Preview only show first 10 pages with watermark. For full document please download

Sonicwall Global Security Client

   EMBED


Share

Transcript

COMPREHENSIVE INTERNET SECURITY ™ OOSonicWALL Global Security Client Administrator's Guide Table of Contents Preface ......................................................................................1 Copyright Notice ................................................................................... 1 Limited Warranty .................................................................................. 1 About this Guide ........................................................................3 Guide Conventions ............................................................................... 3 Icons Used in this Guide ....................................................................................... 3 SonicWALL Technical Support ............................................................. 4 SonicWALL Global Security Client ............................................5 Global Security Client Features ............................................................ 5 How SonicWALL Global Security Client Works .................................... 6 Installing Global Security Client ................................................7 Connecting to Your Corporate Network ....................................8 SonicWALL Global VPN Client Enterprise ........................................... 8 Creating the VPN Connection Policy .................................................... 9 Using the New Connection Wizard ..................................................... 10 Enabling Your VPN Connection ......................................................... 14 Entering a Pre-Shared Key ................................................................................. 17 Selecting a Certificate ......................................................................................... 17 Disabling a VPN Connection .............................................................. 18 SonicWALL Distributed Security Client ...................................19 Standalone and Managed Mode ........................................................ 20 Configuring Local Policy ..........................................................21 Security .............................................................................................. 21 Protection ........................................................................................................... 22 Attacks ................................................................................................................ 22 Anti-IP (Anti-IP Spoofing) ................................................................................... 22 Anti-MAC (Anti-MAC Spoofing) .......................................................................... 22 Stealth (Stealth Mode Browsing) ........................................................................ 22 Port Scanner (Port Scan Detection) ................................................................... 23 Pre-Start ............................................................................................................. 23 NetBIOS Protection ............................................................................................ 23 Advanced Rules ................................................................................. 24 Creating a Rule ................................................................................................... 24 Modifying Rules .................................................................................................. 25 Deleting a Rule ................................................................................................... 26 Defining Rule Priority .......................................................................................... 26 SonicWALL Global Security Client Administrator’s Guide Page 1 Application Rules ................................................................................ 26 Adding an Application ......................................................................................... 27 Modifying an Application Rule ............................................................................ 27 Deleting an Application Rule .............................................................................. 27 NetBIOS Settings ............................................................................... 27 Log Settings ....................................................................................... 29 Logs .................................................................................................... 30 Event Viewer ...........................................................................31 Configuring Log Properties ................................................................. 32 Managing Log Files ............................................................................ 32 Customizing Log Views ...................................................................... 32 Customizing the Event Viewer Window Layout .................................. 32 Configuring Security Policies with the Policy Editor ................33 Accessing the Policy Editor (Firmware 6.6.x) ..................................... 34 Accessing the Policy Editor (SonicOS 2.1.x) ...................................... 35 Getting Help ....................................................................................... 35 Global Security Client>Summary ............................................36 Editing a Security Policy ..................................................................... 37 Deploying a Security Policy ................................................................ 37 Global Security Client>Groups and Services ..........................38 Policy Polling Frequency .................................................................... 38 Services .............................................................................................. 38 Configuring the Distributed Security Client .............................39 General Settings ................................................................................. 39 Security .............................................................................................. 39 Anti-IP (Anti-IP Spoofing) ................................................................................... 40 Anti-MAC (Anti-MAC Spoofing) .......................................................................... 40 Port Scanner (Port Scan Detection) ................................................................... 40 Stealth (Stealth Mode Browsing) ........................................................................ 40 Pre-Start ............................................................................................................. 40 NetBIOS Protection ............................................................................................ 40 Advanced Rules ................................................................................. 41 Specifying the Default Action .............................................................................. 41 Adding a Rule ..................................................................................................... 42 Modifying or Deleting a Rule .............................................................................. 42 Applications ........................................................................................ 43 Allowing or Blocking Applications ....................................................................... 43 Deleting an Application ....................................................................................... 43 Adding an Application ......................................................................................... 43 Page 2 SonicWALL Global Security Client Administrator’s Guide Enforcing Distributed Security Client Activation ......................44 SonicOS 2.1.x .................................................................................... 45 Firmware 6.6.x .................................................................................... 46 Global VPN Client Enterprise License Sharing .................................. 47 SonicOS 2.1.x ..................................................................................................... 47 Firmware 6.6.x .................................................................................................... 48 Global Security Client Licensing .............................................50 mySonicWALL.com ............................................................................ 50 Activating Global Security Client Licenses on Your SonicWALL ........ 51 SonicOS 2.1.x ..................................................................................................... 51 Firmware 6.6.x .................................................................................................... 51 Index .......................................................................................53 SonicWALL Global Security Client Administrator’s Guide Page 3 Page 4 SonicWALL Global Security Client Administrator’s Guide Preface Copyright Notice © 2004 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein can be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. Limited Warranty SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case commencing not more than ninety (90) days after the original shipment by SonicWALL), and continuing for a period of twelve (12) months, that the product will be free from defects in materials and workmanship under normal use. This Limited Warranty is not transferable and applies only to the original end user of the product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under this limited warranty will be shipment of a replacement product. At SonicWALL's discretion the replacement product may be of equal or greater functionality and may be of either new or like-new quality. SonicWALL's obligations under this warranty are contingent upon the return of the defective product according to the terms of SonicWALL's then-current Support Services policies. This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by accident, abuse, misuse or misapplication, or has been modified without the written permission of SonicWALL. SonicWALL Global Security Client Administrator’s Guide Page 1 DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose. DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. Page 2 SonicWALL Global Security Client Administrator’s Guide About this Guide Welcome to the SonicWALL Global Security Client Administrator’s Guide. This manual provides the information you need to successfully activate, configure, and administer SonicWALL Global Security Client 1.0 running on Windows 2000 (SP3), Windows XP Home, and Windows XP Professional (SP1) operating systems as well as the Policy Editor running on the following SonicWALL Internet Security Appliances: • SonicWALL TZ 170 running SonicOS Standard or SonicOS Enhanced 2.1.0.0 (or higher) • SonicWALL PRO Series (2040/3060/4060) running SonicOS Standard or SonicOS Enhanced 2.1.0.0 (or higher). • SonicWALL Gen3 Products running Firmware 6.6.0.0 (or higher). You should be familiar with the features, functions, and operating characteristics of SonicWALL Internet Security Appliances. Guide Conventions Conventions used in this guide are as follows: Convention Use Bold Highlights items you can select on the SonicWALL Management Interface. Italic Highlights a value to enter into a field. For example, “type 192.168.168.168 in the IP Address field.” Menu Item>Menu Item Indicates a multiple step Management Interface menu choice. For example, “Security Services>Content Filter means select Security Services, then select Content Filter. Icons Used in this Guide These special messages refer to noteworthy information, and include a symbol for quick identification: Alert! Important information that cautions about features affecting Global Security Client performance, security features, or causing potential problems with your SonicWALL. Tip! Useful information about security features and configurations of your Global Security Client. SonicWALL Global Security Client Administrator’s Guide Page 3 Note: Important information on a feature that requires callout for special attention. SonicWALL Technical Support For timely resolution of technical support questions, visit SonicWALL on the Internet at . Resources are available to help you resolve most technical issues or contact SonicWALL Technical Support. Phone: (408) 752.7819 (North America). For international support phone numbers visit E-mail: [email protected] Page 4 SonicWALL Global Security Client Administrator’s Guide SonicWALL Global Security Client The SonicWALL Global Security Client combines gateway enforcement, central management, configuration flexibility and software deployment to deliver comprehensive desktop security for remote/mobile workers and corporate networks. It offers administrators the capability to manage a mobile/remote user’s online access, based on corporate policies, to ensure optimal security of the network and maximize network resources. Instant messaging, high-risk Web sites and network file access can all be allowed or disallowed as security and productivity concerns dictate. Different remote/mobile users can be organized into adaptable groups with differing policies at a granular level. SonicWALL Global Security Client delivers a low-maintenance solution to allow network administrators to secure mobile users. Residing on the remote user’s system, the Global Security Client automatically communicates with an organization’s SonicWALL gateway back at the office when an individual logs in to the network. Prior to allowing network access, the gateway administrator automatically updates the Global Security Client with the latest security policies and software updates. No prompting or intervention is necessary by the administrator or the remote user - it’s completely seamless and transparent. Global Security Client protection includes the SonicWALL Distributed Security Client and the SonicWALL Global VPN Client Enterprise combined with centrally managed security policies via the SonicWALL Internet Security Appliance and SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). Global Security Client Features • • • • • Multi-Pronged Protection - extends the boundaries of security by protecting the corporate network and remote/mobile workers from malicious attacks that occur over the Internet. Enhanced Application Security - provides an additional layer of security by protecting organizations against legal liabilities that occur when employees accidentally or intentionally run applications from the Internet that have been designated as “untrusted” by the network administrator. Policy Management - enables network administrator’s to create, distribute and manage global security policies for remote and mobile users from a central location. Once a new policy is created, it is seamlessly distributed to every system on the network with no end-user interaction required. Configuration options include specifying the minimum application version, policy levels and behavior for clients not in compliance. Gateway Enforcement - enforces security policies at the gateway to ensure the end-user’s system is in compliance before being granted access to the network. Users without the Global Security Client installed on their systems must contact their administrator. Scalable Architecture - features a unique client/gateway enforcement architecture that delivers comprehensive security, scaling from the individual telecommuters and mobile users up to larger, more diverse deployments with a worldwide mobile workforce. SonicWALL Global Security Client Administrator’s Guide Page 5 • • • Low Total Cost of Ownership - addresses the needs of organizations looking to deploy comprehensive desktop security to remote/mobile workers and corporate networks while delivering a lower total cost of ownership through automated policy enforcement and software distribution at the gateway. Easy-to-Use Local Interface - includes an intuitive user interface that seamlessly integrates multiple applications and presents the administrator with a status page and optional configuration functionality, offering enhanced ease of use. Application Reporting - includes application reporting to provide network administrators with data on the status of the application, as well as the ability to monitor for unusual activities and perform troubleshooting. How SonicWALL Global Security Client Works The security administrator logs into the SonicWALL gateway to create security policies for all Global Security Clients using the intuitive Policy Editor interface. The Policy Editor allows the security administrator to create, edit, and deploy security policies that are automatically enforced by the SonicWALL gateway. When a remote user logs into the corporate network using the Global VPN Client Enterprise, the SonicWALL gateway seamlessly updates the user’s security policy for the Distributed Security Client to ensure the client is in full compliance with corporate security policies while establishing a secure VPN connection via the Global VPN Client Enterprise. Page 6 SonicWALL Global Security Client Administrator’s Guide SonicWALL’s Distributed Enforcement Architecture (DEA) technology enables the policy enforcement capabilities that provide the framework for the Global Security Client’s complete security solution for all remote and network desktops. SonicWALL’s DEA technology enables the automatic installation of new software components, changes the configuration of different components, verifies version information, forces updates of components, informs the user which components do not meet the policy requirements, and provides user authentication for policy enforcement. Installing Global Security Client The SonicWALL Global Security Client package includes the Distributed Security Client and Global VPN Client Enterprise. Global Security Client supports Microsoft Windows 2000 (SP 3 or later) and Windows XP (SP1). Alert! Remove any personal firewall product currently running on your computer before installing the SonicWALL Global Security Client. Alert! If you have the SonicWALL Global VPN Client installed on your system, you must uninstall the existing program and reboot before installing the Global Security Client package. To install the SonicWALL Global Security Client, follow these steps: 1. Click on GSC.msi. The File Download dialog is displayed. 2. Click Open. The SonicWALL Global Security Client Setup Wizard is displayed. Click Next to continue. 3. In the License Agreement page, select I Agree and then click Next. 4. In the Select Installation Folder page, use the default installation folder or click Browse to specify a different location. Click Next. 5. In the Confirm Installation page, click Next to install the Global Security Client. The Global Security Client installation begins. 6. In the Installation Complete page, click Close. 7. Click Yes to restart your computer. SonicWALL Global Security Client Administrator’s Guide Page 7 Connecting to Your Corporate Network After you install the SonicWALL Global Security Client on your computer, you can easily establish a secure VPN connection to your corporate network. Double-clicking on the SonicWALL Global Security Client icon on the Windows taskbar status area displays the SonicWALL Global Security Client window. This window includes three icons: Event Viewer, Distributed Security Client, and SonicWALL Global VPN Client. You can also access the Distributed Security Client and SonicWALL Global VPN Client Enterprise programs from the Windows>Programs menu. SonicWALL Global VPN Client Enterprise The SonicWALL Global VPN Client Enterprise creates a Virtual Private Network (VPN) connection between your computer and the corporate network to maintain the confidentiality of private data. The Global VPN Client Enterprise provides an easy-to-use solution for secure, encrypted access through the Internet or corporate dial-up facilities for remote users, as well as secure wireless networking for SonicWALL SOHO TZW clients using SonicWALL’s WiFiSec technology. The Global VPN Client Enterprise is built on the SonicWALL Global VPN Client with the added feature of allowing organizations to share a group of Global VPN Clients across multiple VPN gateways that are contained within a single license sharing group. Page 8 SonicWALL Global Security Client Administrator’s Guide Note: See the SonicWALL Global VPN Client 2.1 Administrator’s Guide located at for complete information on installing, configuring, and managing the Global VPN Client. Custom developed by SonicWALL, the Global VPN Client Enterprise combines with GroupVPN on SonicWALL Internet Security Appliances to dramatically streamline VPN deployment and management. Using SonicWALL’s Client Policy Provisioning technology, the SonicWALL administrator establishes the VPN connections policies for the Global VPN Clients. The VPN configuration data is transparently downloaded from the SonicWALL VPN Gateway (SonicWALL Internet Security Appliance) to Global VPN Clients, removing the burden of provisioning VPN connections from the user. Creating the VPN Connection Policy The New Connection Wizard quickly guides you through the process of locating the source of your configuration information and automatically downloads the VPN configuration information over a secure IPSec VPN tunnel. You can configure your Global VPN Client Enterprise for two VPN connection scenarios: • Remote Access - Choose this scenario if you want secure access to a remote VPN gateway from any wired or wireless network. The most common use of this scenario is when you are at home or on the road and want access to the corporate network. You enter the IP address or Fully Qualified Domain Name (FQDN), for example gateway.yourcompany.com, of the VPN gateway and the Global VPN Client Enterprise automatically downloads the VPN connection policy from the remote SonicWALL VPN gateway. Alert! If you are configuring the Global VPN Client Enterprise for Remote Access, make sure you have the IP address or FQDN of the remote SonicWALL VPN gateway and an active Internet connection or dial-up Internet access before using the New Connection Wizard. • Office Gateway - Choose this scenario if you want secure access to a local SonicWALL SOHO TZW wireless network. When you create an Office Gateway VPN connection, it appears as the Peer entry of in the SonicWALL Global VPN Client window. You can use this single Office Gateway VPN connection policy to roam securely across SOHO TZW wireless networks. Alert! If you are configuring the Global VPN Client Enterprise for Office Gateway, make sure your wireless card is configured with the correct SSID information to access the SonicWALL SOHO TZW before using the New Connection Wizard. SonicWALL Global Security Client Administrator’s Guide Page 9 Using the New Connection Wizard 1. Double-click the SonicWALL Global VPN Client icon in the SonicWALL Global Security window or choose Start>Programs>SonicWALL Global VPN Client. The first time you open the SonicWALL Global VPN Client, the New Connection Wizard automatically launches. 2. If the New Connection Wizard does not display, click the New Connection Wizard icon on the far left side of the toolbar to launch the New Connection Wizard. Click Next. Page 10 SonicWALL Global Security Client Administrator’s Guide 3. In the Choose Scenario page, select Remote Access or Office Gateway and then click Next. Click on View Scenario to view a diagram of each type of VPN connection. SonicWALL Global Security Client Administrator’s Guide Page 11 4. If you selected Remote Access in the Choose Scenario page, the Remote Access page is displayed. Type the IP address or FQDN of the gateway in the IP Address or Domain Name field. The information you type in the IP Address or Domain Name field appears in the Connection Name field. If you want a different name for your connection, type the new name for your VPN connection policy in the Connection Name field. Click Next. Page 12 SonicWALL Global Security Client Administrator’s Guide 5. If you selected Office Gateway in the Choose Scenario page, the Completing the New Connection Wizard page is displayed. 6. In the Completing the New Connection Wizard page select any of the following options: Select Create a desktop shortcut to this connection, if you want to create a shortcut icon on your desktop for this VPN connection. Select Enable this connection when the program is launched, if you want to automatically establish this VPN connection when you launch the SonicWALL Global VPN Client Enterprise. 7. Click Finish. The new VPN connection policy appears in the SonicWALL Global VPN Client window. SonicWALL Global Security Client Administrator’s Guide Page 13 Enabling Your VPN Connection Enabling your VPN connection is easy and seamless using the Global VPN Client Enterprise. When you enable a VPN connection, the Distributed Security Client is automatically launched in Managed mode on your desktop. Because both your Global VPN Client Enterprise and Distributed Security Client policies are configured and managed by the SonicWALL gateway, you do not need to do any configuration of your Global Security Client before making your VPN connection. Note: If you selected Enable this connection when the program is launched in the New Connection Wizard, the VPN connection is automatically established when you launch the SonicWALL Global VPN Client Enterprise. The following steps explain how to enable the VPN connection policy you created in the previous section. 1. Double-click the SonicWALL Global Security Client icon in the Windows status area to display the SonicWALL Global Security Client window. You can also launch the SonicWALL Global VPN Client by choosing Start>Programs>SonicWALL Global VPN Client. Page 14 SonicWALL Global Security Client Administrator’s Guide 2. Double-click the SonicWALL Global VPN Client icon in the SonicWALL Global Security Global window. The SonicWALL Global VPN Client window is displayed. 3. Double-click the VPN connection policy or right-click the VPN connection policy icon and select Enable from the menu. SonicWALL Global Security Client Administrator’s Guide Page 15 4. Depending on the attributes for the VPN connection policy, the Enter Pre-Shared Key or the Select Certificate dialog box may appear. See “Entering a Pre-Shared Key” on page 17 or “Selecting a Certificate” on page 17 for instructions. 5. The VPN gateway prompts you for a username and password for authentication. In the Enter Username and Password dialog box, type your username and password. Click OK to continue with establishing your VPN connection. Page 16 SonicWALL Global Security Client Administrator’s Guide Entering a Pre-Shared Key If no default Pre-Shared Key is used, you must have a Pre-Shared Key provided by the gateway administrator in order to make your VPN connection. If the default Pre-Shared Key is not included as part of the connection policy download or file, the Enter Pre-Shared Key dialog box appears to prompt you for the Pre-Shared key before establishing the VPN connection. 1. Type your Pre-Shared Key in the Pre-shared Key field. The Pre-Shared Key is masked for security purposes. 2. If you want to make sure you’re entering the correct Pre-Shared Key, check Don’t hide the pre-shared key. The Pre-Shared Key you enter appears unmasked in the Pre-shared Key field. 3. Click OK. Selecting a Certificate If the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for the VPN connection, the Select Certificate dialog box appears. This dialog box lists all the available certificates installed on your Global VPN Client Enterprise. Select the certificate from the menu, then click OK. If you have a certificate that has not been imported into the Global VPN Client Enterprise using Certificate Manager, click Import Certificate. Note: See the SonicWALL Global VPN Client Administrator’s Guide located at for more information on using the Certificate Manager. SonicWALL Global Security Client Administrator’s Guide Page 17 Disabling a VPN Connection Disabling a VPN connection terminates the VPN tunnel. Right-click the VPN connection policy in the SonicWALL Global VPN Client window, and select Disable. Page 18 SonicWALL Global Security Client Administrator’s Guide SonicWALL Distributed Security Client The SonicWALL Distributed Security Client provides a full stateful packet inspection firewall on the desktop as well as IDS/IDP capabilities to detect port scans, IP spoof attempts, MAC spoof attempts, and operate in stealth mode. Double-click the Distributed Security Client icon in the SonicWALL Global Security Client window or select SonicWALL Distributed Security Client from the Windows Start>Programs menu to display the SonicWALL Distributed Security Client window. In the SonicWALL Distributed Security Client window are the two default policies for the Distributed Security Client: • Local policy - This policy is enabled when the Distributed Security Client is in Standalone mode with no VPN connection enabled. This policy can be modified at any time. • Distributed policy - This policy is enabled when the Distributed Security Client is in Managed mode. In Managed mode, the firewall policies are controlled by the SonicWALL Policy Editor and cannot be modified by the user. The currently enforced policy is noted as Enabled in the Status column of the SonicWALL Distributed Security Client window. Clicking the Properties button on the toolbar or choosing View>Properties displays the properties for the currently enforced security policy. If the Distributed policy is enabled, the Distributed Security Client security policy is managed from the SonicWALL gateway. If the Local policy is enabled, the security policy settings are available for local configuration by the user for use when no VPN connection is enabled. SonicWALL Global Security Client Administrator’s Guide Page 19 Standalone and Managed Mode The Distributed Security Client operates in two modes based on whether the Local policy or Distributed policy is enabled: • Standalone mode - This is the local policy on the client that is in place when the client is not connected to the SonicWALL VPN gateway via the Global VPN Client Enterprise. In Standalone mode, the Distributed Security Client local policy can be configured by the user. When the Distributed Security Client is in Standalone mode, Standalone is displayed in the SonicWALL Distributed Security Client window status bar. • Managed mode - This is the policy pushed down from and enforced at the SonicWALL gateway while the VPN tunnel is established. When the Distributed Security Client is in Managed mode as part of a VPN connection to the SonicWALL gateway, all firewall configuration options are under the control of the SonicWALL gateway. These firewall policies are configured using the SonicWALL Policy Editor. The local user cannot configure any of the Distributed Security Client settings. When the Distributed Security Client is in Managed mode, Managed is displayed in the SonicWALL Distributed Security Client window status bar. Page 20 SonicWALL Global Security Client Administrator’s Guide Configuring Local Policy The Local policy of Distributed Security Client can be configured by the user. This allows you to define the firewall policy for your desktop when the Global VPN Client Enterprise is not connected to your corporate network. The following explains the configuration options available to Distributed Security Client users in Standalone mode. To display the Local policy firewall settings, select Local policy and click the Properties button on the SonicWALL Distributed Security Client window toolbar, or choose View>Properties. The Distributed Security Client Properties window is displayed with five tabs: Security, Advanced Rules, Application Rules, NetBIOS Settings, and Log Settings. Alert! These settings are configurable only if the Standalone policy is enabled. Otherwise, these settings are managed by the Policy Editor on the SonicWALL gateway and the settings in the Distributed Security Client Properties window are dimmed. Security Selecting Security displays the configurable security settings for the SonicWALL Distributed Security Client. After making any security setting changes, click the Apply button to save your changes. SonicWALL Global Security Client Administrator’s Guide Page 21 Protection The Protection settings define the security level provided by the Distributed Security Client. • Allow All - Permits the transmission of all network traffic, including the Internet, to and from your computer system via network connections. The Allow All setting still logs all traffic that enters or exits your system. • Block All - Prevents all information entering or leaving your computer from any outside source. All network traffic is blocked from entering or leaving your computer. • Normal - A configurable security setting that automatically blocks applications from accessing to your computer except those specified in the Advanced Rules and Application Rules pages of the Distributed Security Client Properties window. Attacks The Attacker Seal enables the Active Response feature, which blocks all communication from a source host once an attack is detected. It blocks any and all traffic from that IP for the duration specified in the Seconds field. Anti-IP (Anti-IP Spoofing) IP spoofing is a process used by hackers to hijack a communication session between two computers. A hacker can send a data packet that causes Computer A to drop the communication. Then, pretending to be Computer A, the hacker can communicate with Computer B, thus hijacking a communication session and attempting to attack Computer B. Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of each communication packet, preventing a hacker from anticipating a packet and intercepting it. Anti-MAC (Anti-MAC Spoofing) Like IP spoofing, hackers can use MAC spoofing to attempt to hijack a communication session between two computers in order to hack one of the machines. MAC (media access control) addresses are hardware addresses that identify computers, servers, routers, etc. When Computer A wishes to communicate with Computer B, it may send an ARP (Address Resolution Protocol) packet to the computer. The Anti-MAC spoofing feature blocks any ARP packets sent to your computer. This way, hackers attempting to determine your MAC address will be blocked from doing so. If you request an ARP packet, SonicWALL Distributed Security Client will allow it. Stealth (Stealth Mode Browsing) Stealth mode refers to a computer that is hidden from other computers while on a network. A computer on the Internet, for example, if in stealth mode cannot be detected by port scans or communication attempts, such as ping. If you enable the Stealth feature, your computer will be invisible to other computers on any network you’re connected to. Page 22 SonicWALL Global Security Client Administrator’s Guide Port Scanner (Port Scan Detection) Port scanning is a popular method that hackers use to determine which of your computer’s ports are open to communication. Ports are dynamically blocked in the Distributed Security Client, and are protected from hacking attempts. The Port Scanner feature detects if someone is scanning your ports, and notifies you. If disabled, Distributed Security Client does not detect scans or notify you of scans but still protects your ports from hacking attempts. Pre-Start Pre-Start prevents any traffic from entering or leaving your computer during the precious seconds between the time that your computer turns on and the Distributed Security Client is launched. This time frame is a small security hole that can allow unauthorized communication. Enabling Pre-start prevents possible Trojan Horses or other unauthorized applications from communicating with other computers. This includes initial DHCP and NetBIOS traffic so that the agent can obtain an IP address and log on to a domain. NetBIOS Protection NetBIOS Protection blocks all communication from computers located outside of your subnet range. A subnet is a group of computers that connect to the same gateway. If your computer is located on an office network, then other computers in your office are most likely on your subnet. If you connect to the Internet using an ISP, your subnet may be very large. NetBIOS traffic is blocked on UDP ports 88, 137, and TCP ports 135, 139, 445, and 1026. SonicWALL Global Security Client Administrator’s Guide Page 23 Advanced Rules The Advanced Rules page allows you to create and manage firewall filter rules. Creating a Rule To create a firewall filter rule, you must first specify the kind of traffic that should be affected by the rule. There are several different characteristics of traffic, each of which you can use to specify the kind of traffic that you want to control. Note: You can create a maximum of 32 advanced rules for the Local policy as well as the Distributed policy from the Policy Editor. To create a new rule, follow these steps: Page 24 SonicWALL Global Security Client Administrator’s Guide 1. Click New. The New Advanced Rule dialog box is displayed. 2. Enter a name for your rule in the Rule field. This is the name displayed in the Rules list. 3. Configure the following settings to specify the characteristics of the traffic. Action - Select Block to block the specified traffic or Allow to allow the specified traffic. Direction - Select one of the traffic direction options: Inbound, Outbound, or Both. Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP. Details - Specify the port number(s), and IP address(es). To enter a range, separate the first and last port numbers or IP addresses with a comma; for example, 59153, 59160. 4. After specifying your rule settings, click OK. 5. Click Apply to save your changes. Modifying Rules To modify a rule, follow these steps: 1. Select the rule in the Rules list 2. Click Edit. The Edit Advanced Rule dialog box is displayed. This dialog box includes the same settings as the New Advanced Rule dialog box. 3. Modify any of the following settings to specify the characteristics of the traffic. Action - Select Block to block the specified traffic or Allow to allow the specified traffic. Direction - Select one of the traffic direction options: Inbound, Outbound, or Both. Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP. Details - Specify the port number(s), and IP address(es). To enter a range, separate the first and last port numbers or IP addresses with a comma; for example, 59153, 59160. 4. Click OK. 5. Click Apply. SonicWALL Global Security Client Administrator’s Guide Page 25 Deleting a Rule To delete a rule, select the rule in the Rules list, and then click the Delete button. Click Apply to save your changes. Defining Rule Priority The first rule in the Rules list supersedes the rule below it. You can rearrange the order of your rules by selecting the rule and then clicking the Up or Down button. Application Rules The Application Rules page allows you to configure security settings for each application on your application list by setting certain restrictions on which IPs and Ports an application can use. Applications listed with a checkbox in the bottom section of the Application Rules page were discovered by the Distributed Security Client as running. The default configuration is to allow these applications to run. To block any of these applications, click on the checkbox associated with the application. Click the Block button to move application (s) up to the Applications list. Click Apply to save your changes. Page 26 SonicWALL Global Security Client Administrator’s Guide Adding an Application 1. Click New. The New Application Rule dialog box is displayed. 2. Click the Browse button to locate the executable application file on your system. 3. Enter trusted IP addresses or IP ranges in the Trusted Host IP Address (es) field. This IP address or range of IP addresses become trusted for this application. This means that anything arriving from this IP address or range of IP addresses are trusted if the traffic is in the form of the specified application. 4. Select Allow or Block from the Action menu to specify whether you want to allow or block the traffic for this application. 5. Enter the TCP and UDP port or port range(es) in the TCP Port and UDP Port fields in the Local and Remote sections that can be utilized for this application. 6. After specifying your rule settings, click OK. 7. Click Apply to save your changes. Modifying an Application Rule To modify an application rule, see “Modifying Rules” on page 25. Deleting an Application Rule To delete an application, select the application in the Application list, and then click Delete. Click Apply to save your changes. NetBIOS Settings The NetBIOS Settings page displays the network interfaces on your computer recognized and protected by the Distributed Security Client. The SonicWALL Virtual Adapter entry is the interface for the SonicWALL Global VPN Client Enterprise application. SonicWALL Global Security Client Administrator’s Guide Page 27 The NetBIOS Settings page allows you to enable or disable Windows Browse and Share networking services for each network interface. Check the Enable box to enable the service on the interface or unselect the Enable checkbox to disable the service. Page 28 SonicWALL Global Security Client Administrator’s Guide Log Settings The Log Settings page allows you to specify the maximum, Security Log, and Traffic Log file size and the days to keep the log file. The default Maximum log file size for all three logs is 512K. The default Days to keep is 30 days. To change any log setting, enter the new Maximum log file size and/or Days to keep values, and then click Apply. SonicWALL Global Security Client Administrator’s Guide Page 29 Logs In the Distributed Security Client, a log is a record of information attempting to enter or exit your computer through your network connection. Logs are an important method for tracking your computer’s activity and interaction with other computers and networks. They are particularly useful in detecting potentially threatening activity, such as port scanning, which is aimed at your computer. To view these logs, click the Logs button on the Distributed Security Client window toolbar and select either Security or Traffic or choose View>Logs. • The Security log records potentially threatening activity directed towards your computer, such as port scanning, or denial of service attacks. This log is probably the most important log file in the Distributed Security Client. • The Traffic log records every packet of information that enters or leaves a port on your computer. Page 30 SonicWALL Global Security Client Administrator’s Guide Event Viewer Double-clicking the Event Viewer icon in the SonicWALL Global Security Client window displays the Event Viewer window. The Event Viewer window provides access to the following Global Security Client event logs: • Application - Contains events logged by applications or programs. • Security - Records events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. • System - Contains events logged by Windows system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. Records all operational changes, such as the starting and stopping of services, detection of network applications, software configuration modifications, and software execution errors. This log is especially useful for troubleshooting. • SonicWALL Global Security Client - Displays Global Security Client events categorized as Information, Error, Success Audit or Warning. Note: The Application, Security, and System Event Viewer functions are part of the Windows operating system. See your Windows documentation for more information on the Event Viewer. SonicWALL Global Security Client Administrator’s Guide Page 31 Configuring Log Properties Select the Event Log you want to configure, then click the Properties button on the Event Viewer window toolbar or select Action>Properties. The Properties window for the log is displayed. The General tab provides settings for storing and naming the log file, log size, and log actions. The Filter tab provides the settings for defining what log events are captured. These settings are the same for all log event categories, except the options in the Event source menu. Managing Log Files The following are common log file management options available from the Action menu in the Events Viewer window: • Saving Log Files - You can save a log file by selecting the event log, then choosing Action>Save Log File As. Navigate to where you want to store the log file, enter a name for your log file in the File name field, then click Save. The file is saved with the .evt filename extension. • Exporting a Log - You can export a log file as a text file by choosing Action>Export List. Select the text formatting options from the Save as type menu, and click Save. You can also click on the Export List button on the toolbar. • Renaming a Log - You can rename a log file by choosing Action>Rename. • Clearing a Log - You can clear a log of all events by choosing Action>Clear all Events. • Opening a Log File - To open an existing log file, choose Action>Open Log File. • Refreshing a Log - You can refresh a log by choosing Action>Refresh or clicking the Refresh button on the toolbar. Customizing Log Views The View menu in the Event Viewer window provides the following options for changing the way logs are displayed. • Add/Remove Columns - Allows you to define the columns displayed for the log and in what order they are displayed. • All Records - Displays all records captured by the log. • Filter - Displays the Filter tab in the Properties window for specifying the event types captured by the log. • Newest First - Displays the most recent events at the top of the Event Viewer. • Oldest First - Displays the oldest events at the top of the Event Viewer. • Find- Allows you to search the log for a specific event. Customizing the Event Viewer Window Layout Choosing View>Customize allows you to customize the layout of the Event Viewer window. Page 32 SonicWALL Global Security Client Administrator’s Guide Configuring Security Policies with the Policy Editor The Policy Editor and Policy Server architecture introduces the ability to configure client policies through the SonicWALL Internet Security Appliance. The SonicWALL Administrator defines the remote Distributed Security Client security policies from the Policy Editor. These security policies are enforced by the SonicWALL to ensure the remote desktop is secured by the Distributed Security Client before allowing the VPN connection via the Global VPN Client Enterprise. Note: You can create only a single security policy for all your Global Security Clients. Tip! The Policy Editor settings are the same for SonicWALL Appliances running SonicOS 2.1.x or Firmware 6.6.x. SonicWALL Global Security Client Administrator’s Guide Page 33 Accessing the Policy Editor (Firmware 6.6.x) To access the Policy Editor in the SonicWALL Management Interface: 1. Select General>Security Services. 2. Click the Activate your SonicWALL Security Service Subscription link. The mySonicWALL.com Login page is displayed. 3. Enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. 4. Click the Edit Policy button below the Manage Services Online table. The Global Security Client>Summary page is displayed. Page 34 SonicWALL Global Security Client Administrator’s Guide Accessing the Policy Editor (SonicOS 2.1.x) To access the Policy Editor in the SonicWALL Management Interface: 1. Select System>Licenses. 2. Click the To Activate, Upgrade, or Renew services, click here link. The mySonicWALL.com Login page is displayed. 3. Enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. 4. Click the Edit Policy button below the Manage Services Online table. The Global Security Client>Summary page is displayed. Alert! The Policy Editor button appears only if you have activated your Global Security Client licenses. See “Global Security Client Licensing” on page 50 for more information. Getting Help Clicking the ? on the top right of the SonicWALL Management Interface page displays online help for the page. SonicWALL Global Security Client Administrator’s Guide Page 35 Global Security Client>Summary The Global Security Client>Summary page includes the Active Policy and Policy Being Edited sections. The Deployed Policy section shows the current active/deployed policy, its version and date. The Policy Being Edited section shows the policy being edited as well as the policy Version number and Last Modified Date of the policy. Changes can be made to policy without deploying it until you click Deploy. Page 36 SonicWALL Global Security Client Administrator’s Guide Clicking the View buttons show the policy template in XML format that is a read-only version. You can view the current active version by clicking the View button under the Active Policy table. You can view the policy being edited by clicking the View button under the Policy Being Edited. Editing a Security Policy Clicking the Edit button in the Policy Being Edited section of the Global Security Client>Summary page access the settings for configuring a policy. Deploying a Security Policy Once you have configured the security policy for the Distributed Security Clients, you can deploy the policy by clicking Deploy, and then do the following: • If your SonicWALL is running SonicOS 2.1.x - to make the newly deployed policy take effect immediately, do a synchronization by selecting the Security Services>Summary page, and then clicking the Synchronize button in the Security Services Settings section. • If your SonicWALL is running Firmware 6.6.x - to make the newly deployed policy take effect immediately, do a synchronization by selecting the General>Security Services page, and then clicking the Synchronize button in the Security Services Configuration section. SonicWALL Global Security Client Administrator’s Guide Page 37 Global Security Client>Groups and Services Clicking the Edit button in the Policy Being Edited table displays the Groups and Services page. Policy Polling Frequency Policy Polling Frequency defines the frequency the SonicWALL checks the policy on all clients. The default value is 60 minutes. After you deploy a policy and click on the Synchronize button in the Security Services Settings section, the new policy is obtained by all connected Global Security Clients according to the value in the Policy Polling Frequency field. Services The Services section lists the available services for the Global Security Client with access to the configuration options for the service. Clicking on the Edit icon (SonicOS) or the Edit button (Firmware 6.6.x) in the Configure column for Distributed Security Client allows you to configure security policies enforced by the Policy Editor for Distributed Security Clients on the remote desktops. Page 38 SonicWALL Global Security Client Administrator’s Guide Configuring the Distributed Security Client Clicking the Notepad icon for Distributed Security Client in the Services table on the Groups and Services page, displays the Distributed Security Client page. This page includes the settings for configuring the client Distributed Security Client policy enforcement options. General Settings The Version menu allows you to define what version of the Distributed Security Client the client must be running to allow remote access. You can choose a specific version or latest from the Version menu. Security The Security section allows you to specify the Distributed Security Client security features to enforce on your clients. These settings correspond to those that are listed in the desktop Distributed Security Client client when it is in Standalone mode. Each Security feature has a default setting, but you can specify Enable or Disable for each Security feature in the Action column to make any changes to your Distributed Security Client policy. SonicWALL Global Security Client Administrator’s Guide Page 39 Anti-IP (Anti-IP Spoofing) IP Spoofing is a process used by hackers to hijack a communication session between two computers. A hacker can send a data packet that causes Computer A to drop the communication. Then, pretending to be Computer A, the hacker can communicate with Computer B, thus hijacking a communication session and attempting to attack Computer B. Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of each communication packet, preventing a hacker from anticipating a packet and intercepting it. Anti-MAC (Anti-MAC Spoofing) Anti-MAC Spoofing is like IP spoofing, hackers can use MAC spoofing to attempt to hijack a communication session between two computers in order to hack one of the machines. MAC (media access control) addresses are hardware addresses that identify computers, servers, routers, etc. When Computer A wishes to communicate with Computer B, it may send an ARP (Address Resolution Protocol) packet to the computer. The anti-MAC spoofing feature blocks any ARP packets sent to your computer. This way, hackers attempting to determine your MAC address will be blocked from doing so. If you request an ARP packet, SonicWALL Global Security Client will allow it. Port Scanner (Port Scan Detection) Port scanning is a popular method that hackers use to determine which of your computer’s ports are open to communication. Ports are dynamically blocked in Global Security Client, and are protected from hacking attempts. This feature detects if someone is scanning your ports, and notifies you. If disabled, Global Security Client will not detect scans or notify you of them but will still protect your ports from hacking attempts. Stealth (Stealth Mode Browsing) Stealth mode is a term used to describe a computer that is hidden from other computers while on a network. A computer on the Internet, for example, if in stealth mode cannot be detected by port scans or communication attempts, such as ping. If you enable this feature, your computer will be invisible to other computer on any network you’re connected to. Pre-Start Pre-Start prevents any traffic from entering or leaving your computer during the precious seconds between the time that you machine turns on and the Distributed Security Client is launched. This time frame is a small security hole that can allow unauthorized communication. Enabling this feature prevents possible Trojan Horses or other unauthorized applications from communicating with other computers. NetBIOS Protection NetBIOS Protection blocks all communication from computers located outside of your subnet range. A subnet is a group of computers that connect to the same gateway. If your computer is located on an office network, then other computers in your office are most likely on your subnet. If you connect to the Internet using and ISP, your subnet may be very large. NetBIOS traffic is blocked on UDP ports 88, 137, and TCP ports 135, 139, 445, and 1026. Page 40 SonicWALL Global Security Client Administrator’s Guide Alert! Because this option can interfere with the functioning of Windows applications, it is recommended that only users who have a firm understanding of Windows and DLLs enable this feature. Advanced Rules The Advanced Rules section allows you to specify rules for special Distributed Security Client filtering. You create new rules by clicking on the Add button. You can arrange the order of rules in the Advanced Rules table by clicking on the Up or Down links in the Configure column. Specifying the Default Action The Default Action menu allows you to select the default security level of the SonicWALL Distributed Security Client. You can choose one of the following options: • Normal - A configurable security setting that automatically blocks applications from accessing your computer except those specified in Advanced Rules and Application Rules. • Block All - Prevents all information entering or leaving your computer from any outside source. All network traffic is blocked from entering or leaving your computer. • Allow All - Permits the transmission of all network traffic, including the Internet, to and from your computer system via network connections. The Allow All setting still logs all traffic that enters or exits your system. SonicWALL Global Security Client Administrator’s Guide Page 41 Adding a Rule 1. Click the Add button. The Advanced Rule window is displayed. 2. Enter the new rule name in the Name field. 3. Select the Protocol option (TCP, UDP, or ICMP) from the Protocol menu. 4. Specify the local and/or remote port number or range in the Port/Type field. Separate the beginning and ending port numbers in a range with a comma. 5. Enter the IP address or IP address range in the IP field. 6. Select Inbound, Outbound or Both from the Direction menu. 7. Select Allow or Block from the Action menu to specify the traffic direction of the filter action. 8. Click Apply. The new rule is displayed in the Advanced Rules table in the Global Distributed Security Client page The Advanced Rules table displays all your added rules by Name, Protocol, Port/Type, IP, Direction, and Action. Modifying or Deleting a Rule Clicking the Notepad icon in the Configure column (SonicOS) or the Edit button (Firmware 6.6.x) allows you to edit the rule. Page 42 SonicWALL Global Security Client Administrator’s Guide Clicking the Trashcan icon in the Configure column (SonicOS) or the Delete button (Firmware 6.6.x) deletes the rule. Applications The Applications section allows the administrator to allow or block specific applications on the client desktop for use through the VPN connection. Allowing or Blocking Applications The Applications table displays a set of default common applications that you can Allow or Block in the Action column. Deleting an Application You can delete an application by clicking the Trashcan icon in the Delete column (SonicOS) or the Delete button (Firmware 6.6.x). Adding an Application You can add additional applications to block or allow. To add an application, follow these steps: 1. Enter the executable filename for the application in the Executable Name field. 2. Enter an optional description of the application in the Description field. 3. Click the Add Application button. The application is added to the Applications table. 4. Specify Allow or Block in the Action column of the Applications table. 5. Click Apply. SonicWALL Global Security Client Administrator’s Guide Page 43 Enforcing Distributed Security Client Activation For VPN connections from SonicWALL Global VPN Client Enterprise clients, you configure the GroupVPN settings on the SonicWALL Gateway. To enforce the use of the Distributed Security Client in conjunction with the Global VPN Client Enterprise client, you enable the Require Distributed Security Client for this Connection to enforce the Distributed Security Client for the specified VPN connection. Note: See your SonicWALL Administrator’s Guide for complete GroupVPN configuration instructions. Page 44 SonicWALL Global Security Client Administrator’s Guide SonicOS 2.1.x To require and enforce the Distributed Security Client policy on the Global VPN Client Enterprise user’s desktop before allowing a VPN connection, follow these steps to configure the GroupVPN policy on your SonicWALL: 1. Select the VPN>Settings page in the SonicWALL Management Interface. 2. Click the Notepad icon for GroupVPN in the VPN Policies table. The VPN Policy window is displayed. 3. Click the Client tab. 4. Check Require Distributed Security Client for this Connection. 5. Click OK. SonicWALL Global Security Client Administrator’s Guide Page 45 Alert! If the Global Security Client is not activated on your SonicWALL, you cannot enable Require Distributed Security Client, and an error message is displayed. If a Global VPN Client Enterprise user without the SonicWALL Distributed Security Client activated attempts to make a VPN connection to a SonicWALL VPN Gateway with the Require Distributed Security Client for this Connection enabled, the error message “The connection Requires SonicWALL Distributed Security Client enabled before it can be completed. Please contact your network administrator.” Firmware 6.6.x To require and enforce the Distributed Security Client policy on the Global VPN Client Enterprise user’s desktop before allowing a VPN connection, follow these steps to configure the GroupVPN policy on your SonicWALL 1. Select the VPN>Configure page in the SonicWALL Management Interface. 2. Click the Client Settings button. The VPN Client Settings window is displayed. 3. Check Require Distributed Security Client for this Connection. 4. Click OK. 5. Click Update. Page 46 SonicWALL Global Security Client Administrator’s Guide Global VPN Client Enterprise License Sharing License Sharing allows you to distribute the Global VPN Client Enterprise among multiple SonicWALL gateways. License sharing assigns a License Sharing Group (LSG) to a SonicWALL from which this feature is activated. You can then add other SonicWALLs to the LSG, by their serial numbers and assign them Global VPN Client Enterprise licenses from the pool of remaining available licenses in the LSG. SonicOS 2.1.x To set up a License Sharing Group for the Global VPN Client Enterprise on a SonicWALL running SonicOS 2.1.x, follow these steps: 1. In the System>Licenses page of the SonicWALL Management Interface, click the click here in To Activate, Upgrade, or Renew services click here in the Manage Security Services Online. The mySonicWALL Login page is displayed 2. Enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. The System>Licenses page is displayed. If your SonicWALL is already connected to your mySonicWALL.com account, the System>Licenses page appears. 3. Click Share in the Manage Service column for Global VPN Client Enterprise in the Manage Services Online table. 4. Click the Share button. 5. Type the serial number of the SonicWALL that you want to share licenses from in the Please enter serial number of the appliance, you want to add to your License Sharing Group field. 6. Click Submit. The SonicWALL is added as the Group Creator to the License Sharing Group. Tip! The SonicWALL appliance must be registered at before it can be added to the License Sharing Group. 7. To add a SonicWALL that you want to distribute licenses, enter the SonicWALL serial number in the Appliance SN field and click Add. The SonicWALL is added to the License Sharing Group. 8. To distribute licenses between the SonicWALLs, type the number of licenses you want to share for the second SonicWALL into the Licenses field, and click Update. Repeat for each SonicWALL appliance. The distributed number of licenses is displayed for each SonicWALL. Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group. To share previously activated licenses among multiple SonicWALLs, contact SonicWALL technical support. SonicWALL Global Security Client Administrator’s Guide Page 47 You can also remove a SonicWALL appliance or redistribute the number of licenses between the SonicWALL appliances. To remove a SonicWALL appliance, click Remove next to the SonicWALL serial number. To redistribute licenses, type the new number of licenses into the License field and click Update. Repeat for each SonicWALL appliance. The License Availability information changes as you change the license distribution or add more SonicWALLs. Firmware 6.6.x To set up a License Sharing Group for the Global VPN Client Enterprise on a SonicWALL running Firmware 6.6.x, follow these steps: 1. In the General>Security Services page of the SonicWALL Management Interface, click SonicWALL Security Service Subscription in the Security Services Activation section. The mySonicWALL Login page is displayed. 2. Enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. The General>Security Services page is displayed. If your SonicWALL is already connected to your mySonicWALL.com account, the System>Licenses page appears. 3. Click Share in the Manage Service column for Global VPN Client Enterprise in the Manage Services Online table. 4. Click the Share button. 5. Type the serial number of the SonicWALL that you want to share licenses from in the Please enter serial number of the appliance, you want to add to your License Sharing Group field. 6. Click Submit. The SonicWALL is added as the Group Creator to the License Sharing Group. Tip! The SonicWALL appliance must be registered at before it can be added to the License Sharing Group. 7. To add a SonicWALL that you want to distribute licenses, enter the SonicWALL serial number in the Appliance SN field and click Add. The SonicWALL is added to the License Sharing Group. 8. To distribute licenses between the SonicWALLs, type the number of licenses you want to share for the second SonicWALL into the Licenses field, and click Update. Repeat for each SonicWALL appliance. The distributed number of licenses is displayed for each SonicWALL. Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group. To share previously activated licenses among multiple SonicWALLs, contact SonicWALL technical support. Page 48 SonicWALL Global Security Client Administrator’s Guide You can also remove a SonicWALL appliance or redistribute the number of licenses between the SonicWALL appliances. To remove a SonicWALL appliance, click Remove next to the SonicWALL serial number. To redistribute licenses, type the new number of licenses into the License field and click Update. Repeat for each SonicWALL appliance. The License Availability information changes as you change the license distribution or add more SonicWALLs. SonicWALL Global Security Client Administrator’s Guide Page 49 Global Security Client Licensing The SonicWALL Global Security Client allows you to install the Global VPN Client Enterprise and Distributed Security Client. SonicWALL Global VPN Client Enterprise is licensed on a per connection basis. That means a 5 pack of Global Security Client gives the customer 5 concurrent Global VPN Client Enterprise connections on the SonicWALL. SonicWALL Distributed Security Client licensing is licensed on a per client basis. A 5 pack of Global Security Client allows you to install Distributed Security Client on 5 computers. The Distributed Security Client license is for subscription. If you do not have SonicWALL Global Security Client activated on your SonicWALL, you must purchase Global Security Client from a SonicWALL reseller or your mySonicWALL.com account (limited to customers in the USA and Canada only). mySonicWALL.com mySonicWALL.com delivers a convenient, one-stop resource for registration, activation, and management of your SonicWALL products and services. Your mySonicWALL.com account provides a single profile to do the following: • Register your SonicWALL Internet Security Appliances • Purchase/Activate SonicWALL Security Services and Upgrades • Receive SonicWALL firmware and security service updates and alerts • Manage (change or delete) your SonicWALL security services • Access SonicWALL Technical Support Creating a mySonicWALL.com account is easy and FREE. Simply complete an online registration form. Once your account is created, you can register SonicWALL Internet Security Appliances and activate any SonicWALL Security Services associated with the SonicWALL. Your mySonicWALL.com account is accessible from any Internet connection with a Web browser using the HTTPS (Hypertext Transfer Protocol Secure) protocol to protect your sensitive information. You can also access mySonicWALL.com license and registration services directly from the SonicWALL management interface for increased ease of use and simplified services activation. If you activated Global Security Client at mySonicWALL.com, the Global Security Client, activation is automatically enabled on your SonicWALL within 24-hours or you can click the Synchronize button on the Security Services>Summary page to update your SonicWALL. Page 50 SonicWALL Global Security Client Administrator’s Guide Activating Global Security Client Licenses on Your SonicWALL If you have the Activation Key for your SonicWALL Global Security Client and a mySonicWALL.com account, use the following steps to activate the Global Security Client from the SonicWALL Internet Security Appliance management interface. SonicOS 2.1.x 1. In the System>Licenses page of the SonicWALL Management Interface, click the click here in To Activate, Upgrade, or Renew services click here in the Manage Security Services Online. 2. In the mySonicWALL Login page, enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. The System>Licenses page is displayed. If your SonicWALL is already connected to your mySonicWALL.com account, the System>Licenses page appears. Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed Security Client licenses. You enter the Activation Key for the Distributed Security Client and the Global VPN Client Enterprise license is automatically added. 3. Click Upgrade in the Manage Service column for Distributed Security Client in the Manage Services Online table. 4. Type the Activation Key in the New License Key field for each Global Security Client (Distributed Security Client and Global VPN Client Enterprise). 5. Click Submit. Your Global Security Clients are activated. The number of Global VPN Client Enterprise and Distributed Security Client licenses appear in the Count column of the Manage Services Online table on the System>Licenses page. The expiration date for the Distributed Security Client is displayed in the Expiration column. Firmware 6.6.x 1. In the General>Security Services page of the SonicWALL Management Interface, click SonicWALL Security Service Subscription in the Security Services Activation section. The mySonicWALL Login page is displayed. 2. In the mySonicWALL Login page, enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. The System>Licenses page is displayed. If your SonicWALL is already connected to your mySonicWALL.com account, the Manage Services Online page appears. Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed Security Client licenses. You enter the Activation Key for the Distributed Security Client and the Global VPN Client Enterprise license is automatically added. SonicWALL Global Security Client Administrator’s Guide Page 51 3. Click Upgrade in the Manage Service column for Distributed Security Client in the Manage Services Online table. 4. Type the Activation Key in the New License Key field for each Global Security Client (Distributed Security Client and Global VPN Client Enterprise). 5. Click Submit. Your Global Security Clients are activated. The number of Global VPN Client Enterprise and Distributed Security Client licenses appear in the Count column of the Manage Services Online table on the General>Security Services page. The expiration date for the Distributed Security Client is displayed in the Expiration column. Page 52 SonicWALL Global Security Client Administrator’s Guide Index A Advanced Rules 24 Creating a Rule 24 Deleting a Rule 26 Modifying a Rule 25 Application Rule Deleting 27 Application Rules 26 Adding an Application 27 Deleting 27 Modifying an Application 27 C Configuring the Local Policy 21 Creating a VPN Connection 9 D Disabling a VPN Connection 18 Distributed Security Client 19 Distributed Policy 19 Local Policy 19 Managed Mode 20 Standalone Mode 20 E Enabling a VPN Connection Pre-Shared Secret 17 Selecting a Certificate 17 Enforcing Distributed Security Client Activation 44 Event Viewer Customizing Log Views 32 Events Viewer 31 Application Log 31 Configuring Log Properties 32 Customizing Event Viewer Window Layout 32 Managing Log Files 32 Security Log 31 SonicWALL Global VPN Client Log 31 System Log 31 SonicWALL Global Security Client Administrator’s Guide Page 53 G Global Security Client About 5 Activating Licenses 51 Distributed Enforcement Architecture Features 5 How it Works 6 Licensing 50 Global VPN Client Enterprise 8 Default Gateway 9 Enabling a VPN Connection 14 License Sharing 47 New Connection Wizard 9 Office Gateway 9 Remote Access 9 SSID 9 7 I Installing Global Security Client 7 L Log Settings 29 Security Log 29 Traffic Log 29 Logs 30 N NetBIOS Settings 27 Browse 28 Share 28 SonicWALL Virtual Adapter 27 P Policy Editor 33 Accessing in Firmware 6.6.0.x 34 Accessing in SonicOS 35 Adding a Rule 42 Adding an Application 43 Allowing or Blocking an Application 43 Configuring Distributed Security Client Policy Deploying a Security Policy 37 Editing a Security Policy 37 Enable/Disable Security Features 39 Groups and Services 38 Policy Polling Frequency 38 Specifying Default Action 41 Summary 36 Version Control 39 39 Page 54 SonicWALL Global Security Client Administrator’s Guide S Security 21 Anti-IP Spoofing 22 Anti-MAC Spoofing 22 Attacker Seal 22 NetBIOS Protection 23 Port Scanner 23 Pre-Start 23 Protection Settings Allow All 22 Block All 22 Normal 22 Stealth Mode Browsing 22 SonicWALL Global Security Client Administrator’s Guide Page 55 SonicWALL,Inc. 1143 Borregas Avenue Sunnyvale,CA 94089-1306 T: 408.745.9600 F: 408.745.9300 www.sonicwall.com © 2002 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice. P/ N 232- 000510- 00 Rev A 03/ 04