Monthly Archives: May 2010

Should I run over the last System State with the new versions?

Should I run over the last System State with the new versions?
No, it is always recommended to keep two or more versions. That way even if the last system state is corrupted you will be able to recover from a previous version.?

Categories: Windows sbs 2008Bookmark

How frequent should a system state backup taken?

How frequent should a system state backup taken?
After each major system update, and regularly each weekend or so.

Categories: Windows sbs 2008Bookmark

Which components are backed up by the System State backup?

Which components are backed up by the System State backup?
The Registry, boot files, as well as important system files. Then depending on their availability, the following services will be backed up as well:?

Active Directory directory service, Certificate Service database, COM+ Class Registration database, SYSVOL directory.

Categories: Windows sbs 2008Bookmark

What is the purpose of taking System State backup?

What is the purpose of taking System State backup?
System state backup creates a backup file for critical system related components. This backup file can be used to recover the critical system components after a crash.

Categories: Windows sbs 2008Bookmark

How to Configure Site to Site VPN when a Site has Dynamic WAN IP address in SonicOS Enhanced Aggressive Mode

How to Configure Site to Site VPN when a Site has Dynamic WAN IP address in SonicOS Enhanced Aggressive Mode

The Global VPN Settings section of the VPN > Settings page displays the Unique Firewall Identifier – the default value is the serial number of the SonicWALL and used for configuring Aggressive Mode VPN tunnels. You can replace this with your choice of name, “chicago / new york” for example.
Procedure: 

Network Setup:

Configuring a Site to Site VPN on the Central Location (Static WAN IP address)

Device used on Central Site: SonicWALL PRO 4060 appliance with SonicOS Enhanced 4.0.0.2e firmware.

 

Central Location Network Configuration:

1.       LAN Subnet: 192.168.168.0

2.       Subnet Mask: 255.255.255.0

3.       WAN IP: 66.249.72.115

4.       Unique Firewall Identifier: chicago

Step 1: Creating Address Object for Remote Site:

– Login to the Central Location SonicWALL appliance
– Navigate to Network > Address Objects page.
– Scroll down to the bottom of the page and click on Add button, enter the following settings.

Name – newyork vpn,

Zone – VPN,

Type – Network,

Network – 10.10.10.0,

Netmask – 255.255.255.0
–  Click OK when finished.

Step 2: Configurating a VPN Policy:

a.       Click on VPN > Settings

b.       Check the box “Enable VPN” under Global VPN Settings, ensure that the correct Firewall Identifier has been specified

c.       Click on the “Add” button under VPN Policies section. The VPN Policy window pops up.

Click the General tab

a.       Select the Authentication method as “IKE Using Preshared Secret

b.       Name: New York Aggressive Mode VPN

c.       IPsec Primary Gateway Name or Address: 0.0.0.0

Note:  Since the WAN IP address changes frequently, it is recommended to use the 0.0.0.0 IP address as the Primary Gateway.

d.       IPsec Secondary Gateway Name or Address: 0.0.0.0

e.       Shared Secret: sonicwall (The Shared Secret would be the same at both SonicWALL’s)

f.         Local IKE ID: SonicWALL Identifier – chicago

g.       Peer IKE ID: SonicWALL Identifier – newyork

Click the Network tab

Ø       Local Networks

Select Choose local network from list, and select the Address Object – X0 Subnet (Lan subnet)

Ø       Destination Networks

Select Choose destination network from list, and select the Address Object – newyork vpn

 

Click the Proposals tab

IKE (Phase 1) Proposal

Exchange:  Aggressive Mode

DH Group:  Group 2

Encryption: 3DES

Authentication: SHA1

Life Time (seconds): 28800

Ipsec (Phase 2) Proposal

Protocol:  ESP

Encryption: 3DES

Authentication: SHA1

Enable Perfect Forward Secrecy(not checked)

DH Group:  Group 2

Life Time (seconds): 28800

Click the Advanced tab

Ensure that the VPN Policy bound to: Zone WAN

  – Click OK when finished

 

Configuring a Site to Site VPN on the Remote Location (Dynamic WAN IP address)

Device used on Remote location: SonicWALL TZ 170 appliance with SonicOS Enhanced 3.2.3.0 firmware

Network Configuration:

1.       LAN Subnet: 10.10.10.0

2.       Subnet Mask: 255.255.255.0

3.       WAN IP: DHCP (As this is a Dynamic IP Address)

4.       Unique Firewall Identifier: newyork


Step 1: Creating Address Object for Remote Site:

– Login to the Central Location SonicWALL appliance
– Navigate to Network > Address Objects page.
– Scroll down to the bottom of the page and click on Add button, enter the following settings.

Name – chicago vpn

Zone – VPN

Type – Network

Network – 192.168.168.0

Netmask – 255.255.255.0

– Click OK when finished

Configuring a Site to Site VPN on the Remote Location (Dynamic WAN IP address)

Device used on Remote location: SonicWALL TZ 170 appliance with SonicOS Enhanced 3.2.3.0 firmware

Network Configuration:

1.       LAN Subnet: 10.10.10.0

2.       Subnet Mask: 255.255.255.0

3.       WAN IP: DHCP (As this is a Dynamic IP Address)

4.       Unique Firewall Identifier: newyork


Step 1: Creating Address Object for Remote Site:

– Login to the Central Location SonicWALL appliance
– Navigate to Network > Address Objects page.
– Scroll down to the bottom of the page and click on Add button, enter the following settings.

Name – chicago vpn

Zone – VPN

Type – Network

Network – 192.168.168.0

Netmask – 255.255.255.0

– Click OK when finished

Step 2: Configuration VPN Policy:

a.       Click on VPN > Settings

b.       Check the box “Enable VPN” under Global VPN Settings, ensure that the correct Firewall Identifier has been specified

c.         Click on the “Add” button under the VPN Policies section. The VPN Policy window pops up.

Click the General tab

a.      Select the Authentication method as “IKE Using Preshared Secret

b.      Name: Chicago Aggressive Mode VPN

c.      IPsec Primary Gateway Name or Address: 66.249.72.115

d.      IPsec Secondary Gateway Name or Address: 0.0.0.0

e.      Shared Secret: sonicwall

f.         Local IKE ID: SonicWALL Identifier – newyork

g.       Peer IKE ID: SonicWALL Identifier – chicago

Click the Network tab

Ø       Local Networks

Select Choose local network from list, and select the Address Object – LAN Primary Subnet

Ø       Destination Networks

Select Choose destination network from list, and select the Address Object – chicago vpn

Click the Proposals tab

IKE (Phase 1) Proposal

Exchange:  Aggressive Mode

DH Group:  Group 2

Encryption: 3DES

Authentication: SHA1

Life Time (seconds): 28800

Ipsec (Phase 2) Proposal

Protocol:  ESP

Encryption: 3DES

Authentication: SHA1

Enable Perfect Forward Secrecy (not checked)

DH Group:  Group 2

Life Time (seconds): 28800

Click the Advanced tab

Enable Keep Alive box should be checked

VPN Policy bound to: Zone WAN

– Click OK when finished

How to Test:

From the Remote Location try to ping an IP address on the Central Location.

Note: Before receiving successful replies, you might see couple of “Request Timed Out“ messages while the VPN tunnel is still establishing.

Categories: SonicWallBookmark