Common Criteria
32
SonicOS Enhanced 4.0 Administrator Guide
• GMS Remote Management
• Syslog Logging
• SonicPoint
• Hardware Failover
Before installing the SonicWALL Internet Security Appliance, the device should be examined
for evidence of tampering. Each device includes a tamper-evident seal to prevent access to the
inside of the unit. Verify that the tamper evident seal is intact. If there is a sign of tampering,
contact SonicWALL Support Services by phone at 888.777.1476 or 408.752.7819.
The GUI management interface is used to administer the device. The use of the GUI
management interface is discussed in the “Use of GUI Interface for Local Management” section
below.
The Common Criteria evaluated configuration only supports SonicOS Enhanced 4.0. You can
verify that the device is running SonicOS Enhanced 4.0 from the System -> Status page of the
management GUI under the System Information table, Firmware Version entry.
Use of GUI Interface for Local Management
This section describes the use of the SonicWALL Graphical User Interface (GUI) interface for
local management. Using the red cross-over cable supplied with SonicWALL Internet Security
Appliances and a management PC, the SonicWALL GUI can be used for local configuration.
This provides a secure way of administering the device without the possibility of traffic between
the management PC and device being captured or traced. Following the instructions below will
insure that only the management PC, directly connected to the device, can be used for
management.
Follow the instructions in the SonicOS Getting Started Guide section 2, Connecting the Network
Cables, to connect a management PC to the device.
Follow the instructions in the SonicOS Getting Started Guide section 2, Configuring Your
Management Station and Accessing The Management Interface to access the management
interface of the device
Select an interface to be used as the local management interface. For example, on a PRO
series appliance, select X2 or X3.
Use the Add button on the Network -> Zones page to add a “Local Management” with a
Security Type of Trusted. On the Network -> Interfaces page, configure the local management
interface. Set the Zone to “Local Management”. Set the IP Address to 192.168.1.1. Set the
Subnet Mask to 255.255.255.0. Enable HTTP Management. Log out from the GUI management
interface using the Logout button.
Connect the red cross-over cable to the local interface. Configure the management PC's IP
address to be 192.168.1.2 with a netmask of 255.255.255.0. Use the management PC's
browser to access the device's management interface at http://192.168.1.2.
Use the Configure icon on the Network -> Interfaces page to configure the LAN interface.
Disable HTTP and HTTPS management.
Do not enable HTTP or HTTPS management on any interface other than the local management
interface. HTTP and HTTPS management is disabled on all other interfaces by default.
The management PC can now be used to locally administer the device in a secure manner.