SonicWALL防火墙说明

SonicWALL 防火墙 HA 配置网络连接如下图所示：SonicWALL HA是Active/Passive方式的HA，配置界面相当简单，所有配置只需要在主设备上配置，备用设备会自动同步主设备的配置。

配置主设备时，不要打开备用设备电源，待主设备配置完毕之后，连接好物理线路，打开备用设备电源，备用设备自动与主设备同步全部的配置信息。

注意：备用设备要和主设备采用同样的操作系统版本号。

如果备用设备启用UTM的功能，那么备用设备要提前注册，拿到全部的UTM的授权。

主设备的UTM License不会同步到备用设备。

1．进入主设备的管理界面https://192.168.168.168, 默认的LAN口IP地址，用户名是 admin, 密码password2．进入Network->Interfaces界面，配置X1口（WAN），X0口（LAN）的IP地址。

这里X1口是WAN口，IP 地址218.247.156.9, 这个地址将成为HA发生切换之后WAN口的虚拟地址，从WAN外部通过218.247.156.9能访问到当前工作的设备，即如果主设备宕机，那么通过这个地址访问到的是备用设备。

X0 口IP地址用默认的 192.168.168.168. 这个地址将成为HA发生切换之后LAN口的虚拟地址，从LAN 内部通过192.168.168.168能访问到当前工作的设备，即如果主设备宕机，那么通过这个地址访问到的是备用设备。

3．进入Hardware Failover->Setting 界面，选中Enable Hardware Failover激活HA配置，点右上角的Apply按钮使HA生效。

如果希望主设备恢复后立刻切换回到主设备工作，那么选中Enable Preempt Mode，点右上角的Apply按钮使之生效.4．进入Hardware Failover->Monitoring界面，点X0口的配置按钮，5．在Interface X0 Monitoring Settings界面的Primary IP Address, Backup IP Address分别填写主/备设备的管理IP地址。

SonicWALL防火墙标准版配置SonicWall标准版网络向导配置 (1)SonicWall标准版规则向导配置 (7)SonicWall标准版一般规则向导配置 (7)SonicWall标准版服务器规则向导配置 (12)SonicWall标准版一般规则直接配置 (15)SonicWall标准版服务器1对1 NA T配置 (18)SonicWall标准版透明模式配置 (19)SonicWall标准版网络向导配置首次接触SonicWALL防火墙设备，我们将电源接上，并开启电源开关，将X0口和你的电脑相连（注：请用交叉线），SonicWALL防火墙默认的IP地址为192.168.168.168，我们也可以通过setuptool.exe这个小工具探知SonicW ALL防火墙的IP地址。

如图所示：当网线和电源等都连接好之后，我们设置一下本机的IP地址，以便和SonicWALL防火墙处于同一个网段。

如图所示：设置好IP地址后，我们在IE浏览器的地址栏输入SonicWALL防火墙的IP地址，点next，提示我们是否修改管理员密码，暂时不修改，点next，提示我们修改防火墙的时区，我们选择中国的时区。

点next，提示我们设置W AN口的地址获取类型，这时候，我们需要和ISP相联系，并选择相关的类型，这里以静态地址为例：我们点next，输入相关的信息，IP地址、掩码、网关、DNS服务器等，如果不知道此处该如何设置，请和你的ISP联系。

点next，提示我们设置LAN口的IP和掩码，我们根据自己的规划和网络的实际情况设置，此处我没有修改。

点next，防火墙询问我们在LAN口是否开启DHCP server的功能，并是否是默认的网段，我们可根据实际情况做调整，决定开始或关闭，以及网段地址等，如下图：点next，防火墙将把前面做的设置做一个摘要，以便我们再一次确认是否设置正确，如果有和实际不符的地方，可以点back返回进行修改。

防火墙的基本功能就是实现对于内外网之间的访问控制，和路由器及交换机产品类似，防火墙也使用一种策略的规则来实现管理，这也是一种ACL（Access Control List）。

防火墙规则是由5个部分组成，源地址、源端口、目的地址、目的端口、执行动作来决定。

SonicWALLＮＳＡ系列产品都是采用基于对象的控制方式，通过定义不同的对象，然后把它们组合到一条策略中，来实现访问规则的配置。

防火墙规则能够控制到单向访问，配置防火墙策略，首先需要判定访问方向，如果方向不对，就会出现配置好的策略不起作用，或根本无法达到应有的目的等情况。

访问方向的是按照发起方来进行判定的，如从内网访问外网的WEB网站，就属于从内网访问外网方向（LAN->WAN）。

不同方向的访问规则不会相互干扰。

常见的防火墙策略的方向分为从外网（ＷＡＮ）到内网（ＬＡＮ），从内网到外网，从内网到ＤＭＺ，从ＤＭＺ到内网，从ＤＭＺ到外网，从外网到ＤＭＺ等几种。

最常用的就是从内网（ＬＡＮ）到外网（ＷＡＮ）的策略配置，因为要控制内网的用户到外网的访问。

在配置几条策略在一个访问方向的时候，需要注意到是策略的排列，防火墙产品对于策略的匹配是有规则的，上面的规则优先于下面的规则，（上面是指在规则界面中排在上方的规则），当防火墙进行策略匹配时，一旦查询到一条匹配规则，防火墙将停止向下查询。

如果同时需要做几个规则，需要考虑这几条规则的逻辑关系。

SonicWALL NSA产品在出厂默认情况下，规则是从安全级别高的区域，如内网（LAN）到所有安全级别低的区域-------如外网（WAN）和DMZ--------是允许访问的，而从安全级别低的区域到安全级别高的区域，是禁止访问的。

SonicWALL UTM防火墙是基于对象管理的，防火墙规则是在各个安全区域之间定义的。

只要把一个物理端口划分到一个安全区域，在防火墙的Firewall->Access Rules界面就可以定制各个区域之间的安全规则。

SonicWALL PRO3060防火墙配置SonicWall网络向导配置 (1)SonicWall规则配置 (7)SonicWall一般规则配置 (7)SonicWall服务器规则向导配置 (10)SonicWall透明模式配置 (13)SonicWall对象配置 (16)SonicWall网络向导配置首次接触SonicW ALL防火墙设备，我们将电源接上，并开启电源开关，将X0口和你的电脑相连（注：请用交叉线），SonicWALL防火墙默认的IP地址为192.168.168.168当网线和电源等都连接好之后，我们设置一下本机的IP地址，以便和SonicWALL防火墙处于同一个网段。

如图所示：设置好IP地址后，我们在IE浏览器的地址栏输入SonicWALL防火墙的IP地址，防火墙将弹出网络配置向导界面点next，提示我们是否修改管理员密码，根据需要我们将密码设置为实际密码，点next，提示我们修改防火墙的时区，我们选择中国的时区。

点next，提示我们设置W AN口的地址获取类型，这时候，我们需要和ISP相联系，并选择相关的类型，这里以静态地址为例：点next，输入相关的信息，IP地址、掩码、网关、DNS服务器等，如果不知道此处该如何设置，请和你的ISP联系。

点next，提示我们设置LAN口的IP和掩码，我们根据自己的规划和网络的实际情况设置，此处我没有修改。

点next，设置DHCP server的相关配置，如果不开启，把勾取消即可。

点next，点apply，设置生效。

点close，回到登陆界面输入帐号密码后，点login当把配置做好以后，我们将防火墙的X1口接到ISP进来的网线上，将X0口接到内网交换机上。

SonicWall规则配置SonicWall一般规则配置这时，我们已经可以访问外网了。

此时的策略是默认允许内网的所有机器可以任意的访问外网，为了符合公司的安全策略，我们如果要相关的安全策略，限制一些访问的协议。

SonicWALL防火墙标准版配置SonicWall标准版网络向导配置 (1)SonicWall标准版规则向导配置 (11)SonicWall标准版一般规则向导配置 (11)SonicWall标准版服务器规则向导配置 (21)SonicWall标准版一般规则直接配置 (25)SonicWall标准版服务器1对1 NAT配置 (29)SonicWall标准版透明模式配置 (31)SonicWall标准版网络向导配置首次接触SonicWALL防火墙设备，我们将电源接上，并开启电源开关，将X0口和你的电脑相连（注：请用交叉线），SonicWALL防火墙默认的IP地址为192.168.168.168，我们也可以通过setuptool.exe这个小工具探知SonicWALL防火墙的IP地址。

如图所示：页脚内容1当网线和电源等都连接好之后，我们设置一下本机的IP地址，以便和SonicWALL防火墙处于同一个网段。

如图所示：设置好IP地址后，我们在IE浏览器的地址栏输入SonicWALL防火墙的IP地址，页脚内容2点next，提示我们是否修改管理员密码，页脚内容3暂时不修改，点next，提示我们修改防火墙的时区，我们选择中国的时区。

页脚内容4点next，提示我们设置WAN口的地址获取类型，这时候，我们需要和ISP相联系，并选择相关的类型，这里以静态地址为例：页脚内容5我们点next，输入相关的信息，IP地址、掩码、网关、DNS服务器等，如果不知道此处该如何设置，请和你的ISP联系。

页脚内容6点next，提示我们设置LAN口的IP和掩码，我们根据自己的规划和网络的实际情况设置，此处我没有修改。

页脚内容7点next，防火墙询问我们在LAN口是否开启DHCP server的功能，并是否是默认的网段，我们可根据实际情况做调整，决定开始或关闭，以及网段地址等，如下图：页脚内容8点next，防火墙将把前面做的设置做一个摘要，以便我们再一次确认是否设置正确，如果有和实际不符的地方，可以点back返回进行修改。

sonicwall防火墙设置方法有哪些sonicwall防火墙想要设置下!用什么方法好呢?下面由店铺给你做出详细的sonicwall防火墙设置方法介绍!希望对你有帮助!sonicwall防火墙设置方法一：假设你要把服务器192.168.3.5的80端口映射出去，其中192.168.3.5做好了花生壳(或者你外网是个固定IP)首先到network→Services里，点击添加新建一个端口。

名称：TCP80，类型TCP，端口范围80-80.然后在SonicWALL右上角你可以看到一个三角形的按钮，叫Wizards ，点击那个按钮。

在弹出的页面中选择Public Server Wizard ，点击next，Server Type选择other，Services 就选择你刚才建立的TCP80，点击下一步Server Name就是你在防火墙上看到服务器的名字(以后可以在防火墙规则以及NAT规则里看到这个)，随便起个自己认识的就行，Server Private IP Address就是你服务器的内网IP(192.168.3.5) 点击下一步之后，会出现Server Public IP Address，这个如果你是ADSL拨号的就不用管(如果是固定IP的话就填你的外网IP，不过这里一般防火墙会帮你自动填入)直接点击下一步，之后就会出来确认信息，点击apply应用设置即可。

等向导弹出结束按钮，按close退出即可。

至此，完成服务器192.168.3.5的80端口发布。

备注：默认情况下80口是被运营商封堵的，如果需要使用80端口直接打开，就必须去运营商处进行备案。

你也可以发布成其他端口，然后采用IP+端口号(例如202.96.133.22:8888)这样的进行访问。

sonicwall防火墙设置方法二：配置连接有三个基本步骤：配置SonicWALL防火墙，创建配置账户，安装和配置SonicWALL Global Client。

Organizations of all sizes depend on their networks to access internal and external mission-critical applications. As advances in networking continueto provide tremendous benefits, organizations are increasingly challenged by sophisticated and financially-motivated attacks designed to disrupt communication, degrade performance and compromise data. Malicious attacks penetrate outdated stateful packet inspection firewalls with advanced application layer exploits. Point products add layers of security, but are costly, difficult to manage, limited in controlling network misuse and ineffective against the latest multipronged attacks.By utilizing a unique multi-core design and patented Reassembly-Free Deep Packet Inspection® (RFDPI) technology*, the Dell™ SonicWALL™ Network Security Appliance (NSA) Series of Next-Generation Firewalls offers complete protection without compromising network performance. The low latency NSA Series overcomes the limitations of existing security solutions by scanning the entirety of each packet for current internal and external threats in real-time. The NSA Series offers intrusion prevention, malware protection, and application intelligence, control and visualization, while delivering breakthrough performance. With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology, the NSA Series adds security, reliability, functionality and productivity to branch offices, central sites and distributed mid-enterprise networks, while minimizing cost and complexity.Comprised of the Dell SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M, NSA 250M Wireless-N, NSA 2400, NSA 3500 and NSA 4500, the NSA Series offers a scalable range of solutions designed to meet the network security needs of any organization.Network SecurityAppliance SeriesNext-Generation Firewall• Next-Generation Firewall• Scalable multi-core hardware andReassembly-Free Deep PacketInspection• Application intelligence, controland visualization• Stateful high availability and loadbalancing• High performance and loweredtco• Network productivity• Advanced routing services andnetworking• Standards-based Voice over IP(VoIP)• Dell Sonicwall clean Wireless• onboard Quality of Service (QoS)• Integrated modules support• Border Gateway Protocol (BGP)support• More concurrent SSL VPN sessionsFeatures and benefitsNext-Generation Firewall features integrate intrusion prevention, gateway anti-virus, anti-spyware and URL filtering with application intelligence and control, and SSL decryption to block threats from entering the network and provide granular application control without compromising performance.Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, with near-zero latency across thousands of connections at wire speed.Application intelligence, control and visualization provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. Stateful high availability and load balancing features maximize total network bandwidth and maintain seamless network uptime, delivering uninterrupted access to mission-critical resources, and ensuring that VPN tunnels and other network traffic will not be interrupted in the event of a failover. High performance and lowered tcoare achieved by using the processingpower of multiple cores in unison todramatically increase throughput andprovide simultaneous inspectioncapabilities, while lowering powerconsumption.Network productivity increases becauseIT can identify and throttle or blockunauthorized, unproductive andnon-work related applications and websites, such as Facebook® or YouTube®,and can optimize WAN traffic whenintegrated with Dell SonicWALL WANAcceleration Appliance (WXA) solutions.Advanced routing services andnetworking features incorporate 802.1qVLANs, multi-WAN failover, zone andobject-based management, loadbalancing, advanced NAT modes, andmore, providing granular configurationflexibility and comprehensive protectionat the administrator’s discretion.Standards-based Voice over IP (VoIP)capabilities provide the highest levels ofsecurity for every element of the VoIPinfrastructure, from communicationsequipment to VoIP-ready devices suchas SIP Proxies, H.323 Gatekeepers andCall Servers.Dell SonicWALL clean Wirelessoptionally integrated into dual-bandwireless models or via Dell SonicWALLSonicPoint wireless access pointsprovides powerful and secure 802.11a/b/g/n 3x3 MIMO wireless, and enablesscanning for rogue wireless accesspoints in compliance with PCI DSS.onboard Quality of Service (QoS)features use industry standard 802.1pand Differentiated Services Code Points(DSCP) Class of Service (CoS)designators to provide powerful andflexible bandwidth management that isvital for VoIP, multimedia content andbusiness-critical applications.Integrated modules support on NSA250M and NSA 250M Wireless-Nappliances reduce acquisition andmaintenance costs through equipmentconsolidation, and add deploymentflexibility.Border Gateway Protocol (BGP)support enables alternate networkaccess paths (ISPs) if one path fails.More concurrent SSL VPN sessions addscalability, while extending End PointControl to Microsoft® Windows® devicesensures anti-malware and firewalls areup-to-date.Best-in-class threat protection Dell SonicWALL deep packetinspection protects against network risks such as viruses, worms, Trojans, spyware, phishing attacks, emerging threats and Internet misuse. Application intelligence and control adds highly controls to prevent data leakage and manage bandwidth at the application level.The Dell SonicWALL Reassembly-Free Deep Packet Inspection (RFDPI) technology utilizes Dell SonicWALL’s multi-corearchitecture to scan packets in real-time without stalling traffic in memory.This functionality allows threats to be identified and eliminated over unlimited file sizes and unrestricted concurrent connections, without interruption.The Dell SonicWALL NSA Series provides dynamic network protection through continuous, automated security updates, protecting against emerging and evolving threats, without requiring any administrator intervention.Dynamic security architectureand managementMobile users32Application intelligence and control Dell SonicWALL Application Intelligence and Control provides granular control, data leakage prevention, and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. An integrated feature of Dell SonicWALL Next-Generation Firewalls, it uses Dell SonicWALL RFDPItechnology to identify and control applications in use with easy-to-use pre-defined application categories (such as social media or gaming)—regardless of port or protocol. Dell SonicWALL Application Traffic Analytics provides real-time and indepth historical analysis of data transmitted through the firewall including application activities by user.1Dell SonicWALL clean VPNDell SonicWALL Clean VPN™ secures the integrity of VPN access for remote devices including those running iOS or Android by establishing trust for remote users and these endpoint devices and applying anti-malware security services, intrusion prevention and application intelligence and control to eliminate the transport of malicious threats• The SonicWALL NSA 2400 is ideal for branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance • The SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M and NSA 250M Wireless-N are ideal for branch office sites in distributed enterprise, small- to medium-sizedbusinesses and retail environmentscentralized policy managementThe Network Security Appliance Series can be managed using the SonicWALL Global Management System, which provides flexible, powerful and intuitive tools to manage configurations, viewreal-time monitoring metrics andintegrate policy and compliancereporting and application traffic analytics,all from a central location.Server Anti-Virusand Anti-SpywareServers anti-threatprotectionVPNVPNClientRemoteAccessUpgradeServiceWeb siteand contentusage control Enforced ClientAnti-Virusand Anti-SpywareClient PCs anti-threat protectionFlexible, customizable deployment options –NSA Series at-a-glanceEvery SonicWALL Network Security Appliance solution delivers Next-Generation Firewall protection, utilizing a breakthrough multi-core hardware design and Reassembly-Free Deep Packet Inspection for internal and external network protection without compromising network performance. Each NSA Series product combineshigh-speed intrusion prevention, file and content inspection, and powerful application intelligence and controlwith an extensive array of advanced networking and flexible configuration features. The NSA Series offers an accessible, affordable platform that is easy to deploy and manage in a wide variety of corporate, branch office and distributed network environments.• The SonicWALL NSA 4500 is ideal for large distributed and corporate central-site environments requiring high throughput capacity and performance • The SonicWALL NSA 3500 is idealfor distributed, branch office and corporate environments needing significant throughput capacity and performanceSecurity services andupgradesGateway Anti-Virus,Anti-Spyware, IntrusionPrevention and ApplicationIntelligence and controlService delivers intelligent,real-time network security protectionagainst sophisticated application layerand content-based attacks includingviruses, spyware, worms, Trojans andsoftware vulnerabilities such as bufferoverflows. Application intelligence andcontrol delivers a suite of configurabletools designed to prevent data leakagewhile providing granular application-level controls along with tools enablingvisualization of network traffic.Enforced client Anti-Virusand Anti-spyware (McAfee)working in conjunction withDell SonicWALL firewalls,guarantees that allendpoints have the latest versions ofanti-virus and anti-spyware softwareinstalled and active.content Filtering Serviceenforces protection andproductivity policies byemploying an innovativerating architecture, utilizingadynamic database to block up to 56categories of objectionable webcontent.Analyzer is a flexible, easyto use web-basedapplication traffic analyticsand reporting tool thatprovides powerful real-time andhistorical insight into the health,performance and security of the network.Virtual Assist is a remotesupport tool that enablesa technician to assumecontrol of a PC or laptopfor the purpose of providingremote technical assistance. Withpermission, the technician can gaininstant access to a computer using aweb browser, making it easy to diagnoseand fix a problem remotely without theneed for a pre-installed “fat” client.Dynamic Support Servicesare available 8x5 or 24x7depending on customerneeds. Features includeworld-class technicalsupport, crucial firmware updates andupgrades, access to extensive electronictools and timely hardware replacementto help organizations get the greatestreturn on their Dell SonicWALLinvestment.Global VPN clientUpgrades utilize a softwareclient that is installed onWindows-based computersand increase workforce productivity byproviding secure access to email, files,intranets, and applications for remoteusers.provide clientlessLinux-based systems. With integratedSSL VPN technology, Dell SonicWALLfirewall appliances enable seamless andsecure remote access to email, files,intranets, and applications from a varietyof client platforms via NetExtender, alightweight client that is pushed onto theuser’s machine.SonicWALL Mobile connect™,a single unified client app forApple® iOS and Google®Android™, provides smartphone andtablet users superior network-levelaccess to corporate and academicresources over encrypted SSL VPNconnections.comprehensive Anti-SpamService (CASS) offerssmall- to medium-sizedbusinesses comprehensiveprotection from spam andviruses, with instant deployment overexisting Dell SonicWALL firewalls. CASSspeeds deployment, eases administrationand reduces overhead by consolidatingsolutions, providing one-click anti-spamservices, with advanced configuration injust ten minutes.Deep Packet Inspection for of SSL-Encrypted traffic (DPI-SSL) transparentlydecrypts and scans both inbound andoutbound HTTPS traffic for threats usingDell SonicWALL RFDPI. The traffic is thenre-encrypted and sent to its originaldestination if no threats or vulnerabilitiesare discovered.Denial of Service attack prevention 22 classes of DoS, DDoS and scanning attacksKey exchange K ey Exchange IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec Route-based VPN Yes (OSPF, RIP)Certificate support Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for Dell SonicWALL-to-Dell SonicWALL VPN, SCEP Dead peer detection Yes DHCP over VPN Yes IPSec NAT TraversalYes Redundant VPN gatewayYesGlobal VPN client platforms supported Microsoft Windows 2000, Windows XP, Microsoft Vista 32/64-bit, Windows 7 32/64-bitSSL VPN platforms supportedMicrosoft Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSEMobile Connect platforms supported iOS 4.2 and higher, Android 4.0 and higherSecurity servicesDeep Packet Inspection Service Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence and Control Content Filtering Service (CFS) HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and cookie blocking bandwidth management on filtering categories, allow/forbid lists Gateway-enforced Client Anti-Virus and Anti-Spyware McAfee Comprehensive Anti-Spam Service Supported Application Intelligence Application bandwidth management and control, prioritize or block application and Control by signatures, control file transfers, scan for key words or phrasesDPI SSL Provides the ability to decrypt HTTPS traffic transparently, scan this traffic for threats using Dell SonicWALL’s Deep Packet Inspection technology (GAV/AS/IPS/ Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both clients and workingIP Address assignment Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay NAT modes1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent modeVLAN interfaces (802.1q) 25352550200Routing OSPF, RIPv1/v2, static routes, policy-based routing, MulticastQoS Bandwidth priority, maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1pIPv6Yes AuthenticationXAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix Internal database/single sign-on users 100/100 Users150/150 Users250/250 Users300/500 Users1,000/1,000 UsersVoIPFull H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devicesSystemZone security Yes SchedulesOne time, recurring Object-based/group-based management Yes DDNSYesManagement and monitoring Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v3: Global management with Dell SonicWALL GMSLogging and reporting Analyzer, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with extensions, real-time visualizationHigh availabilityOptional Active/Passive with State SyncLoad balancing Yes, (Outgoing with percent-based, round robin and spill-over); (Incoming with round robin,random distribution, sticky IP, block remap and symmetrical remap)StandardsTCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3Wireless standards802.11 a/b/g/n, WPA2, WPA, TKIP, 802.1x, EAP-PEAP, EAP-TTLS WAN acceleration supportYesFlash memory32 MB compact Flash 512 MB compact Flash3G wireless/modem * With 3G/4G USB adapter or modem — With 3G/4G USB adapter or modemPower supply 36W external Single 180W ATX power supplyFansNo fan/1 internal fan 2 internal fans 2 fansPower input10-240V, 50-60Hz Max power consumption 11W/15W 12W/16W 42W 64W 66W Total heat dissipation 37BTU/50BTU 41BTU/55BTU 144BTU 219BTU 225BTUCertificationsVPNC, ICSA Firewall 4.1 EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1, IPv6 Phase 1, IPv6 Phase 2Certifications pending EAL4+, FIPS 140-2 Level 2, IPv6 Phase 1, IPv6 Phase 2 —Form factor 1U rack-mountable/ 1U rack-mountable/ 1U rack-mountable/ and dimensions 7.125 x 1.5 x 10.5 in/ 17 x 10.25 x 1.75 in/ 17 x 13.25 x 1.75 in/18.10 x 3.81 x 26.67 cm 43.18 x 26 x 4.44 cm 43.18 x 33.65 x 4.44 cmWeight 1.95 lbs/0.88 kg/ 3.05 lbs/1.38 kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/ 5.14 kg2.15 lbs/0.97 kg3.15 lbs/1.43 kg WEEE weight V 3.05 lbs/1.38 kg/4.4 lbs/2.0kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/5.14 kg3.45 lbs/1.56 kg4.65 lbs/2.11 kgMajor regulatoryF CC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE Environment 40-105° F, 0-40° C 40-105° F, 5-40° CMTBF 28 years/15 years 23 years/14 years 14.3 years 14.1 years 14.1 yearsHumidity5-95% non-condensing 10-90% non-condensingcertificationsSpecificationsTesting methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Full DPI Performance/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Actual maximum connection counts are lower when Next-Generation Firewall services are enabled. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. Supported on the NSA 3500 and higher. Not available on NSA 2400. *USB 3G card and modem are not included. See http://www.Dell /us/products/cardsupport.html for supported USB devices. The Comprehensive Anti-Spam Service supports an unrestricted number of users but is recommended for 250 users or less. With Dell SonicWALL WXA Series Appliance.Network Security Appliance 3500 01-SSC-7016NSA 3500 TotalSecure* (1-year) 01-SC-7033Network Security Appliance 450001-SSC-7012NSA 4500 TotalSecure* (1-year) 01-SC-7032Network Security Appliance 2400 01-SSC-7020NSA 2400 TotalSecure* (1-year) 01-SC-7035Network Security Appliance 250M 01-SSC-9755Network Security Appliance 250M Wireless-N 01-SSC-9757 (US/Canada)Network Security Appliance 250M TotalSecure* 01-SSC-9747Network Security Appliance 250M Wireless-N TotalSecure*01-SSC-9748 (US/Canada)Network Security Appliance 220 01-SSC-9750Network Security Appliance 220 Wireless-N 01-SSC-9752 (US/Canada)Network Security Appliance 220 TotalSecure* 01-SSC-9744Network Security Appliance 220 Wireless-N TotalSecure*01-SSC-9745 (US/Canada)For more information on Dell SonicWALL network security solutions, please visit .*Includes one-year of Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, andApplication Intelligence and Control Service, Content Filtering Service and Dynamic Support 24x7.Security Monitoring Services from Dell SecureWorks are available for thisappliance Series. For more information, visit /secureworks。

SonicWall防火墙透明模式配置（三层交换机）用户要求防火墙配置成透明模式接入到网络，要求达到的配置
如下图示
配置步骤：
1、配置防火墙WAN网卡
2、建立透明模式下的地址对象
（注意：透明范围不能够包含了防火墙本身的地址（192.168.254.21）以及防火墙的网关地址(192.168.254.1) ，同时也不能够包含防火墙WAN口外面的地址，即如果防火墙WAN外面还有其他的地址如192.168.254.200 则Transparent Range 不能够包含该地址, 否则可能会引发安全问题！！）
3、建立内网地址对象（注意：本范例中仅示例了2 个内网网段，可根据实际情况增加）
4、建立地址对象组
5、配置内网3 层交换机的地址对象
6、配置完成后的界面显示如下：
7、配置内网地址访问外网的回程路由（必须配置！！）
8、配置防火墙LAN网卡配置透明模式
9、关闭防火墙DHCP服务器
配置完成！。

sonicwall防火墙如何设置安装了sonicwall防火墙，但不会设置，该怎么办呢?下面由店铺给你做出详细的sonicwall防火墙设置方法介绍!希望对你有帮助!sonicwall防火墙设置方法一：进入管理页面，有一个配置向导，按照那个一步步来，可以初步连接上去，在此基础上你可以再进行其他的管理配置sonicwall防火墙设置方法二：最简单的方法自然是使用向导，登录防火墙之后，右上角有个Wizards，点那个，然后进去之后选择Public Server Wizard，一步一步来就可以了，服务器类型看你要建立哪种服务器，根据需要选择后面那一页是填服务器名字，你服务器内网IP，还有备注。

最后那外网IP防火墙会根据当前WAN口IP自动填写，一般来说没必要改。

最后完成就行了，防火墙会自动创建相关规则，很方便。

如果不使用向导，就得做以下步骤：首先要设置访问规则，在防火墙filewall里的WAN→LAN，设置源IP为any，目的地址是你内网那个IP，然后服务选择相应的端口(例如是网页服务器就选择HTTP什么的，也可以自定义)。

端口any即可。

之后需要在network里做NAT策略，源地址any，不转换;目的地址是你的防火墙外网地址，转换为你的那个内网地址，端口和上面防火墙上设置的一样。

之后如果你想在内网使用外网IP来访问服务器，就需要再做NAT 策略，把内网的地址转换为公网IP，否则你无法在内网使用域名或者外网IP访问服务器(当然内网IP是可以的)。

相关阅读：sonicwall防火墙介绍优点：SonicWALL®网络安全设备(NSA)系列下一代防火墙采用了独特的多核设计以及具有专利的免重组深度包检测®(RFDPI)技术*，让您无需牺牲网络性能即可获得全方位的安全保护。

NSA系列克服了现有安全解决方案的各种局限性它能实时地对每一个数据包执行整体扫描，以检测当前出现的内部及外部威胁。

NSA系列提供了入侵防御、恶意软件保护以及应用智能、控制和可视化功能，同时提供了突破性性能。