Differences

This shows you the differences between two versions of the page.

--- sonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/23 08:52] – aperez
+++ sonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/09/12 14:43] (current) – aperez
@@ Line 1: / Line 1: @@
 ====== Basic configurations, support site and VPN scenarios ======
+----
+----
+**CLI configuration**
+{{ :sonicwall:090170728410797.png?400 |}}
+----
+----
+The **default IP address** for a SonicWall appliance can vary depending on the model, but is often** 192.168.168.168 or 192.168.168.169**.
+Default IP addresses for specific SonicWall models:
+  * SonicWall Email Security: **192.168.168.169**
+  * SonicWall UTM: **192.168.168.168** for the LAN interface
+  * SonicWall NSA: **192.168.168.168**
+**How to access the SonicWall**:
+To access the SonicWall, you can open a browser and go to **https://192.168.168.168**. The default username and password for the SonicWall management login page is admin/password.
+**How to find the SonicWall IP address**:
+You can use the Setup Tool to determine the LAN interface IP address. You can also download the Setup Tool and install it on a computer connected to the firewall's LAN port. Then, open the tool and search for the IP address.
+**How to access the SonicWall MGMT port**:
+Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet
+Ping the Gateway (**https://192.168.1.254**).
+The SonicWall security appliance supports the following management protocols: **HTTP**, **HTTPS**, **SSH**, **Ping**, and **SNMP**.
+----
+----
+  Type: config (hit enter)
+  -----------config(C0EAE4009930)#
+  Type: interface and name of the interface e.g. X3  (hit enter)
+  -----------config(C0EAE4009930)# interface X3
+  Type: ip-assignment WAN static   (in our case the IP assignment should be static and the interface should be WAN
+  ... hit enter)
+  ----------(edit-WAN-static[X3])#
+  Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter)
+  Type: commit  (hit enter)
+----
+----
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-objects except name custom**
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-groups**
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **restart**
+  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show interfaces**
+The show **service-objects** and **service-groups** are copied into separate **.txt** files.   Then from a **LINUX** machine, with the command written below **delete** the uuid and name lines.
+**Update ubuntu Linux:**
+  * **sudo -s**
+  * **apt update**
+  * **apt upgrade**
+  * **apt install vim**
+Itemaperez@APEREZ:~/prueba$ **sed -i '/^____uuid/d' *.txt**
+**Note: _ = space, quantity to replace: four.**
+**Format** that the **Sonicwall CLI processes without problems** is:
+  service-object HTTP
+      TCP 80 80
+      exit
+  service-object "HTTP Management"
+      TCP 80 80
+      exit
+  service-object HTTPS
+      TCP 443 443
+      exit
+  service-group "AD Directory Services"
+      service-object "RPC Services (IANA)"
+      service-object "RPC Services"
+      service-object "DCE EndPoint"
+      service-object NTP
+      service-object LDAPS
+      service-object "LDAP (UDP)"
+      service-object LDAP
+      service-group "AD NetBios Services"
+      service-group "Host Name Server"
+      service-group Kerberos
+      service-group "DNS (Name Service)"
+      exit
+----
+----
+{{ :sonicwall:services_objects.zip |}}
+----
+----
+{{ :sonicwall:services_group_objects.zip |}}
+----
+----
 **[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-change-an-interface-ip-using-cli/170505335001193|How to Change an Interface IP using CLI]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-web-management-using-cli/170505859113943|How can I configure web-management using CLI?]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-interface-from-cli-once-connected-over-console-port/170505499805697|How can I configure interface from CLI once connected over console port?]]**
@@ Line 26: / Line 146: @@
 **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-allow-or-block-uri-and-sub-domains-using-content-filtering/170505604252027|How to allow or block URI and sub-domains using Content Filtering]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-wan-groupvpn-on-sonicwall-to-connect-using-global-vpn-client-using-wizard/170505312494416|How can I configure WAN GroupVPN on SonicWall to connect using Global VPN client using wizard?]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-configure-a-guest-administrator-in-sonicwall/230712103550870|How to configure a Guest administrator in Sonicwall?]]**
+**[[https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7.0.1-users/Content/Guest_Accounts/guest-accounts-adding.htm|Adding Guest Accounts]]
+**
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-configure-dhcp-option-43-and-option-60/220617123907357|How to configure DHCP Option 43 and Option 60]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-block-snapchat-using-app-rules-application-firewall/170503767575270|How can I block SnapChat using App Rules (Application Firewall)?]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-block-snapchat-using-app-control-advanced-and-client-dpi-ssl/170505457996963|How to block SnapChat using App Control Advanced and Client DPI-SSL]]**
+**VOIP**
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-configure-voip-to-use-any-voip-phone-system-best-practices/210615132522720|How to configure VoIP to use any VoIP phone system (best practices)]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-and-when-to-disable-sip-alg/210615065648977|How and When to disable SIP ALG ?]]**
+**Note:**  //**SIP ALG** (**Session Initiation Protocol Application Layer Gateway**) es una función de los routers que pretende ayudar a las llamadas VoIP a través de firewalls y NAT (traducción de direcciones de red) modificando los paquetes SIP, pero en la práctica suele causar más problemas de los que resuelve. Interfiere con el tráfico de VoIP, causando fallos de registro, llamadas caídas, audio en una sola dirección y otros problemas de comunicación. Para una comunicación VoIP estable, es recomendable deshabilitar la función SIP ALG en la configuración del router.//
+**[[https://www.sonicwall.com/support/knowledge-base/navigating-the-voip-settings/220831034900197|Navigating the VOIP Settings]]**
+**Guest access services**
+**[[https://www.sonicwall.com/support/knowledge-base/configuring-guest-services-on-the-lan-dmz-zone/170505669285912|Configuring Guest Services on the LAN / DMZ zone]]**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-enforce-local-authentication-for-my-users-before-allowing-access-to-the-internet/170503559814835|How can I enforce local authentication for my users before allowing access to the Internet?]]**
+**Bandwidth management**
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-bandwidth-management/170521130013462|How can I configure bandwidth management?]]**
+----
+----
+{{ :sonicwall:guest_access_sonicwall.pdf |}}
+{{pdfjs 46em >:sonicwall:guest_access_sonicwall.pdf}}
+{{ :sonicwall:guest_access_sonicwall.pdf |}}
+{{pdfjs 46em >:sonicwall:guest_access_sonicwall.pdf}}
+----
+----
+**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
+**FEC (Forward Error Correction)**:
+FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
+Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
+Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
+  *   **auto**   Enable FEC Auto-Neg
+  *   **cl108**  Enable clause108 with 25G
+  *   **cl74**   Enable clause74 with 25G
+  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
+----
+----
+**Benefits of FEC on SFP Ports**:
+  * Error Correction: FEC can correct errors due to signal attenuation or interference.
+  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
+  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
+----
+**Aruba Switch 6400:**
+  CS-2P-MDFHA-A#** show ver**
+  -----------------------------------------------------------------------------
+  ArubaOS-CX
+  (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
+  -----------------------------------------------------------------------------
+  Version      : FL.10.13.1010
+  Build Date   : 2024-04-09 00:34:12 UTC
+  Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
+  Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
+  Hot Patches  :
+  Active Image : primary
+  Service OS Version : FL.01.14.0002
+  BIOS Version       : FL.01.0002
+CS-2P-MDFHA-A(config)# **interface 1/3/36**
+**error-control**    Configure the error control (**FEC**) mode
+  CS-2P-MDFHA-A(config-if)# error-control
+    auto        Use the transceiver default
+    base-r-fec  Use IEEE BASE-R (Firecode) FEC
+    none        Do not use any FEC
+    rs-fec      Use IEEE Reed-Solomon FEC
+----
+**C9500 Cisco Catalyst**
+C9500-N#**show ver**
+  Cisco IOS XE Software, **Version 17.12.03**
+  Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
+  interface TwentyFiveGigE1/0/3
+   description VLAN 526 PTP A.B.C.D/EF X30
+   switchport access vlan 526
+   switchport mode access
+   mtu 9100
+   logging event trunk-status
+   logging event bundle-status
+   udld port aggressive
+   fec cl74
+  C9500-N(config-if)#interface TwentyFiveGigE1/0/3
+  C9500-N(config-if)#fec ?
+    auto   Enable FEC Auto-Neg
+    cl108  Enable clause108 with 25G
+    cl74   Enable clause74 with 25G
+    off    Turn FEC off, FEC is mandatory for speeds 50G or higher
+----
+----
+**Global VPN:**
+As per your request sharing configuration of Global VPN client.
+**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-ipsec-client-based-vpn-for-remote-users/170505850768290|How can I configure IPSec Client based VPN for remote users?]]**
+**[[https://www.sonicwall.com/products/remote-access/vpn-clients|Donwnload VPN CLIENTS]]**
+**[[https://www.sonicwall.com/support|Support Portal]]**
+----
+----
+**[[https://www.sonicwall.com/support/knowledge-base/how-to-un-assign-or-disable-an-interface/170503791822465|How to un-assign or disable an interface]]**
+----
+----
+{{ :sonicwall:services_objects.zip |}}
+----
+----