SonicWALL TZ170SP Security Camera User Manual


 
7
Is there an easy way to erase the config file on the TZ 170 SP?
This is done from the ‘System > Settings’ menu by booting the box with the ‘Current Firmware with Factory Default’
settings button. All stored settings (including username, password, and LAN IP address) will be discarded and the
device will reboot with factory settings (username: admin, password: password, LAN IP Address: 192.168.168.168).
Is there an easy way to erase the firmware on the TZ 170 SP?
Simply load a new version and boot that one instead – the previous one will be erased and replaced with the new
version. If the process fails, the device will boot into the SafeMode menu.
Is User-Level Authentication (ULA) supported in SonicOS 2.6 Standard?
Yes – there’s a check box on the ‘Users > Settings’ page that, when checked, will force all systems on the LAN and
OPT interface to log into the TZ 170 SP and authenticate with a username and password before any traffic is
allowed to pass across the device. ULA is also supported in SonicOS 2.6 Enhanced, but is configured in a different
manner (instead of an all-or-nothing mechanism, ULA is enforced on a fully granular, per-rule basis between
security zones).
What is SafeMode?
SafeMode is a feature of the SonicOS Standard and Enhanced firmware that allows firewall administrators to switch
between firmware builds and revert to known-good versions in case a new firmware image turns out to cause
issues. In cases of firmware corruption, the device will boot into a special GUI mode that allows the administrator to
choose which version to boot, and also allows the administrator to run hardware diagnostics, view the bootlog, or
export the bootlog to a file.
How do I access the SafeMode menu?
In emergency situations, you can access the SafeMode menu by holding in the Reset button on the back of the TZ
170 SP (it’s the small pinhole button located to the left of the Console port) for 12-14 seconds until the ‘Test’ light
begins flashing yellow. When the SonicWALL is booted into the SafeMode menu, assign a workstation a temporary
IP address of ‘192.168.168.200’ and attach it to a LAN interface on the TZ 170 SP. Then, using a modern web
browser (Microsoft IE6.x, Mozilla 1.4+), access the special SafeMode GUI using the device’s default IP address of
‘192.168.168.168’. You will be able to boot the device using a previously saved image, or you can upload a new
version of firmware with the ‘Upload New Firmware’ button.
Is there still a ‘diag.html’ page?
Yes. This page is kept to store configuration settings that are rarely used, and for extremely specific environments.
Do not modify values on this page unless SonicWALL requests you do so.
VPN
What is the “VPN” zone?
The VPN zone is a special type of zone in SonicOS Enhanced, used to enforce security policy to/from all VPN
connections, including GroupVPN connections. For example, if you had a single site-to-site VPN tunnel to a remote
office, when you created the tunnel, the firewall automatically created default ‘allow all’ firewall rules for the
networks you specified when creating the tunnel. If you wished to add more granular control over the traffic flowing
to/from that remote site, you can go into the intersection of the internal zones and the VPN zone and adjust the
rules as needed. To override firewall rules going to the remote site, you’d adjust the policy for ‘LAN > VPN’, and to
override rules coming from the remote site, you’d adjust the policy for ‘VPN > LAN’.
Can I set up VPN tunnels to older SonicWALL devices?
Yes – all versions of SonicOS are backwards compatible with all previous VPN-capable versions of SonicWALL
firmware.
Can I set up site-to-site VPN tunnels from the TZ 170 SP to third-party VPN devices?
Yes, as long as the other device supports manual IPSec or IKE IPSec. This would include all other IPSec-capable
SonicWALL models, and devices from other manufacturers.