SonicWALL Global Security Client Administrators Guide

COMPREHENSIVE INTERNET SECURITY ™
OOSonicWALL Global Security Client

Administrator's Guide
Table of Contents
Preface ......................................................................................1
Copyright Notice ................................................................................... 1
Limited Warranty .................................................................................. 1
About this Guide ........................................................................3
Guide Conventions ............................................................................... 3
Icons Used in this Guide ....................................................................................... 3
SonicWALL Technical Support ............................................................. 4
SonicWALL Global Security Client ............................................5
Global Security Client Features ............................................................ 5
How SonicWALL Global Security Client Works .................................... 6
Installing Global Security Client ................................................7
Connecting to Your Corporate Network ....................................8
SonicWALL Global VPN Client Enterprise ........................................... 8
Creating the VPN Connection Policy .................................................... 9
Using the New Connection Wizard ..................................................... 10
Enabling Your VPN Connection ......................................................... 14
Entering a Pre-Shared Key ................................................................................. 17
Selecting a Certificate ......................................................................................... 17
Disabling a VPN Connection .............................................................. 18
SonicWALL Distributed Security Client ...................................19
Standalone and Managed Mode ........................................................ 20
Configuring Local Policy ..........................................................21
Security .............................................................................................. 21
Protection ........................................................................................................... 22
Attacks ................................................................................................................ 22
Anti-IP (Anti-IP Spoofing) ................................................................................... 22
Anti-MAC (Anti-MAC Spoofing) .......................................................................... 22
Stealth (Stealth Mode Browsing) ........................................................................ 22
Port Scanner (Port Scan Detection) ................................................................... 23
Pre-Start ............................................................................................................. 23
NetBIOS Protection ............................................................................................ 23
Advanced Rules ................................................................................. 24
Creating a Rule ................................................................................................... 24
Modifying Rules .................................................................................................. 25
Deleting a Rule ................................................................................................... 26
Defining Rule Priority .......................................................................................... 26
SonicWALL Global Security Client Administrator’s Guide Page 1

Application Rules ................................................................................ 26
Adding an Application ......................................................................................... 27
Modifying an Application Rule ............................................................................ 27
Deleting an Application Rule .............................................................................. 27
NetBIOS Settings ............................................................................... 27
Log Settings ....................................................................................... 29
Logs .................................................................................................... 30
Event Viewer ...........................................................................31
Configuring Log Properties ................................................................. 32
Managing Log Files ............................................................................ 32
Customizing Log Views ...................................................................... 32
Customizing the Event Viewer Window Layout .................................. 32
Configuring Security Policies with the Policy Editor ................33
Accessing the Policy Editor (Firmware 6.6.x) ..................................... 34
Accessing the Policy Editor (SonicOS 2.1.x) ...................................... 35
Getting Help ....................................................................................... 35
Global Security Client>Summary ............................................36
Editing a Security Policy ..................................................................... 37
Deploying a Security Policy ................................................................ 37
Global Security Client>Groups and Services ..........................38
Policy Polling Frequency .................................................................... 38
Services .............................................................................................. 38
Configuring the Distributed Security Client .............................39
General Settings ................................................................................. 39
Security .............................................................................................. 39
Anti-IP (Anti-IP Spoofing) ................................................................................... 40
Anti-MAC (Anti-MAC Spoofing) .......................................................................... 40
Port Scanner (Port Scan Detection) ................................................................... 40
Stealth (Stealth Mode Browsing) ........................................................................ 40
Pre-Start ............................................................................................................. 40
NetBIOS Protection ............................................................................................ 40
Advanced Rules ................................................................................. 41
Specifying the Default Action .............................................................................. 41
Adding a Rule ..................................................................................................... 42
Modifying or Deleting a Rule .............................................................................. 42
Applications ........................................................................................ 43
Allowing or Blocking Applications ....................................................................... 43
Deleting an Application ....................................................................................... 43
Adding an Application ......................................................................................... 43
Page 2 SonicWALL Global Security Client Administrator’s Guide

Enforcing Distributed Security Client Activation ......................44
SonicOS 2.1.x .................................................................................... 45
Firmware 6.6.x .................................................................................... 46
Global VPN Client Enterprise License Sharing .................................. 47
SonicOS 2.1.x ..................................................................................................... 47
Firmware 6.6.x .................................................................................................... 48
Global Security Client Licensing .............................................50
mySonicWALL.com ............................................................................ 50
Activating Global Security Client Licenses on Your SonicWALL ........ 51
SonicOS 2.1.x ..................................................................................................... 51
Firmware 6.6.x .................................................................................................... 51
Index .......................................................................................53

Preface
Copyright Notice
©
2004 SonicWALL, Inc. All rights reserved.
Under the copyright laws, this manual or the software described within, can not be copied, in
whole or part, without the written consent of the manufacturer, except in the normal use of the
software to make a backup copy. The same proprietary and copyright notices must be affixed
to any permitted copies as were affixed to the original. This exception does not allow copies
to be made for others, whether or not sold, but all of the material purchased (with all backup
copies) can be sold, given, or loaned to another person. Under the law, copying includes
translating into another language or format.
SonicWALL is a registered trademark of SonicWALL, Inc.
Other product and company names mentioned herein can be trademarks and/or registered
trademarks of their respective companies.
Specifications and descriptions subject to change without notice.
Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any
case commencing not more than ninety (90) days after the original shipment by SonicWALL),
and continuing for a period of twelve (12) months, that the product will be free from defects
in materials and workmanship under normal use. This Limited Warranty is not transferable
and applies only to the original end user of the product. SonicWALL and its suppliers' entire
liability and Customer's sole and exclusive remedy under this limited warranty will be
shipment of a replacement product. At SonicWALL's discretion the replacement product may
be of equal or greater functionality and may be of either new or like-new quality. SonicWALL's
obligations under this warranty are contingent upon the return of the defective product
according to the terms of SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress,
damaged by accident, abuse, misuse or misapplication, or has been modified without the
written permission of SonicWALL.

DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL
EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES
INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT,
SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, LAW, USAGE,
OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT
ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT
BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY
PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS
ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT
APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU
MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO
JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set
forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A
REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN
NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHER
PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT,
OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE
DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY
ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE
EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer,
whether in contract, tort (including negligence), or otherwise, exceed the price paid by
Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its
essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW
LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE
ABOVE LIMITATION MAY NOT APPLY TO YOU.

About this Guide
Welcome to the SonicWALL Global Security Client Administrator’s Guide. This manual
provides the information you need to successfully activate, configure, and administer
SonicWALL Global Security Client 1.0 running on Windows 2000 (SP3), Windows XP Home,
and Windows XP Professional (SP1) operating systems as well as the Policy Editor running
on the following SonicWALL Internet Security Appliances:
• SonicWALL TZ 170 running SonicOS Standard or SonicOS Enhanced 2.1.0.0
(or higher)
• SonicWALL PRO Series (2040/3060/4060) running SonicOS Standard
or SonicOS Enhanced 2.1.0.0 (or higher).
• SonicWALL Gen3 Products running Firmware 6.6.0.0 (or higher).
You should be familiar with the features, functions, and operating characteristics of
SonicWALL Internet Security Appliances.
Guide Conventions
Conventions used in this guide are as follows:
Convention Use
Bold Highlights items you can select on the SonicWALL

Management Interface.
Italic Highlights a value to enter into a field. For example, “type

192.168.168.168 in the IP Address field.”
Menu Item>Menu Item Indicates a multiple step Management Interface menu

choice. For example, “Security Services>Content Filter
means select Security Services, then select Content Filter.
Icons Used in this Guide

These special messages refer to noteworthy information, and include a symbol for quick
identification:
Alert! Important information that cautions about features affecting Global Security Client
performance, security features, or causing potential problems with your SonicWALL.
Tip! Useful information about security features and configurations of your Global Security
Client.

Note: Important information on a feature that requires callout for special attention.
SonicWALL Technical Support

For timely resolution of technical support questions, visit SonicWALL on the Internet at
<http://www.sonicwall.com/services/support.html>. Resources are available to help you
resolve most technical issues or contact SonicWALL Technical Support.
Phone: (408) 752.7819 (North America).

For international support phone numbers visit
<http://www.sonicwall.com/services/contact.html>
E-mail: support@sonicwall.com

SonicWALL Global Security Client
The SonicWALL Global Security Client combines gateway enforcement, central
management, configuration flexibility and software deployment to deliver comprehensive
desktop security for remote/mobile workers and corporate networks. It offers administrators
the capability to manage a mobile/remote user’s online access, based on corporate policies,
to ensure optimal security of the network and maximize network resources. Instant
messaging, high-risk Web sites and network file access can all be allowed or disallowed as
security and productivity concerns dictate. Different remote/mobile users can be organized
into adaptable groups with differing policies at a granular level.
SonicWALL Global Security Client delivers a low-maintenance solution to allow network
administrators to secure mobile users. Residing on the remote user’s system, the Global
Security Client automatically communicates with an organization’s SonicWALL gateway back
at the office when an individual logs in to the network. Prior to allowing network access, the
gateway administrator automatically updates the Global Security Client with the latest
security policies and software updates. No prompting or intervention is necessary by the
administrator or the remote user - it’s completely seamless and transparent.
Global Security Client protection includes the SonicWALL Distributed Security Client and the
SonicWALL Global VPN Client Enterprise combined with centrally managed security policies
via the SonicWALL Internet Security Appliance and SonicWALL’s industry-leading
Distributed Enforcement Architecture (DEA).
Global Security Client Features

• Multi-Pronged Protection - extends the boundaries of security by protecting the
corporate network and remote/mobile workers from malicious attacks that occur over the
Internet.
• Enhanced Application Security - provides an additional layer of security by protecting
organizations against legal liabilities that occur when employees accidentally or
intentionally run applications from the Internet that have been designated as “untrusted”
by the network administrator.
• Policy Management - enables network administrator’s to create, distribute and manage
global security policies for remote and mobile users from a central location. Once a new
policy is created, it is seamlessly distributed to every system on the network with no
end-user interaction required. Configuration options include specifying the minimum
application version, policy levels and behavior for clients not in compliance.
• Gateway Enforcement - enforces security policies at the gateway to ensure the
end-user’s system is in compliance before being granted access to the network. Users
without the Global Security Client installed on their systems must contact their
administrator.
• Scalable Architecture - features a unique client/gateway enforcement architecture that
delivers comprehensive security, scaling from the individual telecommuters and mobile
users up to larger, more diverse deployments with a worldwide mobile workforce.

• Low Total Cost of Ownership - addresses the needs of organizations looking to deploy
comprehensive desktop security to remote/mobile workers and corporate networks while
delivering a lower total cost of ownership through automated policy enforcement and
software distribution at the gateway.
• Easy-to-Use Local Interface - includes an intuitive user interface that seamlessly
integrates multiple applications and presents the administrator with a status page and
optional configuration functionality, offering enhanced ease of use.
• Application Reporting - includes application reporting to provide network administrators
with data on the status of the application, as well as the ability to monitor for unusual
activities and perform troubleshooting.
How SonicWALL Global Security Client Works

The security administrator logs into the SonicWALL gateway to create security policies for all
Global Security Clients using the intuitive Policy Editor interface. The Policy Editor allows the
security administrator to create, edit, and deploy security policies that are automatically
enforced by the SonicWALL gateway. When a remote user logs into the corporate network
using the Global VPN Client Enterprise, the SonicWALL gateway seamlessly updates the
user’s security policy for the Distributed Security Client to ensure the client is in full
compliance with corporate security policies while establishing a secure VPN connection via
the Global VPN Client Enterprise.

SonicWALL’s Distributed Enforcement Architecture (DEA) technology enables the policy
enforcement capabilities that provide the framework for the Global Security Client’s complete
security solution for all remote and network desktops. SonicWALL’s DEA technology enables
the automatic installation of new software components, changes the configuration of different
components, verifies version information, forces updates of components, informs the user
which components do not meet the policy requirements, and provides user authentication for
policy enforcement.
Installing Global Security Client

The SonicWALL Global Security Client package includes the Distributed Security Client and
Global VPN Client Enterprise. Global Security Client supports Microsoft Windows 2000 (SP
3 or later) and Windows XP (SP1).
Alert! Remove any personal firewall product currently running on your computer before installing
the SonicWALL Global Security Client.
Alert! If you have the SonicWALL Global VPN Client installed on your system, you must uninstall
the existing program and reboot before installing the Global Security Client package.
To install the SonicWALL Global Security Client, follow these steps:
1. Click on GSC.msi. The File Download dialog is displayed.
2. Click Open. The SonicWALL Global Security Client Setup Wizard is displayed. Click
Next to continue.
3. In the License Agreement page, select I Agree and then click Next.
4. In the Select Installation Folder page, use the default installation folder or click Browse
to specify a different location. Click Next.
5. In the Confirm Installation page, click Next to install the Global Security Client. The
Global Security Client installation begins.
6. In the Installation Complete page, click Close.
7. Click Yes to restart your computer.

Connecting to Your Corporate Network
After you install the SonicWALL Global Security Client on your computer, you can easily
establish a secure VPN connection to your corporate network. Double-clicking on the
SonicWALL Global Security Client icon on the Windows taskbar status area displays the
SonicWALL Global Security Client window.
This window includes three icons: Event Viewer, Distributed Security Client, and
SonicWALL Global VPN Client. You can also access the Distributed Security Client and
SonicWALL Global VPN Client Enterprise programs from the Windows>Programs menu.
SonicWALL Global VPN Client Enterprise

The SonicWALL Global VPN Client Enterprise creates a Virtual Private Network (VPN)
connection between your computer and the corporate network to maintain the confidentiality
of private data. The Global VPN Client Enterprise provides an easy-to-use solution for
secure, encrypted access through the Internet or corporate dial-up facilities for remote users,
as well as secure wireless networking for SonicWALL SOHO TZW clients using SonicWALL’s
WiFiSec technology.
The Global VPN Client Enterprise is built on the SonicWALL Global VPN Client with the
added feature of allowing organizations to share a group of Global VPN Clients across
multiple VPN gateways that are contained within a single license sharing group.

Note: See the SonicWALL Global VPN Client 2.1 Administrator’s Guide located at
<http://www.sonicwall.com/services/documentation.html> for complete information on
installing, configuring, and managing the Global VPN Client.
Custom developed by SonicWALL, the Global VPN Client Enterprise combines with
GroupVPN on SonicWALL Internet Security Appliances to dramatically streamline VPN
deployment and management. Using SonicWALL’s Client Policy Provisioning technology, the
SonicWALL administrator establishes the VPN connections policies for the Global VPN
Clients. The VPN configuration data is transparently downloaded from the SonicWALL VPN
Gateway (SonicWALL Internet Security Appliance) to Global VPN Clients, removing the
burden of provisioning VPN connections from the user.
Creating the VPN Connection Policy

The New Connection Wizard quickly guides you through the process of locating the source
of your configuration information and automatically downloads the VPN configuration
information over a secure IPSec VPN tunnel. You can configure your Global VPN Client
Enterprise for two VPN connection scenarios:
• Remote Access - Choose this scenario if you want secure access to a remote VPN
gateway from any wired or wireless network. The most common use of this scenario is
when you are at home or on the road and want access to the corporate network. You
enter the IP address or Fully Qualified Domain Name (FQDN), for example
gateway.yourcompany.com, of the VPN gateway and the Global VPN Client Enterprise
automatically downloads the VPN connection policy from the remote SonicWALL VPN
gateway.
Alert! If you are configuring the Global VPN Client Enterprise for Remote Access, make sure you
have the IP address or FQDN of the remote SonicWALL VPN gateway and an active
Internet connection or dial-up Internet access before using the New Connection Wizard.
• Office Gateway - Choose this scenario if you want secure access to a local
SonicWALL SOHO TZW wireless network. When you create an Office Gateway VPN
connection, it appears as the Peer entry of <Default Gateway> in the SonicWALL
Global VPN Client window. You can use this single Office Gateway VPN connection
policy to roam securely across SOHO TZW wireless networks.
Alert! If you are configuring the Global VPN Client Enterprise for Office Gateway, make sure your
wireless card is configured with the correct SSID information to access the SonicWALL
SOHO TZW before using the New Connection Wizard.

Using the New Connection Wizard
1. Double-click the SonicWALL Global VPN Client icon in the SonicWALL Global Security
window or choose Start>Programs>SonicWALL Global VPN Client. The first time you
open the SonicWALL Global VPN Client, the New Connection Wizard automatically
launches.
2. If the New Connection Wizard does not display, click the New Connection Wizard icon
on the far left side of the toolbar to launch the New Connection Wizard. Click Next.

3. In the Choose Scenario page, select Remote Access or Office Gateway and then click
Next. Click on View Scenario to view a diagram of each type of VPN connection.

4. If you selected Remote Access in the Choose Scenario page, the Remote Access
page is displayed. Type the IP address or FQDN of the gateway in the IP Address or
Domain Name field. The information you type in the IP Address or Domain Name field
appears in the Connection Name field. If you want a different name for your connection,
type the new name for your VPN connection policy in the Connection Name field. Click
Next.

5. If you selected Office Gateway in the Choose Scenario page, the Completing the New
Connection Wizard page is displayed.
6. In the Completing the New Connection Wizard page select any of the following
options:
Select Create a desktop shortcut to this connection, if you want to create a shortcut
icon on your desktop for this VPN connection.
Select Enable this connection when the program is launched, if you want to
automatically establish this VPN connection when you launch the SonicWALL Global
VPN Client Enterprise.
7. Click Finish. The new VPN connection policy appears in the SonicWALL Global VPN
Client window.

Enabling Your VPN Connection
Enabling your VPN connection is easy and seamless using the Global VPN Client Enterprise.
When you enable a VPN connection, the Distributed Security Client is automatically launched
in Managed mode on your desktop. Because both your Global VPN Client Enterprise and
Distributed Security Client policies are configured and managed by the SonicWALL gateway,
you do not need to do any configuration of your Global Security Client before making your
VPN connection.
Note: If you selected Enable this connection when the program is launched in the New
Connection Wizard, the VPN connection is automatically established when you launch the
SonicWALL Global VPN Client Enterprise.
The following steps explain how to enable the VPN connection policy you created in the
previous section.
1. Double-click the SonicWALL Global Security Client icon in the Windows status area to
display the SonicWALL Global Security Client window. You can also launch the
SonicWALL Global VPN Client by choosing Start>Programs>SonicWALL Global VPN
Client.

2. Double-click the SonicWALL Global VPN Client icon in the SonicWALL Global Security
Global window. The SonicWALL Global VPN Client window is displayed.
3. Double-click the VPN connection policy or right-click the VPN connection policy icon and
select Enable from the menu.

4. Depending on the attributes for the VPN connection policy, the Enter Pre-Shared Key
or the Select Certificate dialog box may appear. See “Entering a Pre-Shared Key” on
page 17 or “Selecting a Certificate” on page 17 for instructions.
5. The VPN gateway prompts you for a username and password for authentication. In the
Enter Username and Password dialog box, type your username and password. Click
OK to continue with establishing your VPN connection.

Entering a Pre-Shared Key
If no default Pre-Shared Key is used, you must have a Pre-Shared Key provided by the
gateway administrator in order to make your VPN connection. If the default Pre-Shared Key
is not included as part of the connection policy download or file, the Enter Pre-Shared Key
dialog box appears to prompt you for the Pre-Shared key before establishing the VPN
connection.
1. Type your Pre-Shared Key in the Pre-shared Key field. The Pre-Shared Key is masked
for security purposes.
2. If you want to make sure you’re entering the correct Pre-Shared Key, check Don’t hide
the pre-shared key. The Pre-Shared Key you enter appears unmasked in the
Pre-shared Key field.
3. Click OK.
Selecting a Certificate
If the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for the
VPN connection, the Select Certificate dialog box appears. This dialog box lists all the
available certificates installed on your Global VPN Client Enterprise. Select the certificate
from the menu, then click OK. If you have a certificate that has not been imported into the
Global VPN Client Enterprise using Certificate Manager, click Import Certificate.
Note: See the SonicWALL Global VPN Client Administrator’s Guide located at
<http://www.sonicwall.com/services/documentation.html> for more information on using
the Certificate Manager.

Disabling a VPN Connection
Disabling a VPN connection terminates the VPN tunnel. Right-click the VPN connection
policy in the SonicWALL Global VPN Client window, and select Disable.

SonicWALL Distributed Security Client
The SonicWALL Distributed Security Client provides a full stateful packet inspection firewall
on the desktop as well as IDS/IDP capabilities to detect port scans, IP spoof attempts, MAC
spoof attempts, and operate in stealth mode.
Double-click the Distributed Security Client icon in the SonicWALL Global Security Client
window or select SonicWALL Distributed Security Client from the Windows Start>Programs
menu to display the SonicWALL Distributed Security Client window.
In the SonicWALL Distributed Security Client window are the two default policies for the
Distributed Security Client:
• Local policy - This policy is enabled when the Distributed Security Client is in
Standalone mode with no VPN connection enabled. This policy can be modified at any
time.
• Distributed policy - This policy is enabled when the Distributed Security Client is in
Managed mode. In Managed mode, the firewall policies are controlled by the
SonicWALL Policy Editor and cannot be modified by the user.
The currently enforced policy is noted as Enabled in the Status column of the SonicWALL
Distributed Security Client window. Clicking the Properties button on the toolbar or
choosing View>Properties displays the properties for the currently enforced security policy.
If the Distributed policy is enabled, the Distributed Security Client security policy is
managed from the SonicWALL gateway. If the Local policy is enabled, the security policy
settings are available for local configuration by the user for use when no VPN connection is
enabled.

Standalone and Managed Mode
The Distributed Security Client operates in two modes based on whether the Local policy or
Distributed policy is enabled:
• Standalone mode - This is the local policy on the client that is in place when the client is
not connected to the SonicWALL VPN gateway via the Global VPN Client Enterprise. In
Standalone mode, the Distributed Security Client local policy can be configured by the
user. When the Distributed Security Client is in Standalone mode, Standalone is
displayed in the SonicWALL Distributed Security Client window status bar.
• Managed mode - This is the policy pushed down from and enforced at the SonicWALL
gateway while the VPN tunnel is established. When the Distributed Security Client is in
Managed mode as part of a VPN connection to the SonicWALL gateway, all firewall
configuration options are under the control of the SonicWALL gateway. These firewall
policies are configured using the SonicWALL Policy Editor. The local user cannot
configure any of the Distributed Security Client settings. When the Distributed Security
Client is in Managed mode, Managed is displayed in the SonicWALL Distributed Security
Client window status bar.

Configuring Local Policy
The Local policy of Distributed Security Client can be configured by the user. This allows
you to define the firewall policy for your desktop when the Global VPN Client Enterprise is not
connected to your corporate network. The following explains the configuration options
available to Distributed Security Client users in Standalone mode.
To display the Local policy firewall settings, select Local policy and click the Properties
button on the SonicWALL Distributed Security Client window toolbar, or choose
View>Properties. The Distributed Security Client Properties window is displayed with five
tabs: Security, Advanced Rules, Application Rules, NetBIOS Settings, and Log
Settings.
Alert! These settings are configurable only if the Standalone policy is enabled. Otherwise, these
settings are managed by the Policy Editor on the SonicWALL gateway and the settings in
the Distributed Security Client Properties window are dimmed.
Security
Selecting Security displays the configurable security settings for the SonicWALL Distributed
Security Client. After making any security setting changes, click the Apply button to save
your changes.

Protection
The Protection settings define the security level provided by the Distributed Security Client.
• Allow All - Permits the transmission of all network traffic, including the Internet, to and
from your computer system via network connections. The Allow All setting still logs all
traffic that enters or exits your system.
• Block All - Prevents all information entering or leaving your computer from any outside
source. All network traffic is blocked from entering or leaving your computer.
• Normal - A configurable security setting that automatically blocks applications from
accessing to your computer except those specified in the Advanced Rules and
Application Rules pages of the Distributed Security Client Properties window.
Attacks
The Attacker Seal enables the Active Response feature, which blocks all communication
from a source host once an attack is detected. It blocks any and all traffic from that IP for the
duration specified in the Seconds field.
Anti-IP (Anti-IP Spoofing)
IP spoofing is a process used by hackers to hijack a communication session between two
computers. A hacker can send a data packet that causes Computer A to drop the
communication. Then, pretending to be Computer A, the hacker can communicate with
Computer B, thus hijacking a communication session and attempting to attack Computer B.
Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of
each communication packet, preventing a hacker from anticipating a packet and intercepting
it.
Anti-MAC (Anti-MAC Spoofing)
Like IP spoofing, hackers can use MAC spoofing to attempt to hijack a communication
session between two computers in order to hack one of the machines. MAC (media access
control) addresses are hardware addresses that identify computers, servers, routers, etc.
When Computer A wishes to communicate with Computer B, it may send an ARP (Address
Resolution Protocol) packet to the computer. The Anti-MAC spoofing feature blocks any ARP
packets sent to your computer. This way, hackers attempting to determine your MAC address
will be blocked from doing so. If you request an ARP packet, SonicWALL Distributed Security
Client will allow it.
Stealth (Stealth Mode Browsing)
Stealth mode refers to a computer that is hidden from other computers while on a network. A
computer on the Internet, for example, if in stealth mode cannot be detected by port scans or
communication attempts, such as ping. If you enable the Stealth feature, your computer will
be invisible to other computers on any network you’re connected to.

Port Scanner (Port Scan Detection)
Port scanning is a popular method that hackers use to determine which of your computer’s
ports are open to communication. Ports are dynamically blocked in the Distributed Security
Client, and are protected from hacking attempts. The Port Scanner feature detects if
someone is scanning your ports, and notifies you. If disabled, Distributed Security Client does
not detect scans or notify you of scans but still protects your ports from hacking attempts.
Pre-Start
Pre-Start prevents any traffic from entering or leaving your computer during the precious
seconds between the time that your computer turns on and the Distributed Security Client is
launched. This time frame is a small security hole that can allow unauthorized
communication. Enabling Pre-start prevents possible Trojan Horses or other unauthorized
applications from communicating with other computers. This includes initial DHCP and
NetBIOS traffic so that the agent can obtain an IP address and log on to a domain.
NetBIOS Protection
NetBIOS Protection blocks all communication from computers located outside of your
subnet range. A subnet is a group of computers that connect to the same gateway. If your
computer is located on an office network, then other computers in your office are most likely
on your subnet. If you connect to the Internet using an ISP, your subnet may be very large.
NetBIOS traffic is blocked on UDP ports 88, 137, and TCP ports 135, 139, 445, and 1026.

Advanced Rules
The Advanced Rules page allows you to create and manage firewall filter rules.
Creating a Rule
To create a firewall filter rule, you must first specify the kind of traffic that should be affected
by the rule. There are several different characteristics of traffic, each of which you can use to
specify the kind of traffic that you want to control.
Note: You can create a maximum of 32 advanced rules for the Local policy as well as the
Distributed policy from the Policy Editor.
To create a new rule, follow these steps:

1. Click New. The New Advanced Rule dialog box is displayed.
2. Enter a name for your rule in the Rule field. This is the name displayed in the Rules list.
3. Configure the following settings to specify the characteristics of the traffic.
Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound, Outbound, or Both.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address(es). To enter a range, separate the
first and last port numbers or IP addresses with a comma; for example, 59153, 59160.
4. After specifying your rule settings, click OK.
5. Click Apply to save your changes.
Modifying Rules
To modify a rule, follow these steps:
1. Select the rule in the Rules list
2. Click Edit. The Edit Advanced Rule dialog box is displayed. This dialog box includes the
same settings as the New Advanced Rule dialog box.
3. Modify any of the following settings to specify the characteristics of the traffic.
Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound, Outbound, or Both.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address(es). To enter a range, separate the
first and last port numbers or IP addresses with a comma; for example, 59153, 59160.
4. Click OK.
5. Click Apply.

Deleting a Rule
To delete a rule, select the rule in the Rules list, and then click the Delete button. Click Apply
to save your changes.
Defining Rule Priority
The first rule in the Rules list supersedes the rule below it. You can rearrange the order of
your rules by selecting the rule and then clicking the Up or Down button.
Application Rules
The Application Rules page allows you to configure security settings for each application on
your application list by setting certain restrictions on which IPs and Ports an application can
use.
Applications listed with a checkbox in the bottom section of the Application Rules page were
discovered by the Distributed Security Client as running. The default configuration is to allow
these applications to run. To block any of these applications, click on the checkbox
associated with the application. Click the Block button to move application (s) up to the
Applications list. Click Apply to save your changes.

Adding an Application
1. Click New. The New Application Rule dialog box is displayed.
2. Click the Browse button to locate the executable application file on your system.
3. Enter trusted IP addresses or IP ranges in the Trusted Host IP Address (es) field. This
IP address or range of IP addresses become trusted for this application. This means that
anything arriving from this IP address or range of IP addresses are trusted if the traffic is
in the form of the specified application.
4. Select Allow or Block from the Action menu to specify whether you want to allow or
block the traffic for this application.
5. Enter the TCP and UDP port or port range(es) in the TCP Port and UDP Port fields in
the Local and Remote sections that can be utilized for this application.
6. After specifying your rule settings, click OK.
7. Click Apply to save your changes.
Modifying an Application Rule
To modify an application rule, see “Modifying Rules” on page 25.
Deleting an Application Rule
To delete an application, select the application in the Application list, and then click Delete.
Click Apply to save your changes.
NetBIOS Settings
The NetBIOS Settings page displays the network interfaces on your computer recognized
and protected by the Distributed Security Client. The SonicWALL Virtual Adapter entry is
the interface for the SonicWALL Global VPN Client Enterprise application.

The NetBIOS Settings page allows you to enable or disable Windows Browse and Share
networking services for each network interface. Check the Enable box to enable the service
on the interface or unselect the Enable checkbox to disable the service.

Log Settings
The Log Settings page allows you to specify the maximum, Security Log, and Traffic Log
file size and the days to keep the log file. The default Maximum log file size for all three logs
is 512K. The default Days to keep is 30 days. To change any log setting, enter the new
Maximum log file size and/or Days to keep values, and then click Apply.

Logs
In the Distributed Security Client, a log is a record of information attempting to enter or exit
your computer through your network connection. Logs are an important method for tracking
your computer’s activity and interaction with other computers and networks. They are
particularly useful in detecting potentially threatening activity, such as port scanning, which is
aimed at your computer.
To view these logs, click the Logs button on the Distributed Security Client window toolbar
and select either Security or Traffic or choose View>Logs.
• The Security log records potentially threatening activity directed towards your computer,
such as port scanning, or denial of service attacks. This log is probably the most
important log file in the Distributed Security Client.
• The Traffic log records every packet of information that enters or leaves a port on your
computer.

Event Viewer
Double-clicking the Event Viewer icon in the SonicWALL Global Security Client window
displays the Event Viewer window.
The Event Viewer window provides access to the following Global Security Client event logs:
• Application - Contains events logged by applications or programs.
• Security - Records events such as valid and invalid logon attempts, as well as events
related to resource use such as creating, opening, or deleting files or other objects.
• System - Contains events logged by Windows system components. For example, the
failure of a driver or other system component to load during startup is recorded in the
system log. Records all operational changes, such as the starting and stopping of
services, detection of network applications, software configuration modifications, and
software execution errors. This log is especially useful for troubleshooting.
• SonicWALL Global Security Client - Displays Global Security Client events
categorized as Information, Error, Success Audit or Warning.
Note: The Application, Security, and System Event Viewer functions are part of the Windows
operating system. See your Windows documentation for more information on the Event
Viewer.

Configuring Log Properties
Select the Event Log you want to configure, then click the Properties button on the Event
Viewer window toolbar or select Action>Properties. The Properties window for the log is
displayed.
The General tab provides settings for storing and naming the log file, log size, and log
actions. The Filter tab provides the settings for defining what log events are captured.
These settings are the same for all log event categories, except the options in the Event
source menu.
Managing Log Files

The following are common log file management options available from the Action menu in
the Events Viewer window:
• Saving Log Files - You can save a log file by selecting the event log, then choosing
Action>Save Log File As. Navigate to where you want to store the log file, enter a name
for your log file in the File name field, then click Save. The file is saved with the .evt
filename extension.
• Exporting a Log - You can export a log file as a text file by choosing Action>Export
List. Select the text formatting options from the Save as type menu, and click Save. You
can also click on the Export List button on the toolbar.
• Renaming a Log - You can rename a log file by choosing Action>Rename.
• Clearing a Log - You can clear a log of all events by choosing Action>Clear all Events.
• Opening a Log File - To open an existing log file, choose Action>Open Log File.
• Refreshing a Log - You can refresh a log by choosing Action>Refresh or clicking the
Refresh button on the toolbar.
Customizing Log Views

The View menu in the Event Viewer window provides the following options for changing the
way logs are displayed.
• Add/Remove Columns - Allows you to define the columns displayed for the log and in
what order they are displayed.
• All Records - Displays all records captured by the log.
• Filter - Displays the Filter tab in the Properties window for specifying the event types
captured by the log.
• Newest First - Displays the most recent events at the top of the Event Viewer.
• Oldest First - Displays the oldest events at the top of the Event Viewer.
• Find- Allows you to search the log for a specific event.
Customizing the Event Viewer Window Layout

Choosing View>Customize allows you to customize the layout of the Event Viewer window.

Configuring Security Policies with the Policy Editor
The Policy Editor and Policy Server architecture introduces the ability to configure client
policies through the SonicWALL Internet Security Appliance. The SonicWALL Administrator
defines the remote Distributed Security Client security policies from the Policy Editor.
These security policies are enforced by the SonicWALL to ensure the remote desktop is
secured by the Distributed Security Client before allowing the VPN connection via the Global
VPN Client Enterprise.
Note: You can create only a single security policy for all your Global Security Clients.
Tip! The Policy Editor settings are the same for SonicWALL Appliances running SonicOS 2.1.x
or Firmware 6.6.x.

Accessing the Policy Editor (Firmware 6.6.x)
To access the Policy Editor in the SonicWALL Management Interface:
1. Select General>Security Services.
2. Click the Activate your SonicWALL Security Service Subscription link. The
mySonicWALL.com Login page is displayed.
3. Enter your mySonicWALL.com account username and password in the User Name and
Password fields, then click Submit.
4. Click the Edit Policy button below the Manage Services Online table. The Global
Security Client>Summary page is displayed.

Accessing the Policy Editor (SonicOS 2.1.x)
To access the Policy Editor in the SonicWALL Management Interface:
1. Select System>Licenses.
2. Click the To Activate, Upgrade, or Renew services, click here link. The
mySonicWALL.com Login page is displayed.
Password fields, then click Submit.
4. Click the Edit Policy button below the Manage Services Online table. The Global
Security Client>Summary page is displayed.
Alert! The Policy Editor button appears only if you have activated your Global Security Client
licenses. See “Global Security Client Licensing” on page 50 for more information.
Getting Help
Clicking the ? on the top right of the SonicWALL Management Interface page displays online
help for the page.

Global Security Client>Summary
The Global Security Client>Summary page includes the Active Policy and Policy Being
Edited sections. The Deployed Policy section shows the current active/deployed policy, its
version and date.
The Policy Being Edited section shows the policy being edited as well as the policy Version
number and Last Modified Date of the policy. Changes can be made to policy without
deploying it until you click Deploy.

Clicking the View buttons show the policy template in XML format that is a read-only version.
You can view the current active version by clicking the View button under the Active Policy
table. You can view the policy being edited by clicking the View button under the Policy
Being Edited.
Editing a Security Policy

Clicking the Edit button in the Policy Being Edited section of the Global Security
Client>Summary page access the settings for configuring a policy.
Deploying a Security Policy

Once you have configured the security policy for the Distributed Security Clients, you can
deploy the policy by clicking Deploy, and then do the following:
• If your SonicWALL is running SonicOS 2.1.x - to make the newly deployed policy take
effect immediately, do a synchronization by selecting the Security Services>Summary
page, and then clicking the Synchronize button in the Security Services Settings
section.
• If your SonicWALL is running Firmware 6.6.x - to make the newly deployed policy take
effect immediately, do a synchronization by selecting the General>Security Services
page, and then clicking the Synchronize button in the Security Services Configuration
section.

Global Security Client>Groups and Services
Clicking the Edit button in the Policy Being Edited table displays the Groups and Services
page.
Policy Polling Frequency

Policy Polling Frequency defines the frequency the SonicWALL checks the policy on all
clients. The default value is 60 minutes. After you deploy a policy and click on the
Synchronize button in the Security Services Settings section, the new policy is obtained
by all connected Global Security Clients according to the value in the Policy Polling
Frequency field.
Services
The Services section lists the available services for the Global Security Client with access to
the configuration options for the service. Clicking on the Edit icon (SonicOS) or the Edit
button (Firmware 6.6.x) in the Configure column for Distributed Security Client allows you to
configure security policies enforced by the Policy Editor for Distributed Security Clients on the
remote desktops.

Configuring the Distributed Security Client
Clicking the Notepad icon for Distributed Security Client in the Services table on the
Groups and Services page, displays the Distributed Security Client page. This page
includes the settings for configuring the client Distributed Security Client policy enforcement
options.
General Settings
The Version menu allows you to define what version of the Distributed Security Client the
client must be running to allow remote access. You can choose a specific version or latest
from the Version menu.
Security
The Security section allows you to specify the Distributed Security Client security features to
enforce on your clients. These settings correspond to those that are listed in the desktop
Distributed Security Client client when it is in Standalone mode.
Each Security feature has a default setting, but you can specify Enable or Disable for each
Security feature in the Action column to make any changes to your Distributed Security
Client policy.

Anti-IP (Anti-IP Spoofing)
IP Spoofing is a process used by hackers to hijack a communication session between two
computers. A hacker can send a data packet that causes Computer A to drop the
communication. Then, pretending to be Computer A, the hacker can communicate with
Computer B, thus hijacking a communication session and attempting to attack Computer B.
Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of
each communication packet, preventing a hacker from anticipating a packet and intercepting
it.
Anti-MAC (Anti-MAC Spoofing)
Anti-MAC Spoofing is like IP spoofing, hackers can use MAC spoofing to attempt to hijack a
communication session between two computers in order to hack one of the machines. MAC
(media access control) addresses are hardware addresses that identify computers, servers,
routers, etc. When Computer A wishes to communicate with Computer B, it may send an ARP
(Address Resolution Protocol) packet to the computer. The anti-MAC spoofing feature blocks
any ARP packets sent to your computer. This way, hackers attempting to determine your
MAC address will be blocked from doing so. If you request an ARP packet, SonicWALL
Global Security Client will allow it.
Port Scanner (Port Scan Detection)
Port scanning is a popular method that hackers use to determine which of your computer’s
ports are open to communication. Ports are dynamically blocked in Global Security Client,
and are protected from hacking attempts. This feature detects if someone is scanning your
ports, and notifies you. If disabled, Global Security Client will not detect scans or notify you
of them but will still protect your ports from hacking attempts.
Stealth (Stealth Mode Browsing)
Stealth mode is a term used to describe a computer that is hidden from other computers while
on a network. A computer on the Internet, for example, if in stealth mode cannot be detected
by port scans or communication attempts, such as ping. If you enable this feature, your
computer will be invisible to other computer on any network you’re connected to.
Pre-Start
Pre-Start prevents any traffic from entering or leaving your computer during the precious
seconds between the time that you machine turns on and the Distributed Security Client is
launched. This time frame is a small security hole that can allow unauthorized
communication. Enabling this feature prevents possible Trojan Horses or other unauthorized
applications from communicating with other computers.
NetBIOS Protection
NetBIOS Protection blocks all communication from computers located outside of your
subnet range. A subnet is a group of computers that connect to the same gateway. If your
computer is located on an office network, then other computers in your office are most likely
on your subnet. If you connect to the Internet using and ISP, your subnet may be very large.
NetBIOS traffic is blocked on UDP ports 88, 137, and TCP ports 135, 139, 445, and 1026.

Alert! Because this option can interfere with the functioning of Windows applications, it is
recommended that only users who have a firm understanding of Windows and DLLs enable
this feature.
Advanced Rules
The Advanced Rules section allows you to specify rules for special Distributed Security
Client filtering. You create new rules by clicking on the Add button. You can arrange the order
of rules in the Advanced Rules table by clicking on the Up or Down links in the Configure
column.
Specifying the Default Action

The Default Action menu allows you to select the default security level of the SonicWALL
Distributed Security Client. You can choose one of the following options:
• Normal - A configurable security setting that automatically blocks applications from
accessing your computer except those specified in Advanced Rules and Application
Rules.
• Block All - Prevents all information entering or leaving your computer from any outside
source. All network traffic is blocked from entering or leaving your computer.
• Allow All - Permits the transmission of all network traffic, including the Internet, to and
from your computer system via network connections. The Allow All setting still logs all
traffic that enters or exits your system.

Adding a Rule
1. Click the Add button. The Advanced Rule window is displayed.
2. Enter the new rule name in the Name field.

3. Select the Protocol option (TCP, UDP, or ICMP) from the Protocol menu.
4. Specify the local and/or remote port number or range in the Port/Type field. Separate the
beginning and ending port numbers in a range with a comma.
5. Enter the IP address or IP address range in the IP field.
6. Select Inbound, Outbound or Both from the Direction menu.
7. Select Allow or Block from the Action menu to specify the traffic direction of the filter
action.
8. Click Apply. The new rule is displayed in the Advanced Rules table in the Global
Distributed Security Client page
The Advanced Rules table displays all your added rules by Name, Protocol, Port/Type, IP,
Direction, and Action.
Modifying or Deleting a Rule
Clicking the Notepad icon in the Configure column (SonicOS) or the Edit button (Firmware
6.6.x) allows you to edit the rule.

Clicking the Trashcan icon in the Configure column (SonicOS) or the Delete button
(Firmware 6.6.x) deletes the rule.
Applications
The Applications section allows the administrator to allow or block specific applications on
the client desktop for use through the VPN connection.
Allowing or Blocking Applications

The Applications table displays a set of default common applications that you can Allow or
Block in the Action column.
Deleting an Application
You can delete an application by clicking the Trashcan icon in the Delete column (SonicOS)
or the Delete button (Firmware 6.6.x).
Adding an Application
You can add additional applications to block or allow. To add an application, follow these
steps:
1. Enter the executable filename for the application in the Executable Name field.
2. Enter an optional description of the application in the Description field.
3. Click the Add Application button. The application is added to the Applications table.
4. Specify Allow or Block in the Action column of the Applications table.
5. Click Apply.

Enforcing Distributed Security Client Activation
For VPN connections from SonicWALL Global VPN Client Enterprise clients, you configure
the GroupVPN settings on the SonicWALL Gateway. To enforce the use of the Distributed
Security Client in conjunction with the Global VPN Client Enterprise client, you enable the
Require Distributed Security Client for this Connection to enforce the Distributed
Security Client for the specified VPN connection.
Note: See your SonicWALL Administrator’s Guide for complete GroupVPN configuration
instructions.

SonicOS 2.1.x
To require and enforce the Distributed Security Client policy on the Global VPN Client
Enterprise user’s desktop before allowing a VPN connection, follow these steps to configure
the GroupVPN policy on your SonicWALL:
1. Select the VPN>Settings page in the SonicWALL Management Interface.
2. Click the Notepad icon for GroupVPN in the VPN Policies table. The VPN Policy
window is displayed.
3. Click the Client tab.
4. Check Require Distributed Security Client for this Connection.

5. Click OK.

Alert! If the Global Security Client is not activated on your SonicWALL, you cannot enable
Require Distributed Security Client, and an error message is displayed.
If a Global VPN Client Enterprise user without the SonicWALL Distributed Security Client
activated attempts to make a VPN connection to a SonicWALL VPN Gateway with the
Require Distributed Security Client for this Connection enabled, the error message “The
connection <connection name> Requires SonicWALL Distributed Security Client
enabled before it can be completed. Please contact your network administrator.”
Firmware 6.6.x
To require and enforce the Distributed Security Client policy on the Global VPN Client
Enterprise user’s desktop before allowing a VPN connection, follow these steps to configure
the GroupVPN policy on your SonicWALL
1. Select the VPN>Configure page in the SonicWALL Management Interface.
2. Click the Client Settings button. The VPN Client Settings window is displayed.
3. Check Require Distributed Security Client for this Connection.

4. Click OK.
5. Click Update.

Global VPN Client Enterprise License Sharing
License Sharing allows you to distribute the Global VPN Client Enterprise among multiple
SonicWALL gateways. License sharing assigns a License Sharing Group (LSG) to a
SonicWALL from which this feature is activated. You can then add other SonicWALLs to the
LSG, by their serial numbers and assign them Global VPN Client Enterprise licenses from the
pool of remaining available licenses in the LSG.
SonicOS 2.1.x
To set up a License Sharing Group for the Global VPN Client Enterprise on a SonicWALL
running SonicOS 2.1.x, follow these steps:
1. In the System>Licenses page of the SonicWALL Management Interface, click the click
here in To Activate, Upgrade, or Renew services click here in the Manage Security
Services Online. The mySonicWALL Login page is displayed
Password fields, then click Submit. The System>Licenses page is displayed. If your
SonicWALL is already connected to your mySonicWALL.com account, the
System>Licenses page appears.
3. Click Share in the Manage Service column for Global VPN Client Enterprise in the
Manage Services Online table.
4. Click the Share button.
5. Type the serial number of the SonicWALL that you want to share licenses from in the
Please enter serial number of the appliance, you want to add to your License
Sharing Group field.
6. Click Submit. The SonicWALL is added as the Group Creator to the License Sharing
Group.
Tip! The SonicWALL appliance must be registered at <http://www.mysonicwall.com> before it

can be added to the License Sharing Group.
7. To add a SonicWALL that you want to distribute licenses, enter the SonicWALL serial
number in the Appliance SN field and click Add. The SonicWALL is added to the License
Sharing Group.
8. To distribute licenses between the SonicWALLs, type the number of licenses you want
to share for the second SonicWALL into the Licenses field, and click Update. Repeat for
each SonicWALL appliance. The distributed number of licenses is displayed for each
SonicWALL.
Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group.
To share previously activated licenses among multiple SonicWALLs, contact SonicWALL
technical support.

You can also remove a SonicWALL appliance or redistribute the number of licenses between
the SonicWALL appliances. To remove a SonicWALL appliance, click Remove next to the
SonicWALL serial number. To redistribute licenses, type the new number of licenses into the
License field and click Update. Repeat for each SonicWALL appliance.
The License Availability information changes as you change the license distribution or add
more SonicWALLs.
Firmware 6.6.x
To set up a License Sharing Group for the Global VPN Client Enterprise on a SonicWALL
running Firmware 6.6.x, follow these steps:
1. In the General>Security Services page of the SonicWALL Management Interface, click
SonicWALL Security Service Subscription in the Security Services Activation
section. The mySonicWALL Login page is displayed.
Password fields, then click Submit. The General>Security Services page is displayed.
If your SonicWALL is already connected to your mySonicWALL.com account, the
System>Licenses page appears.
3. Click Share in the Manage Service column for Global VPN Client Enterprise in the
4. Click the Share button.
5. Type the serial number of the SonicWALL that you want to share licenses from in the
Please enter serial number of the appliance, you want to add to your License
Sharing Group field.
6. Click Submit. The SonicWALL is added as the Group Creator to the License Sharing
Group.
Tip! The SonicWALL appliance must be registered at <http://www.mysonicwall.com> before it

can be added to the License Sharing Group.
7. To add a SonicWALL that you want to distribute licenses, enter the SonicWALL serial
number in the Appliance SN field and click Add. The SonicWALL is added to the License
Sharing Group.
8. To distribute licenses between the SonicWALLs, type the number of licenses you want
to share for the second SonicWALL into the Licenses field, and click Update. Repeat for
each SonicWALL appliance. The distributed number of licenses is displayed for each
SonicWALL.
Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group.
To share previously activated licenses among multiple SonicWALLs, contact SonicWALL
technical support.

You can also remove a SonicWALL appliance or redistribute the number of licenses between
the SonicWALL appliances. To remove a SonicWALL appliance, click Remove next to the
SonicWALL serial number. To redistribute licenses, type the new number of licenses into the
License field and click Update. Repeat for each SonicWALL appliance.
The License Availability information changes as you change the license distribution or add
more SonicWALLs.

Global Security Client Licensing
The SonicWALL Global Security Client allows you to install the Global VPN Client Enterprise
and Distributed Security Client. SonicWALL Global VPN Client Enterprise is licensed on a per
connection basis. That means a 5 pack of Global Security Client gives the customer 5
concurrent Global VPN Client Enterprise connections on the SonicWALL. SonicWALL
Distributed Security Client licensing is licensed on a per client basis. A 5 pack of Global
Security Client allows you to install Distributed Security Client on 5 computers. The
Distributed Security Client license is for subscription.
If you do not have SonicWALL Global Security Client activated on your SonicWALL, you must
purchase Global Security Client from a SonicWALL reseller or your mySonicWALL.com
account (limited to customers in the USA and Canada only).
mySonicWALL.com
mySonicWALL.com delivers a convenient, one-stop resource for registration, activation, and
management of your SonicWALL products and services. Your mySonicWALL.com account
provides a single profile to do the following:
• Register your SonicWALL Internet Security Appliances
• Purchase/Activate SonicWALL Security Services and Upgrades
• Receive SonicWALL firmware and security service updates and alerts
• Manage (change or delete) your SonicWALL security services
• Access SonicWALL Technical Support
Creating a mySonicWALL.com account is easy and FREE. Simply complete an online
registration form. Once your account is created, you can register SonicWALL Internet
Security Appliances and activate any SonicWALL Security Services associated with the
SonicWALL.
Your mySonicWALL.com account is accessible from any Internet connection with a Web
browser using the HTTPS (Hypertext Transfer Protocol Secure) protocol to protect your
sensitive information. You can also access mySonicWALL.com license and registration
services directly from the SonicWALL management interface for increased ease of use and
simplified services activation.
If you activated Global Security Client at mySonicWALL.com, the Global Security Client,
activation is automatically enabled on your SonicWALL within 24-hours or you can click the
Synchronize button on the Security Services>Summary page to update your SonicWALL.

Activating Global Security Client Licenses on Your SonicWALL
If you have the Activation Key for your SonicWALL Global Security Client and a
mySonicWALL.com account, use the following steps to activate the Global Security Client
from the SonicWALL Internet Security Appliance management interface.
SonicOS 2.1.x
1. In the System>Licenses page of the SonicWALL Management Interface, click the click
here in To Activate, Upgrade, or Renew services click here in the Manage Security
Services Online.
2. In the mySonicWALL Login page, enter your mySonicWALL.com account username
and password in the User Name and Password fields, then click Submit. The
System>Licenses page is displayed. If your SonicWALL is already connected to your
mySonicWALL.com account, the System>Licenses page appears.
Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed
Security Client licenses. You enter the Activation Key for the Distributed Security Client and
the Global VPN Client Enterprise license is automatically added.
3. Click Upgrade in the Manage Service column for Distributed Security Client in the
4. Type the Activation Key in the New License Key field for each Global Security Client
(Distributed Security Client and Global VPN Client Enterprise).
5. Click Submit. Your Global Security Clients are activated. The number of Global VPN
Client Enterprise and Distributed Security Client licenses appear in the Count column of
the Manage Services Online table on the System>Licenses page. The expiration date
for the Distributed Security Client is displayed in the Expiration column.
Firmware 6.6.x
1. In the General>Security Services page of the SonicWALL Management Interface, click
SonicWALL Security Service Subscription in the Security Services Activation
section. The mySonicWALL Login page is displayed.
2. In the mySonicWALL Login page, enter your mySonicWALL.com account username
and password in the User Name and Password fields, then click Submit. The
System>Licenses page is displayed. If your SonicWALL is already connected to your
mySonicWALL.com account, the Manage Services Online page appears.
Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed
Security Client licenses. You enter the Activation Key for the Distributed Security Client and
the Global VPN Client Enterprise license is automatically added.

3. Click Upgrade in the Manage Service column for Distributed Security Client in the
4. Type the Activation Key in the New License Key field for each Global Security Client
(Distributed Security Client and Global VPN Client Enterprise).
5. Click Submit. Your Global Security Clients are activated. The number of Global VPN
Client Enterprise and Distributed Security Client licenses appear in the Count column of
the Manage Services Online table on the General>Security Services page. The
expiration date for the Distributed Security Client is displayed in the Expiration column.

Index
A
Advanced Rules 24
Creating a Rule 24
Deleting a Rule 26
Modifying a Rule 25
Application Rule
Deleting 27
Application Rules 26
Adding an Application 27
Deleting 27
Modifying an Application 27
C
Configuring the Local Policy 21
Creating a VPN Connection 9
D
Disabling a VPN Connection 18
Distributed Security Client 19
Distributed Policy 19
Local Policy 19
Managed Mode 20
Standalone Mode 20
E
Enabling a VPN Connection
Pre-Shared Secret 17
Selecting a Certificate 17
Enforcing Distributed Security Client Activation 44
Event Viewer
Customizing Log Views 32
Events Viewer 31
Application Log 31
Configuring Log Properties 32
Customizing Event Viewer Window Layout 32
Managing Log Files 32
Security Log 31
SonicWALL Global VPN Client Log 31
System Log 31

G
Global Security Client
About 5
Activating Licenses 51
Distributed Enforcement Architecture 7
Features 5
How it Works 6
Licensing 50
Global VPN Client Enterprise 8
Default Gateway 9
Enabling a VPN Connection 14
License Sharing 47
New Connection Wizard 9
Office Gateway 9
Remote Access 9
SSID 9
I
Installing Global Security Client 7
L
Log Settings 29
Security Log 29
Traffic Log 29
Logs 30
N
NetBIOS Settings 27
Browse 28
Share 28
SonicWALL Virtual Adapter 27
P
Policy Editor 33
Accessing in Firmware 6.6.0.x 34
Accessing in SonicOS 35
Adding a Rule 42
Adding an Application 43
Allowing or Blocking an Application 43
Configuring Distributed Security Client Policy 39
Deploying a Security Policy 37
Editing a Security Policy 37
Enable/Disable Security Features 39
Groups and Services 38
Policy Polling Frequency 38
Specifying Default Action 41
Summary 36
Version Control 39

S
Security 21
Anti-IP Spoofing 22
Anti-MAC Spoofing 22
Attacker Seal 22
NetBIOS Protection 23
Port Scanner 23
Pre-Start 23
Protection Settings
Allow All 22
Block All 22
Normal 22
Stealth Mode Browsing 22

SonicWALL,Inc.
1143 Borregas Avenue T: 408.745.9600 www.sonicwall.com
Sunnyvale,CA 94089-1306 F: 408.745.9300
© 2004 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be
trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
P/ N 232- 000510- 00
Rev A 03/ 04

SonicWALL Global Security Client Administrators Guide

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

SonicWALL Global Security Client Administrators Guide

Hochgeladen von

Copyright:

Verfügbare Formate

COMPREHENSIVE INTERNET SECURITY ™

OOSonicWALL Global Security Client

SonicWALL Global Security Client Administrator’s Guide Page 1

Page 2 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 3

SonicWALL Global Security Client Administrator’s Guide Page 1

Page 2 SonicWALL Global Security Client Administrator’s Guide

Bold Highlights items you can select on the SonicWALL

Italic Highlights a value to enter into a field. For example, “type

Menu Item>Menu Item Indicates a multiple step Management Interface menu

Icons Used in this Guide

SonicWALL Global Security Client Administrator’s Guide Page 3

SonicWALL Technical Support

Phone: (408) 752.7819 (North America).

Page 4 SonicWALL Global Security Client Administrator’s Guide

Global Security Client Features

SonicWALL Global Security Client Administrator’s Guide Page 5

How SonicWALL Global Security Client Works

Page 6 SonicWALL Global Security Client Administrator’s Guide

Installing Global Security Client

SonicWALL Global Security Client Administrator’s Guide Page 7

SonicWALL Global VPN Client Enterprise

Page 8 SonicWALL Global Security Client Administrator’s Guide

Creating the VPN Connection Policy

SonicWALL Global Security Client Administrator’s Guide Page 9

Page 10 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 11

Page 12 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 13

Page 14 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 15

Page 16 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 17

Page 18 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 19

Page 20 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 21

Page 22 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 23

Page 24 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 25

Page 26 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 27

Page 28 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 29

Page 30 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 31

Managing Log Files

Customizing Log Views

Customizing the Event Viewer Window Layout

Page 32 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 33

Page 34 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 35

Page 36 SonicWALL Global Security Client Administrator’s Guide

Editing a Security Policy

Deploying a Security Policy

SonicWALL Global Security Client Administrator’s Guide Page 37

Policy Polling Frequency

Page 38 SonicWALL Global Security Client Administrator’s Guide

SonicWALL Global Security Client Administrator’s Guide Page 39

Page 40 SonicWALL Global Security Client Administrator’s Guide