This guide provides instructions for basic installation and configuration of the SonicWALL TZ 100 and TZ 200 Series appliances running SonicOS.
Accessing the Management Interface
The computer you use to manage the SonicWALL TZ 100/200 series appliance must be set up to connect using DHCP, or with a static IP address in your chosen subnet. The default subnet for LAN zone ports is 192.168.168.x.
Connect your computer to the LAN (X0) port on the SonicWALL. Connect an ethernet cable from the WAN (X1) port on the SonicWALL to the LAN port on your internet router or modem.
To access the SonicOS Web-based management interface:
- Enter the default IP address of http://192.168.168.168, or the LAN IP address you chose during the Setup Wizard, in the Location or Address field of your Web browser.
- When the SonicWALL Management Login page displays, enter your username and password (default values are"admin" for user name and "password" for password).
Completing the Setup Wizard
The Setup Wizard takes you through several basic steps to get your SonicWALL TZ 100/200 series appliance configured for your network.
Change Password—Create a new password so that only you have access to the management interface. The default password is "password."
Change Time Zone—Select the correct time zone for proper updates and time-based functionality.
WAN Network Mode—Choose your method of connecting to the Internet. This information is provided by your Internet Service Provider (ISP).
WAN Settings—Required for some WAN modes. This information is also provided by your ISP.
LAN Settings—Enter custom local network address settings, or use the default values, which work well for most networks. Tip: If you changed the LAN IP of your device during the Setup Wizard, you may need to restart your computer for changes to take effect.
LAN DHCP Settings—Allow your SonicWALL TZ 100/200 series appliance to automatically connect other local computers by specifying a DHCP range, or use the default.
Ports Assignment—Configure the extra interfaces (X2-X5) for different network requirements.
At the end of the wizard, a configuration summary displays. It is recommended that you record this information.
Register Your Appliance
You must register your SonicWALL security appliance on MySonicWALL to enable full functionality.
Configuring Site-to-Site VPN using the Wizard on SonicOS Enhanced
The VPN Policy Wizard walks you step-by-step through the configuration of Site to Site VPN on the SonicWALL. After the configuration is completed, the wizard creates the necessary VPN settings for the selected VPN policy. You can use the SonicWALL Management Interface for optional advanced configuration options.
- On the System > Status page, click on Wizards
- In the Welcome to the SonicWALL Configuration Wizard page select VPN Wizard and click Next.
- In the VPN Policy Type page, select Site-to-Site and click Next.
- In the Create Site-to-Site Policy page, enter the following information:
- Policy Name: Enter a name you can use to refer to the policy. For example, MN Office.
- Preshared Key: Enter a character string to use to authenticate traffic during IKE Phase 1 negotiation.
- I know my Remote Peer IP Address (or FQDN): If you check this option, this SonicWALL can initiate the contact with the named remote peer. If you do not check this option, the peer must initiate contact to create a VPN tunnel. This device will use aggressive mode for IKE negotiation.
- Remote Peer IP Address (or FQDN): If you checked the option above, enter the IP address or Fully Qualified Domain Name (FQDN) of the remote peer (For example, boston.yourcompany.com).
- Click Next.
- In the Network Selection page, select the local and destination resources this VPN will be connecting:
- Local Networks: Select the local network resources protected by this SonicWALL that you are connecting with this VPN. You can select any address object or group on the device, including networks, subnets, individual servers, and interface IP addresses. If the object or group you want has not been created yet, select Create Object or Create Group. Create the new object or group in the dialog box that pops up. Then select the new object or group. For this example, select LAN Subnets.
- Destination Networks: Select the network resources on the destination end of the VPN Tunnel. If the object or group does not exist, select Create new Address Object or Create new Address Group. When creating an Address Object, make sure the Zone is VPN. If the remote network has multiple network segments and you wish to include this in the VPN, create multiple Address Objects and create a group to add them to. Remote Network.
- Click Next.
- In the IKE Security Settings page, select the security settings for IKE Phase 2 negotiations and for the VPN tunnel. You can use the default settings.
- DH Group: The Diffie-Hellman (DH) group are the group of numbers used to create the key pair. Each subsequent group uses larger numbers to start with. You can choose Group 1, Group 2, or Group 5. The VPN Uses this during IKE negotiation to create the key pair.
- Encryption: This is the method for encrypting data through the VPN Tunnel. The methods are listed in order of security. DES is the least secure and takes the least amount of time to encrypt and decrypt. AES-256 is the most secure and takes the longest time to encrypt and decrypt. You can choose. DES, 3DES, AES-128, or AES-256. The VPN uses this for all data through the tunnel.
- Authentication: This is the hashing method used to authenticate the key, once it is exchanged during IKE negotiation. You can choose MD5 or SHA-1.
- Life Time (seconds): This is the length of time the VPN tunnel stays open before needing to re-authenticate. The default is eight hours (28800).
- The Configuration Summary page details the settings that will be pushed to the security appliance when you apply the configuration.
- Click Apply to create the VPN.