Basic configurations, support site and VPN scenarios
CLI configuration
The default IP address for a SonicWall appliance can vary depending on the model, but is often 192.168.168.168 or 192.168.168.169.
Default IP addresses for specific SonicWall models:
- SonicWall Email Security: 192.168.168.169
- SonicWall UTM: 192.168.168.168 for the LAN interface
- SonicWall NSA: 192.168.168.168
How to access the SonicWall:
To access the SonicWall, you can open a browser and go to https://192.168.168.168. The default username and password for the SonicWall management login page is admin/password.
How to find the SonicWall IP address:
You can use the Setup Tool to determine the LAN interface IP address. You can also download the Setup Tool and install it on a computer connected to the firewall's LAN port. Then, open the tool and search for the IP address.
How to access the SonicWall MGMT port:
Connect a computer to the SonicWall's MGMT port Configure the computer with a static IP address on the MGMT subnet Ping the Gateway (https://192.168.1.254).
The SonicWall security appliance supports the following management protocols: HTTP, HTTPS, SSH, Ping, and SNMP.
Type: config (hit enter) -----------config(C0EAE4009930)# Type: interface and name of the interface e.g. X3 (hit enter) -----------config(C0EAE4009930)# interface X3 Type: ip-assignment WAN static (in our case the IP assignment should be static and the interface should be WAN ... hit enter) ----------(edit-WAN-static[X3])# Type: ip 60.60.60.60 netmask 255.255.255.0 (hit enter) Type: commit (hit enter)
- config(18C2419C0C60_CCBZF1-BOGOTA-WH)# show service-objects except name custom
- config(18C2419C0C60_CCBZF1-BOGOTA-WH)# show service-groups
- config(18C2419C0C60_CCBZF1-BOGOTA-WH)# restart
- config(18C2419C0C60_CCBZF1-BOGOTA-WH)# show interfaces
The show service-objects and service-groups are copied into separate .txt files. Then from a LINUX machine, with the command written below delete the uuid and name lines.
Update ubuntu Linux:
- sudo -s
- apt update
- apt upgrade
- apt install vim
Itemaperez@APEREZ:~/prueba$ sed -i '/^uuid/d' *.txt
Note: _ = space, quantity to replace: four.
Format that the Sonicwall CLI processes without problems is:
service-object HTTP
TCP 80 80
exit
service-object "HTTP Management"
TCP 80 80
exit
service-object HTTPS
TCP 443 443
exit
service-group "AD Directory Services"
service-object "RPC Services (IANA)"
service-object "RPC Services"
service-object "DCE EndPoint"
service-object NTP
service-object LDAPS
service-object "LDAP (UDP)"
service-object LDAP
service-group "AD NetBios Services"
service-group "Host Name Server"
service-group Kerberos
service-group "DNS (Name Service)"
exit
PortShield and HA Configuration on SonicWall
How to Change an Interface IP using CLI
How can I configure web-management using CLI?
How can I configure interface from CLI once connected over console port?
Types of site to site VPN scenarios and configurations
How can I setup Site to Site VPN with IKE2 Dynamic client Proposal?
How do I configure the SSL-VPN feature for use with NetExtender or Mobile Connect?
How can I configure a Site to Site VPN policy using Main Mode?
Generating a Certificate Signing Request
How can I configure the various web login options for user level authentication?
How can I enforce local authentication for my users before allowing access to the Internet?
How to find out the CFS rating of a website?
How to allow or block URI and sub-domains using Content Filtering
How can I configure WAN GroupVPN on SonicWall to connect using Global VPN client using wizard?
How to configure a Guest administrator in Sonicwall?
How to configure DHCP Option 43 and Option 60
How can I block SnapChat using App Rules (Application Firewall)?
How to block SnapChat using App Control Advanced and Client DPI-SSL
VOIP
How to configure VoIP to use any VoIP phone system (best practices)
How and When to disable SIP ALG ?
Note: SIP ALG (Session Initiation Protocol Application Layer Gateway) es una función de los routers que pretende ayudar a las llamadas VoIP a través de firewalls y NAT (traducción de direcciones de red) modificando los paquetes SIP, pero en la práctica suele causar más problemas de los que resuelve. Interfiere con el tráfico de VoIP, causando fallos de registro, llamadas caídas, audio en una sola dirección y otros problemas de comunicación. Para una comunicación VoIP estable, es recomendable deshabilitar la función SIP ALG en la configuración del router.
Guest access services
Configuring Guest Services on the LAN / DMZ zone
How can I enforce local authentication for my users before allowing access to the Internet?
Bandwidth management
How can I configure bandwidth management?
FEC on an SFP port refers to Forward Error Correction (FEC), which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
FEC (Forward Error Correction): FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
- auto Enable FEC Auto-Neg
- cl108 Enable clause108 with 25G
- cl74 Enable clause74 with 25G
- off Turn FEC off, FEC is mandatory for speeds 50G or higher
Benefits of FEC on SFP Ports:
- Error Correction: FEC can correct errors due to signal attenuation or interference.
- Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
- No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
Aruba Switch 6400:
CS-2P-MDFHA-A#** show ver** ----------------------------------------------------------------------------- ArubaOS-CX (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP ----------------------------------------------------------------------------- Version : FL.10.13.1010 Build Date : 2024-04-09 00:34:12 UTC Build ID : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010 Build SHA : ef21093778805e954ec130b0939d34927bb7ba19 Hot Patches : Active Image : primary Service OS Version : FL.01.14.0002 BIOS Version : FL.01.0002
CS-2P-MDFHA-A(config)# interface 1/3/36
error-control Configure the error control (FEC) mode
CS-2P-MDFHA-A(config-if)# error-control auto Use the transceiver default base-r-fec Use IEEE BASE-R (Firecode) FEC none Do not use any FEC rs-fec Use IEEE Reed-Solomon FEC
C9500 Cisco Catalyst
C9500-N#show ver
Cisco IOS XE Software, **Version 17.12.03** Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
interface TwentyFiveGigE1/0/3 description VLAN 526 PTP A.B.C.D/EF X30 switchport access vlan 526 switchport mode access mtu 9100 logging event trunk-status logging event bundle-status udld port aggressive fec cl74
C9500-N(config-if)#interface TwentyFiveGigE1/0/3 C9500-N(config-if)#fec ? auto Enable FEC Auto-Neg cl108 Enable clause108 with 25G cl74 Enable clause74 with 25G off Turn FEC off, FEC is mandatory for speeds 50G or higher
Global VPN:
As per your request sharing configuration of Global VPN client.
How can I configure IPSec Client based VPN for remote users?
How to un-assign or disable an interface