Getting Started - Firewalls
When tasked to setting up your first SonicWall firewall it may seem daunting at first, but fortunately the SonicWall firewall user interface (UI) is intuative, has some simple wizards to assist, and also backed by lots of online resources.
As we've selling and installing SonicWall products for over 15 years we have some ideas of what's required, and the questions generally asked. We also know what the best way is of initially deploying your SonicWall firewall which should minimise issues in the future. We'll also link to some useful documents.
Updated 07/09/21 for Gen 7 Appliances.
Preparation
When first receiving your SonicWall firewall (and indeed any SonicWall product) you should read the instructions included, and familiarise yourself with the Quick Start Guide (QSG) or Out of Box Setup (OBS).
Here are the links to current documents:
Quick Start Guide: TZ270/TZ370/TZ470 / TZ570/TZ670 / NSa 2700 / NSa 3700 / NSa 4700 / NSa 6700
Getting Started Guide: TZ Series
Registration
Once you're up to speed with what you've got, the next step is to register the firewall via the https://www.MySonicWall.com portal. If you haven't already done so, you will need to create an account and password. This portal is where you keep all your firewall products registered, as well as able to log support / service requests, download firmware and software, add subscriptions, and many other functions.
You can also go via the Capture Security Center at https://cloud.sonicwall.com and the MySonicWall sub-portal is listed as an option. You will need the CSC portal when using cloud-based management tools for SonicWall WiFi, Switches and EndPoint Security - Capture Client.
When registering the new SonicWall firewall you will need the Serial Number (in the form of 12 hexadecimal characters), the Authentication Code (which will look like XXXX-XXXX where X is a letter), a Friendly Name which will help identify the firewall, and optional Product Group (if you intend to have lots of products you can separate them into meaningful groups).
If you're registering a Secure Upgrade you will be prompted to answer the type of Secure Upgrade you wish to go with. The default option is 'SonicWall Replacement', and the alternative is 'Competitive Replacement'. In most cases you will use the second option of 'Competitive Replacement'; unless you have an older, qualifying SonicWall firewall where you want to automatically transfer subscriptions from it and onto the new firewall. The eligible firewall can be seen on the relevant datasheet - link here. The type of subscriptions and services which can be moved includes Comprehensive Gateway Security (CGSS), Anti-Virus Services & Licenses for VPN Client. If you are going through the 'SonicWall Replacement' it should be noted that once you complete the registration the original firewall will be deleted from your www.mysonicwall.com account and its serial number removed from the SonicWall database meaning you cannot re-register it. The 'Competitive Replacement' option does not affect any other firewall - even if you manually enter some valid SonicWall firewall details into the form.
Pre-Setup
Before you start to configure the firewall it is very important to ensure you have the latest firmware. Do not assume your firewall already has the best and latest version pre-installed, because it most likely won't. New firmware comes out fairly regularly, mainly because of new or improved features, but also because of security improvements or changes to best practices, and even to make the firewall run more smoothly or even faster. Of course, there are also bug fixes along the way, which may not affect most deployments but are best to have installed.
The recommended way of 'upgrading' the firmware when deploying a new firewall is not to do a normal firmware upgrade via the usual admin user interface, but to install via Safe Mode. The reason behind this is that when going through the normal firmware upgrade the new firmware will just replace or add the features rather than replace the existing firmware. If, for any reason, the original firmware has a software issue or some default options set differently these won't be altered this way. This method will be fine once you've deployed your firewall, but initially you should install the new firmware via the Safe Mode. This Safe Mode method replaces any existing firmware with a new file you download and will ensure you have the best starting point. It will also set any default parameters to the ones SonicWall deem best.
Getting the firewall into Safe Mode requires you to power up the firewall whilst pressing in the Reset (RST) button. This part is explained here, including how to upload the firmware.
One question we regularly get asked is: Which firmware should I use?
This is a great question as there are many versions available for each model, including different ones for wireless or wired-only models - please choose the correct model.
For each model you will get different options based on the release status i.e. General Release, Feature Release, Early Release, Beta Release. We would only expect you to choose the latest General Release unless you are deploying a new feature which is only included in the Feature Release. A Feature Release is usually a later version than the General Release and just hasn't completed the full course of acceptance before being moved to General Release. Feature Releases are fully supported by SonicWall.
Configuration
Once you have your SonicWall firewall registered and running the most applicable firmware you are ready to configure it. If you are moving from a previous model SonicWall you can import the settings if supported (refer to this page to give firmware versions supported, as well as hardware models supported).
Whether you are importing settings or starting from scratch, we advise checking the Firewall Best Practices, which will go through many sections and options and give recomendations on what to change.
We also have some documents to assist protecting from Ransomware & CryptoLocker.
Best Practices to protect against Ransomware
Best Practices to protect against CryptoWall and CryptoLocker
We have a lot of these links, and more at our site www.YourSonicWall.com