Filter
Top Products
Introduction
45
SonicOS 5.8.1 Administrator Guide
• Multiple and Read-only Administrator Login - Multiple Administrator Login provides a
way for multiple users to be given administration rights, either full or read-only, for the
SonicOS security appliance. Additionally, SonicOS Enhanced allows multiple users to
concurrently manage the appliance, but only one user at a time can be in config mode with
the ability to change configuration settings. This feature applies to both the graphical user
interface (GUI) and the command line interface (CLI).
• IP-Based Connection Limit - SonicOS Enhanced provides a way to limit the number of
connections on a per-source or per-destination IP address basis. This feature protects
against worms on the LAN side that initiate large numbers of connections in denial of
service attacks.
• IKEv2 Secondary Gateway Support - IKEv2 Secondary Gateway Support provides a way
to configure a secondary VPN gateway to act as an alternative tunnel end-point if the
primary gateway becomes unreachable. While using the secondary gateway, SonicOS can
periodically check for availability of the primary gateway and revert to it, if configured to do
so. Configuration for the secondary VPN gateway is available under VPN > Settings > Add
Policy in the management interface.
• IKEv2 Dynamic Client Support - IKEv2 Dynamic Client Support provides a way to
configure the Internet Key Exchange (IKE) attributes rather than using the default settings.
Previously, only the default settings were supported: Diffie-Hellman (DH) Group 2, the
3DES encryption algorithm, and the SHA1 authentication method. SonicOS now allows the
following IKE Proposal settings:
–
DH Group: 1, 2, or 5
–
Encryption: DES, 3DES, AES-128, AES-192, AES-256
–
Authentication: MD5, SHA1
These settings are available by pressing the Co
nfigure button in the VPN > Advanced
screen of the management interface. However, if a VPN Policy with IKEv2 exchange mode
and a 0.0.0.0 IPsec gateway is defined, you cannot configure these IKE Proposal settings
on an individual policy basis.
Note The VPN policy on the remote gateway must also be configured with the same
settings.
• Wireless IDS Rogue Detection - SonicOS Enhanced supports wireless intrusion detection
on SonicPoint devices. Wireless IDS Rogue Detection allows you to configure a set of
authorized access points, defined by address object groups. If contact is attempted from an
unauthorized access point, SonicOS generates an alert.
• RF Management - Radio Frequency Management on SonicPoint devices provides
detection of eleven types of wireless threats:
–
Long duration attack
–
Management frame flood
–
Null probe request
–
Broadcasting de-authentication
–
Valid station with invalid SSID
–
Ad-Hoc station
–
Unassociated station
–
Wellenreiter attack
–
NetStumbler attack