Introduction
34
SonicOS 5.8.1 Administrator Guide
Although the entire SonicOS interface is available in different languages, sometimes the
administrator does not want to change the entire UI language to a specific local one.
However, if the firewall requires authentication before users can access other networks, or
enables external access services (e.g. VPN, SSL-VPN), those login related pages usually
should be localized to make them more usable for normal users.
• Geo-IP & Botnet Filtering - This feature allows the administrator to block connections to
or from a geographic location based on IP address(es), and to or from a Botnet command
and control server. A new Security Services > Geo-IP & Botnet Filter page has been added
to the management interface.
You can look up an IP address to find out the domain,
DNS server, and check whether it is
part of a Botnet. The Services > Geo-IP & Botnet Filter page provides this functionality at
the bottom of the page. The System > Diagnostics and Dashboard > App Flow Monitor
pages also provide this capability.
• Global BWM Ease of Use Enhancements - Several enhancements are provided in this
release to improve ease of use for Bandwidth Management (BWM) configuration, and also
to increase throughput performance of managed packets:
–
Support for simple bandwidth management on all interfaces.
–
Support for bandwidth management on both ingress and egress.
–
Support for specifying bandwidth management priority per firewall rules and app rules.
–
Support for default bandwidth management Q for all traffic.
–
Support for applying BWM via app flow monitor page.
Global bandwidth management provide 8 priority queues. The Guaranteed rate and
Maximum\Burst ra
te are user configurable. Eight queues are created for each physical
interface. As traffic flows through the firewall from interface1 to interface2, BWM is applied
on both the interfaces according to the configuration. For example, ingress BWM can be
applied based on interface1 settings and egress BWM applied on interface2 settings.
• LDAP "Primary group" Attribute - To allow Domain Users to be used when configuring
policies, membership of the Domain Users group can be looked up via an LDAP "Primary
group" attribute, and SonicOS 5.8.1.0 provides a new attribute setting in the LDAP schema
configuration for using this feature.
• Management Traffic Only Option for Network Interfaces - SonicOS 5.8.1.0 provides a
Management Traffic Only option on the Advanced tab of the interface configuration window,
when configuring an interface from the Network > Interfaces page. When selected, this
option prioritizes all traffic arriving on that interface. The administrator should enable this
option ONLY on interfaces intended to be used exclusively for management purposes. If
this option is enabled on a regular interface, it will still prioritize the traffic, but that may not
be the desirable result. It is up to the administrator to limit the traffic to just management;
the firmware does not have the ability to prevent pass- through traffic.
The purpose of this option is to provide
the ability to access the SonicOS management
interface even when the appliance is running at 100% utilization.
• Preservation of Anti-Virus Exclusions After Upgrade - SonicOS 5.8.1.0 provides an
enhancement to detect if the starting IP address in an existing range configured for
exclusion from anti-virus enforcement belongs to either LAN, WAN, DMZ or WLAN zones.
After upgrading to a newer firmware version, SonicOS applies the IP range to a newly
created address object. Detecting addresses for other zones not listed above, including
custom zones, is not supported.