Filter
Top Products
2
SONICWALL SONICOS 2.5 ENHANCED ADMINISTRATOR’S GUIDE
C
HAPTER
1:
Introduction
• Multiple GroupVPN Policies: SonicOS Enhanced 2.5 allows you to create separate, customized
GroupVPN policies for each Zone, and SonicWALL Global VPN Client connections can terminate
on any interface.
• Wireless Extensions: SonicOS Enhanced 2.5 includes the ability to terminate wireless clients
using SonicWALL SonicPoint, and incorporating wireless features such as wireless guest services
(WGS), secure wireless roaming, using SonicWALL’s Global VPN Client, and rogue access point
detection. SonicOS Enhanced 2.5 allows you to manage SonicWALL SonicPoints for secure
wireless networking behind the firewall.
• Full Stateful IGMP Multicast Support: SonicOS Enhanced 2.5 includes the ability to track and
allow/deny multicast traffic, with support for IGMPv1, IGMPv2, and IGMPv3. Multicast can be
enabled or disabled on a per-interface and per-VPN policy basis.
• Inbound Bandwidth Management: SonicOS Enhanced 2.5 adds the ability to perform ingress
and egress bandwidth management for traffic passing in and out of the WAN interfaces on a
per-rule basis. Ingress bandwidth management uses rate-limiting via delayed ACKs for TCP traffic,
drops over-limit packets for connectionless UDP traffic. For both methods, you specify the
maximum upstream and downstream throughput for each WAN interface, and on a per-rule basis,
set the priority level of the traffic, the guaranteed percentage of bandwidth for that rule, and the
maximum (i.e. burstable) bandwidth for that rule.
• Transparent Mode Support: SonicOS Enhanced 2.5 includes the ability to bridge WAN-side IP
addresses/subnets onto an internal interface, including the LAN Zone interface. This feature is
useful in network environments where it is not possible to renumber internal systems to a private
addressing scheme and perform NAT at the SonicWALL security appliance, or in “drop-in”
situations where the SonicWALL security appliance is used primarily as an IPS (Intrusion
Prevention Service) or CFS (Content Filtering Service) appliance.
• Expanded IP Protocol Support: SonicOS Enhanced 2.5 supports additional IP types (IGRE,
ESP, AH, EIGRP, OSPF, PIMSM, L2TP) as well as specify ICMP/IGMP subtypes when creating
customized service objects, across the firewall and through VPN connections.
• Policy Based Routing (PBR) - SonicOS Enhanced 2.5 allows you to create extended static
routes that match against source, service, and destination. This feature, for example, can be used
to steer traffic matching the route policies out a specific WAN. It also supports metrics, so high-
cost static route entries can be used in case dynamically received route entries fail.
• Expanded Logging: SonicOS Enhanced 2.5 includes additional logging capabilities to provide
expanded flexibility. You can export the log into plain text or CSV values. Logging categories are
dramatically expanded, the logs conform to Syslog severity levels so you can set the SonicWALL
security appliance to only log alerts and messages of specified levels, and you can independently
specify which categories are logged to the internal log. When directing logs to external Syslog
servers, you can rate-limit the messages based on events per second, or maximum bytes per
second, so that external Syslog servers do not get overwhelmed. The SonicWALL security
appliance also has the ability to do “POP before SMTP” in order to e-mail logs and alerts to SMTP
mail servers that require a successful POP3 authentication before e-mail is sent through them.
About this Guide
Welcome to the SonicWALL SonicOS Enhanced 2.5 Administrator’s Guide. This manual provides the
information you need to successfully activate, configure, and administer SonicOS Enhanced 2.5 for
the SonicWALL TZ170, PRO 2040, PRO 3060, PRO 4060, and PRO 5060 Internet Security
Appliances.
Note: Always check <http//:www.sonicwall.com/services/documentation.html> for the latest version of
this manual as well as other SonicWALL products and services documentation.