General Technology

SPAM is a problem that every email user has become familiar with. It has evolved from being an inconvenience to a money pit over the past several years. Schemes and devices to “clean” these unsolicited messages are nearly as varied, both in cost and effectiveness, as the methods employed by spammers to deliver them. One acknowledgement of the extent of the problem is in the fact that most ISPs now offer some level of “gateway” SPAM filtering with their subscriptions as a standard service. While not suitable for commercial applications, they are the most basic of a range of tools that vary in approach, cost, and efficiency.

Server- based applications are also available that offer a much higher degree of proficiency, but require dedicated servers to do their best or, at least, add additional overhead on the mail server, itself. These solutions require annual subscriptions to databases provided by the manufacturer to update new spammer identity profiles onto the locally installed software. Without such a service, the device would soon be obsolete and ineffective as spammers regularly alter their digital identities as a matter of course in their ongoing attempts to thwart filters achieve delivery of their message or payload. This approach also normally requires direct management and maintenance by in-house or contracted IT staff.

Most recently, a third approach has been the installation of a small form-factor computer dedicated to the task. With its own processor, memory and drive space, it accomplishes filtering more thoroughly and generally in less time. Those internal resources allow load to be taken off of the mail server because the filtering is completed before the message arrives at the server, commonly increasing the server’s overall throughput, as well. The best of these devices allow granular control of quarantines (dedicated folders where SPAM is held) down to the user level so each user can maintain control of their own email, even if it is not ultimately delivered to their Inbox. This approach is the most efficient with the capability to, over a short period of time, achieve filtering efficiencies exceeding 99%. Like server-based solutions, these systems also require annual subscriptions for updates and support.

For many small companies those standard solutions are either not effective enough or too expensive to justify the expense. The simplest way to calculate the return on investment is to approximate the time each employee spends in sorting through and deleting SPAM from their Inbox each day and multiply that number by the number of email users. The result is the number of man-minutes (or hours) lost each day. From there, it’s pretty easy to calculate a rough dollar amount based on the average employee’s wage.

For smaller companies of up to around 50 email accounts, it may not make sense to invest in a dedicated on-network appliance. For those situations, we at Dreaming Tree have implemented a hybrid system called SPAMGuard that has all of the advantages of both a gateway and dedicated hardware device system. Simply put, we are now able to offer direct access to our bank of hardware SPAM filters to external domains.

In effect, it enables you to employ the highest standard of filtering capability by utilizing our equipment while maintaining the ability of each of your users to have absolute control of both the delivered and filtered emails. This allows them to check their quarantine folders periodically for false positives while keeping their Inboxes as uncluttered as absolutely possible. SPAMGuard also scans all email traffic for viruses, worms, Trojans, and phishing attempts and automatically quarantines infected messages, as well.

Daily reminders are emailed by the system to each user with a summary of the retained SPAM on our device and a quick link for them to access their quarantine folder to help keep maintenance as simple as possible. Users can delete unwanted messages themselves or leave them for automatic deletion after a specified number of days. SPAMGuard is so effective; we offer the service with a satisfaction guarantee of complete refund if you are unsatisfied for any reason within the first 60 days after activation.

Learn More about SpamGUARD for SonicWALL

1. Registering Your SonicWALL Firewall
   Prior to actually installing and configuring your SonicWALL firewall you'll need to register it with mysonicwall.com. This is how the firewall will link up SonicWALL, Inc. to obtain licensing information. This video will walk you through the one time process of setting up an account and how to register each SonicWALL appliance you purchase in the future.
2. Configuring Your Workstation to Access the SonicWALL
   This video will walk you through the process of changing your workstations IP address to initially reach the SonicWALL for configuration. It covers doing so in Ubuntu Linux 7.10 as well as Microsoft Windows Vista.
3. Updating Your Firmware
   Firmware is the lifeblood of a SonicWALL; the software which runs the appliance. Depending on what you're upgrading from, such as a very old stock firmware or SonicOS Standard, you may find yourself without an upgrade path to the latest SonicOS Enhanced, meaning you'll have to reset your unit to factory default during the upgrade process. Because of this you'll want to load the newest firmware on before doing any configuration. This video walks you through obtaining the latest firmware, installing it, and a few caveats you must be aware of to ensure a seamless upgrade.
4. LAN & WAN Configuration
   When setting up a SonicWALL initially it needs to be configured for your network. The LAN must be configured for your internal network and the WAN must be setup to connect you to the outside world, normally the Internet. This will vary a bit between OS Standard and OS Enhanced, but is surely something that’ll have to be setup at least once, and perhaps down the line when service providers change.
5. Using NTP to Keep the SonicWALL's Clock Accurate
   Timing is vital to a SonicWALL. Many encrypted protocols tying into things like VPNs and back-end authentication servers can require very accurate time keeping. Time accuracy is also important for other reasons such as running scheduled tasks, scheduled policies (like turning off content filtering during the lunch hour), checking for anti-virus signature file updates, accurately time-stamping log data, and more. This video covers configuring NTP to ensure that the SonicWALL is timed perfectly as long as it has access to a time server.
6. Configuring Your SonicWALL's Logging
   Logging is critical for security but vastly underutilized on many perimeter devices. This video details the features SonicWALL offers to help manage logs including trimming them down to only include vital data, streaming them in real-time to logging servers, and other recommend tasks.
7. Optional but Common Tasks
   Configuring the DHCP server allows the SonicWALL to issue IP addresses throughout internal networks. Setting up a DMZ may be helpful if you're hosting publicly reachable servers behind your SonicWALL. The creation of address and service objects, NAT policies, and firewall access rules allow you to direct inbound traffic to machines hidden behind the SonicWALL utilizing a private IP address. This is how you open up services to the outside if the machine doesn't have a public IP address. This is commonly referred to as port forwarding. If the server has a public IP you don't have to worry about NAT policies; you simply need to create the objects and the firewall access rule.
8. Optional Tasks Depending on Your Environment
   Now that you have a solid base configuration complete the rest of the job is heavily dependent on your environment. Maybe you purchased a SonicPoint in which case you'd may wish to view our videos dealing with their configuration. Perhaps you wish to setup a VPN tunnel or configure security services such as the gateway anti-virus, content filtering, or utilize the SonicWALL to secure your email traffic. Because all of this is dependent on your needs and desires I can't cover everything here, so I highly recommend browsing the video vault or searching for topics that apply to you to help further refine your SonicWALL's deployment.

Visit SonicKnowItWall.com for additional streaming training videos.

NOBLESVILLE, IND., Dec. 10, 2007 /PRNewsire-FirstCall/ -- Dreaming Tree Technology, Inc., a leading solution provider for SonicWALL security appliances, today announced a new online training website called SonicKnowItWall.com for SonicWALL equipment owners.  The website provides detailed instruction on installing, configuring and troubleshooting SonicWALL appliances, with services using the latest in video streaming technology and advanced personalization techniques to deliver a unique experience to the site visitor.

“With the tremendous growth of small business owners and IT administrators buying and configuring perimeter security solutions for their company networks  it is vital they have the proper tools they need to do it correctly,” said Brian A. Reed, Owner of Dreaming Tree Technology. “The content found on the website is driven by the customer’s request for additional understanding.  Using tools such as online feedback and surveys the customer is able to communicate to us exactly what problem they are trying to solve.”

Michael Croghan, President of Dreaming Tree adds "Our goal is to become the foremost source for SonicWALL technical instruction. Not only will we expand our libraries monthly with new information and processes we know to be of value, but we've created the ability for users to request specific topics to address their specific questions. There is nothing else like this anywhere on the Internet."

NOTE: SonicKnowItWall.com is a registered trademark of Dreaming Tree Technology, Inc.  Other products and company names herein may be trademarks and or registered trademarks of their respective companies.

SOURCE: Dreaming Tree Technology, Inc.
CONTACT: Diane Brewer, +866-469-9255 x=117, dbrewer@firewalls.com

WEBSITE: www.SonicKnowItWall.com

Online Videos Features & Benefits

• Videos Designed to Solve Problems
• Backed by a Rock-Solid Guarantee
• Delivery Service Quality Like No Other
• Used By People Just Like You
• Content Based on Experience and Expertise 
• Designed specifically for those new to SonicWALL

Master Your SonicWALL Product

Warning: Tape Backup and Recovery may be HAZARDOUS to your Data.

Theft, viruses, system crashes, and misplaced or stolen backup tapes are driving demand for  fast, reliable, disk-based backup solutions. In fact, business owners are estimated to spend $6.7 billion in 2010 on data protection technologies, up 30% from 2005.

Read more about why not to use tape backup

1. CISCO PIX DOES NOT PROVIDE UTM CAPABILITIES
   The Cisco Pix ASA 5505 does not provide Unified Threat Management services for Gateway Anti-Virus, Gateway Anti-Spyware, or IPS.
2. CISCO PIX CANNOT SUPPORT INTEGRATED SECURE WIRELESS
   Cisco Pix requires a separate purchase of either the older Aeronet or newer Airespace products in order to provide secure wireless network access. This separate equipment must be purchased, deployed, configured and managed at considerably more cost.
3. CISCO PIX ASA LICENSING IS CUMBERSOME AND EXPENSIVE
   As is their custom,  Cisco requires a labyrinth of licenses in order to activate all of the features of their ASA products, which means more money for software lincenses and continued higher deployment and maintenance costs.

See Side-by-Side Comparisons

SonicWALL ViewPoint is an easy-to-use Web-based reporting tool that fully complements and extends SonicWALL’s security products and services. Comprehensive reporting capabilities provide administrators with instant insight into the health of their network including both performance and security. Using both a customizable dashboard and a variety of historical reports, SonicWALL ViewPoint helps organizations of all sizes track network utilization, monitor security activity and view Web usage.

Features & Benefits

Intelligent & Comprehensive

Understanding network events, activity and usage such as security threats, employee Internet utilization and bandwidth consumption is essential for organizations of all sizes. To optimize security, manage growth and plan for future needs, IT administrators require a tool that provides an intelligent, comprehensive view of events and activities throughout the network.

At-a-Glance Dashboard

Customized views illustrate multiple summary reports.

Web Usage

Administrators can view all aspects of Web usage behaviour throughout the network. Find out how much time employees spend surfing  Web sites, dicover exactly which Web sites were accessed at what time and reveal hidden usage patterns.

Attack Summary

Collect information on thwarted attacks using SonicWALL subscription services.

Services & Protocols

Users can view the types and kinds of traffic that are transmitted throughout their network. Find out what kinds of traffic could be eliminated for maximum network performance.

System Requirements

Operating System

• Microsoft® Environment: Windows 2000 Server (SP4), Windows 2000 Professional (SP4), Windows XP Professional (SP2), Windows 2003 Server (SP1)

Database

• Microsoft® Environment: Microsoft SQL Server 2000 (SP4) and Microsoft SQL Server 2005 (SP1) on either Windows 2000 Server (SP4) or 2003 Server (SP1)
• Option to install MSDE SQL Server 2000 as the default database

Java

• Java Database Connectivity (JDBC) driver - Type 3 or 4, JDBC 2.0 compliant.
• Java Plug-in version 1.5 or later

Internet Browsers

• Microsoft® Internet Explorer 6.0 or higher
• Mozilla Firefox 1.5 or higher

Hardware for ViewPoint Server

• x86 Environment: Minimum 3 GHz processor dual-core CPU Intel processor, 2 GB RAM, and 300 GB disk space

Supported SonicWALL Appliances Reported by ViewPoint

• SonicWALL Network Security Appliances: TZ Series Security Appliances, PRO Series Security Appliances
• SonicWALL CSM Appliances
• SonicWALL SSL-VPN 2000/4000 Appliances

Supported SonicWALL Firmware

• SonicWALL Network Security Appliances:  SonicWALL Firmware 6.1.2.0 or higher, and SonicOS Standard 1.0 or higher, and SonicOS Enhanced 2.0 or higher.
• SonicWALL CSM Appliances: SonicWALL 1.0 or higher
• SonicWALL SSL-VPN Appliances: SonicWALL SSL-VPN Firmware 1.5.0.3 or higher

Learn More

Where to buy SonicWALL ViewPoint

Read the SonicWALL ViewPoint datasheet

View online demonstration (login with username "demo" and password "password")

Overview

When working with firewalls that count the number of nodes or licenses on your network you will need to make sure you are using the licenses sparingly.  The list below offers suggestions has to how best to manage these license.

Tip #1: Double Check Devices on Your Network that Don't Need Access

A common problem we see are devices on networks that don't need Internet access.  This would include printers, specialized servers, and labeling machines to name a few.  When these devices are added to the network they are typically given a default gateway address.  The problem with this is that those devices will send broadcast packets to the firewall and the firewall will assign a license to that device.  The best solution is to simply remove the default gateway setting on that device.

Tip #2: Manage Your DHCP Server Wisely

You will need to make sure that the scope of your DHCP server is no larger than what you need.  Example:  if your firewall is licensed for 25 nodes but your DHCP server scope if 30 then there is a good chance your DHCP devices on the network will cycle through all of those 30 IP addresses.  When this happens the firewall will assign a licenses to each of those IP addresses up to the 25 IP.  Once that limit is reached no more IP addresses will be allowed to access the Internet.

FAQ

Q. What happens when I run out of licenses?
A. Once the firewall has assigned all of the licenses any new requests for licenses will be denied and that device will not be able to access the Internet.

Q. Can I add more licenses to my firewall?
A. In most cases, yes.  All SonicWALL TZ devices can have the node license upgraded.  The only exception is the SonicWALL TZ 150 which is fixed at 10 nodes.

Q. How do I reset the licenses used on a firewall?
A. Simply unplug the power cord to the firewall, wait 15 seconds and then plug it back in.

Gateway Anti-Virus Key Features and Benefits

• Delivers intelligent file-based virus and malicious code prevention by scanning in real-time for decompressed and compressed files containing viruses, Trojans, worms and other Internet threats over the corporate network
• Utilizes an extensive database of thousands of high threat virus signatures written to detect and prevent viruses, Trojans, worms and other malware, as well as peer-to-peer and instant messaging file transfers
• Utilizes a first-to-market per packet scanning engine to handle unlimited file sizes and virtually hundreds of thousands of concurrent downloads, offering ultimate scalability and performance for today’s networked environment
• Provides an additional layer of protection against malicious threats by allowing administrators to enforce real-time gateway anti-virus scanning not only between each network zone and the Internet, but also between internal network zones
• Ensures incredibly fast time-to-protection by employing a dynamically-updated database of high threat virus signatures created by a combination of SonicWALL’s SonicAlert Team and third-party sources
• Delivers protection for high threat viruses and malware by inspecting over the most common protocols used in today’s networked environments, including SMTP, POP3, IMAP, HTTP, FTP, NetBIOS, instant messaging and peer-to-peer applications and dozens of other stream-based protocols

SonicWALL Content Filtering Service provides:

Appliance-based, Scalable Content Filtering Solution. SonicWALL Content Filtering Service is an enterprise-class, scalable content filtering service that requires no additional hardware or deployment expenditures.

Web Site Caching. The innovative Content Filtering Service architecture caches URL ratings locally on the SonicWALL appliance. These Web site ratings are stored for all future users that attempt to visit the URLs, making response time to frequently visited sites virtually instantaneous.
Comprehensive Database. SonicWALL Content Filtering Service combines an unlimited database featuring millions of URLs, IP addresses and domains with a unique caching system that reduces latency to a fraction of a second, future-proofing your content filtering solution.
Continuously Updated Database. SonicWALL Content Filtering Service reduces administrative costs and extends protection by automatically updating the content filter database continuously with new and relocated sites.
Category Blocking. SonicWALL Content Filtering Service employs an innovative rating architecture that utilizes a dynamic database of millions of URLs, IP addresses and domains to block multiple categories of objectionable and inappropriate Web content such as porn, hate, violence and others, providing network administrators with greater control to transparently enforce acceptable use policies.
Integrated Security. SonicWALL Internet Security appliances integrate multiple security functions into an all-in-one security solution that features a powerful management interface for setting and managing firewall, VPN, content filtering and anti-virus policies.
Web-based Management. SonicWALL Content Filtering Service provides an easy to use Web-based management interface for simple policy configuration while also providing greater control over Internet usage.

SonicWALL Content Filtering Categories:

SonicWALL Standard Edition:

Violence, Hate / Racism, Intimate Apparel / Swimsuit, Weapons, Adult / Mature Content, Cult / Occult, Illegal Drugs, Drugs, Criminal Skills / Illegal Skills, Sex Education, Gambling, Alcohol / Tobacco

 SonicWALL Premium Categories:

Violence/Hate/Racism, Intimate Apparel/Swimsuit, Nudism, Pornography, Weapons, Adult/Mature Content, Cult/Occult, Drugs/Illegal Drugs, Illegal Skills/Questionable Skills, Sex Education, Gambling, Alcohol/Tobacco, Chat/Instant Messaging (IM), Arts/Entertainment, Business and Economy, Abortion/Advocacy Groups, Education, Cultural Institutions, Online Banking, Online Brokerage and Trading, Games, Government, Military, Political/Advocacy Groups, Health, Information Technology/Computers, Hacking/Proxy Avoidance Systems, Search Engines and Portals, E-Mail, Web Communications, Job Search, News and Media, Personals and Dating, Usenet News Groups, Reference, Religion, Shopping, Internet Auctions, Real Estate, Society and Lifestyle, Gay and *** Issues, Restaurants and Dining, Sports/Recreation, Travel, Vehicles, Humor/Jokes, MP3/Streaming, Freeware/Software Downloads, Pay to Surf Sites, Kid Friendly, Advertisement, Web Hosting, Other, Not Rated

Learn More:

Watch the SonicWALL Content Filtering video

Download the datasheet

Whitepapers:
Secure Content Management: Protected, Productive Networks for Today's Schools and Libraries

Secure Content Management: Protected, Productive Networks for Today's Businesses

Employee Use of Technology in the Workplace: Corporate Liability for Sexual Harassment Claims

Comparing Architectures for Internet Content Filtering Solutions

Where to buy the SonicWALL Content Filter Subscription

Overview

This table compares the 3 most popular bundles of the SonicWALL TZ 170 on both technical specifications and security services they provide.

Models: SonicWALL TZ 170: Hardware Only SonicWALL TZ 170 Support Bundle SonicWALL TZ 170 Security Suite Protection Level: Pros: Low cost, easy to deploy Low cost; offers continued technical support and firmware updates and upgrades. Low cost; offers continued technical support and firmware updates and upgrades; protection from viruses, spyware and network intrusions. Cons: No support, no protection for common Internet threats (e.g. viruses, spyware, key loggers...) No protection from viruses, spyware, key loggers, network intrusions... None. Supported Users 10 Nodes 25 Nodes Unlimited Nodes 10 Nodes 25 Nodes Unlimited Nodes 10 Nodes 25 Nodes Unlimited Nodes Interfaces 7 Ethernet 7 Ethernet 7 Ethernet Firewall Operating System OS Standard OS Standard OS Standard SonicOS Enhance Upgradeable Firewall Throughput 90 Mbps 90 Mbps 90 Mbps Gateway Anti-Virus Throughput 8 Mbps 8 Mbps 8 Mbps Intrusion Prevention Throughput 8 Mbps 8 Mbps 8 Mbps TCP Connections 6,000 6,000 6,000 Technical Support 90-days, 8x5 (1) Full Year (1) Full Year Policies 100/250* 100/250* 100/250* 3DES/VPN Throughput 30+ Mbps 30+ Mbps 30+ Mbps Site-to-Site Tunnels 2/10/10 2/10/10 2/10/10 VPN clients (max) 5/50/50 5/50/50 5/50/50 VPN clients (included) optional upgrade/1/1 optional upgrade/1/1 optional upgrade/1/1 Security Zones * * * Gateway AV Service Optional Optional (1) Full Year Anti-Spyware Protection Optional Optional (1) Full Year Intrusion Prevention Optional Optional (1) Full Year Object-based Management * * * Policy-based NAT * * * WAN/WAN Failover * * * ISP Failover * * * WAN Load Balancing * * * Wireless Services * * * Integrated Access Point NA NA NA Integrated Analog Modem NA NA NA Optional Port Spam Blocking * * * Voice over IP Support   *With SonicOS Enhanced upgrade ¹Firewall throughput measured using UDP traffic at 1518 byte packet size adhering to RFC 2544 ²Gateway AV/Spyware/IPS throughput measured using HTTP traffic ³VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544

Want to Learn More?

 Visit the SonicWALL TZ 170 main home page

Contact our technical sales team toll-free 866-469-9255

Find additional articles on the TZ 170 series

Subscribe to our articles to receive more articles like this one.

So you have your new DSL Internet connection and now you need protection.  This article will highlight the firewall security provided by the SonicWALL line of firewalls for DSL modem connections.

DSL Provider Compatibility

Before you make a firewall selection you should first check to make sure the SonicWALL firewall is compatible with your DSL provider.  As of the date of this posting we can confirm the SonicWALL firewall will work with the following providers:

AT&T High Speed DSL	NetZero DSL	Time Warner RoadRunner DSL
BellSouth FastAccess DSL	Quest DSL	Verizon DSL
EarthLink DSL	SBC / Yahoo! DSL	Plus many others ...

Selecting the Right Firewall for Your DSL Connection

• How many computers on your network?
• Do you have Internet accessible servers (e.g. web, ftp or email server)
• Will you be providing remote access to your network?
• How heavily will the users on your network use the Internet?

We recommend you read through our SonicWALL Firewall Buyer's Guide to assist you with narrowing down your firewall choices.

Problems you May Run Into

• MTU Settings - MTU is a fancy tech acronym that describes how much data you can send in a single packet.  Depending on your provider they may implement a MTU setting that will you want to use.  If your MTU settings do not match then your performance will suffer.  Typically an ADSL MTU is 1460 and a SDSL MTU is 1492.
  
• NAT Running on DSL Modem - If you don't plan on running Internet accessible servers or providing remote access to your network then this will not affect you.  Most DSL providers by default will install a DSL modem with NAT enabled.  If you plan on doing VPN or hosting your servers locally the firewall will need to be the device that provides NAT.  A simple call to your DSL provider should solve this problem for you. 

Want to Learn More?

 Browse our list of DSL compatible firewalls

 Contact our knowledgeable sales team for assistance choosing your firewall solution

 

Who is the target audience for the PRO 2040?
The PRO 2040, the entry-level appliance in our highly acclaimed PRO Series, is ideal for small to medium-sized network environments that require the same ease-of-use and affordability offered by our TZ Series, with the performance and features offered by our PRO Series. The product is well suited for value-conscious small business and remote office deployments that do not require the hardware and software features of the SonicWALL PRO3060/4060.

What is the minimum version of firmware the PRO 2040 will run?
The PRO 2040 ships with SonicOS Standard and can be upgraded via license to SonicOS Enhanced (hereafter referred in this document as ‘SonicOSs’ and ‘SonicOSe’, respectively). The PRO 2040 cannot run any of the older 6.x firmware releases, nor can it run the older SonicOS 1.x firmware. Updated versions of the SonicOSs and SonicOSe firmware are available to customers who have registered the device for the first 90 days. After 90 days, a software support contract may be purchased in order to receive SonicOS updates.

Is SonicOS’s management interface different from the 6.x firmware releases?
Yes, it has a new look and feel, is better organized, and is more intuitive. Users of SonicWALL’s 6.x firmware will find it easy to understand, and will be completely comfortable with using SonicOS, whether it’s the Standard
edition, or the Enhanced edition. The management GUI for SonicOS uses the same button-and-tab menu system that SonicWALL has used for years, and is accessible from any modern web browser (IE 6.x, Mozilla 1.x,
Opera 7.x, Netscape 6.2).

How do I upgrade a PRO 2040 running SonicOSs to SonicOSe?
Please refer to the technote ‘SonicOS Standard to Enhanced How-To’ for a complete discussion on this topic. A future version of SonicOS Enhanced will have the onboard capability to convert preferences from SonicOS
Standard to Enhanced, but there is no ETA for this version at present.

Can I downgrade a PRO 2040 running SonicOSe to SonicOSs?
Yes, but your SonicOSe preferences are not convertible to SonicOSs (the advanced objects in SonicOS 2.1e cannot be mapped onto the SonicOSs preference structure). If you downgrade a PRO 2040 from SonicOS
2.1e to SonicOSs, the device will not retain its settings and will reboot with the factory default settings.

How do I get firmware for the PRO 2040?
SonicOS Standard and SonicOS Enhanced are available to customers for 90 days after they have registered their devices on the https://www.mysonicwall.com customer portal, and for customers who have valid support contracts. After 90 days, customers must purchase a support contract in order to continue to receive firmware updates and new versions.

What features do I get when I upgrade to SonicOS Enhanced?
􀂃 ISP Fail-Over. The PRO 2040 ensures continuous uptime for Internet and IPSec VPN connectivity by failing over to a second ISP link should the primary link fail. Through ISP Fail-Over, the PRO 2040 delivers highly reliable network connectivity for constant access to critical data.

􀂃 WAN Redundancy and Load Balancing. The PRO 2040 offers the ability to configure either the ‘X2’ or ‘X3’ port as a secondary WAN port for greater redundancy and network performance. This secondary WAN port
can be used in "active-active" load sharing or fail-over configuration providing a highly efficient method for maximizing total network bandwidth.

􀂃 Object-Based Management. The SonicWALL PRO 2040 allows network administrators the ability to define an object, such as a user group, network address range, service or interfaces, and then reuse that object
wherever it is needed. When security policies or object members change, the administrator can modify the object and propagate the changes instantly without redefining rules, enabling businesses to implement and
manage security policies easily and consistently.

􀂃 Policy-Based NAT. While continuing to provide standard NAT (many-to-one) functionality, the SonicWALL PRO 2040 also exposes control of NAT policies to administrators for one-to-one NAT, many-to-many NAT,
one-to-many NAT, inbound Port Address Translation (PAT), flexible NAT (for overlapping IP addresses) as well as NAT policies on selective source/destination/source translations. As a result, network administrators have more control and flexibility to support and manage various NAT requirements – including performing NAT across VPN tunnels.

􀂃 Security Zones. Users are able to assign interfaces to security zones, and apply policy to/from the zone instead of having to create policy for each interface. It’s also possible to enforce security policies on traffic
to/from VPN tunnels.

􀂃 Hardware Fail-over. Two PRO 2040 devices can be placed in active/passive pair, utilizing a dedicated 100Mbps link to synchronize the devices, with the ability to monitor specified interfaces for failure.

What VPN enhancements are in SonicOS Enhanced?
􀂃 Definable IKE Identities – It’s now possible to specify the firewall’s IKE identity and the expected remote peer IKE identity. This feature was once hidden from the user’s control, and changed depending upon how
the WAN interface was addressed. This method made interoperating with certain manufacturers rather difficult, so it is now possible to control what is sent and what is expected. Users can now specify that the IKE Identities be an IP Address, or an Email Address, or a Domain Name (FQDN).

􀂃 Definable Source & Destination Networks – It’s now possible to define network address objects, group those objects together, and then assign those objects as the source and destination networks to exchange
when a VPN tunnel is established. In previous versions of firmware, the firewall did not allow the user to specify which source & destination networks were exchanged during a VPN tunnel negotiation. This feature
allows the user to control exactly which subnets are exchanged with remote peers.

􀂃 Multiple Interface Binding – It’s now possible for both WAN interfaces to initiate and respond to VPN tunnel requests. In previous versions of firmware, the VPN tunnels appeared to terminate on the WAN or WLAN
ports, but in reality they were bound to the LAN port.

􀂃 NAT & Firewall rules for VPN Traffic – It’s now possible to drive all incoming and outgoing VPN traffic through the zone security policy and the NAT policy. This allows users to restrict traffic to and from VPN
tunnels, and to perform NAT on traffic before it goes into a VPN tunnel, or after it leaves a VPN tunnel on the way to a zone.

􀂃 GroupVPN Allowed Networks Policy – It’s now possible to control which destination networks are exchanged with SonicWALL’s Global VPN Client 2.x. When creating users and groups, the user can define which network objects are bound to a specific group or user. When a GlobalVPN Client attempts to make a connection to the SonicWALL, the firewall examines the user name that is passed to it during XAUTH authentication. It first checks the user’s group, then checks the user account to see if there are additional networks allowed. Please note that the allowed destination networks feature is an additive system and not
a restrictive system. This means that whatever group or user destination networks policy has the most networks will be passed to the client.

Will there be a preferences converter tool for older SonicWALL firmware (6.x) to SonicOS  and OSe?
A future version of SonicOS Enhanced will have the onboard capability to convert preferences from SonicOS Standard to Enhanced, but there is no ETA for this version at present. Please note that while it is possible to import a prefs file from 6.4 or 6.5 into a device running SonicOS 2.1s, importing a prefs file from 6.4 or 6.5 into a device running SonicOS is **not** supported.

Can I install SonicOSs or SonicOSe on older SonicWALL models?
SonicWALL is currently investigating porting SonicOSs to select older models, but has not made any concrete plans to do so at this time. SonicOSe will not be provided on older models.

Is ‘SonicOS ’ harder to use?
There are new features that allow SonicOSe to meet the needs of more complex networks, but the interface is intuitive for the network professional. SonicWALL has attempted to provide configuration controls that are as easy to use as possible, but some of the Enhanced firmware functions such as ‘NAT Policy’, ‘WAN/WAN Active Load Balancing’, and ‘NAT/VPN rules on VPN tunnels’ require careful programming in order to perform as desired.

Can I manage my PRO 2040 remotely using SonicWALL Global Management System (GMS)?
Yes, the PRO 2040 running SonicOSs or SonicOSe can be centrally managed using SonicWALL’s awardwinning GMS version 2.6 and newer.

Can I operate my PRO 2040 with the cover removed?
NO! The cooling systems in the PRO 2040 rely on the cover being installed and in place in order to provide proper ventilation for the processors onboard. Operating either model with the cover removed can cause permanent damage to the processors and motherboard, and void the warranty. Do not power up your PRO 2040 with the cover removed.

What kinds of processors are in the PRO 2040?
The PRO 2040 uses a 800MHz VIA C3 as its main processor, which handles all I/O, firewall, and packet processing functions. All cryptographic and hashing mechanisms are offloaded to a Cavium Nitrox co-processor. The Nitrox coprocessor is capable of processing AES, 3DES/DES, MD5/SHA-1, and ESP all in hardware, dramatically increasing the encryption speeds of the PRO 2040 in comparison with older PRO-Series devices.

How much memory is in the PRO 2040?
The PRO 2040 contains 128 MB DRAM and 64 MB secure compact flash. While both memory modules are removable, SonicWALL does not allow the memory modules to be replaced or upgraded in the field. Removing or
otherwise altering the memory in the PRO 2040 will void the warranty. Adding additional memory to the PRO 2040 is not currently supported.

What is ‘secure’ compact flash?
The secure compact flash encrypts and protects the SonicOS firmware. The compact flash (CF) used in the PRO 2040 provides the fastest data transfers rates currently available with the CF format, with sustained read rates of 6MBps and burst rates of up to 16.6MBps. Since the contents of the flash are encrypted, it is not possible to read the contents of the flash with a CF reader, nor is it possible to take the flash from one SonicWALL device and install it in another SonicWALL device.

How many interfaces are in PRO 2040?
The PRO 2040 has four 10/100 auto-sensing Ethernet ports located on the front of the device, labeled ‘X0’ to ‘X3’. The LAN port and zone are permanently attached to the ‘X0’ port, and the primary WAN port and zone are permanently attached to the ‘x1’ port. The ports labeled ‘X2’ and ‘X3’ can be assigned for any purpose – they can be added as extra ports to the LAN zone, assigned as the secondary WAN port, or added to their own security zones. The ‘X3’ port can also be assigned to any of these functions, but is also the only port capable of acting as the hardware fail-over link to a backup PRO 2040 device. However, for PRO 2040 devices running SonicOSs, the ‘X3’ port is software-disabled and cannot be used until the device has SonicOSe installed. In addition a
PRO 2040 device running SonicOSs can only use the ‘X2’ port as a DMZ.

Are all the Ethernet interfaces on the PRO 2040 AutoMDIX-capable?
No, they are not.

Can the Ethernet interfaces be assigned to the same IP subnet?
No. Each interface must be assigned to a different IP subnet, and cannot be used as “switch” ports. As noted, though, interfaces can be assigned to the same security zone if the PRO 2040 is running SonicOSe.

Can I change the default IP address of the LAN interface (X0)?
Yes. The devices ship with 192.168.168.168/24 as the default IP address, but can be changed to any value. Please note that the new value will take effect as soon as the ‘OK’ button is clicked, so you will need to change the IP address of your management station to match the new IP subnet of the LAN interface, and then log back into the device to continue device setup.

Does the PRO 2040 have a console port?
Yes, the PRO 2040 has a single DB-9 console port, and a DB9 male-to-female null modem cable is included with each device. The settings for the console port are 115200 bits per second, 8 data bits, no parity, 1 stop bit, and no flow control. These settings cannot be modified at present. With SonicOSe, the CLI attached to the console port is much more functional than in previous versions of firmware, but still has limited functionality. The CLI’s capability will be greatly expanded over the next six months; the goal is to eventually offer all GUI-based configuration options via the CLI.

What are the physical specs for the PRO 2040?
􀂃 Dimensions: 1U, 17x10x1.75 (43.18 x 25.40 x 4.45 cm)
􀂃 Weight: 8.5 lbs (3.86 kg) (unit only); 15 lbs (shipping)
􀂃 Input Power: 100-240VAC, 4-2A, 60-50Hz
􀂃 Power Consumption: Nominal 80W; the power supply is 180 watt
􀂃 Environment: 40~105 f 5~40 c Humidity 10-90% non condensing
􀂃 Regulatory: FCC/ICES Class A, CE, C-Tick, VCCI Class A, BSMI Class A, MIC, NOM
􀂃 Safety: UL, cUL, TUV-GS, CB
􀂃 MTBF: 35,000 hours

Does the PRO 2040 have the same amount of fans as the PRO 3060/4060?
No, it does not. There are only two fans in the PRO 2040 -- it can lose one fan and still will continue to operate. When an onboard fan fails, the ‘Alarm’ light on the front of the device will flash on and off, the device will beep, and a warning message will be logged. Fans cannot be replaced in the field, and the device will need to be RMA’d. To maintain proper airflow and cooling, the top of the chassis must be kept securely on the PRO 2040 during operation. Operating with the chassis open voids the warranty.

How long does it take for the PRO 2040 to start up?
The average startup time from power-on to operation is approximately one minute. The device performs a number of hardware and software diagnostic check routines upon warm and cold boots to ensure the device and firmware are operational.

What exactly is a “zone”?
A zone is simply a logical grouping of one or more interfaces or subinterfaces, and is intended to make creating security policy a much simpler task. With SonicOSe, interfaces do not have the same importance in terms of how the security policy functions as they did in previous versions of firmware.

I created some zones, but they do not show up in the rules matrix – why?
Zones will not display in the access rules matrix unless an interface has been explicitly bound to the zone. Once an interface has been added to a zone, it will then show up in the matrix, and you can then write rules to/from this zone.

Is User-Level Authentication (ULA) supported in SonicOS Standard?
Yes – there’s a check box on the ‘Users > Settings’ page that, when checked, can force all systems attached the LAN and DMZ interfaces to log in and authenticate with a username and password before any traffic is allowed to pass across the device. ULA is also supported in SonicOS Enhanced, but is configured in a different manner (instead of an all-or-nothing mechanism, ULA is enforced on a fully granular, per-rule basis between security zones).

I have AV enabled on an interface, but I can’t seem to install the client on my system – why?
The AV installation is done via browser and relies on a pop-up window to install properly. If you are not able to install the SonicWALL AV Client on a system, check to see if the system’s Web browser is actively blocking popups, or that it does not have a third-party program (such as ‘Pop-Up Stopper’) that is blocking the AV installation screen. In order to install the SonicWALL AV Client, you must allow pop-ups during this process.

Can I run the PRO 2040 in transparent mode?
If the PRO 2040 is running SonicOSe (Sonic OS Enhanced), not only has transparent mode, but also Layer 2 Bridged Mode, which is a more advanced transparent type mode.  A PRO 2040 running SonicOSs is capable of running in transparent mode, so if the feature is required, this model and firmware are recommended.

How many permanent user accounts can I create?
Up to 250 unique user accounts can be created on the PRO 2040, regardless of firmware version (Standard or Enhanced). If customers need additional accounts for either device, it is advised that they forward all user/password functions to a secured RADIUS server located on the internal network.

How many user groups can I create?
With SonicOSe, up to 32 unique user groups can be created on a PRO 2040 running SonicOSe. SonicOSs does not support user groups. This may be expanded in future versions of firmware.

How many users can I put in a group?
Although there is no limit on the number of users we can add to any one group, there is actually a limit of 4,000 on the total number of group memberships that can be set.

How many destination network objects can I assign to a group or user?
There are no restrictions to the amount of network objects you can assign to a group or user, but please keep in mind that pushing an extremely high number of destination network objects to a Global VPN Client may cause problems with the underlying OS of the computer the Client is running on.

How many DHCP scopes can I create in SonicOSs and SonicOSe?
With SonicOSs, you can create a scope for the LAN and DMZ interfaces from a global pool of 512 assignable IP addresses. With SonicOSe, you can create up to 50 scopes from a global pool of 1,024 assignable IP addresses. You will need to take care not to exhaust the global pool with multiple defined ranges. Both versions allow the admin to create DHCP scopes larger than a single class C, up to the size of the global limit.

What is the difference between signed and non-signed firmware?
The PRO 2040 requires signed firmware images, unlike other SonicWALL Firewall/VPN devices. This is a new security mechanism added to the firmware to prevent tampering, and ensures that the image is both valid and originates from SonicWALL. Because of this, the PRO 2040 will not accept non-signed firmware images. All signed images end with a ‘.sig’ extension.

With SonicOS Enhanced firmware, SonicWALL has introduced a different approach to network security, one that differs substantially from older firmware versions. The new firmware introduces the concept of zone-based security policy. A “security zone” is simply a logical method of grouping one or more interfaces or subinterfaces with friendly, user-configurable names, and applying security rules as traffic passes from one zone to another zone. It’s an additional, more flexible, layer of security for the firewall. Configuration via interface alone served SonicWALL well over the past several years, but has become an outdated mode of thinking about network security. While this is a simple concept to understand when there are only two or three interfaces, it quickly becomes cumbersome as the number of interfaces increases. Clearly, users do not want to have to write explicit security policies to pass traffic from interface to interface when there are multiple interfaces in use – especially when many of these interfaces could be organized into groups that have the same rights to the network.