Firewall technologies have evolved at a very rapid pace since its inception and from initial packet filtering firewalls which use to inspect packet traffic and took decision to allow or reject packets, which is then replaced with stateful packet inspection files which were designed to protect network layer threats by analyzing ports and protocols. Then Next generation firewalls came which were deep packet inspection firewalls to scan the entire packet payload in order to provide advanced threat protection. 

In today’s topic we will look at Sonicwall firewalls which are Next Generation firewalls (NGFW), their architecture and features. 

What is a Sonicwall Firewall?

Sonic firewall which was earlier called by name ‘Interpol’ in the late 1990s rebranded as Sonic firewall a dedicated hardware appliance with firewall and VPN software intended for the small business segment. Sonic firewalls enable to identify and control all applications which are running in the network.

It identified applications based on their unique signatures instead of protocols or ports. It visualizes application traffic to determine usage patterns and develop granular policies for applications, users, or user groups and other parameters such as time of the day etc. 

Working of Sonicwall Firewall

Sonicwall application recognition is based on their ‘DNA’ instead of less unique attributes such as source port, destination port, protocol type based on an extensive, automatically updated database of application signatures. SSL encrypted traffic-based controls analyze the encrypted traffic the same way as unencrypted traffic.  

Sonicwall firewall controls to track and manage and enforce specific versions of applications being used. There is no need for a physical check on every system to determine the version of application but simply set a Sonicwall application intelligence and control policy to achieve this. 

You can create a policy to prioritize bandwidth for live meeting applications, the deep packet inspection engine will search for application signature or name and increase the bandwidth on priority for live meeting application. 

Peer-to-peer applications like BitTorrent, often utilized for downloading unauthorized copies of copyrighted content, not only take up bandwidth but also pose a significant risk for transmitting malware. New P2P applications are constantly being created and it makes it difficult to manually block any single P2P application. The Sonicwall application intelligence and regulated databases receive regular updates to incorporate newly emerging P2P applications.

Social networking sites such as Facebook, Instagram, and YouTube can be blocked or restricted only to specific users at the workplace.

Sonicwall capture enhances firewall threat prevention capabilities by detection and prevention of unknown and zero day attacks via cloud.

Data leakage can be prevented with outbound traffic routed through a firewall and it can detect and prevent ‘data-inmotion’.

Features of Sonicwall Firewall

• Single configuration for management of all threats 
• Single UI interface to view and manage all threat events so there is no need to separately look at log entries on multiple devices such as firewalls, Antivirus, web content filtering, Intrusion prevention systems and data leakage prevention systems
• Improved control over applications by category, bandwidth management, user access, destination control etc.
• Gives a single view of network security 
• Easy to manage and secure VPN systems for secure remote access

How to set up a Sonicwall firewall?

• Connect a system to Sonicwall LAN (X0) interface or a network switch connected to LAN interface. It will automatically receive an IP address from Sonicwall appliance. 
• Open a web browser to https://192.168.168.168 to access firewall
• While accessing first time it gives option to use a setup wizard or go directly to management interface 
• At sonic wall management interface login page, the default admin and password is: admin/password
• The default password is to be changed 
• Select a timezone from ‘time zone’ drop down and click ok.
• At WAN network mode page select the option cable/mode-based connections for DHCP assigned IP addresses 
• Select option Router-based connections for static IP address and netmask 
• At LAN setting page accept the LAN settings default or enter IP address and netmask and click next 
• At Sonic wall configuration summary page review the configuration and click Apply 
• In SonicOS click Monitor and then current status | system status 
• To register click on register links which takes you to license page
• Enter your MySonicwall username, password at this page and click on submit 

Quick fact!

Market share: Sonic firewall (0.4%) in network security space.

Continue Reading:

Perimeter Firewall vs Internal Firewall: Detailed Comparison

What is an ML Powered NGFW?

In today’s topic we will learn about configuring site to site VPN between Fortigate and SonicWall using dynamic DNS as a peer. Site to site VPN use to provide uninterrupted and secure communication. 

Related: Introduction to Sonicwall Firewall

Establish: Site-to-site VPN between FortiGate and SonicWall with Dynamic DNS 

Let’s look at the prerequisites before we start the configuration steps.

• Admin access to both FortiGate and SonicWall firewall interfaces
• FortiGate version 6.x or beyond
• SonicWall version 6.x or beyond 
• Networking and firewall basic configuration 
• Active dynamic DNS account for both devices

Step 1: Configure FortiGate DDNS and FortiGate

1. Goto network 🡪 DNS 
2. Enable FortiGuard DDNS
3. Choose the interface having dynamic connection
4. Choose server having an account
5. Enter unique location
6. Click Apply

To configure DDNS using CLI 

config system ddns

    edit 1

        set ddns-server FortiGuardDDNS

        set ddns-domain “branch.float-zone.com”

        set monitor-interface “wan1”

    next

end

Goto VPN🡪 IPSec tunnels. Create a new tunnel and for the remote gateway select ‘Dynamic DNS’ and provide SonicWall remote DDNS name and choose the external interface (WAN) which is required to communicate to SonicWall.

Select ‘Aggressive Mode’ and under ‘Peer options’ 🡪 Accept types, select ‘Specific peer ID’ and in ‘Peer ID’ field provide SonicWall remote DDNS name. 

In ‘Phase 1 (P1) proposal, ensure all proposals selections are corresponding to proposals of SonicWall. The local ID field provides the FortiGate Dynamic DNS name. 

Configure ‘Local address’ and ‘Remote address’ to mention traffic of interest between local and remote sites and selected networks ensured to match as defined in SonicWall interface. 

In Phase 2 (P2) proposals selections are corresponding to proposals in SonicWall. Enable Auto-negotiate to ensure proper functioning. 

Step 2: Configure SonicWall DDNS and SonicWall

1. Login into SonicWall management interface 
2. Choose Network in navigation menu
3. Choose DNS 🡪 Dynamic DNS 
4. Click on ‘Add’ 
5. ‘Add DNS profile is displayed’ 
6. Click Ok 
7. Check if profile is ‘Enabled’ and status shown as On-line and correct IP is reflecting 

Once DNS is working fine, then setup the DDNS to allocate a domain name to SonicWall external interface (WAN) which will act as a peer to FortiGate device. 

1. To setup VPN goto Wizard section and choose “VPN Guide’ 
2. Select site-to-site VPN option
3. Fill the form by choosing the name for ‘Policy name’. Activate ‘I know my remote peer address or FQDN option and provide FortiGate Dynamic DNS name in ‘Remote Peer IP address’ or FQDN. Choose ‘Next’. 
4. In ‘Network selection’ tab choose ‘local’ and ‘destination network’
5. In the ‘destination’ network (If not set up yet), create by selecting the ‘create new address object’ option from the drop down menu.
6. Provide ‘Name’, select ‘Appropriate zone assignment’ and ‘type’ and provide destination network and mask and save. 
7. After selecting desired local and destination network click next 
8. Select appropriate proposals and ensure they are matching FortiGate configuration 
9. Click Apply 
10. Under VPN section choose ‘Rules and settings’ and edit the tunnel
11. Modify both local and peer IKE IDEs from IPv4 address to domain name
12. Enter the SonicWall Dynamic DNS name for ‘local IKE ID’ and FortiGate Dynamic DNS name for ‘Peer IKE ID’.
13. Review all configurations 
14. Select appropriate ‘Local network’ and ‘destination network’ to mention traffic of interest between local and remote sites 
15. Selected networks need to match as defined in FortiGate

To verify and test go to FortiGate:

monitor 🡪 IPSec Monitor

VPN shall appear as active

Continue Reading:

IPSec VPN Configuration: Fortigate Firewall

Site to Site VPN Configuration on FTD