User Tools

Site Tools


sonicwall:basic_configurations_support_site_and_vpn_scenarios

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
sonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/23 18:38] aperezsonicwall:basic_configurations_support_site_and_vpn_scenarios [2025/02/24 09:36] (current) aperez
Line 30: Line 30:
    
 Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet
-Ping the Gateway (**192.168.1.254**).+Ping the Gateway (**https://192.168.1.254**).
  
 The SonicWall security appliance supports the following management protocols: **HTTP**, **HTTPS**, **SSH**, **Ping**, and **SNMP**.  The SonicWall security appliance supports the following management protocols: **HTTP**, **HTTPS**, **SSH**, **Ping**, and **SNMP**. 
  
 +----
 +----
 +
 +
 +  Type: config (hit enter)
 +  -----------config(C0EAE4009930)#
 +  
 +  Type: interface and name of the interface e.g. X3  (hit enter)
 +  -----------config(C0EAE4009930)# interface X3
 +  Type: ip-assignment WAN static   (in our case the IP assignment should be static and the interface should be WAN 
 +  ... hit enter)
 +  ----------(edit-WAN-static[X3])#
 +  Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter)
 +  Type: commit  (hit enter)
 +  
 +
 +----
 +----
 +
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-objects except name custom**
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-groups**
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **restart**
 +  * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show interfaces** 
 +
 +
 +The show **service-objects** and **service-groups** are copied into separate **.txt** files.   Then from a **LINUX** machine, with the command written below **delete** the uuid and name lines.
 +
 +**Update ubuntu Linux:**
 +
 +  * **sudo -s**
 +  * **apt update**
 +  * **apt upgrade**
 +  * **apt install vim**
 +
 +Itemaperez@APEREZ:~/prueba$ **sed -i '/^____uuid/d' *.txt**
 +
 +**Note: _ = space, quantity to replace: four.**
 +
 +**Format** that the **Sonicwall CLI processes without problems** is:
 +
 +  service-object HTTP
 +      TCP 80 80
 +      exit
 +  
 +  service-object "HTTP Management"
 +      TCP 80 80
 +      exit
 +  
 +  service-object HTTPS
 +      TCP 443 443
 +      exit
 +
 +
 +  service-group "AD Directory Services"
 +      service-object "RPC Services (IANA)"
 +      service-object "RPC Services"
 +      service-object "DCE EndPoint"
 +      service-object NTP
 +      service-object LDAPS
 +      service-object "LDAP (UDP)"
 +      service-object LDAP
 +      service-group "AD NetBios Services"
 +      service-group "Host Name Server"
 +      service-group Kerberos
 +      service-group "DNS (Name Service)"
 +      exit
 +
 +
 +----
 +----
 +
 +{{ :sonicwall:services_group_objects.zip |}}
  
 ---- ----
Line 39: Line 111:
  
 **[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]** **[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]**
 +
 +**[[https://www.sonicwall.com/support/knowledge-base/how-to-change-an-interface-ip-using-cli/170505335001193|How to Change an Interface IP using CLI]]**
  
  
Line 69: Line 143:
 **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]**
  
 +----
 +----
  
 +
 +**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
 + 
 +**FEC (Forward Error Correction)**:
 +FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
 +
 +Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
 +
 +Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
 +
 +
 +  *   **auto**   Enable FEC Auto-Neg
 +  *   **cl108**  Enable clause108 with 25G
 +  *   **cl74**   Enable clause74 with 25G
 +  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
 +
 +
 +----
 +----
 +
 +
 +**Benefits of FEC on SFP Ports**:
 +
 +  * Error Correction: FEC can correct errors due to signal attenuation or interference.
 +  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
 +  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
 +
 +----
 +
 +**Aruba Switch 6400:**
 +
 +
 +  CS-2P-MDFHA-A#** show ver**
 +  -----------------------------------------------------------------------------
 +  ArubaOS-CX
 +  (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
 +  -----------------------------------------------------------------------------
 +  Version      : FL.10.13.1010
 +  Build Date   : 2024-04-09 00:34:12 UTC
 +  Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
 +  Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
 +  Hot Patches  :
 +  Active Image : primary
 +  
 +  Service OS Version : FL.01.14.0002
 +  BIOS Version       : FL.01.0002
 +
 +CS-2P-MDFHA-A(config)# **interface 1/3/36**
 +
 +**error-control**    Configure the error control (**FEC**) mode
 +
 +  CS-2P-MDFHA-A(config-if)# error-control
 +    auto        Use the transceiver default
 +    base-r-fec  Use IEEE BASE-R (Firecode) FEC
 +    none        Do not use any FEC
 +    rs-fec      Use IEEE Reed-Solomon FEC
 +
 +----
 +
 +**C9500 Cisco Catalyst**
 +
 +C9500-N#**show ver**
 +  Cisco IOS XE Software, **Version 17.12.03**
 +  Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
 +
 +  interface TwentyFiveGigE1/0/3
 +   description VLAN 526 PTP A.B.C.D/EF X30
 +   switchport access vlan 526
 +   switchport mode access
 +   mtu 9100
 +   logging event trunk-status
 +   logging event bundle-status
 +   udld port aggressive
 +   fec cl74
 +
 +  C9500-N(config-if)#interface TwentyFiveGigE1/0/3
 +  
 +  C9500-N(config-if)#fec ?
 +    auto   Enable FEC Auto-Neg
 +    cl108  Enable clause108 with 25G
 +    cl74   Enable clause74 with 25G
 +    off    Turn FEC off, FEC is mandatory for speeds 50G or higher
 +
 +----
 +----
  
sonicwall/basic_configurations_support_site_and_vpn_scenarios.1740353904.txt.gz · Last modified: 2025/02/23 18:38 by aperez

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki