Add to collection(s) Add to saved
  1. No category
Uploaded by jfroio

Enabling SonicWall Security Features - V1.3 - 03-01-2023

advertisement 
Enabling SonicWall Security Features
NOTE: The key security elements we want to ensure are configured are Content filtering, Gateway AntiVirus (by zone), Capture ATP, Intrusion Prevention (by zone), Anti-Spyware (by zone)
 BEFORE IMPLEMENTING THESE CHANGES, TAKE A BACKUP OF THE CURRENT CONFIGURATION
AND ATTACH IT TO THE CONFIGURATION ITEM FOR THE FIREWALL IN CONNECTWISE.
Setting up the Zones
* - Click on 'Network' -> 'Zones'.
NOTE: On TZx70 models click ‘Object’ at the top of the screen and you will see ‘Zones’ on the left side of
the screen.
* - For the LAN, WAN and WLAN zones, do the following:
* - Click the Edit button on the right for the zone.
* - Ensure the following are checked:
* - 'Enable Gateway Anti-Virus Service'.
* - 'Enable Anti-Spyware Service'.
* - 'Enable IPS'.
* - 'Enable App Control Service'.
* - Click 'OK' when done.
General
* - Go to 'Security Services' -> 'Summary' (or 'Base Setup').
NOTE: On TZx70 models click ‘Policy’ at the top of the screen and you will see ‘Security Services’ on the
left side of the screen.
* - Under 'Security Service Settings', ensure 'Security Service Setting is set to 'Maximum Security
(Recommended)'.
NOTE: On TZx70 models ensure that ‘Enhanced Security’ is enabled in the ‘Enhanced Security’ section.
* - If any changes were made, click the 'Accept' button.
CFS (Content Filter)
NOTE: If the client’s SonicWall us utilizing VOIP through the firewall, do NOT enable CFS.
* - Go to 'Security Services' -> 'Content Filter'.
* - Ensure 'Enable Content Filtering Service' is enabled.
* - If the 'Enable HTTPS Content Filtering' option is present, enable it.
* - If any changes were made, click the 'Accept' button.
Client AV Enforcement
* - We do not license this client component.
Client CF Enforcement
* - We do not license this client component.
Gateway Anti-Virus
* - Go to 'Security Services' -> 'Gateway Anti-Virus'.
* - In the 'Gateway Anti-Virus Global Settings' section ensure that 'Enable Gateway Anti-Virus’ is
enabled.
* - In the ‘Cloud Anti-Virus Global Settings’ section ensure that ‘Enable Cloud Anti-Virus Database’ is
enabled.
* - In the protocols section, ensure HTTP and FTP are checked for ‘Enable Inbound Inspection’. If the
client has on-prem Exchange, also include IMAP, SMTP and POP3.
* - If any changes were made, click the 'Accept' button.
Intrusion Prevention
* - Go to 'Security Services' -> 'Intrusion Prevention'.
* - In the 'IPS Global Settings' section, ensure 'Enable IPS' is checked.
* - Under 'Signature Groups', Select 'Prevent All' AND 'Detect All' for the 'High Priority Attacks’ and
'Medium Priority Attacks' signature groups.
* - If any changes were made, click the 'Accept' button.
CATP
* - First need to ensure it is enabled. Logon to MySonicWall (via the firewall) and select a data center,
select San Jose.
* - Then go to Capture ATP -> Settings. On some models it is under 'Security Services' -> 'Capture ATP'.
* - In the 'Basic Setup Checklist' section, if Capture ATP is not enabled, click on ‘Enable Capture ATP
Analysis’.
* - If 'Gateway Anti-Virus' is not enabled, enable it, and then click on 'manage settings'. This will bring
you to the 'Gateway Anti-Virus' page, see the 'Gateway Anti-Virus' section above on how to configure
this.
* - If 'Cloud Anti-Virus Database' is not enabled, enable it, and then click on 'manage settings'. This will
bring you to the 'Gateway Anti-Virus' page, see the 'Gateway Anti-Virus' section above on how to
configure this.
* - In the 'Inspected Protocols' do not show green checkmarks for HTTP, FTP (and IMAP, SMTP and POP
for on-prem Exchange clients) for inbound, click on 'manage settings' and enable these protocols for
inbound.
* - If any changes were made, click the 'Accept' button.
Anti-Spyware
* - Go to 'Security Services' -> 'Anti-Spyware'.
* - In the 'Anti-Spyware Global Settings' section, ensure 'Enable Anti-Spyware' is checked.
* - Under 'Signature Groups', Select 'Prevent All' AND 'Detect All' for the 'High Danger Level Spyware'
and 'Medium Danger Level Spyware' signature groups.
* - If any changes were made, click the 'Accept' button.
RBL Filter
Note: Would only enable this for clients with on-premise email (i.e. Exchange).
* - Go to 'Security Services' -> 'RBL Filter'.
* - In the 'Real-time Black List Settings' section, ensure 'Enable Real-time Black List Blocking' is checked.
* - Confirm the DNS servers are properly configured.
* - In the 'Real-time Black List Services' section, ensure the listed RBL services are enabled.
* - If any changes were made, click the 'Accept' button.
Geo-IP Filter
NOTE: This section will vary by client as some clients may do business with other countries.
* - Go to 'Security Services' -> 'GEO-IP Filter'.
* - Click on the 'Countries' tab.
* - Select the countries you want to block from the 'Allowed Countries' list on the left and drag them
into the 'Blocked Countries' box (you can select multiples at once).
NOTE: By default, all countries are allowed.
* - Enable 'Block All UNKNOWN countries'.
* - Click on the 'Settings' tab.
* - Enable 'Block connections to/from countries selected in the Countries tab'.
* - If any changes were made, click the 'Accept' button.
NOTE: See https://www.sonicwall.com/support/knowledge-base/geo-ip-filter-status-shows-countrydatabase-not-downloaded/170503604870742/ for instructions on downloading the country database
from SonicWall.
Botnet Filter
* - To enable this filter, go to 'Security Services' -> 'Botnet Filter'.
* - Enable 'Block connections to/from Botnet Command and Control Servers'.
* - If any changes were made, click the 'Accept' button.
Related documents
how to sign up for quizizz instructions
how to sign up for quizizz instructions
Download
advertisement