SonicOS and SonicOSX Instruction Manual
- June 6, 2024
- SONICWALL
Table of Contents
- SonicOS/X 7
- Where Do I Find Information?
- SonicOSX Web Interface to Admin Guides Reference
- SonicOS Web Interface to Admin Guides Reference
- Guide Conventions
- Interface
- Logging into SonicOS/X
- Logging Out of SonicOS/X
- Contemporary vs Classic Web Interface
- Global Search
- Online Help
- Notification Center
- SonicOS/X Guides (Wizards)
- SSH Terminal Access
- About the Top Menu Views
- About the API and CLI
- Legal Information
- What’s New in SonicOS/X 7.0.1
- Features in Both SonicOS and SonicOSX
- Features Specific to SonicOSX
- About Unified Policies in SonicOSX
- About the Shadow Feature
- About Action Profiles
- Switch Management
- PortShield Groups
- Access Points Management
- WWAN and 4G/LTE
- Storage Device Configuration
- Features Specific to NSv
- Feature Support on NSv Series
- Changing Between SonicOS and SonicOSX
- Choosing the Mode in Fresh Deployments or Upgrades
- Changing From Classic to Policy Mode
- Changing From Policy to Classic Mode
- Features Specific to NSsp
- About Multi-Instance
- SonicWall Support
- About This Document
- Open Source Code
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
SonicOS/X 7
About SonicOS and SonicOSX for the TZ, NSa, NSv, and NSsp Series
SonicWall SonicOS and SonicOSX (SonicOS/X) run on SonicWall firewalls and provide the web management interface, API and the Command Line Interface for firewall configuration.
This guide provides information about the SonicOS and SonicOSX 7 web management interface and introduces the API and CLI interfaces. This guide also discusses SonicOS/X features, the set of administration guides, available wizards, login/logout pages, and the legal page
SonicOS and SonicOSX (SonicOS/X) 7 runs on SonicWall network security appliances (firewalls) and provides the web management interface for configuring the features, policies, and security services, updating the firmware, managing connected devices such as switches and access points, monitoring traffic/users/threats, investigating events, and much more. SonicOS/X runs on top of SonicCore, SonicWall’s secure underlying operating system.
SonicOS and SonicOSX are two modes of the same operating system, differing mainly in the areas of policy and object configuration. SonicOSX provides a unified policy configuration workflow combining Layer 2 to Layer 7 policy enforcement for security policies and optimizing the workflow for other policy types. This unified policy workflow gathers many security settings into one place, which were previously configured on different pages of the management interface in SonicOS 6.5. SonicOS 7 is more consistent with earlier releases, but is also redesigned with the new look and feel.
SonicOSX 7 is supported on SonicWall NSv and NSsp series firewalls. SonicOS 7 is supported on SonicWall TZ, NSa and NSv series firewalls. Refer to the SonicOS and SonicOSX 7.x Release Notes for the specific supported platforms.
SonicOS/X provides a modern graphical management interface that facilitates:
- Setting up and configuring your security appliance
- Monitoring the health and status of the security appliance, network, users, connections and the status of the incoming and outgoing traffic
- Configuring external devices, such as access points or switches
SonicOS/X also provides a full-featured API and a command line interface (CLI) in addition to the graphical management interface. For more information, see About the API and CLI.
For information about the SonicOS/X management interface, see About the SonicOS/X Management Interface.
Where Do I Find Information?
SonicOS and SonicOSX administration guides are available for each main menu in the left navigation pane of the SonicOS and SonicOSX web management interfaces. Within each guide, you will find topics covering each page in that menu group, with procedures and detailed information. Some guides are specific to SonicOS or SonicOSX, and some apply to both SonicOS and SonicOSX.
SonicOS and SonicOSX administration guides are published on the SonicWall Technical Documentation portal at:
https://www.sonicwall.com/support/technical- documentation/?language=English&category=Firewalls. On the left side of the page, you can select SonicOS, SonicOSX, or the firewall series of your choice: TZ,
NSa, NSv or NSsp. Then, on the right side at the top, select 7.0 as the Version. The books that apply to both SonicOS and SonicOSX have link titles starting with SonicOS/X.
For example, the _SonicOS/X 7 Tools & Monitors _administration guide covers the following main topics:
- Using Packet Monitor
- Viewing Connections
- Monitoring Core 0 Processes
- Using Packet Replay
SonicOSX Web Interface to Admin Guides Reference
SonicOSX 7 is supported on SonicWall NSv Series and NSsp Series firewalls.
Management Interface Section
Guide Name Topics Covered in this Admin Guide
HOME | Dashboard SonicOS/X 7 Dashboard Describes the key information and actionable features of the Dashboard pages, including: On all platforms:
-
* System screens: Device, Summary, Network and Threat.- Policy Overview screens: Policies, Objects, Groups, Profiles and Signatures
On NSv Series only:
-
* Capture ATP page showing Verdicts, File Types, Insights, Source IP Addresses, Analysis Depths, Attack Origins- Topology page showing Devices, IP Addresses, MAC Addresses
HOME | Legal Information
HOME | API
Wizards button in top banner
Login/Logout screens
MONITOR | Real- Time Charts
SonicOS/X 7 About SonicOS and SonicOSX
SonicOSX 7 Real-Time Charts
Provides an overview of the web management interface. Describes the Legal Information page and API page with Swagger access. Provides an overview of available wizards and of the SonicOS/X Login and Logout screens. Also describes key features, differences between SonicOS and SonicOSX, and where to find information in the set of admin guides.
Describes real-time charts on the System Monitor, Protocol Monitor, Policy Monitor, Users Monitor, and BWM Monitor (Bandwidth Management) pages.
MONITOR | AppFlow SonicOS/X 7 Monitor
AppFlow
Describes the AppFlow pages, including: On all platforms:
- AppFlow Report screens: Applications, Users, IP Addressess, Virus, Intrusions, Spyware, Locations, Botnets, Web Categories
- CTA Report screens: Generate & Download CTA Report, Advanced Options, Completed Reports
On NSv Series only:
- AppFlow Monitor screens: Applications, Users, Web Activity, Initiator IPs, Responder IPs, Threats, VoIP, VPN, Devices, Contents, Policies
- AppFlow Sessions screens: All, Threats, Web Access
MONITOR | SDWAN SonicOS/X 7 SDWan Describes NETWORK | SDWAN configuration
pages and MONITOR | SDWAN pages for Software Defined WAN features.
NETWORK | SDWAN pages include Groups, SLA Probes, SLA Class Object, Path Selection Profiles, and Rules.
MONITOR | SDWAN pages include SDWAN Monitor and SD-WAN Connections.
MONITOR | Logs SonicOS/X 7 Monitor Logs Describes the System Logs and Auditing Logs
pages.
MONITOR | Tools & Monitors
SonicOS/X 7 Tools & Monitors
Covers using Packet Monitor, viewing Connections, monitoring Core 0 Processes, and using Packet Replay.
DEVICE | Settings SonicOSX 7 Device
Settings
Configuration options and procedures for security service and support licenses, administration settings, system time settings, certificates, SNMP settings, firmware backups, upgrade, bootup options, and configuration settings export and import, and restarting the firewall.
DEVICE | Multi- Instance
DEVICE | High Availability
SonicOSX7 Multi-Instance for the NSsp Series
SonicOS/X 7 High Availability
NSsp only. Configuration options and procedures for multi-instance settings, instances, instance firmware management, and instance licenses.
Configuration options and procedures for High Availability settings. Describes HA status, settings, advanced settings and monitoring options.
DEVICE | Users SonicOS/X 7 Users Configuration options and procedures for
authentication partitioning, adding local users and
DEVICE | AppFlow SonicOS/X 7 Device
AppFlow
groups, guest accounts and services. Describes viewing status of local and guest users.
Configuration options and procedures for Flow Reporting and AppFlow Agent.
DEVICE | Log SonicOS/X 7 Device Log Configuration options and procedures for log
settings, syslog, automation, name resolution, reports, and AWS.
DEVICE | Diagnostics SonicOSX 7 Diagnostics for Configuration options and procedures for system
NSv Series diagnostics, including the Tech Support Report
SonicOSX 7 Diagnostics for (TSR), network settings, DNS lookup and reverse
NSsp Series
name lookup, network paths, using ping, using trace route, real-time blacklist, Geo-IP and botnet, making a URL rating request, PMTU discovery, terminal access, switch diagnostics (NSsp only), and policy lookup.
NETWORK | System SonicOSX 7 System Configuration options and procedures for system
networking settings, including interfaces, failover and load balancing, neighbor discovery, ARP, MAC IP anti-spoof, web proxy, VLAN translation,
IP helper, dynamic routing, DHCP server, multicast, network monitor, and AWS configuration.
NETWORK | Firewall SonicOSX 7 Network
Firewall
Configuration options and procedures for advanced firewall settings, SSL control, cipher control, and real-time-blacklist filter.
NETWORK | VoIP SonicOS/X 7 VoIP Configuration options and procedures for voice
over IP settings. Describes viewing call status and controlling calls.
NETWORK | DNS SonicOS/X 7 DNS Configuration options and procedures for Domain
Name Service settings, dynamic DNS, DNS proxy, and DNS security.
NETWORK |
Switching
NETWORK | IPSec VPN
NETWORK | SSL VPN
OBJECT | Match Objects
SonicOS/X 7 Switching Switching features are supported only on NSsp and
NSa Series. Configuration options and procedures for VLAN trunking, Layer 2 discovery, link aggregation, and port mirroring.
SonicOS/X 7 IPSec VPN Configuration options and procedures for IPSec
VPN rules and settings, advanced settings, DHCP over VPN, Layer 2 Tunneling Protocol server, and AWS VPN.
SonicOS/X 7 SSL VPN Configuration options and procedures for SSLVPN
server, client, and portal settings. Virtual Office portal access. Viewing SSL VPN status.
SonicOSX 7 Match Objects Configuration options and procedures for objects to
be used in policy rules, including object types for
zones, addresses, services, countries, applications, web categories, websites, URI lists, match patterns, custom matching, schedules, dynamic groups, and email addresses.
OBJECT | Profile Objects| SonicOSX 7 Profile Objects| Configuration options
and procedures for profile objects to be used in policy rules, including
profile objects for endpoint security, bandwidth, CFS block pages, logging and
alerts, intrusion prevention, quality of service marking, DHCP option, and
AWS.
---|---|---
OBJECT | Action Profiles| SonicOSX 7 Action Profiles| Configuration options
and procedures for action profiles to be used in policy rules, include
security action profiles and DoS action profiles.
OBJECT | Signatures| SonicOSX 7 Signatures| Viewing and refreshing anti-virus
signatures and anti-spyware signatures.
POLICY | Rules and| SonicOSX 7 Rules and| Configuration options and procedures
for security
Policies| Policies| services settings, security policies, NAT policies,
routing policies, decryption policies, DoS policies, endpoint policies.
Viewing shadow characteristics of policies.
POLICY | Capture ATP| SonicOS/X 7 Capture ATP| Configuration options and
procedures for Capture ATP settings and viewing Capture ATP scanning history.
POLICY | Endpoint| SonicOS/X 7 Endpoint| Configuration options and procedures
for endpoint
Security| Security| (client machines) security.
SonicOS Web Interface to Admin Guides Reference
SonicOS 7 is supported on SonicWall TZ Series, NSa Series and NSv Series firewalls.
Management Interface Section
Guide Name Topics Covered in this Admin Guide
HOME | Dashboard SonicOS 7 Dashboard Describes the key information and actionable
features of the four Dashboard System screens: Device, Summary, Network and Threat. Covers the Access Points dashboard for SonicWave and SonicPoint, and provides information about the Capture ATP page. Describes the Topology page with the network topology graphical display.
HOME | Legal Information
HOME | API
Wizards button in top banner
Login/Logout screens
MONITOR | Real- Time Charts
SonicOS/X 7 About SonicOS and SonicOSX
SonicOS 7 Real-Time Charts
Provides an overview of the web management interface. Describes the Legal Information page and API page with Swagger access. Provides an overview of available wizards and of the SonicOS/X Login and Logout screens. Also describes key features, differences between SonicOS and SonicOSX, and where to find information in the set of admin guides.
Describes real-time charts for System Monitor, Protocol Monitor, User Monitor, and BWM Monitor (Bandwidth Management).
MONITOR | AppFlow SonicOS 7 Monitor
AppFlow
Describes the AppFlow Report and Appflow Monitor pages.
Also, the CTA Report page provides options for Capture Threat Assessment reports and lets you generate CTA reports.
MONITOR | SDWAN SonicOS 7 SD-WAN Describes the SDWAN Monitor and SDWAN
Connections pages.
MONITOR | Logs SonicOS/X 7 Monitor Logs Describes the System Logs and Auditing Logs
pages.
MONITOR | Tools & Monitors
SonicOS/X 7 Tools & Monitors
Covers using Packet Monitor, viewing Connections, monitoring Core 0 Processes, and using Packet Replay.
DEVICE | Settings SonicOS 7 Device Settings Configuration options and procedures for security
service and support licenses, administration settings, system time settings, certificates, SNMP settings, firmware management (including upgrade, bootup options, and configuration settings export and import), storage settings and files viewing on primary and secondary M.2 storage modules, and restarting the firewall.
Storage is supported only on TZ Series and NSa Series firewalls.
DEVICE | High Availability
SonicOS/X 7 High Availability
Configuration options and procedures for High Availability settings. Describes HA status, settings, advanced settings and monitoring options.
DEVICE | Users SonicOS/X 7 Users Configuration options and procedures for adding
local users and groups, guest accounts and services. Describes viewing status of local and guest users.
On NSa, NSv and NSsp only:
-
* Partitions page to enable and configure Authentication Partitioning and add partition
DEVICE | AppFlow SonicOS/X 7 Device
AppFlow
selection policies.
Configuration options and procedures for Flow Reporting and AppFlow Agent.
DEVICE | Log SonicOS/X 7 Device Log Configuration options and procedures for log
settings, syslog, automation, name resolution, reports, and AWS.
DEVICE | Diagnostics SonicOS 7 Diagnostics for
TZ Series
SonicOS 7 Diagnostics for NSa Series
Configuration options and procedures for system diagnostics, including the Tech Support Report (TSR), network settings, DNS lookup and reverse name lookup, network paths, using ping, using trace route, real-time blacklist, Geo-IP and botnet, MX and banner, GRID check, making a URL rating request, PMTU discovery,and terminal access.
DEVICE | Switch Network
DEVICE | Access Points
SonicOS 7 Switch Network Description of graphical views of the Switch
network. Configuration options and procedures for adding and configuring SonicWall Switches.
SonicOS 7 Access Points Configuration options and procedures for wireless
access point settings, firmware management, using the floor plan view, intrusion detection (IDS), advanced intrusion and preventions (IDP), packet capture for wireless traffic, virtual access points, radio frequency monitoring and spectrum, Fairnet, WiFi multimedia, 3G/4G/LTE WWAN, Bluetooth, radio resource management. Describes viewing station status.
DEVICE | WWAN SonicOS 7 WWAN Covers 4G/LTE WWAN modem and network
status, viewing signal strength, and accessing the modem for monitoring and configuration.
NETWORK | System SonicOS 7 System Configuration options and procedures for system
networking settings, including interfaces, failover and load balancing, neighbor discovery, ARP, MAC IP anti-spoof, web proxy, PortShield groups, VLAN translation, IP helper, dynamic routing, DHCP server, multicast, network monitor, and AWS configuration.
PortShield Groups are supported only on TZ Series and NSa Series firewalls.
NETWORK | Firewall SonicOS 7 Network
Firewall
Configuration options and procedures for advanced firewall settings, DoS flood protection, SSL control, cipher control, and real-time-blacklist filter.
NETWORK | VoIP SonicOS/X 7 VoIP Configuration options and procedures for voice over
IP settings. Viewing call status and controlling calls.
NETWORK | DNS SonicOS/X 7 DNS Configuration options and procedures for Domain
Name Service settings, dynamic DNS, DNS proxy,
| and DNS security.
---|---
NETWORK | SDWAN| SonicOS 7 SDWAN| Configuration options and procedures for
SDWAN
| | groups, SLA probes, SLA class objects, path
| | selection profiles, and SDWAN rules.
NETWORK | IPSec| SonicOS/X 7 IPSec VPN| Configuration options and procedures
for IPSec
VPN| | VPN rules and settings, advanced settings, DHCP
| | over VPN, Layer 2 Tunneling Protocol server, and
| | AWS VPN.
NETWORK | SSL| SonicOS/X 7 SSL VPN| Configuration options and procedures for
SSLVPN
VPN| | server, client, and portal settings. Describes Virtual
| | Office portal access and viewing SSL VPN status.
OBJECT | Match| SonicOS 7 Match Objects| Configuration options and procedures
for objects to
Objects| | be used in policy rules, including object types for
| | zones, addresses, services, URI lists, match
| | objects, schedules, dynamic groups, and email
| | addresses.
OBJECT | Profile| SonicOS 7 Profile Objects| Configuration options and
procedures for profile
Objects| | objects to be used in policy rules, including profile
| | objects for endpoint security, bandwidth, quality of
| | service marking, content filtering, DHCP option,
| | and AWS.
OBJECT | Action| SonicOS 7 Action Objects| Configuration options and
procedures for action
Objects| | objects to be used in policy rules, including app rule
| | actions and content filter actions.
POLICY | Rules and| SonicOS 7 Rules and| Configuration options and procedures
for access
Policies| Policies| rules, NAT rules, routing rules, content filter rules,
| | app rules, and endpoint rules.
POLICY | DPI-SSL| SonicOS7 DPI-SSL| Configuration options and procedures for
client and
| | server DPI-SSL.
POLICY | DPI-SSH| SonicOS7 DPI-SSH| Configuration options and procedures for
DPI-SSH
| | settings.
POLICY | Security| SonicOS7 Security| Configuration options and procedures for
licensed
Services| Services| security services, including Gateway Anti-Virus,
| | Anti-Spyware, Intrusion Prevention, Geo-IP Filter,
| | Botnet Filter, App Control, and Content Filter.
| | Describes viewing the summary of security services
| | status.
POLICY | Anti-Spam| SonicOS7 Anti-Spam| Configuration options and procedures
for Anti-
| | Spam settings. Describes viewing Anti-Spam
| | status.
POLICY | Capture| SonicOS/X 7 Capture ATP| Configuration options and
procedures for Capture
ATP| | ATP settings and viewing Capture ATP scanning
| | history.
POLICY | Endpoint| SonicOS/X 7 Endpoint| Configuration options and procedures
for endpoint
Security Security (client machines) security.
Guide Conventions
The following text conventions are used in this guide and in the SonicOS/X administration guides:
Convention Description
Bold text Used in procedures to identify elements in the user interface like dialog boxes, windows, screen names, messages, and buttons. Also used for file names and text or values you are being instructed to select or type into the interface.
Menu view | Menu item > Menu item
Indicates a multiple step menu choice on the user interface. For example, NETWORK
| System > Interfaces means to select the NETWORK view at the top of the window, then click on System in the left navigation menu to open the menu group (if needed) and select Interfaces to display the page.
Code Indicates sample computer programming code or text to be typed in the command line interface.
< Variable> Represents a variable name within the angle brackets. The variable name and angle brackets need to be replaced with an actual value. For example in the segment serialnumber= < your serial number>, replace the variable and brackets with the serial number from your device, such as serialnumber=2CB8ED000004.
Italics Indicates the name of a technical manual. Also indicates emphasis on certain words in a sentence, such as the first instance of a significant term or concept.
- Local Management
You can manage individual SonicWall firewalls by logging into the local web- based management interface in your browser. The admin account or other full- administrator account provides access to configure every feature in SonicOS/X. Point your browser to the LAN or WAN IP address and enter the user name and password to get started.
- NSM Management
SonicWall TZ, NSa, NSv, and NSsp firewalls can be managed by SonicWall Network Security Manager (NSM) version 2.2 and higher. NSM is an application that centralizes management, reporting, and analytics for the SonicWall family of network security appliances and web services. The NSM cloud or on-premise solution automates the steps to set up an appliance and offers robust reporting and management tools.
- API Management
You can manage the firewall with API commands. SonicOS/X 7 provides complete, full-featured API support for each and every aspect of firewall management. SonicOS/X and the underlying management of the firewall is entirely API- driven.
You can access the API by clicking the link in the HOME | API page or enter the link directly into your browser, https://sonicos- api.sonicwall.com. The SonicOS/X API Swagger access page is displayed.
- CLI Management
The SonicOS/X Command Line Interface (CLI) provides a concise and powerful way to configure SonicWall network security appliances without using the SonicOS/X web-based management user interface. You can use the CLI commands individually on the command line, or in scripts for automating configuration tasks. In addition, you can copy the output of a show command and post it back as a CLI command at the prompt. This feature gives the interface even greater speed and flexibility.
- SonicExpress Mobile App Management
SonicWall SonicExpress is a mobile app that lets you easily register, set up, manage and monitor your SonicWall firewalls. To set up your new SonicWall next-generation firewall, simply launch the app, plug in the USB cable and follow instructions from the intuitive setup guide with step-by-step instructions. The SonicExpress Setup Guide is a very user-friendly way to initialize your new firewall. SonicExpress is integrated with SonicWall WiFi Cloud Manager (WCM) which simplifies wireless access point deployment, management, and monitoring.
- Capture Security Center ZeroTouch Registration and Provisioning
Capture Security Center (CSC) supports Zero Touch registration and provisioning to manage and configure your firewall.
-
* Log into CSC at [cloud.sonicwall.com ](https://cloud.sonicwall.com/)using your MySonicWall credentials.- Select the MySonicWall tile to register your firewall.
- Enable Zero Touch and NSM licensing on your firewall in MySonicWall.
- Select the Network Security Manager tile in CSC to manage your firewall from the cloud.
NOTE: This option requires a Cloud Management license.
Interface
SonicOS/X 7 is redesigned from the ground up for higher security, improved workflow and scalability, and a better user experience and ease of use. This section introduces the top level interface features.
Logging into SonicOS/X
To log into the SonicOS/X web management interface, enter the firewall IP address into your browser using HTTPS. The default X0 LAN IP address is https://192.168.168.168. The default credentials are:
- Username: admin
- Password: password
You can also log in using the WAN IP address if the WAN interface (usually X1 or X2) is configured to allow HTTPS management. SonicOS/X provides a DHCP server to give your computer an IP address in the same subnet, so there is no need to give it a static IP address before logging in.
credentials at the left.
After entering the Username and Password , click LOGIN or press Enter to log in.
NOTE: The SonicOS/X web management interface is best viewed using 1920×1080 resolution.
Logging Out of SonicOS/X
To log out of the SonicOS/X web management interface, click on the username initials at the top right corner of the banner and select Logout from the drop-down list.
In the confirmation dialog, click Continue.
The logout page is displayed.
Contemporary vs Classic Web Interface
SonicOS/X 7 provides two web management interfaces, the contemporary interface with the menu group views across the top, and the classic interface with the menu groups in the left navigation pane. Both interfaces support the same feature set on SonicOS and SonicOSX and the right-hand pages look the same.
Contemporary interface:
Classic interface:
banner to show the drop-down list and using the slider button to select Contemporary or Classic.
The interface changes immediately without asking you to confirm. You do not need to restart the system.
Global Search
SonicOS/X provides a global search feature that lets you look up elements in the web management interface, including page names, options, fields and so forth in the user interface itself, as well as configured values within features. This option to search for parameters globally helps the administrator to determine the sections, such as within Objects or Policies, in which the parameters are referenced.
Launch a search by clicking the Global Search button at the top right, in the banner.
In the Global Search dialog, type in the string to search.
category is displayed in the category tab. Below, the categories are Pages, Objects, and Rules.
Click on any result to go to that location.
Online Help
Click the lightbulb icon at the top right in the banner to access SonicOS/X online help.
Your browser opens the SonicWall technical documentation page for your appliance platform and firmware version in another tab or window. From here, you can search for a keyword or open the relevant document.
Notification Center
The SonicOS/X Notification Center provides actionable alerts with outstanding tasks to help administrators maintain their organization’s security posture. The Notification Center is accessed by clicking the alarm clock button at the top right corner in the banner.
The number of current notifications is displayed in the red circle over the button.
The Notification Center displays a list of categorized messages with colored buttons at the top showing the number of each type.
- All (Shows the total number of notifications)
- Threats
- System
- MOTD (Message of the Day)
Click a category button to display notifications of that type only.
You can search the messages by clicking the Search icon and entering the value to search for into the field.
SonicOS/X Guides (Wizards)
SonicOS/X provides easy-to-use configuration guides (wizards) to assist you with initial configuration of server access, VPN policies, wireless network and security settings, and Software-Defined WAN network settings.
Each wizard displays a sequence of screens in which you select or enter the necessary settings. To continue to the next screen, click Next. To go back and make a change, click Previous. To exit the wizard, click the X.
The Summary page displays all the objects, NAT policies, access rules, security settings, or other settings that will be created. To proceed, click Apply.
- Public Server Guide
The Public Server Guide lets you quickly configure the firewall to provide public access to an internal server.
You can select any of the following server types:
-
* Web Server- FTP Server
- Mail Server
- Terminal Services Server
- Other
If you select Other , you can select from a long list of service types or select Create new Service.
The wizard provides the well-known port(s) for known services and asks for other options required for configuration of the server. If necessary, SonicOS/X creates objects, such as a network object bound to the WAN zone for the non-default IP address of a public server.
The VPN Guide lets you quickly create a new Site-to-Site VPN policy to another SonicWall device or configure a WAN GroupVPN policy to accept incoming VPN connections from SonicWall Global VPN Client.
The Site-to Site wizard provides sequential screens in which you input preshared key information, the IP address of the remote peer, local and destination network objects, and security settings for IKE Phase 1 and IPSec Phase 2.
The WAN GroupVPN wizard provides sequential screens in which you input preshared key information, the encryption and authentication security settings, user authentication, and optionally enable the virtual adapter for obtaining DHCP addresses in the X0 range.
- Wireless Guide
The Wireless Guide lets you quickly configure the network settings and security features of the WLAN Radio Interface.
For regulatory compliance, the Wireless Guide first asks you to select the country where the wireless TZ is being deployed. Then the wizard provides sequential screens in which you input the Wireless LAN network settings, WLAN radio settings, WLAN virtual access point settings, and WLAN security settings.
The SDWAN Guide lets you quickly configure a software-defined WAN.
The SDWAN Guide provides a sequence of screens in which you input the service or application, SLA criteria for latency, jitter, and packet loss, path selection using WAN or route based VPN tunnels, and health check probes.
SSH Terminal Access
An SSH Terminal can be accessed by clicking the Terminal icon button on the top banner of the SonicOS/X web management interface.
Before initiating the Terminal, make sure that the interface has SSH enabled for management. To check, go to NETWORK | System > Interfaces and edit the WAN (usually X1) interface. On the General screen, scroll down to the MANAGEMENT options and enable SSH.
If prompted, click OK in the SSH Server warning dialog to accept the certificate.
Then, enter the administrator username and password at the prompts (default admin/password ).
The SSH terminal window is available for use with all the standard commands. Type a question mark, ‘ ? ‘, to see the list of system commands and top level commands. Press the spacebar at the –MORE– prompt to display more commands.
You can type logout or exit to end the session, or click the ‘ X ‘ in the top right corner to return to web management.
For more information about the command line interface (CLI), refer to the SonicOS/X 7 E-CLI Reference Guide , available on the technical documentation portal at https://www.sonicwall.com/support/technical- documentation.
About the Top Menu Views
The contemporary SonicOS/X 7 web management interface layout is organized into high-level, intuitive workflows, with six top-level views in a menu across the top.
The currently selected top view is marked with an orange dot. A similar orange dot marks the currently selected page in the left navigation pane.
The six top-level views are:
- HOME – The HOME view provides dashboards and graphs designed to help you quickly see the health and security status of your security appliance, connected devices, and networks. In SonicOSX, the Policy Overview page provides status information for your policies. On TZ, NSa and NSv series , a graphical representation of your network topology is available in the HOME view. The API and Legal pages are also in the HOME view.
- MONITOR – The MONITOR view provides Real-Time Charts, AppFlow reports and/or monitoring, AppFlow sessions (on NSv), Capture Threat Assessment report, SDWAN monitoring, system logs, and tools for packet capture and monitoring connections and processes.
- DEVICE – The DEVICE view provides configuration pages for firewall administration and settings, wireless settings for TZ Series firewalls, high availability, users, AppFlow settings, log settings, and system diagnostic tools. In SonicOSX, the Policy Lookup page is available under Diagnostics. On TZ and NSa series firewalls, configuration pages for external devices such as the SonicWall Switch, Access Points, and WWAN 4G/LTE are available.
- NETWORK – The NETWORK view provides System configuration pages for network interfaces and system settings including for load balancing, ARP, web proxy, PortShield (on TZ and NSa series), VLAN translation, dynamic routing, DHCP server, etc, as well as pages for advanced firewall settings, VoIP, DNS, SDWAN, IPSec VPN, and SSL VPN settings.
- OBJECT – In SonicOS, the OBJECT view provides configuration pages for Match Objects, Profile Objects, and Action Objects, which are used when creating rules and policies on the POLICY view. In SonicOSX, the OBJECT view provides configuration pages for Match Objects, Profile Objects, and Action Profiles, which are used when creating rules and policies on the POLICY view. A Signatures page allows refresh of Anti-Virus and Anti-Spyware signature databases on the firewall.
- POLICY – In SonicOSX, the POLICY view provides menu groups for Rules and Policies, Capture ATP, and EndPoint Security. In SonicOS, the POLICY view provides those menu groups plus four additional ones: DPI-SSL, DPI-SSH, Security Services and Anti-Spam.
The configuration pages within Rules and Policies have significant differences between SonicOS (Classic mode) and SonicOSX (Policy mode). The configuration pages in Classic mode include Access Rules, NAT Rules, Routing Rules, Content Filter Rules, App Rules and Endpoint Rules. In Policy mode, the Rules and Policies menu group pages are Settings, Security Policy, NAT Policy, Route Policy, Decryption Policy, DoS Policy, Endpoint Policy and Shadow. These policy configuration pages cover the same security aspects as those in Classic mode, but with a more unified approach. The Settings page provides status for all security services on a single page, while the services are configured within each policy as an integral component. The Shadow page shows which rules are being shadowed by other rules and which rules are shadowing other rules. If a rule is shadowed by another rule, the first rule might never be hit.
About the API and CLI
The SonicOS/X Enterprise Command Line Interface (E-CLI) provides a concise and powerful way to configure SonicWall security appliances without using the SonicOS/X web management interface. You can use the CLI commands individually on the command line or in scripts for automating configuration tasks.
You can access the CLI by connecting to the Console port via SSH or with a serial connection. For more
information, refer to the SonicOS/X 7 E-CLI Reference Guide on the SonicWall technical documentation portal.
The SonicOS/X RESTful API (Representational State Transfer Application Program Interface) provides an alternative method to the SonicOS/X CLI for configuring the firewall. You can use the API to configure each and every feature on the firewall or to script configuration sequences.
To access the API, navigate to HOME | API and click the link in the SONICWALL SONICOS API AGREEMENT section.
You can also enter the link directly into your browser, https://sonicos- api.sonicwall.com. The SonicOS API Swagger access page is displayed.
Set up your authentication and log in for the complete API command list and syntax.
Legal Information
SonicWall SonicOS/X is protected by copyright and is provided as is.
The SonicWall copyright statement and End User Product Agreement (EUPA) are displayed on the HOME | Legal Information page.
What’s New in SonicOS/X 7.0.1
SonicOS/X 7.0.1 introduces a number of new features and enhancements, including:
- SonicWall Switch – New Features
Several new features and enhancements are provided for Switch management:
-
* SonicWall Switch – Native VLAN Support Configuration
Provides ability for administrator to specify which VLANs do not carry a VLAN tag. This helps with SonicWave provisioning.
-
* SonicWall Switch – Comments/Descriptions for Each Port
Port descriptions help administrators understand why a port has been provisioned.
-
* SonicWall Switch – Multiple Switch Support for Firewall High Availability Deployments
Adds support for HA deployment use cases when multiple Switches are being managed by the firewalls.
-
* SonicWall Switch – Multi-level Daisy Chaining Up to Eight
Extends network connectivity from one end of the building to the other.
- Mode Selection on NSv Series – Changing Between Classic Mode and Policy Mode
On NSv series, you can run either SonicOS (Classic mode) or SonicOSX (Policy mode) and you can switch between the modes. Some configuration settings are lost when changing from Classic to Policy mode, while the NSv resets to factory default settings when changing from Policy to Classic mode. This feature is also supported on NSv deployments in closed networks.
- Web Management Interface – Continued Improvements
Improvements to user experience and App Viewer, signatures data enrichment, and more CVE information.
- Security – New Signature Database Support
Enhancements to SonicOS for support of new Signature Database. Rollout of new Signature Database is coming soon.
- Connectivity – One ARM Mode Support
In One ARM mode, traffic enters and leaves the appliance on the same interface.
- Ports and Interfaces – Feature Support and Performance Enhancements
Several features and enhancements are added:
-
* **PPPoE support** on NSv series interfaces- Reduced polling time on all SFP+ ports from 40 sec to 5 sec
- 40GB interfaces support 10GB interface connectivity on NSsp 15700
- 10GB BASE-T support on 10GB SFP ports
- SafeMode – Support for Auth Code during SafeMode Authentication
You can use the appliance Auth Code as the Maintenance Key when accessing SafeMode on unregistered firewalls running SonicOS/X 7. The Auth Code is displayed in the web management
interface on the HOME | Dashboard > System > Device page, and on the label affixed to the bottom of the appliance.
- Deployment – Bypass Non-decrypted SSL Traffic with GAV
This option provides performance improvements.
Features in Both SonicOS and SonicOSX
This section describes a number of features introduced or enhanced in SonicOS/X 7. These features are available in both SonicOS and SonicOSX on all (or most) platforms.
For features specific to SonicOSX or available only on specific platforms, refer to any of these topics:
Key features available in both SonicOS and SonicOSX on all platforms include:
- Actionable Dashboard
In SonicOS/X 7, the Dashboard is enhanced with actionable alerts. The HOME | Dashboard >
System page provides four
screens with actionable alerts: Device, Summary, Network and Threat.
The Device, Network and Threat dashboards provide a top-level summary of the overall health of the appliance and threat insights. The actionable alerts help administrators maintain their organization’s security posture.
An example of an actionable alert on the Device screen is, if any service is unlicensed, you can click to be redirected to the DEVICE | Settings > Licenses page and take action on missing licenses.
- Device View – Front Panel
You can check the physical status of your firewall from the HOME | Dashboard > System page, in the Device screen. This gives the same feel as when you are physically looking at the hardware and also provides a graphical representation of the NSv virtual firewall.
TZ:
NSa:
NSv:
NSsp:
- Top Traffic and User Summary
The Dashboard > System > Summary page displays:
-
* Traffic distribution usage on the firewall with real-time updates of the most used applications- Summary of top users based on allowed or blocked sessions and by data sent and received
-
Insights Into Threats
The Dashboard > System > Summary page displays a section at the right with insights into threats of several types.
Insights on infected hosts displays the total number of infected host machines in your network in real- time.
Insights on critical attacks displays the total number of mission-critical attacks in your network in real- time.
Insights on encrypted traffic displays the total number of encrypted traffic in your network in real- time.
- Decryption Features
SonicOS/X 7 supports several new decryption features:
-
* Decryption Support for TLSv1.3
The TLS 1.3 encryption standard is supported to inspect encrypted traffic across several protocols like HTTPS, SSH, and FTPS. Support for TLS 1.3 improves overall security on the firewall. This is implemented in Firewall Management, SSL VPN and Deep Packet Inspection (DPI).
-
* Selective Blocking of Ciphers
On the NETWORK | Firewall > Cipher Control page, you can select from over 300 ciphers and block or unblock them. Filtering controls at the top of the page make it easy to view certain cipher types or strength ratings.
- SDWAN Wizard
The SDWAN Wizard guides you through configuring SDWAN Policies on the firewall. The wizard intuitively walks through setting up SDWAN rules to connect to HQ or Cloud SaaS applications without complex configurations. The wizard is accessed by clicking the wizard button in the top, right corner of the web management interface.
Select SDWAN Guide from the available wizards.
The SDWAN Guide has five screens to assist you with creating the policy.
- Capture ATP
The newly designed Capture ATP dashboard provides insights into Zero-Day threats that are coming into the organization’s network with location-based attack origin information.
- Capture Threat Assessment 2.0
SonicOS/X 7 supports Capture Threat Assessment (CTA) v2.0. Capture Threat Assessment is a SonicWall service that provides network traffic and threat report generation in PDF format. The service is provided directly from the SonicOS/X web management interface. You can navigate to the MONITOR | AppFlow > CTA Report page to configure settings and generate the report. Previous reports are saved in the cloud and displayed as a table on the page.
NOTE: App Visualization licensing is recommended for complete report data.
CTA v2.0 provides a number of enhancements for the current Capture Threat Assessment cloud service and reporting on all SonicWall firewalls, as described below.
-
* New report template – latest look and feel -
- Meaningful application statistics – adds more meaningful application, threat, web and network data
- Industry and global level statistics comparison – Industry averages let you compare your statistics alongside industry and global data
- Risky applications analysis – rates the amount of risk compared to industry standards
- Malware web activity – Web Activity page provides information about exposure to malware from web activity
- Gimpse of threats – Glimpse of Threats page details the application exploits, spyware, other malware and botnet activity observed on your network
- Report customization and advanced options – provide a way to customize the report features, control the report title and company information, and add a custom logo so you can design the report according to your requirements
- Executive Summary with Key Findings – summarizes the overall pages into a single page for quick reference by busy executives
- Recommendations – provides a summary of steps you can take to fix the issues found during the reporting period
- Meaningful application statistics – adds more meaningful application, threat, web and network data
-
System Logs Download
System logs, including console logs, can be downloaded from the DEVICE | Diagnostics > Tech Support Report page. The ability to download console logs without connecting to the console port simplifies debugging and reduces the time needed for troubleshooting.
- SSH Terminal Access
An SSH Terminal can be accessed by clicking the Terminal icon button on the top banner of the SonicOS/X web management interface.
Before initiating the Terminal, make sure that the interface has SSH enabled for management. To check, go to NETWORK | System > Interfaces and edit the WAN interface. The first time, click OK in the SSH Server warning dialog to accept the certificate.
Then, enter the administrator username and password at the prompts (default admin/password ).
- SonicExpress Mobile App Compatibility
SonicWall SonicExpress is a mobile app that lets you easily register, set up, manage and monitor your SonicWall firewalls. To set up your new SonicWall next-generation firewall, simply launch the app, use your USB phone cable to connect the firewall USB port to your smartphone, and follow the step-by-step instructions in the intuitive SonicExpress setup guide. Additionally, stay updated with the latest SonicWall security news from the app.
The key features available in both SonicOS and SonicOSX on most platforms are:
- Network Topology View
The HOME | Dashboard > Topology page shows an image of your firewall with hosts, access points, and other devices deployed in your network. This feature is supported on TZ, NSa and NSv series firewalls.
The Topology view provides physical and logical connectivity of all SonicWall devices, including firewalls, wireless access points and SonicWall Switches and their connected network devices in one place for easy visualization and policy enforcement. Device insights include device type, IP address, MAC address and traffic statistics to identify trouble spots or choke points.
You can use the buttons at the top right to refresh, display or hide labels, and change the view style. Move your mouse over each device to see details about it in a popup screen.
- Authentication Partitions
Authentication partitions control which authentication servers are used for which users. Partitions are supported on on NSsp, NSa and NSv series firewalls. You can configure partitions on the DEVICE | Users > Partitions page.
There is always one authentication partition, the automatically created Default partition. You cannot delete this partition. You can, however, edit it and select servers, agents, and clients for it as well as subpartitions. If you disable authentication partitioning, all LDAP servers, SSO agents, TSAs, and RADIUS accounting clients are reassigned to the Default partition; when you re-enable authentication partitioning, you must reassign them. RADIUS servers are not affected and remain with their assigned partitions.
Features Specific to SonicOSX
Some features are only provided in SonicOSX and are not available or are configured differently in SonicOS. These SonicOSX features are mostly in the areas of policy and object configuration, and are based on a complete redesign and unified architecture of the underlying policy engine.
About Unified Policies in SonicOSX
SonicOSX 7 introduces a new, redesigned unified policy configuration workflow combining Layer 2 to Layer 7 policy enforcement for security policies and optimizing the workflow for other policy types. This unified policy workflow gathers many security settings into one place, which were previously configured on different pages of the SonicOSX management interface. The benefits of this new approach also include improved reporting, auditing and logging, better diagnostics, monitoring and debugging, and faster loading and searching of rules and objects in the management interface.
All rules are manually created by administrators, there are no automatic or system-added rules. Priority characteristics of rules:
- Rules are applied in the order of priority, as shown by the rule order in the policy table.
- Rules are created at a certain priority.
- No automatic priority of rules.
A policy is defined by a group of rules that are applied to do a certain job. SonicOSX provides six policy types based on their characteristics, of which four are introduced in SonicOSX 7 and the others are improved and enhanced over previous implementations.
The following new policy types consolidate and reorganize policy configuration for improved logic and efficiency:
- Security Policy
Security Policy configuration unifies elements that were configured independently in previous versions of SonicOS. A Security Policy consists of one or more rules that apply security services to traffic. Each security rule merges the following security settings:
-
* Access Rules- App Rules
- App Control
- Content Filter
- Botnet Filter
- Geo-IP Filter
- Intrusion Detection and Prevention
- Anti-Virus
- Anti-Spyware
In SonicOSX, DPI-SSLand DPI-SSH settings are converted into decryption rules that define which SSL/TLS traffic should be decrypted. DPI-SSL and DPI-SSH settings are only configurable within decryption rules. You have granular control over what needs to be decrypted and how.
DoS rules define which traffic can cause Denial of Service and how to protect the system from such attacks. DoS rule configuration provides a unified workflow that includes connection limiting settings and all the settings to protect against Flood attacks (UDP/TCP-syn/ICMP floods), Smurf attacks, LAND (Local Area Network Denial) attacks and other denial of service attacks. These settings are no longer configured from various pages of the management interface as in versions prior to 7.0.
- Endpoint Policy
Endpoint rules provide client security settings that apply to traffic on the specified zone. These rules combine settings for the zone, inclusion and exclusion addresses, and an enforcement profile that controls grace period and bypass settings for guest users. At least one client security service must be licensed before endpoint rules can be configured.
The following two policy types are carried forward from earlier versions of SonicOS with minor enhancements:
- NAT Policy
NAT rules define which traffic needs to be translated and how.
Routing rules define how traffic should be routed.
Traffic is defined by match criteria. Each policy type has its own set of match criteria. Each rule defines the specific criteria to match, and defines an associated action. Actions are defined in an Action Profile. Some policy types do not need an action profile, such as Decryption Policy.
In summary, a policy is a set of rules and each rule is defined by match criteria and has an action and/or action profile.
The SonicOSX unified policy redesign provides additional enhancements, including:
-
Enhanced rules and policy processing engine for Security, NAT, Route, Decryption, DoS, and Endpoint policies:
-
SonicOSX policy rules can scale up to 8KB (8192 bytes) in size to accommodate the additional configuration data.
-
Rule configuration is intuitive with a simplified view, even with all the merged settings.
-
Relevant objects and action profiles for individual components are selected within the workflow.
-
Policy cloning is available.
-
In-cell editing capability can be used from within the policies table.
-
Shadow policy views allow analysis for Security, NAT, Route, Decryption, and DoS policy sets.
-
Simplified and advanced policy views for policy management:
- Policy grid column customizations for simple and advanced use cases
- Rule grouping
-
Rule statistics:
- Used vs unused rules
- Active vs inactive rules
- Hit counts and bandwidth consumption
About the Shadow Feature
The POLICY | Rules and Policies > Shadow page shows which rules are being shadowed by other rules and which rules are shadowing other rules. Select the Policy Type at the top to view shadowing for each type of policy.
Each rule in the RULE NAME column might have a rule in the SHADOWED BY column and the SHADOWING column. The rule in the SHADOWING column might not be hit because the rule in the RULE NAME column will match the traffic first. The rules under SHADOWED BY will be hit before the rules in the RULE NAME column, possibly preventing the RULE NAME column rule from being hit.
Rules can be partially shadowed. In this case they will be hit if they match traffic characteristics that the other rule is not matching on.
For example, say A+B is being matched in rule #2 which is shadowed by rule #1, where rule #1 matches A. If traffic matches A, rule #1 will hit. If traffic matches B, rule #2 will hit.
Another example involves two subnets. Rule #1 blocks traffic matching the 10.0.0/24 subnet. Rule #2 allows traffic matching the 10.0/16 subnet.
Rule #1 shadows Rule #2. This is a partial shadow.
You can click on any rule to view details:
About Action Profiles
Action profiles are used in Security Rules and DoS Rules and are configured globally under OBJECTS | Actions Profiles. Click the +Add button to configure all types of action profiles for use in the policy rule.
Security Rule Action Profiles:
The Add Security Action Profile page provides the following screens to configure action profiles for Security Rules:
- Bandwidth/QoS
- Anti-Virus
- Threat Prevention
- Anti-Spyware
- Botnet Filter
- Content Filter
- Block Page and Logging
- Miscellaneous
When the Add Security Action Profile window opens, the first screen is Bandwidth/QoS. You can select other tabs/screens to configure other types of Action Profiles.
The Miscellaneous screen provides options for:
- Connection Settings
- Advanced Settings
- SIP / H.323
- For Traffic from an Unauthenticated User
DoS Rule Action Profiles:
The Add DoS Action Profile page provides the following screens to configure action profiles for DoS Rules:
- Flood Protection
- DDoS Protection
- Attack Protection
- Connection Limiting
Features Specific to TZ and NSa
This section describes features supported only on SonicWall TZ and NSa firewalls. Many of these features can only be supported on physical appliances.
These features are described in the following topics:
Switch Management
SonicWall Switches can be connected to and managed by TZ and NSa series firewalls.
SonicWall Switches offer multi-gigabit wired performance that lets you rapidly scale your branch networks through remote installation. Available in seven models — ranging from eight to 48 ports, with gigabit and 10 gigabit Ethernet ports — SonicWall Switches deliver network switching that accommodates the growing number of mobile and IoT devices in branch locations and provides the network performance needed to support cloud-delivered applications. SonicWall Switches also fit seamlessly into your existing SonicWall ecosystem, helping you to unify your network security posture. They’re SD-Branch-ready and managed via firewalls — either locally or through SonicWall’s cloud-based Capture Security Center — for unified, single- pane-of-glass management of your entire SonicWall infrastructure.
SonicWall Switches provide additional ports and are designed to connect SonicWall firewalls with external devices such as wireless access points, IP surveillance cameras, VoIP phones and other PoE-capable devices as well as other Ethernet-based networking equipment or computers. The Switch provides simple, yet powerful PoE manageability with features such as IEEE 802.3af or IEEE 802.3at/af ports, PoE port management, voice VLAN, QoS, static routing, 802.1x authentication, and access point management.
Seven Switch models are available, providing a range of capabilities to choose from.
SonicWall Switches can be deployed in standalone mode or daisy chain mode. In SonicOS, there are three ways to view a connected Switch:
- Physical view
- List view
- VLAN view
SonicOS displays Switch information, including bandwidth usage per port and PoE Statistics with power usage.
SonicWall Switch ports can be added to PortShield Groups configurations.
PortShield Groups
A PortShield interface is a virtual interface with a set of ports, including ports on SonicWall Switches or other supported external switches assigned to it. PortShield architecture enables you to configure some or all of the LAN ports into separate security contexts, providing protection not only from the WAN and DMZ, but between devices inside your network as well. In effect, each context has its own wire-speed PortShield that enjoys the protection of a dedicated, deep packet inspection security appliance.
You can configure PortShield interfaces on the NETWORK | System > PortShield Groups pages.
Access Points Management
SonicWall SonicPoint and SonicWave wireless access points are specially engineered to work with SonicWall security appliances to provide wireless access throughout your enterprise. SonicWall access points integrate with SonicWall next-generation firewalls to create a secure wireless solution that delivers comprehensive protection for wired and wireless networks. They provide high-speed wireless access with enhanced signal quality and reliability that takes advantage of the latest capabilities to achieve gigabit wireless performance. With support for IEEE 802.11a/b/g/n/ac standards, the SonicPoint/SonicWave series enables your organization for bandwidth-intensive mobile applications in high density environments without signal degradation.
You can connect SonicPoint/SonicWave access points to your firewall or to a connected Switch, and manage them from the DEVICE | Access Points pages in SonicOS 7.
SonicOS 7 provides several new features for wireless access points:
- Enhanced Access Point Snapshot
SonicOS displays real-time statistics on access point status in the network and wireless client associations.
- Access Point Traffic Rate
SonicOS displays real-time bandwidth usage by access points.
- WiFi Client Report
SonicOS provides a real-time WiFi client report based on OS type and frequency, along with a top client chart.
- Real-Time WiFi Client Monitor
SonicOS displays the client host machine, OS type, frequency, access point details, and data transfer information.
WWAN and 4G/LTE
SonicWall TZ and NSa series appliances support a number of external 4G/LTE devices. You can connect a 4G/LTE device to a USB port on the firewall to provide Wireless WAN (WWAN) connectivity to the internet over cellular networks.
The 4G/LTE connection can be used for:
- WAN failover to a connection that is not dependent on wire or cable.
- Temporary networks where a preconfigured connection might not be available, such as at trade- shows and kiosks.
- Mobile networks, where the SonicWall appliance is based in a vehicle.
- Primary WAN connection where wire-based connections are not available and 4G/LTE cellular is.
To use the 4G/LTE interface, you must have a 4G/LTE PC card or USB device and a contract with a wireless service provider. A 4G/LTE service provider should be selected based primarily on the availability of supported hardware. SonicOS supports the devices listed online at:
https://www.sonicwall.com/support/knowledge-base/what-wireless-cards-and-usb- broadband-modems-are- supported-on-firewalls-and-access- points
By default, the firewall tries to detect the type of device that is connected. If it can successfully identify what kind it is, the left side navigation changes to provide configuration pages in the DEVICE | WWAN menu group. Without a connected 4G/LTE device, the WWAN page displays the current status.
Storage Device Configuration
SonicOS 7 provides the DEVICE | Settings > Storage page showing the status of M.2 storage modules on the firewall, including the secondary storage module, if installed. Storage modules are supported on TZ and NSa series firewalls. The storage module resides in a small compartment on the bottom of the firewall.
Module usage statistics are displayed and the file names of the stored files can be viewed.
Settings page:
Files page:
Features Specific to NSv
The NSv series are the only platforms that can run either SonicOS or SonicOSX 7.
Because the NSv is a virtual appliance, it does not support features that manage a connected device, such as a SonicWave wireless access point or a SonicWall Switch.
Topics:
- Feature Support on NSv Series
- Changing Between SonicOS and SonicOSX
Feature Support on NSv Series
SonicOS/X 7 on SonicWall NSv Series supports the majority of features supported on SonicWall physical firewalls, with only a few exceptions. These exceptions are generally those features that control an external device, such as a switch, wireless hardware, or cellular WWAN devices.
The table below lists the key SonicOS and SonicOSX features and whether they are supported or not supported on the NSv Series.
SONICOS/X 7 FEATURE SUPPORT ON THE NSV SERIES
Main Category
Feature Category
Feature Description Supported
Unified
Unified
Source/Destination
SPI Rule based on
Yes
Policy Features
Security Policy IP, Port, Service, and User
user Information
Application Control Application Signature Yes
and Component control within a Security Rule
CFS/Web Filtering Content Filtering
Rules within a Security Rule
Botnet Botnet control within a Security Rule
Geo-IP / Country Country-based control within a Security Rule
Yes
Yes Yes
EndPoint Security Policy
Endpoint Security with Capture Client based on Rules
Yes
Decryption Policy
Rule Diagram Pictorial view of a
Security Policy, NAT Policy or Route Policy to assist in finding real-time statistics
Rules to inspect SSL/TLS traffic
Yes
Yes
DoS Policy Rules to inspect Denial of Service (DoS) and Distributed DoS (DDOS) attacks, such as flooding or Smurf
Yes
Profile Objects Endpoint Security Yes
Bandwidth Management
Yes
QoS Marking Yes
Content Filter Yes
Intrusion Prevention
Yes
DHCP Option Yes
AWS VPN Yes
Action Profiles Security Profile Yes DoS Profile Yes
Signature Objects
Anti-Virus Signature Object
Anti-Virus Signatures Yes with more details on
each signature
Anti-Spyware Signature Object
Anti-Spyware Signatures with more details on each signature
Yes
Rule management
Cloning Cloning of an existing security rule to create a new rule
Yes
Shadow rule analysis
Displays duplicate and shadowing rules within every policy
Yes
In-cell editing Ability to perform
selective cell editing on the security rule without opening the
Yes
| rule, reducing the number of clicks for the administrator|
---|---|---
| | Group editing| | Yes
| | Export of Rules| Rules can be| Yes
| | | exported in CSV|
| | | format|
| | Live Counters| Capture live statistics| Yes
| | | for a security policy|
| Managing| Used/Unused| Display the security| Yes
| views| Rules| rules which are being|
| | | actively used or not|
| | | being used|
| | Active/Inactive| Display the security| Yes
| | Rules| rules which are|
| | | enabled or disabled|
| | Section Policy| Grouping of policies| Yes
| | Grouping| by sections to help|
| | | manage thousands|
| | | of security rules|
| | Customizable| Customizable and| Yes
| | Grid/Layout| movable columns|
| | | within Security|
| | | Policy, NAT Policy,|
| | | Route Policy,|
| | | Decryption Policy,|
| | | and DoS Policy|
| | | pages|
| | Custom Grouping| Grouping of policies| Yes
| | | by custom options|
| | | like zone, tag, or|
| | | other|
Decryption| Decryption| | TLS 1.3 enhanced| Yes
Features| Support for| | security|
| TLSv1.3| | implemented in|
| | | firewall|
| | | management, SSL|
| | | VPN and DPI|
| Blocking| | Block or unblock| Yes
| Cipher| | cipher control|
| Controls| | selectively|
| Decryption| | Enhanced monitoring| Yes
| Rule| | of Decryption Rules|
| Monitoring| | including Bandwidth,|
Multi- Instance Features
Multi-Instance Support
Connection Rate, Connection Usage
Multiple virtual No firewalls running on a single firewall
Instance View View usage and No other related
statistics for each instance
SDWAN
Features
Per-Instance Separate Firmware
Instance Licensing from Root
SDWAN
Scalability
SDWAN
Usability Wizard
Ability to run separate firmware on each instance and the root instance
License the instances from the root instance and display the key for each instance
Scalable tunnel interfaces for distributed enterprises
Wizard to automatically configure an SDWAN Policy on the firewall
No
No
Yes
Yes
API Features RESTful API
Support
Complete API support for configuring every section of the management interface
Yes
HOME Page Features
Dashboard Features
Actionable Dashboard
Device View Enhancements
Top Traffic Summary
Dashboard with actionable alerts
Displays the real- time status of the front panel interfaces and LEDs
Traffic distribution usage on the firewall with real-time updates and the most-used applications
Yes Yes
Yes
Top User Summary Summary of top
users based on allowed or blocked sessions, by data sent and received
Yes
Insights into Threats
Real-time threat summary for the network, including virus, zero-day malware, spyware, vulnerabilities, risky applications
Yes
Policy Overview Graphical view of
used/unused and allowed/denied statistics for Security, NAT, Route, Decryption, and DoS Policies
Objects Overview Graphical view of
custom and default Address, Zone, Service, Schedules, Custom Match, Application, Country, URI, Website, and Web Category objects
Yes
Yes
Network Topology
Profiles and Signatures Overview
Zero-Day Attack Origin Analysis
Graphical view of custom and default profiles and signatures for IPS, Security, DoS, Block Page, Gateway Anti- Virus, Anti-Spyware and others
Displays location- based attack origin by countries
Topology View displaying hosts, access points connected in the network based on device name, MAC address and IP
Yes
Yes
Yes
Debugging and Diagnostic Features
Notification Center
Packet Monitoring Enhancement
System Logs Download
address
Summary of threats, event logs, system alerts with actionable alerts and outstanding tasks for the administrator
Packet Monitor ability to find the related Security Rule, NAT Rule, Route Rule, Decryption Rule, and Signatures for Application, IPS, Anti-Virus, and Anti- Spyware
Console logs can be downloaded from the web management interface without requiring connection to the Console port
Yes
Yes
Yes
SSH Terminal SSH Terminal access Yes within web
management interface for troubleshooting
System Diagnostics
Enhanced system diagnostics for troubleshooting
Yes
Policy Lookup Policy Lookup displays the rule that will be used for a particular type of traffic based on the math attributes
Yes
Capture Threat Assessment (CTA 2.0)
Template Customization
Executive Template
Executive Template for company executives with a summarized report containing Key Findings and Recommendations
Yes
Report Customizable Customization of Yes
Customization Logo, Name, and
Company
logo, administrator name and company name
Reporting Enhancements
Key Findings Yes
Risky File Analysis Yes
Risky Application Summary
Yes
Malware Analysis Yes
Glimpse of Threats Yes
Web Filtering Statistics
Yes
Recommendations Yes
Comparison Statistics
Industry Average Comparison with
peer industry statistics
Yes
Wireless Features
Switch Features
Enhanced Access Point Snapshot
Access Point Traffic Rate
WiFi Client Report
Real-Time WiFi Client Monitor
SonicWall Switch Support
Switch Network Overview
All Organizations Average
Comparison with global statistics
Displays real-time statistics about access point network status and client associations
Real-Time bandwidth usage by access points
Real-Time WiFi client report based on OS type, frequency, top client chart
Determines the host machine, OS type, frequency, access point information, data transfer
SonicWall Switch in standalone and daisy chain deployments
SonicWall Switch views: physical view, list view, and VLAN view
Yes No
No
No
No
No
No
Bandwidth Usage per Switch Port
Display SonicWall No Switch bandwidth
usage per port
Monitoring Features
PoE Usage Display SonicWalll Switch PoE statistics including power usage
Risky Application Statistics
AppFlow Monitoring Enhancements
No
Yes
Yes
Management NSM
Management
API Driven Management
ZeroTouch Registration and Provisioning
CSC Simple Reporting
No Yes Yes
No
General Features
Global Search Search globally for parameters within the SonicOS/X configuration to determine the Objects or Policies in which the parameters are referenced
Yes
Storage Device Configuration
Configuration of No storage modules including extended modules, and display module usage
statistics
Changing Between SonicOS and SonicOSX
SonicWall NSv series firewalls support both SonicOS and SonicOSX. SonicOS is also known as Classic mode, and SonicOSX is known as Policy mode. Selection of or changing between Classic and Policy modes is supported on NSv series starting in SonicOS/X 7.0.1 with the following use cases:
- Fresh deployments of SonicOS or SonicOSX
- Upgrading an existing deployment from SonicOSX 7.0.0 to SonicOSX 7.0.1
- Upgrading an existing deployment from SonicOS 6.5.4.v to SonicOS 7.0.1
- Changing an existing deployment from SonicOS 7.0.1 to SonicOSX 7.0.1 (from Classic mode to Policy mode)
- Changing an existing deployment from SonicOSX 7.0.1 to SonicOS 7.0.1 (from Policy mode to Classic mode)
If you have existing NSv deployments running SonicOS 6.5.4.v and plan to continue using NSv on SonicOS/X 7, the ability to change modes provides flexibility to upgrade seamlessly into Classic mode while evaluating or preparing for the move to Policy mode.
Closed-network NSv deployments also support Classic and Policy modes. In a closed network, the lack of internet access prevents the NSv from communicating with the SonicWall License Manager, so the Manual Keyset option is used to apply the security services and other licensing on the firewall. You can select the mode when obtaining the license keyset in MySonicWall. If you switch between modes, you will need to obtain and apply a new license keyset for your NSv.
The CLASSIC and POLICY mode switching option is only visible in SonicOS/X after it is enabled in MySonicWall. Log into your MySonicWall account and enable Firewall Mode Switching for the respective firewall serial number.
The Settings screen on the NETWORK | Firewall > Advanced page displays the CLASSIC and POLICY
options for Security Services Enforcements.
The current mode is indicated by the black button. These buttons are used to initiate the mode change. For more information, refer to:
- Choosing the Mode in Fresh Deployments or Upgrades
- Changing From Classic to Policy Mode
- Changing From Policy to Classic Mode
Choosing the Mode in Fresh Deployments or Upgrades
During NSv registration after fresh deployments or upgrades of existing NSv firewalls to SonicOS/X 7.0.1, you are prompted to choose Classic or Policy mode.
The specific use cases where this applies are:
- Fresh deployments of SonicOS or SonicOSX 7.0.1
- Upgrading an existing deployment from SonicOSX 7.0.0 to SonicOSX 7.0.1
- Upgrading an existing deployment from SonicOS 6.5.4.v to SonicOS 7.0.1
- Resetting the registration of (deregistering) an existing NSv deployment running SonicOS/X 7.0.1 Choosing Classic Mode will cause the NSv to boot up running SonicOS 7.0.1 with the SonicOS features. Choosing Policy Mode will cause the NSv to boot up running SonicOSX 7.0.1 with the SonicOSX features.
When upgrading an NSv from SonicOS 6.5.4.v to SonicOS 7.0.1 (Classic mode) using the SWI file, the supported features are on par with a SonicWall TZ running SonicOS 7.0.1, except that the following are not supported on NSv:
- Switch Network (SonicWall Switch management support)
- Access Points / Wireless
- WWAN (4G / LTE)
- PortShield
NOTE: After upgrading your NSv from SonicOS 6.5.4.v to SonicOS 7.0.1, you will need to register it using the new (7.0) serial number.
Changing From Classic to Policy Mode
This section describes how to change from Classic mode (SonicOS) to Policy mode (SonicOSX) on an existing NSv deployment. After this change, some of the current configuration settings might not be available in Policy mode. The list of configuration settings that will not be available in policy mode is shown in the popup screen when you click the POLICY button.
To change from Classic mode to Policy mode:
- Navigate to the NETWORK | Firewall > Advanced page.
- On the Settings screen next to Security Services Enforcements , click the POLICY button.
4. Click OK to proceed with the mode change or click Cancel to cancel the mode change.
The NSv reboots and comes up in Policy mode. You must manually reconfigure any settings that were removed during the mode change. These can include configuration settings involving:
- Access Rules
- App Rules
- Content Filtering Service (CFS)
- Security Services
- App Control
- DPI-SSL
- DPI-SSH
Changing From Policy to Classic Mode
This section describes how to change from Policy mode (SonicOSX) to Classic mode (SonicOS) on an existing NSv deployment. After this change, all of the current configuration settings will be lost and the NSv will reboot with factory default settings. A warning to this effect is shown in the popup screen when you click the CLASSIC button.
To change from Policy mode to Classic mode:
-
Navigate to the NETWORK | Firewall > Advanced page.
-
On the Settings screen next to Security Services Enforcements , click the CLASSIC button.
-
Click OK to proceed with the mode change or click Cancel to cancel the mode change. The NSv reboots and comes up in Classic mode.
-
Log into the NSv using the default credentials, admin / password.
-
Configure the network settings to allow your NSv to connect to your local network and to the internet for access to MySonicWall and the SonicWall licensing server. For more information, refer to the NSv Series 7.0 Getting Started Guide for your platform (Azure, AWS, VMware, Hyper-V or KVM). The NSv Getting Started guides are available on the SonicWall technical documentation portal at NSv 7.0 Getting Started Guides.
-
Register the NSv to enable full functionality. The Register Device button is available on the HOME | Dashboard > System pages.
At this point your can manually reconfigure the NSv or import a configuration settings file previously exported from one of the following:
-
* An NSv running SonicOS 7 (in Classic mode)- An NSv running SonicOS 6.5.4.v
Features Specific to NSsp
Designed for large distributed enterprises, data centers, government agencies and service providers, the SonicWall NSsp 15700 pairs advanced technologies like Real-Time Deep Memory Inspection (RTDMI™) with high-speed performance. This powerful security appliance supports advanced features including multi- instance deployments, advanced switching, authentication partitioning, and unified policy creation.
While most of these advanced features are available on other platforms running SonicOS/X 7, the Multi- Instance feature is unique to the NSsp.
About Multi-Instance
SonicOSX 7 on NSsp supports the Multi-Instance feature. This feature allows the security appliance to launch multiple instances of SonicOSX, each serving as an independent firewall. The Root Instance configures and launches each instance. Once the individual instances are up and running, their X0…X7 interfaces allow access for detailed firewall configuration.
Multi-Instance is configured from the DEVICE | Multi-Instance menu group.
Configuration starts from the Multi-Instance > Settings page:
Each instance’s X0, X1, X2… X7 interfaces are mapped to a VLAN on the NSsp front panel port (X0 to X25) by the Root Instance. Each instance can be configured with up to 8 ports. Each instance port can be mapped to a front panel port and tagged with a VLAN ID.
When you register your NSsp appliance, a number of instance licenses are automatically created. These licenses are displayed in the Multi-Instance > Instance Licenses page.
You can configure two instances as a High Availability pair: on a single NSsp and across two NSsp appliances that are already established as an HA pair.
-
* On a Single NSsp – Multiple instances within an NSsp can support Stateful HA. This multi-instance HA model exactly mimics the NSv HA model in terms of the behavior and capabilities. Two instances can be paired to form a Stateful HA pair. One of them assumes the role as a Primary active instance and the other as the Secondary standby instance. The active and standby roles can change during an instance’s lifetime.- On an NSsp HA pair – Multiple instances residing on different units of an established NSsp HA pair can support Stateful HA. This requires a physical connection between at least one dedicated physical port on each of the NSsp HA units, to be used for the Multi-instance HA Control interface and HA Data interface.
For more information about enabling and configuring Multi-Instance, refer to the SonicOSX 7 Multi-Instance Administration Guide and the SonicOSX 7 Getting Started for the NSsp 15700 guide on the SonicWall technical documentation portal.
SonicWall Support
2
Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
-
* View knowledge base articles and technical documentation- View and participate in the Community forum discussions at https://community.sonicwall.com/technology-and-support.
- View video tutorials
- Access https://mysonicwall.com
- Learn about SonicWall professional services
- Review SonicWall Support services and warranty information
- Register for training and certification
- Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support /contact-support.
About This Document
NOTE: A NOTE icon indicates supporting information.
IMPORTANT: An IMPORTANT icon indicates supporting information.
TIP: A TIP icon indicates helpful information.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
About SonicOS and SonicOSX for the TZ, NSa, NSv, and NSsp Series Updated – April 2021
Software Version – 7 232-005321-00 Rev A
Copyright © 2021 SonicWall Inc. All rights reserved.
The information in this document is provided in connection with SonicWall and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. and/or its affiliates do not make any commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.
End User Product Agreement
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/legal/end-user-product-agreements/.
Open Source Code
SonicWall Inc. is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:
General Public License Source Code Request Attn: Jennifer Anderson
1033 McCarthy Blvd
Milpitas, CA 95035