SonicWALL ViewPoint User's Guide
CONTENTS Copyright Notice ........................................................................... 2 Software License Agreement ...................................................... 3 1 INTRODUCTION ............................................................................ 5 2 GETTING STARTED ........................................................................ 6 System Requirements .................................................................. 6 Network Configuration for ViewPoint .........
Copyright Notice © 2001 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, may not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original.
Software License Agreement for ViewPoint This Software License Agreement (SLA) is a legal agreement between you and SonicWALL, Inc. (SonicWALL) for the SonicWALL software product identified above, which includes computer software and any and all associated media, printed materials, and online or electronic documentation (SOFTWARE PRODUCT). By opening the sealed package(s), installing, or otherwise using the SOFTWARE PRODUCT, you agree to be bound by the terms of this SLA.
U.S. GOVERNMENT RESTRICTED RIGHTS If you are acquiring the Software including accompanying documentation on behalf of the U.S. Government, the following provisions apply. If the Software is supplied to the Department of Defense (“DoD”), the Software is subject to “Restricted Rights”, as that term is defined in the DOD Supplement to the Federal Acquisition Regulations (“DFAR”) in paragraph 252.227 7013(c) (1).
1 INTRODUCTION Monitoring critical network events and activity, such as security threats, inappropriate Web use, and bandwidth levels, is an essential component of network security. SonicWALL ViewPoint compliments SonicWALL's Internet security offerings by providing detailed and comprehensive reports of network activity. SonicWALL ViewPoint is a software application that creates dynamic, Web-based network reports.
2 GETTING STARTED SonicWALL ViewPoint is a software reporting solution that may be installed on any computer on the SonicWALL's LAN. The computer used to host the reporting software will be referred to as the “ViewPoint Server.” System Requirements The following is a list of the minimum requirements for the ViewPoint Server: • • • • • Microsoft Windows 2000 or NT 4.0 Service Pack 4 or greater 500 MHz Processor 512 MB available disk space 256 MB memory Internet Explorer 4.
3 REGISTERING VIEWPOINT The following instructions describe the procedure to register and activate the ViewPoint Upgrade for the SonicWALL PRO. Registering the ViewPoint Upgrade is not required for the SonicWALL PRO-VX or SonicWALL GX. From a Web browser, go to the SonicWALL registration site at http://www.mysonicwall.com and enter your User Name and Password to login. If you do not have a mysonicwall.com user account, you will need to create one. To register your SonicWALL Internet security appliance: 1.
3. In the "My SonicWALL Service Management" window, select the Activate button displayed next to the ViewPoint service. An "Activate Service" window will be displayed. 4. Enter the ViewPoint Activation Key displayed on the back of this manual in the Activation Key field. 5. Click the Submit button. Once the Activation Key has been registered, a ViewPoint License Key will be displayed. Record this activation key carefully or copy the License Key to your Windows Clipboard. 1.
4 UPDATING SONICWALL FIRMWARE You must upgrade the SonicWALL firmware to version 6.1.0.0 to support ViewPoint. You may skip this section if you are using firmware version 6.1.0.0 or greater. 1. From a Web browser, go to http://www.sonicwall.com and navigate to the Download Center to download the latest version of SonicWALL firmware to your local disk. 2. Login to your SonicWALL Internet security appliance. 3.
4. Click the Upload Firmware Now button. 5. A Save Preferences window will appear. When firmware is updated, your SonicWALL’s settings may be erased, so it is recommended to save the SonicWALL’s preferences. If you have saved the SonicWALL’s preferences file to your local disk, click Yes. 6. Click the Browse button and select the SonicWALL firmware file from your computer’s local disk. 7. Click the Upload button to upload the firmware file. 8. Restart the SonicWALL for the change to take effect.
5 CONFIGURING THE SONICWALL Configure the SonicWALL to direct syslog to the ViewPoint Server. 1. Click the Log button on the left side of the browser window and then click the Log Settings tab at the top of the window. A window similar to the following will be displayed. 2. Enter the IP address or domain name of the ViewPoint Server in the Syslog Server field. Note: The ViewPoint Server must have a static IP address.
6 INSTALLING VIEWPOINT Installing the ViewPoint Software You may install ViewPoint from the ViewPoint Upgrade CD or you may download the ViewPoint software file from the SonicWALL, Inc. Web site. The ViewPoint server must be running Windows 2000 or Windows NT SP 4 or greater and it must have a static IP address. Note: The Windows DNS configuration must be properly configured, or domain and host names will not be displayed in the ViewPoint reports.
The installation wizard will guide you through the set up and install ViewPoint reporting software and syslog server, Tomcat Web Server, and MySQL Database. Please refer to the Appendix for more information about these software components. The ViewPoint setup program will detect whether the default Web, syslog or MySQL ports are in use. If the default Web port is active, the setup program will automatically recommend an alternative Web port, port 8080.
7 MANAGING VIEWPOINT Logging Into the ViewPoint Web Interface You will need to configure several settings in the ViewPoint Web Interface in order to view network reports. From a Web browser, type http://LocalHost or http:// into the Location or Address field or launch ViewPoint from the SonicWALL folder in the Windows Start menu. An authentication window similar to the following will be displayed.
Configuring ViewPoint Settings ViewPoint requires that users successfully authenticate to access reports. This authentication mechanism prevents unknown users from viewing sensitive network data. The ViewPoint Configuration window allows you to modify the ViewPoint user name and password. 1. From the ViewPoint Web Interface, expand the Configure option on the left side of the browser window and then click ViewPoint. A window similar to the following will be displayed. 2.
6. Click the Update button to update the configuration. Note: If you lose or forget the ViewPoint user name or password, you will need to uninstall and then reinstall the ViewPoint software. Configuring SonicWALL Settings ViewPoint transparently authenticates to your SonicWALL Internet security appliance for status and state information. ViewPoint uses the SonicWALL administrator password and IP address configured during ViewPoint installation to authenticate.
2. Enter the LAN IP Address of your SonicWALL in the IP Address field. 3. Enter the SonicWALL serial number in the Serial Number field. The 12 character, alphanumeric serial number is displayed on the General Status window of the SonicWALL Web Management Interface. Note: The Serial Number field is not case sensitive. 4. Enter the current SonicWALL administrator password in the Old Password field. 5. Enter the new SonicWALL administrator password in the New Password and Confirm New Password fields.
Configuring Syslog Settings The Syslog Configuration window allows you to change the UDP port number that ViewPoint syslog server listens on, to configure ViewPoint to forward syslog data to other servers, and to limit the database size. 1. From the ViewPoint Web Interface, expand the Configure option on the left side of the browser window and then click Syslog. A window similar to the following will be displayed. 2.
5. You may configure the maximum size of the ViewPoint database. To limit the database by number of days, select the Maximum Number of Days in Database radio button and enter the number of days that syslog messages should be saved in the corresponding field. To limit the database by size, select the Maximum Database Size in Megabytes radio button and enter the number of megabytes of memory that the database will store in the corresponding field.
Setting the ViewPoint Report Date You may change the ViewPoint report date quickly and easily. 1. To change the report date, click the Date option in the top right corner of the browser window. A window similar to the following will appear. 2. The current report date will be highlighted in the ViewPoint date calendar. Select the desired month and year from the Month and Year menus. 3. Select the desired day in the ViewPoint date calendar.
8 VIEWPOINT WEB INTERFACE This section briefly describes the ViewPoint Web Interface and the Web-based help options. The ViewPoint Web Interface may be accessed from a Web browser from any computer located on the same network as the ViewPoint Server. Note: Please use Internet Explorer 4.0 or greater or Netscape Navigator 4.0 or greater to login and manage ViewPoint. Confirm that your Web browser is configured to allow cookies and Java code.
ViewPoint Report Layout Most ViewPoint reports include a chart and a table. The chart displays information such as the amount of bandwidth through the SonicWALL over time. The table provides a summary of the data displayed in the chart.
9 REPORT DESCRIPTIONS General Reports Status The General Status report displays comprehensive information about the current status of the SonicWALL. The Status report includes the SonicWALL serial number, firmware version, ROM version, enabled upgrades and subscriptions, the number of users connected to the SonicWALL, and other state information. Admin Login The Administrative Login report displays successful administrative authentications to the SonicWALL that occurred during the report period.
The Failed Login report table displays the time and the name or IP address of the machine that attempted to authenticate to the SonicWALL. VPN Events The VPN Events report lists all VPN events, including VPN SA negotiation attempts, VPN key exchanges, VPN heartbeat messages and VPN connection errors. The VPN Events report helps illustrate the cause of VPN negotiation failures. It also identifies unknown or suspicious VPN activity.
that occurred during the hour, the number of MBytes transferred, and the MBytes as a percentage of the total MBytes for the report day. Both the chart and the table include inbound and outbound traffic through the LAN, WAN, and DMZ interfaces. Bandwidth Monitor The Bandwidth Monitor report displays a real-time graph of all network activity through the SonicWALL. The Bandwidth Monitor displays inbound and outbound IP traffic through the SonicWALL in either KBytes or MBytes per second over the past 5 minutes.
Service Monitor The Service Monitor report displays a real-time graph of network activity by a service over the past 5 minutes. The Service Monitor shows FTP, HTTP, ICMP, NetBIOS, DNS, NTP, SMTP, and other services in KBytes or MBytes transferred per second. The Service Monitor includes traffic through the LAN, WAN, and DMZ interfaces. Web Usage Reports Web Usage Summary Report The Web Usage Summary report shows the amount of Web (HTTP) traffic traveling through your SonicWALL over time.
Top Users of Web The Top Users of Web report shows the most active users accessing Web sites on the Internet or on the LAN or DMZ network segments. This report displays the number of Web site hits and the amount of bandwidth transferred, identifying inappropriate or excessive Web usage. The Top Users of Web report displays a pie chart of the top 10 users by the number of Web site hits.
The Web Filter Summary report displays a bar graph of attempts to access objectionable Web sites by the number of blocked attempts. The table displays the hour of the day, the number of attempts to access objectionable Web content during the hour, and the number of attempts as a percentage of the total attempts during the report period. Top Objectionable Web Sites The Top Objectionable Web Sites report presents the top destinations that were blocked by the SonicWALL.
The Top Objectionable Web Sites By User report displays a table of the users blocked by the SonicWALL, the top 5 Web sites the users attempted to access, and the number of attempts to access each Web site. If more than 5 users attempted to access objectionable Web sites, the additional users’ Web activity may be displayed by clicking the Next 5 link at the top of the report table.
The Mail Usage Summary Report displays a bar graph of Mail traffic through the SonicWALL in KBytes transferred. The table displays the hour of the day, the number of Mail events that occurred during the hour, the number of KBytes transferred for Mail, and the number of KBytes as a percentage of the total KBytes for the report period. Note: Mail Usage includes SMTP, POP3, and IMAP traffic.
The Top Sources of Attacks report displays a pie chart of the top 10 sources by the number of attacks. The report table lists the top 10 sources displayed in the chart, the number of attacks generated by the source, and the number of attacks as a percentage of the total attacks during the report period. Number of Attacks by Category The Number of Attacks by Category report presents attacks against the SonicWALL by category over the report period.
10 ACCESSING VIEWPOINT REMOTELY Because the ViewPoint Interface is Web browser-based, any user on the SonicWALL's LAN may login and look at ViewPoint network reports. Even users located across a VPN or accessing network resources through applications such as pcAnywhere should be able to contact the ViewPoint Web Interface. To access ViewPoint, the remote user should launch a Web browser, then type http:// into the Location or Address field of the Web browser.
APPENDIX Uninstalling ViewPoint Uninstall the ViewPoint program and all of its components from your system by relaunching the ViewPoint setup program. 1. If you installed ViewPoint from a CD, load the CD into your server and run the ViewPoint setup program. If you downloaded the ViewPoint executable file from the SonicWALL Web site, then select and launch the ViewPoint executable file from your local disk. If you can not locate the ViewPoint executable file, you may download it from http://www.sonicwall.
ViewPoint Administrative Tools The ViewPoint software includes several utilities to improve management and reliability. These utilities include a Repair Database tool, and Startup and Shutdown commands. ViewPoint Repair Database If the ViewPoint Server temporarily loses power, the ViewPoint database files may become corrupt. When this occurs, affected ViewPoint reports will neither function nor display report data. The SonicWALL folder in the Windows Start menu includes a ViewPoint Database Repair utility.
ViewPoint Software Components The ViewPoint software program consists of several different components. These components include: MySQL Database, Tomcat Web server, a syslog server, and SonicWALL ViewPoint software files. MySQL Database MySQL is a relational database management system. It is open source software that uses SQL, or Structured Query Language, the most common standardized language used to access databases. To learn more about the MySQL database system, visit http://www.mysql.com.
NOTES Page 36 SonicWALL ViewPoint
