User Tools

Site Tools


sonicwall:basic_configurations_support_site_and_vpn_scenarios

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
sonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/23 08:50] – created aperezsonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/24 09:36] (current) aperez
Line 1: Line 1:
 ====== Basic configurations, support site and VPN scenarios ====== ====== Basic configurations, support site and VPN scenarios ======
  
 +----
 +----
  
-====== Types of site to site VPN scenarios and configurations ======+**CLI configuration** 
 + 
 +{{ :sonicwall:090170728410797.png?400 |}} 
 + 
 +---- 
 +---- 
 +The **default IP address** for a SonicWall appliance can vary depending on the model, but is often** 192.168.168.168 or 192.168.168.169**.  
 + 
 +Default IP addresses for specific SonicWall models: 
 + 
 + 
 +  * SonicWall Email Security: **192.168.168.169** 
 +  * SonicWall UTM: **192.168.168.168** for the LAN interface 
 +  * SonicWall NSA: **192.168.168.168** 
 + 
 +**How to access the SonicWall**:  
 + 
 +To access the SonicWall, you can open a browser and go to **https://192.168.168.168**. The default username and password for the SonicWall management login page is admin/password.  
 + 
 +**How to find the SonicWall IP address**: 
 + 
 +You can use the Setup Tool to determine the LAN interface IP address. You can also download the Setup Tool and install it on a computer connected to the firewall's LAN port. Then, open the tool and search for the IP address.  
 + 
 +**How to access the SonicWall MGMT port**: 
 +  
 +Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet 
 +Ping the Gateway (**https://192.168.1.254**). 
 + 
 +The SonicWall security appliance supports the following management protocols: **HTTP**, **HTTPS**, **SSH**, **Ping**, and **SNMP**.  
 + 
 +---- 
 +---- 
 + 
 + 
 +  Type: config (hit enter) 
 +  -----------config(C0EAE4009930)# 
 +   
 +  Type: interface and name of the interface e.g. X3  (hit enter) 
 +  -----------config(C0EAE4009930)# interface X3 
 +  Type: ip-assignment WAN static   (in our case the IP assignment should be static and the interface should be WAN  
 +  ... hit enter) 
 +  ----------(edit-WAN-static[X3])# 
 +  Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter) 
 +  Type: commit  (hit enter) 
 +   
 + 
 +---- 
 +---- 
 + 
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-objects except name custom** 
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-groups** 
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **restart** 
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show interfaces**  
 + 
 + 
 +The show **service-objects** and **service-groups** are copied into separate **.txt** files.   Then from a **LINUX** machine, with the command written below **delete** the uuid and name lines. 
 + 
 +**Update ubuntu Linux:** 
 + 
 +  * **sudo -s** 
 +  * **apt update** 
 +  * **apt upgrade** 
 +  * **apt install vim** 
 + 
 +Itemaperez@APEREZ:~/prueba$ **sed -i '/^____uuid/d' *.txt** 
 + 
 +**Note: _ space, quantity to replace: four.** 
 + 
 +**Format** that the **Sonicwall CLI processes without problems** is: 
 + 
 +  service-object HTTP 
 +      TCP 80 80 
 +      exit 
 +   
 +  service-object "HTTP Management" 
 +      TCP 80 80 
 +      exit 
 +   
 +  service-object HTTPS 
 +      TCP 443 443 
 +      exit 
 + 
 + 
 +  service-group "AD Directory Services" 
 +      service-object "RPC Services (IANA)" 
 +      service-object "RPC Services" 
 +      service-object "DCE EndPoint" 
 +      service-object NTP 
 +      service-object LDAPS 
 +      service-object "LDAP (UDP)" 
 +      service-object LDAP 
 +      service-group "AD NetBios Services" 
 +      service-group "Host Name Server" 
 +      service-group Kerberos 
 +      service-group "DNS (Name Service)" 
 +      exit 
 + 
 + 
 +---- 
 +---- 
 + 
 +{{ :sonicwall:services_group_objects.zip |}} 
 + 
 +---- 
 +---- 
 + 
 +**[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]** 
 + 
 +**[[https://www.sonicwall.com/support/knowledge-base/how-to-change-an-interface-ip-using-cli/170505335001193|How to Change an Interface IP using CLI]]** 
 + 
 + 
 +**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-web-management-using-cli/170505859113943|How can I configure web-management using CLI?]]** 
 + 
 + 
 +**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-interface-from-cli-once-connected-over-console-port/170505499805697|How can I configure interface from CLI once connected over console port?]]**
  
  
Line 27: Line 143:
 **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]**
  
 +----
 +----
 +
 +
 +**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
 + 
 +**FEC (Forward Error Correction)**:
 +FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
 +
 +Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
 +
 +Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
 +
 +
 +  *   **auto**   Enable FEC Auto-Neg
 +  *   **cl108**  Enable clause108 with 25G
 +  *   **cl74**   Enable clause74 with 25G
 +  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
 +
 +
 +----
 +----
 +
 +
 +**Benefits of FEC on SFP Ports**:
 +
 +  * Error Correction: FEC can correct errors due to signal attenuation or interference.
 +  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
 +  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
 +
 +----
 +
 +**Aruba Switch 6400:**
 +
 +
 +  CS-2P-MDFHA-A#** show ver**
 +  -----------------------------------------------------------------------------
 +  ArubaOS-CX
 +  (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
 +  -----------------------------------------------------------------------------
 +  Version      : FL.10.13.1010
 +  Build Date   : 2024-04-09 00:34:12 UTC
 +  Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
 +  Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
 +  Hot Patches  :
 +  Active Image : primary
 +  
 +  Service OS Version : FL.01.14.0002
 +  BIOS Version       : FL.01.0002
 +
 +CS-2P-MDFHA-A(config)# **interface 1/3/36**
 +
 +**error-control**    Configure the error control (**FEC**) mode
 +
 +  CS-2P-MDFHA-A(config-if)# error-control
 +    auto        Use the transceiver default
 +    base-r-fec  Use IEEE BASE-R (Firecode) FEC
 +    none        Do not use any FEC
 +    rs-fec      Use IEEE Reed-Solomon FEC
 +
 +----
 +
 +**C9500 Cisco Catalyst**
 +
 +C9500-N#**show ver**
 +  Cisco IOS XE Software, **Version 17.12.03**
 +  Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
 +
 +  interface TwentyFiveGigE1/0/3
 +   description VLAN 526 PTP A.B.C.D/EF X30
 +   switchport access vlan 526
 +   switchport mode access
 +   mtu 9100
 +   logging event trunk-status
 +   logging event bundle-status
 +   udld port aggressive
 +   fec cl74
 +
 +  C9500-N(config-if)#interface TwentyFiveGigE1/0/3
 +  
 +  C9500-N(config-if)#fec ?
 +    auto   Enable FEC Auto-Neg
 +    cl108  Enable clause108 with 25G
 +    cl74   Enable clause74 with 25G
 +    off    Turn FEC off, FEC is mandatory for speeds 50G or higher
  
 +----
 +----
  
sonicwall/basic_configurations_support_site_and_vpn_scenarios.1740318618.txt.gz · Last modified: 2025/02/23 08:50 by aperez

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki