====== Basic configurations, support site and VPN scenarios ====== ---- ---- **CLI configuration** {{ :sonicwall:090170728410797.png?400 |}} ---- ---- The **default IP address** for a SonicWall appliance can vary depending on the model, but is often** 192.168.168.168 or 192.168.168.169**. Default IP addresses for specific SonicWall models: * SonicWall Email Security: **192.168.168.169** * SonicWall UTM: **192.168.168.168** for the LAN interface * SonicWall NSA: **192.168.168.168** **How to access the SonicWall**: To access the SonicWall, you can open a browser and go to **https://192.168.168.168**. The default username and password for the SonicWall management login page is admin/password. **How to find the SonicWall IP address**: You can use the Setup Tool to determine the LAN interface IP address. You can also download the Setup Tool and install it on a computer connected to the firewall's LAN port. Then, open the tool and search for the IP address. **How to access the SonicWall MGMT port**: Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet Ping the Gateway (**https://192.168.1.254**). The SonicWall security appliance supports the following management protocols: **HTTP**, **HTTPS**, **SSH**, **Ping**, and **SNMP**. ---- ---- Type: config (hit enter) -----------config(C0EAE4009930)# Type: interface and name of the interface e.g. X3 (hit enter) -----------config(C0EAE4009930)# interface X3 Type: ip-assignment WAN static (in our case the IP assignment should be static and the interface should be WAN ... hit enter) ----------(edit-WAN-static[X3])# Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter) Type: commit (hit enter) ---- ---- * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-objects except name custom** * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show service-groups** * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **restart** * config(18C2419C0C60_CCBZF1-BOGOTA-WH)# **show interfaces** The show **service-objects** and **service-groups** are copied into separate **.txt** files. Then from a **LINUX** machine, with the command written below **delete** the uuid and name lines. **Update ubuntu Linux:** * **sudo -s** * **apt update** * **apt upgrade** * **apt install vim** Itemaperez@APEREZ:~/prueba$ **sed -i '/^____uuid/d' *.txt** **Note: _ = space, quantity to replace: four.** **Format** that the **Sonicwall CLI processes without problems** is: service-object HTTP TCP 80 80 exit service-object "HTTP Management" TCP 80 80 exit service-object HTTPS TCP 443 443 exit service-group "AD Directory Services" service-object "RPC Services (IANA)" service-object "RPC Services" service-object "DCE EndPoint" service-object NTP service-object LDAPS service-object "LDAP (UDP)" service-object LDAP service-group "AD NetBios Services" service-group "Host Name Server" service-group Kerberos service-group "DNS (Name Service)" exit ---- ---- {{ :sonicwall:services_group_objects.zip |}} ---- ---- **[[https://www.sonicwall.com/support/knowledge-base/portshield-and-ha-configuration-on-sonicwall/250113005219977|PortShield and HA Configuration on SonicWall]]** **[[https://www.sonicwall.com/support/knowledge-base/how-to-change-an-interface-ip-using-cli/170505335001193|How to Change an Interface IP using CLI]]** **[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-web-management-using-cli/170505859113943|How can I configure web-management using CLI?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-interface-from-cli-once-connected-over-console-port/170505499805697|How can I configure interface from CLI once connected over console port?]]** **[[https://www.sonicwall.com/search#q=site%20to%20site%20&t=Support&sort=relevancy&f:@language=[English]|Sonicwall Support]]** **[[https://www.sonicwall.com/support/knowledge-base/types-of-site-to-site-vpn-scenarios-and-configurations/170505702411896|Types of site to site VPN scenarios and configurations]]** **[[https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-site-to-site-vpn-with-ike2-dynamic-client-proposal/170505514010727|How can I setup Site to Site VPN with IKE2 Dynamic client Proposal?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-the-ssl-vpn-feature-for-use-with-netextender-or-mobile-connect/170505401898786|How do I configure the SSL-VPN feature for use with NetExtender or Mobile Connect?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-site-to-site-vpn-policy-using-main-mode/170504380887908|How can I configure a Site to Site VPN policy using Main Mode?]]** **[[http://help.sonicwall.com/help/sw/eng/6810/26/2/1/content/System_Certificates.022.7.html|Generating a Certificate Signing Request]]** **[[https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-the-various-web-login-options-for-user-level-authentication/170503408334012|How can I configure the various web login options for user level authentication?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-can-i-enforce-local-authentication-for-my-users-before-allowing-access-to-the-internet/170503559814835|How can I enforce local authentication for my users before allowing access to the Internet?]]** **[[https://www.sonicwall.com/support/knowledge-base/how-to-find-out-the-cfs-rating-of-a-website/170505682966697|How to find out the CFS rating of a website?]]** ---- ---- **FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission. **FEC (Forward Error Correction)**: FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission. Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance. Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC). * **auto** Enable FEC Auto-Neg * **cl108** Enable clause108 with 25G * **cl74** Enable clause74 with 25G * **off** Turn FEC off, FEC is mandatory for speeds 50G or higher ---- ---- **Benefits of FEC on SFP Ports**: * Error Correction: FEC can correct errors due to signal attenuation or interference. * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity. * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments. ---- **Aruba Switch 6400:** CS-2P-MDFHA-A#** show ver** ----------------------------------------------------------------------------- ArubaOS-CX (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP ----------------------------------------------------------------------------- Version : FL.10.13.1010 Build Date : 2024-04-09 00:34:12 UTC Build ID : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010 Build SHA : ef21093778805e954ec130b0939d34927bb7ba19 Hot Patches : Active Image : primary Service OS Version : FL.01.14.0002 BIOS Version : FL.01.0002 CS-2P-MDFHA-A(config)# **interface 1/3/36** **error-control** Configure the error control (**FEC**) mode CS-2P-MDFHA-A(config-if)# error-control auto Use the transceiver default base-r-fec Use IEEE BASE-R (Firecode) FEC none Do not use any FEC rs-fec Use IEEE Reed-Solomon FEC ---- **C9500 Cisco Catalyst** C9500-N#**show ver** Cisco IOS XE Software, **Version 17.12.03** Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7) interface TwentyFiveGigE1/0/3 description VLAN 526 PTP A.B.C.D/EF X30 switchport access vlan 526 switchport mode access mtu 9100 logging event trunk-status logging event bundle-status udld port aggressive fec cl74 C9500-N(config-if)#interface TwentyFiveGigE1/0/3 C9500-N(config-if)#fec ? auto Enable FEC Auto-Neg cl108 Enable clause108 with 25G cl74 Enable clause74 with 25G off Turn FEC off, FEC is mandatory for speeds 50G or higher ---- ----