Differences

This shows you the differences between two versions of the page.

--- sonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/23 08:50] – created aperez
+++ sonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/24 09:36] (current) – aperez
@@ Line 1: / Line 1: @@
 ====== Basic configurations, support site and VPN scenarios ======
+----
+----
-====== Types of site to site VPN scenarios and configurations ======
+**CLI configuration**
+{{ :sonicwall:090170728410797.png?400 |}}
+----
+----
+The **default IP address** for a SonicWall appliance can vary depending on the model, but is often** 192.168.168.168 or 192.168.168.169**.
+Default IP addresses for specific SonicWall models:
+  * SonicWall Email Security: **192.168.168.169**
+  * SonicWall UTM: **192.168.168.168** for the LAN interface
+  * SonicWall NSA: **192.168.168.168**
+**How to access the SonicWall**:
+To access the SonicWall, you can open a browser and go to **https://192.168.168.168**. The default username and password for the SonicWall management login page is admin/password.
+**How to find the SonicWall IP address**:
+You can use the Setup Tool to determine the LAN interface IP address. You can also download the Setup Tool and install it on a computer connected to the firewall's LAN port. Then, open the tool and search for the IP address.
+**How to access the SonicWall MGMT port**:
+Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet
+Ping the Gateway (**https://192.168.1.254**).
+The SonicWall security appliance supports the following management protocols: **HTTP**, **HTTPS**, **SSH**, **Ping**, and **SNMP**.
+----
+----
+  Type: config (hit enter)
+  -----------config(C0EAE4009930)#
+  Type: interface and name of the interface e.g. X3  (hit enter)
+  -----------config(C0EAE4009930)# interface X3
+  Type: ip-assignment WAN static   (in our case the IP assignment should be static and the interface should be WAN
+  ... hit enter)
+  ----------(edit-WAN-static[X3])#
+  Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter)
+  Type: commit  (hit enter)
+----
+----
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-objects except name custom**
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-groups**
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **restart**
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show interfaces**
+The show **service-objects** and **service-groups** are copied into separate **.txt** files.   Then from a **LINUX** machine, with the command written below **delete** the uuid and name lines.
+**Update ubuntu Linux:**
+  * **sudo -s**
+  * **apt update**
+  * **apt upgrade**
+  * **apt install vim**
+Itemaperez@APEREZ:~/prueba$ **sed -i '/^____uuid/d' *.txt**
+**Note: _ = space, quantity to replace: four.**
+**Format** that the **Sonicwall CLI processes without problems** is:
+  service-object HTTP
+      TCP 80 80
+      exit
+  service-object "HTTP Management"
+      TCP 80 80
+      exit
+  service-object HTTPS
+      TCP 443 443
+      exit
+  service-group "AD Directory Services"
+      service-object "RPC Services (IANA)"
+      service-object "RPC Services"
+      service-object "DCE EndPoint"
+      service-object NTP
+      service-object LDAPS
+      service-object "LDAP (UDP)"
+      service-object LDAP
+      service-group "AD NetBios Services"
+      service-group "Host Name Server"
+      service-group Kerberos
+      service-group "DNS (Name Service)"
+      exit
+----
+----
+{{ :sonicwall:services_group_objects.zip |}}
+----
+----
+**[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-change-an-interface-ip-using-cli/170505335001193|How to Change an Interface IP using CLI]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-web-management-using-cli/170505859113943|How can I configure web-management using CLI?]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-interface-from-cli-once-connected-over-console-port/170505499805697|How can I configure interface from CLI once connected over console port?]]**
@@ Line 27: / Line 143: @@
 **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]**
+----
+----
+**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
+**FEC (Forward Error Correction)**:
+FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
+Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
+Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
+  *   **auto**   Enable FEC Auto-Neg
+  *   **cl108**  Enable clause108 with 25G
+  *   **cl74**   Enable clause74 with 25G
+  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
+----
+----
+**Benefits of FEC on SFP Ports**:
+  * Error Correction: FEC can correct errors due to signal attenuation or interference.
+  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
+  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
+----
+**Aruba Switch 6400:**
+  CS-2P-MDFHA-A#** show ver**
+  -----------------------------------------------------------------------------
+  ArubaOS-CX
+  (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
+  -----------------------------------------------------------------------------
+  Version      : FL.10.13.1010
+  Build Date   : 2024-04-09 00:34:12 UTC
+  Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
+  Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
+  Hot Patches  :
+  Active Image : primary
+  Service OS Version : FL.01.14.0002
+  BIOS Version       : FL.01.0002
+CS-2P-MDFHA-A(config)# **interface 1/3/36**
+**error-control**    Configure the error control (**FEC**) mode
+  CS-2P-MDFHA-A(config-if)# error-control
+    auto        Use the transceiver default
+    base-r-fec  Use IEEE BASE-R (Firecode) FEC
+    none        Do not use any FEC
+    rs-fec      Use IEEE Reed-Solomon FEC
+----
+**C9500 Cisco Catalyst**
+C9500-N#**show ver**
+  Cisco IOS XE Software, **Version 17.12.03**
+  Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
+  interface TwentyFiveGigE1/0/3
+   description VLAN 526 PTP A.B.C.D/EF X30
+   switchport access vlan 526
+   switchport mode access
+   mtu 9100
+   logging event trunk-status
+   logging event bundle-status
+   udld port aggressive
+   fec cl74
+  C9500-N(config-if)#interface TwentyFiveGigE1/0/3
+  C9500-N(config-if)#fec ?
+    auto   Enable FEC Auto-Neg
+    cl108  Enable clause108 with 25G
+    cl74   Enable clause74 with 25G
+    off    Turn FEC off, FEC is mandatory for speeds 50G or higher
+----
+----