User manual SONICWALL SONICOS ENHANCED 5.7 ADMINISTRATOR GUIDE
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual SONICWALL SONICOS ENHANCED 5.7. We hope that this SONICWALL SONICOS ENHANCED 5.7 user guide will be useful to you.
Lastmanuals help download the user guide SONICWALL SONICOS ENHANCED 5.7.
Manual abstract: user guide SONICWALL SONICOS ENHANCED 5.7ADMINISTRATOR GUIDE
Detailed instructions for use are in the User's Guide.
[. . . ] SonicOS Enhanced 5. 7 Administrator's Guide
PROTECTION AT THE SPEED OF BUSINESSTM
Table of Contents
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Part 1: Introduction
Chapter 1: Preface . . 26 More Information on SonicWALL Products . . 29 Key Features in SonicOS Enhanced 5. 7 . . 29 Key Features in SonicOS Enhanced 5. 6 . [. . . ] Both 802. 1p and DSCP marking as managed by SonicOS Enhanced Access Rules provide 4 actions: None, Preserve, Explicit, and Map. The default action for DSCP is Preserve and the default action for 802. 1p is None. The following table describes the behavior of each action on both methods of marking: Action None 802. 1p (layer 2 CoS) DSCP (layer 3) The DSCP tag is explicitly set (or When packets matching this class of reset) to 0. traffic (as defined by the Access Rule) are sent out the egress interface, no 802. 1p tag will be added. Notes If the target interface for this class of traffic is a VLAN subinterface, the 802. 1p portion of the 802. 1q tag will be explicitly set to 0. If this class of traffic is destined for a VLAN and is using 802. 1p for prioritization, a specific Access Rule using the Preserve, Explicit, or Map action should be defined for this class of traffic.
Preserve Existing 802. 1p tag will be preserved.
Existing DSCP tag value will be preserved.
536
SonicOS Enhanced 5. 7 Administrator Guide
Firewall > QoS Mapping (Not Supported on TZ platforms nor the NSA 240)
Action Explicit
802. 1p (layer 2 CoS) DSCP (layer 3) An explicit 802. 1p tag An explicit DSCP tag value can be assigned (0-63) from a drop-down value can be assigned (0-7) from a menu that will be presented. The mapping setting defined in the Firewall > QoS Mapping page will be used to map from a DSCP tag to an 802. 1p tag. The mapping setting defined in the Firewall > QoS Mapping page will be used to map from an 802. 1 tag to a DSCP tag. An additional checkbox will be presented to Allow 802. 1p Marking to override DSCP values. Selecting this checkbox will assert the mapped 802. 1p value over any DSCP value that might have been set by the client. This is useful to override clients setting their own DSCP CoS values.
Notes If either the 802. 1p or the DSCP action is set to Explicit while the other is set to Map, the explicit assignment occurs first, and then the other is mapped according to that assignment. If Map is set as the action on both DSCP and 802. 1p, mapping will only occur in one direction: if the packet is from a VLAN and arrives with an 802. 1p tag, then DSCP will be mapped from the 802. 1p tag; if the packet is destined to a VLAN, then 802. 1p will be mapped from the DSCP tag.
Map
For example, refer to the following figure which provides a bi-directional DSCP tag action.
HTTP access from a Web-browser on 192. 168. 168. 100 to the Web server on 10. 50. 165. 2 will result in the tagging of the inner (payload) packet and the outer (encapsulating ESP) packets with a DSCP value of 8. When the packets emerge from the other end of the tunnel, and are delivered to 10. 50. 165. 2, they will bear a DSCP tag of 8. When 10. 50. 165. 2 sends response packets back across the tunnel to 192. 168. 168. 100 (beginning with the very first SYN/ACK packet) the Access Rule will tag the response packets delivered to 192. 168. 168. 100 with a DSCP value of 8. This behavior applies to all four QoS action settings for both DSCP and 802. 1p marking.
SonicOS Enhanced 5. 7 Administrator Guide
537
Firewall > QoS Mapping (Not Supported on TZ platforms nor the NSA 240)
One practical application for this behavior would be configuring an 802. 1p marking rule for traffic destined for the VPN zone. Although 802. 1p tags cannot be sent across the VPN, reply packets coming back across the VPN can be 802. 1p tagged on egress from the tunnel. This requires that 802. 1p tagging is active of the physical egress interface, and that the [Zone] > VPN Access Rule has an 802. 1p marking action other than None. After ensuring 802. 1p compatibility with your relevant network devices, and enabling 802. 1p marking on applicable SonicWALL interfaces, you can begin configuring Access Rules to manage 802. 1p tags. Referring to the following figure, the Remote Site 1 network could have two Access Rules configured as follows: Setting General Tab Action From Zone To Zone Service Source Destination Users Allowed Schedule Enable Logging Allow Fragmented Packets Qos Tab DSCP Marking Action Allow 802. 1p Marking to override DSCP values 802. 1p Marking Action Map Enabled Map Map Enabled Map Allow LAN VPN VOIP Lan Primary Subnet Main Site Subnets All Always on Enabled Enabled Allow VPN LAN VOIP Main Site Subnets Lan Primary Subnet All Always on Enabled Enabled Access Rule 1 Access Rule 2
The first Access Rule (governing LAN>VPN) would have the following effects:
·
VoIP traffic (as defined by the Service Group) from LAN Primary Subnet destined to be sent across the VPN to Main Site Subnets would be evaluated for both DSCP and 802. 1p tags.
The combination of setting both DSCP and 802. 1p marking actions to Map is described
in the table earlier in the "Managing QoS Marking" section on page 536.
Sent traffic containing only an 802. 1p tag (e. g. CoS = 6) would have the VPN-bound
inner (payload) packet DSCP tagged with a value of 48. The outer (ESP) packet would also be tagged with a value of 48.
Assuming returned traffic has been DSCP tagged (CoS = 48) by the SonicWALL at the
Main Site, the return traffic will be 802. 1p tagged with CoS = 6 on egress.
Sent traffic containing only a DSCP tag (e. g. CoS = 48) would have the DSCP value
preserved on both inner and outer packets.
Assuming returned traffic has been DSCP tagged (CoS = 48) by the SonicWALL at the
Main Site, the return traffic will be 802. 1p tagged with CoS = 6 on egress.
538
SonicOS Enhanced 5. 7 Administrator Guide
Firewall > QoS Mapping (Not Supported on TZ platforms nor the NSA 240)
Sent traffic containing only both an 802. 1p tag (e. g. [. . . ] · · · · · 3.
Use a DB9 to RJ45 connector to connect the serial port of your PC to the console port of your TZ 170. Using a terminal emulator program, such as TerraTerm, use the following parameters: 115, 200 baud (9600 for TZ 170) 8 bits No parity 1 stop bit No flow control You may need to hit return two to three times to get to a command prompt, which will look similar to the following: TZ170> If you have used any other CLI, such as Unix shell or Cisco IOS, this process should be relatively easy and similar. It has auto-complete so you do not have to type in the entire command.
4.
When a you need to make a configuration change, you should be in configure mode. To enter configure mode, type configure. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE SONICWALL SONICOS ENHANCED 5.7
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.
Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual SONICWALL SONICOS ENHANCED 5.7 will begin.