Basic configurations, support site and VPN scenarios



CLI configuration



The default IP address for a SonicWall appliance can vary depending on the model, but is often 192.168.168.168 or 192.168.168.169.

Default IP addresses for specific SonicWall models:

How to access the SonicWall:

To access the SonicWall, you can open a browser and go to https://192.168.168.168. The default username and password for the SonicWall management login page is admin/password.

How to find the SonicWall IP address:

You can use the Setup Tool to determine the LAN interface IP address. You can also download the Setup Tool and install it on a computer connected to the firewall's LAN port. Then, open the tool and search for the IP address.

How to access the SonicWall MGMT port:

Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet Ping the Gateway (https://192.168.1.254).

The SonicWall security appliance supports the following management protocols: HTTP, HTTPS, SSH, Ping, and SNMP.



Type: config (hit enter)
-----------config(C0EAE4009930)#

Type: interface and name of the interface e.g. X3  (hit enter)
-----------config(C0EAE4009930)# interface X3
Type: ip-assignment WAN static   (in our case the IP assignment should be static and the interface should be WAN 
... hit enter)
----------(edit-WAN-static[X3])#
Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter)
Type: commit  (hit enter)


The show service-objects and service-groups are copied into separate .txt files. Then from a LINUX machine, with the command written below delete the uuid and name lines.

Update ubuntu Linux:

Itemaperez@APEREZ:~/prueba$ sed -i '/^uuid/d' *.txt

Note: _ = space, quantity to replace: four.

Format that the Sonicwall CLI processes without problems is:

service-object HTTP
    TCP 80 80
    exit

service-object "HTTP Management"
    TCP 80 80
    exit

service-object HTTPS
    TCP 443 443
    exit
service-group "AD Directory Services"
    service-object "RPC Services (IANA)"
    service-object "RPC Services"
    service-object "DCE EndPoint"
    service-object NTP
    service-object LDAPS
    service-object "LDAP (UDP)"
    service-object LDAP
    service-group "AD NetBios Services"
    service-group "Host Name Server"
    service-group Kerberos
    service-group "DNS (Name Service)"
    exit


services_group_objects.zip



PortShield and HA Configuration on SonicWall

How to Change an Interface IP using CLI

How can I configure web-management using CLI?

How can I configure interface from CLI once connected over console port?

Sonicwall Support

Types of site to site VPN scenarios and configurations

How can I setup Site to Site VPN with IKE2 Dynamic client Proposal?

How do I configure the SSL-VPN feature for use with NetExtender or Mobile Connect?

How can I configure a Site to Site VPN policy using Main Mode?

Generating a Certificate Signing Request

How can I configure the various web login options for user level authentication?

How can I enforce local authentication for my users before allowing access to the Internet?

How to find out the CFS rating of a website?



FEC on an SFP port refers to Forward Error Correction (FEC), which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.

FEC (Forward Error Correction): FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.

Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.

Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).



Benefits of FEC on SFP Ports:


Aruba Switch 6400:

CS-2P-MDFHA-A#** show ver**
-----------------------------------------------------------------------------
ArubaOS-CX
(c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
-----------------------------------------------------------------------------
Version      : FL.10.13.1010
Build Date   : 2024-04-09 00:34:12 UTC
Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
Hot Patches  :
Active Image : primary

Service OS Version : FL.01.14.0002
BIOS Version       : FL.01.0002

CS-2P-MDFHA-A(config)# interface 1/3/36

error-control Configure the error control (FEC) mode

CS-2P-MDFHA-A(config-if)# error-control
  auto        Use the transceiver default
  base-r-fec  Use IEEE BASE-R (Firecode) FEC
  none        Do not use any FEC
  rs-fec      Use IEEE Reed-Solomon FEC

C9500 Cisco Catalyst

C9500-N#show ver

Cisco IOS XE Software, **Version 17.12.03**
Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
interface TwentyFiveGigE1/0/3
 description VLAN 526 PTP A.B.C.D/EF X30
 switchport access vlan 526
 switchport mode access
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 fec cl74
C9500-N(config-if)#interface TwentyFiveGigE1/0/3

C9500-N(config-if)#fec ?
  auto   Enable FEC Auto-Neg
  cl108  Enable clause108 with 25G
  cl74   Enable clause74 with 25G
  off    Turn FEC off, FEC is mandatory for speeds 50G or higher