 02:00 for
2:00am and 14:00 for 2:00pm).
c Click Add to add that report to the Schedule List.
d Repeat these steps for each scheduled backup you want to create.
5 Click OK.
Updating Firmware
You can update firmware manually or use the Firmware Auto Update feature.
CAUTION: Uploading new firmware will overwrite any existing uploaded firmware image.
Topics:
• Updating Firmware Manually
• Firmware Auto Update
• Using SafeMode to Upgrade Firmware
7 Click the Boot icon for the firmware you just downloaded.
10 Click OK. A information message about the time to boot the firmware displays.
11 Click OK. An information message about the boot status displays in the Status bar.
When the image has finished downloading, another message window displays.
12 Log back in when the log in dialog displays. Both the MONITOR | Current Status > System Status and
MANAGE| Updates > Firmware & Backups pages reflect the firmware update.
4 Choose either:
• Enable Firmware Auto-Update - Displays an Alert icon when a new firmware release is available.
This option is selected by default.
• Download new firmware automatically when available - Downloads new firmware releases to
the SonicWall security appliance when they become available. This option is not selected by
default.
5 Click Apply.
Topics:
• Importing Settings
• Exporting Settings
IMPORTANT: It is recommended that you create a backup, either locally or to the cloud, before
proceeding. See Creating a Local Backup Firmware Image or Creating a Cloud Backup Firmware
Image for instructions on creating a firmware configuration backup.
4 Click Choose File to locate the file, which has a *.exp file name extension.
5 Select the preferences file with the configuration settings you want to import.
6 Click Import. The security appliance restarts automatically.
Exporting Settings
The exported preferences file can be imported into the security appliance if it is necessary to reset the firmware.
2 Click Export. The Opening filename.exp dialog displays. The file is named
sonicwall-appliance_model-firmware_version.exp, but can be renamed. Save File is
selected by default.
3 Click OK. This process can take up to a minute.
3 To send TSRs by FTP, select the Send Tech Support Report by FTP. This option is not selected by default.
4 To send configuration settings by FTP, select Send Settings by FTP. This option is not selected by default.
5 When either or both of the Actions settings are selected, the server fields become available. Make
changes as necessary.
a Enter the server’s IP address in the FTP Server field. The default is 0.0.0.0.
b Enter the user name associated with the server in the User name field. The default is admin.
c Enter the password associated with the user name in the Password field. The default is password.
d Enter the directory where the reports are to be sent in the Directory field. The default is reports.
The Schedule Name is TSR Report Hours and cannot be changed. All other aspects of the schedule can
be changed.
7 Configure the schedule. For how to configure a schedule, see SonicWall SonicOS 6.5 System Setup.
8 Click OK.
9 Click Apply.
When the report has been sent successfully, the status bar displays:
Boot Settings
To boot your SonicWall network security appliance with diagnostics enabled:
1 Navigate to MANAGE | Updates > Firmware & Backups.
2 Click Settings. The Settings dialog displays.
3 Click Boot with firmware diagnostics enabled (if available). This option is not selected by default.
4 Click APPLY.
CAUTION: Be aware that the One-Touch Configuration Overrides may change the behavior of your
SonicWall security appliance. Review the list of configurations before applying One-Touch Configuration
Overrides. In particular, these configurations may affect your experience:
• Administrator password requirements on the MANAGE | System Setup > Appliance > Base
Settings page
• Requiring HTTPS management
• Disabling HTTP-to-HTTPS redirect
• Disabling Ping management
The One-Touch Configuration Overrides feature is configured on the Settings dialog available from the UPDATES
| Firmware & Backups page. It can be thought of as a quick tune-up for your SonicWall network security
appliance’s security settings. With a single click, One-Touch Configuration Overrides applies over sixty
configuration settings to implement SonicWall’s recommended best practices. These settings ensure that your
appliance is taking advantage of SonicWall’s security features.
CAUTION: Be aware that the One-Touch Configuration Overrides may change the behavior of your
SonicWall security appliance. Review the list of configurations before applying One-Touch Configuration
Overrides. In particular, these configurations may affect your experience:
• Administrator password requirements on the MANAGE | System Setup > Appliance > Base
Settings page
• Requiring HTTPS management
• Disabling HTTP-to-HTTPS redirect
• Disabling Ping management
4 Select the Enable FIPS Mode option. This option is not selected by default.
5 Click APPLY. The FIPS Mode Verification dialog appears with a list of your required and not allowed
configurations.
7 Click OK to reboot the security appliance in FIPS mode. A second warning displays.
8 Click Yes to continue rebooting. To return to normal operation, clear the Enable FIPS Mode checkbox and
reboot the firewall in non-FIPS mode.
CAUTION: When using the SonicWall security appliance for FIPS-compliant operation, the
tamper-evident sticker that is affixed to the SonicWall security appliance must remain in place and
untouched.
The security objectives for a device that claims compliance to a Protection Profile are defined as:
Compliant TOEs (Targets Of Evaluation) will provide security functionality that address threats to the TOE
and implement policies that are imposed by law or regulation. The security functionality provided
includes protected communications to and between elements of the TOE; administrative access to the
TOE and its configuration capabilities; system monitoring for detection of security relevant events;
control of resource availability; and the ability to verify the source of updates to the TOE.
When you enable NDPP, a popup message displays with the NDPP mode setting compliance checklist. The
checklist displays every setting in your current SonicOS configuration that violates NDPP compliance so that you
can change these settings. You need to navigate around the SonicOS management interface to make the
changes. The checklist for an appliance with factory default settings is shown in the following procedure.
To enable NDPP and see a list of which of your current configurations are not allowed or are not
present:
NOTE: The Enable NDPP Mode option cannot be enabled at the same time as the Enable FIPS Mode
option, which is also on the Firmware & Backups > Settings dialog.
7 Click OK or Cancel.
Updates > WXA Firmware page for the TZ series and SOHO W appliances
Section Description
Appliance information Displays the WXA model and serial number. For NSA and SM security appliances,
displays multiple WXA models in a pull-down menu.
Allows you to refresh the data that is shown by clicking Refresh icon.
Firmware Management Lets you enable auto-downloads, check for updates, and upload new firmware.
Displays the current firmware and its version number.
When you click UPLOAD NEW FIRMWARE, instructions appear that step you
through the firmware upgrade process.
Factory Reset Lets you restore the WXA appliance to its original factory default settings.
3 In the left navigation pane, click Downloads to open the Download Center page.
9 For NSA series and SM series appliances, select the WXA appliance to update from WXA.
10 Click Upload New Firmware. The Firmware File field and Choose File button appear.
16 After the firmware upload has successfully completed, refresh the WXA Firmware page. The WXA
Firmware page now shows the new firmware ready to boot.
Troubleshooting Tips
• Be sure that you select the correct firmware image for the WXA Model.
• Close the browser and clear the browser cache after the upgrade if it does not appear to have taken
effect.
• If there is a problem with one browser, try another; always use the latest version of any browser.
WXA firmware can be downloaded automatically or manually, using HTTP, from a web server cluster located in
the SonicWall cloud. Other features, such as WXA Client, NAC Client, and NetExtender, use the same web server
cluster to distribute software and software updates.
NOTE: The upgrade is NOT applied automatically. You must apply the upgrade whether manually uploaded
or automatically downloaded.
The Firmware Auto-Download feature periodically checks the SonicWall cloud for WXA firmware updates and
automatically downloads the firmware when there is an upgrade. This feature is disabled by default.
NOTE: A WXA firmware upgrade file typically exceeds 100 MB and may require a long time to download to
the WXA through the security appliance. Please be patient, and ensure you have a long timeout for the
Admin session so the upload is not interrupted.
When auto-downloads are enabled, the security appliance checks for firmware updates every 2 hours at the
SonicWall website. If an upgrade to the firmware if found, the current firmware does a system check to
determine if the new firmware version should be downloaded.
NOTE: Auto-downloads have a limited transfer rate of up to 200 Kbps.
Topics:
• Restrictions on page 50
• Following the Download Process on page 51
• Enabling Auto-Downloads on page 51
Restrictions
• Does not operate with third-party proxy servers.
• Requires access to mysonicwall.com via HTTP or HTTPS.
Enabling Auto-Downloads
CAUTION: When performing a firmware upload, do NOT navigate away from the Updates > WXA
Firmware page. This could stop the uploading process or cause the management interface to become
unresponsive. Do NOT turn the power off during this process.
NOTE: Firmware management is done on individual WXAs, not on groups. However, to function as
a cluster, all WXAs in a group must be running the same version of firmware.
3 Click the Upload New Firmware button. The Firmware File field and Choose File button appear.
4 After the firmware upload has successfully completed, refresh the WXA Firmware page. The WXA
Firmware page now shows the new firmware ready to boot.
5 Click the Boot icon to apply the firmware image. The WXA appliance reboots as part of the process.
NOTE: You must click the Boot button to apply the new firmware image.
Factory Reset
To perform a Factory Reset:
1 Navigate to the MANAGE | Updates > WXA Firmware page.
• SonicWall Support
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.