Dell SonicWALL Firewall Appliance WAN and LAN Configuration


Running inside a SonicWALL device is the SonicOS operating system, which is responsible for application and traffic management of organisation’s network infrastructure. Below, we shall take a closer look at out of the box configuration of the firewall.


Once the device unboxed, you’ll find a power adapter cable as well as an ethernet cable in the package. Assemble the adapter depending on which country you reside (UK or USA), then plug the ethernet cable into the X0 port labelled LAN with the other end of that cable plugging into the ethernet port on your laptop. Find an image of the rear of the device below. Notice X0 for LAN and X1 for WAN.

To be able to access the SonicWALL interface, you’ll need to check the IPv4 configuration on your network card to ensure its set to acquire IP addresses automatically. In some instances where the device has already been configured with an IP address such as 10.10.0.25, you will need to change your network card address to match the IP subnet of the firewall to be able to access it.

For example, to access an already configured device with an address such as above, you’ll need to set your network card to 10.10.0.50 to give you access to the device interface.

If you are not familiar with how to do this, access Control Panel > Network and Internet > Network and Sharing Centre > Change adapter settings > Right click adapter > Click Properties. 


The Ethernet Properties dialog box should pop up as above. Highlight Internet Protocol Version 4 (TCP/IPv4) and click Properties. We can now configure the network card to match the subnet of the new SonicWALL, for which I set 192.168.168.10 to demonstrate the config process.

Make sure to set the default gateway to SonicWALL’s default address 192.168.168.168 and click OK to finish.

1. SonicWALL > Network > Interfaces



Launching your browser, access http://192.168.168.168 and once the log in screen loads, type in the SonicWALL default credentials username: admin Password: password to be presented with the dashboard. Expand the Network tree and Click on Interfaces to see the screen displayed above.

Depending on the model of SonicWALL you’re working on, you may see X0 to X5 or more which we’re going to use to configure our WAN and LAN interfaces, so our internal network can gain access to the wide area internet services. 

2. Configuring Static IP WAN on SonicWALL Interface X1

To perform this task, you will need to purchase an internet service package from an ISP. This could be an ADSL or Fibre leased line with parameters such as Public IP address, subnet mask, default gateway, DNS servers and usable IP addresses. It should look like these fictitious parameters below;

-LAN Subnet:                       62.319.68.89/30
-Subnet Mask:                     255.255.255.252
-Network:                             62.319.68.89
-Default Gateway:               62.319.68.90
-Usable IP:                          62.319.68.91
-Broadcast:                         62.319.68.92
-DNS Server 1:                   88.215.81.255
-DNS Server 2:                   88.215.83.255


Since this article will walk you through setting up WAN and LAN for internet connection, we’ll be focusing our attention on X1 = WAN and X0 = LAN interfaces and configure them to gain access to the internet.

Click on the configure radio button next to Default WAN and begin populating the details you received from your ISP. Set Zone to WAN, IP Assignment to Static and DNS Server 3 to 8.8.8.8

If you are satisfied the details are correct, click on Advanced to inspect further settings WAN traffic transmission settings.


Leave the Link Speed setting to Auto Negotiate, Enable flow reporting, Interface MTU (Minimum Transmission Unit) to 1500 and tick Fragment non-VPN outbound packets larger than Interface MTU. Click OK to finish.

3. Configuring PPPoE WAN on SonicWALL Interface X1

Some ISPs may provision your internet connection as PPPoE with a username and password. The SonicWALL device can handle connections of this type by your input in the IP Assignment field. 



Once credentials are populated, you can click OK to finish. Want to access the device remotely over public IP address? simply tick the HTTPS radio button next to Management. 

Be sure to set a very complex admin password on the device if this function is enabled. 

4. Configuring LAN on SonicWALL Interface X0

Settings on this interface affect all equipment sitting behind the firewall in your organisation. In a production environment, an ethernet cable from this port connects to your switch and splits the internet signal to all IP enabled devices including servers, workstations and printers.

To configure this, you would have to decide which IP address system you want your network to have. For this demonstration, we’ll be using 192.168.50.1 with subnet mask 255.255.255.0 


Just as we did above, click the Configure radio button next to Default LAN and populate the details.

Bear in mind at this point that once you click OK, the status of the SonicWALL will change, and you can no longer access the device on the default IP address. Open your network card configuration page again and set it to receive IP addresses via DHCP.

If your ISP settings are correct, you should see 1 Gbps Full Duplex status on both interfaces. Test the connection by visiting any of your favourite sites such as www.YouTube.com

5. Changing Default Admin Password

For obvious security reasons, it is advisable to change the device access IP and password of your SonicWALL, since these details hold true for all units shipped out all over the world.

As we don’t want to give hackers a great field day breaking into our network, changing the LAN IP address like we did above, blocks one layer of vulnerability of the firewall.


Navigate System Setup > Appliance > Base Settings. A lot of settings are available from this window, but you can go ahead and change your password. To make it more secure, change the main Administrator name to something more specific, a name that is harder to guess.

Further advanced security lock-down features will be explored in later topics.

6. Managing DHCP Server on SonicWALL

It is important to note at this point that, DHCP service can be controlled from the SonicWALL or from your server, if you have one installed on the network.
Navigate to Network > DHCP Server to open the interface as shown below;

Tick the radio button to enable DHCPv4 Server and click Accept to save the settings. This server will now be responsible for distributing IP addresses, subnet masks, gateway addresses, and DNS server addresses to your network clients.

You have further options to control the number of IP addresses, and lease times for those addresses to expire on the client computers.

On the same interface, click Dynamic > ADD to configure these settings > Click OK.

In the example above, I have set my DHCP scope between 192.168.50.2 – 192.168.50.254. The number of addresses allocated to your client machines depends entirely on you but, it is good industry practice to limit the scope to the number of machines in your environment, aiding with easier security audits and identification of bad or conflicting IP addresses.

All devices currently connected to the firewall can be viewed in the Current DHCPv4 Leases window.

A good industry practice is to back up your SonicWALL device configuration to a file, to aid faster disaster recovery times. Refer to our previous article for steps on how to do this task.

Dell SonicWALL Education and Certification

SonicWALL in association with SecureFirst Partners Portal offers Silver, Gold or Platinum membership and access to SonicWALLUniversity.

Membership advantages include access to a wealth of training materials and knowledge training from authorised specialists which could lead to qualifications as a CertifiedSonicWALL Security Administrator (CSSA) and CertifiedSonicWALL Security Professional (CSSP)

You can sit the test at the cost of about $400. Your company stands to benefit from huge partnership discounts on SonicWALL products if one network engineer in the business gains these certifications.


Dell SonicWALL Appliance Operating System Overview

Getting your hands on one of the SonicWALL devices like TZ300 could set you back about £780, a great price for small to medium size businesses to implement network security policies.

For the purposes of learning however, an online live demo version of the device operating system interface is available for Free from SonicWALL

                                                     
                                        Final Thoughts

We hope you found this article useful as a guide to configure Wide Area Network (WAN), Local Area Network (LAN), DHCP server and securing your device by changing the admin password. SonicWALL represents a cost-effective way to deploy security solutions for Small to Medium Enterprises (SMEs). Head over to SonicWALL website for more information.

Join us again as we explore further advanced configurations such as VPN, port forwarding and setting up a failover load balancing for resilience.

We would like to thank you for investing your time with us. 

                                 


                                         
 Written By
www.codexploitcybersecurity.com   Twitter: @ixploitsecurity   Facebook: https://www.facebook.com/icybersecure


                          Credits to all organisations and development teams at Dell SonicWALL 

0 Comments:

Post a Comment