User Tools

Site Tools


sonicwall:basic_configurations_support_site_and_vpn_scenarios

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
sonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/23 08:52] aperezsonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/24 09:36] (current) aperez
Line 1: Line 1:
 ====== Basic configurations, support site and VPN scenarios ====== ====== Basic configurations, support site and VPN scenarios ======
  
 +----
 +----
 +
 +**CLI configuration**
 +
 +{{ :sonicwall:090170728410797.png?400 |}}
 +
 +----
 +----
 +The **default IP address** for a SonicWall appliance can vary depending on the model, but is often** 192.168.168.168 or 192.168.168.169**. 
 +
 +Default IP addresses for specific SonicWall models:
 +
 +
 +  * SonicWall Email Security: **192.168.168.169**
 +  * SonicWall UTM: **192.168.168.168** for the LAN interface
 +  * SonicWall NSA: **192.168.168.168**
 +
 +**How to access the SonicWall**: 
 +
 +To access the SonicWall, you can open a browser and go to **https://192.168.168.168**. The default username and password for the SonicWall management login page is admin/password. 
 +
 +**How to find the SonicWall IP address**:
 +
 +You can use the Setup Tool to determine the LAN interface IP address. You can also download the Setup Tool and install it on a computer connected to the firewall's LAN port. Then, open the tool and search for the IP address. 
 +
 +**How to access the SonicWall MGMT port**:
 + 
 +Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet
 +Ping the Gateway (**https://192.168.1.254**).
 +
 +The SonicWall security appliance supports the following management protocols: **HTTP**, **HTTPS**, **SSH**, **Ping**, and **SNMP**. 
 +
 +----
 +----
 +
 +
 +  Type: config (hit enter)
 +  -----------config(C0EAE4009930)#
 +  
 +  Type: interface and name of the interface e.g. X3  (hit enter)
 +  -----------config(C0EAE4009930)# interface X3
 +  Type: ip-assignment WAN static   (in our case the IP assignment should be static and the interface should be WAN 
 +  ... hit enter)
 +  ----------(edit-WAN-static[X3])#
 +  Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter)
 +  Type: commit  (hit enter)
 +  
 +
 +----
 +----
 +
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-objects except name custom**
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-groups**
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **restart**
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show interfaces** 
 +
 +
 +The show **service-objects** and **service-groups** are copied into separate **.txt** files.   Then from a **LINUX** machine, with the command written below **delete** the uuid and name lines.
 +
 +**Update ubuntu Linux:**
 +
 +  * **sudo -s**
 +  * **apt update**
 +  * **apt upgrade**
 +  * **apt install vim**
 +
 +Itemaperez@APEREZ:~/prueba$ **sed -i '/^____uuid/d' *.txt**
 +
 +**Note: _ = space, quantity to replace: four.**
 +
 +**Format** that the **Sonicwall CLI processes without problems** is:
 +
 +  service-object HTTP
 +      TCP 80 80
 +      exit
 +  
 +  service-object "HTTP Management"
 +      TCP 80 80
 +      exit
 +  
 +  service-object HTTPS
 +      TCP 443 443
 +      exit
 +
 +
 +  service-group "AD Directory Services"
 +      service-object "RPC Services (IANA)"
 +      service-object "RPC Services"
 +      service-object "DCE EndPoint"
 +      service-object NTP
 +      service-object LDAPS
 +      service-object "LDAP (UDP)"
 +      service-object LDAP
 +      service-group "AD NetBios Services"
 +      service-group "Host Name Server"
 +      service-group Kerberos
 +      service-group "DNS (Name Service)"
 +      exit
 +
 +
 +----
 +----
 +
 +{{ :sonicwall:services_group_objects.zip |}}
 +
 +----
 +----
  
 **[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]** **[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]**
 +
 +**[[https://www.sonicwall.com/support/knowledge-base/how-to-change-an-interface-ip-using-cli/170505335001193|How to Change an Interface IP using CLI]]**
 +
 +
 +**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-web-management-using-cli/170505859113943|How can I configure web-management using CLI?]]**
 +
 +
 +**[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-interface-from-cli-once-connected-over-console-port/170505499805697|How can I configure interface from CLI once connected over console port?]]**
  
  
Line 27: Line 143:
 **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]**
  
 +----
 +----
 +
 +
 +**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
 + 
 +**FEC (Forward Error Correction)**:
 +FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
 +
 +Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
 +
 +Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
 +
 +
 +  *   **auto**   Enable FEC Auto-Neg
 +  *   **cl108**  Enable clause108 with 25G
 +  *   **cl74**   Enable clause74 with 25G
 +  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
 +
 +
 +----
 +----
 +
 +
 +**Benefits of FEC on SFP Ports**:
 +
 +  * Error Correction: FEC can correct errors due to signal attenuation or interference.
 +  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
 +  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
 +
 +----
 +
 +**Aruba Switch 6400:**
 +
 +
 +  CS-2P-MDFHA-A#** show ver**
 +  -----------------------------------------------------------------------------
 +  ArubaOS-CX
 +  (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
 +  -----------------------------------------------------------------------------
 +  Version      : FL.10.13.1010
 +  Build Date   : 2024-04-09 00:34:12 UTC
 +  Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
 +  Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
 +  Hot Patches  :
 +  Active Image : primary
 +  
 +  Service OS Version : FL.01.14.0002
 +  BIOS Version       : FL.01.0002
 +
 +CS-2P-MDFHA-A(config)# **interface 1/3/36**
 +
 +**error-control**    Configure the error control (**FEC**) mode
 +
 +  CS-2P-MDFHA-A(config-if)# error-control
 +    auto        Use the transceiver default
 +    base-r-fec  Use IEEE BASE-R (Firecode) FEC
 +    none        Do not use any FEC
 +    rs-fec      Use IEEE Reed-Solomon FEC
 +
 +----
 +
 +**C9500 Cisco Catalyst**
 +
 +C9500-N#**show ver**
 +  Cisco IOS XE Software, **Version 17.12.03**
 +  Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
 +
 +  interface TwentyFiveGigE1/0/3
 +   description VLAN 526 PTP A.B.C.D/EF X30
 +   switchport access vlan 526
 +   switchport mode access
 +   mtu 9100
 +   logging event trunk-status
 +   logging event bundle-status
 +   udld port aggressive
 +   fec cl74
 +
 +  C9500-N(config-if)#interface TwentyFiveGigE1/0/3
 +  
 +  C9500-N(config-if)#fec ?
 +    auto   Enable FEC Auto-Neg
 +    cl108  Enable clause108 with 25G
 +    cl74   Enable clause74 with 25G
 +    off    Turn FEC off, FEC is mandatory for speeds 50G or higher
  
 +----
 +----
  
sonicwall/basic_configurations_support_site_and_vpn_scenarios.1740318765.txt.gz · Last modified: 2025/02/23 08:52 by aperez

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki