This topic covers materials that are somewhat complex, and can result in time-consuming issues if handled incorrectly.
Document Number: SW0332-0314
Last Updated: 02/01/18
|
Summary Show |
Product: SiteWatch StatWatch (.SW10950), TunnelWatch StatWatch (.TW90950)
This topic applies to sites using SiteWatch with or without TunnelWatch. It describes how to configure Internet routers to allow the Internet access required by StatWatch.
If the site bought its router from DRB in 2012 or later, the router may already have the configuration needed to use StatWatch. Use this document to verify and modify the configuration if needed.
a. The router should be configured to allow statwatch.com access over both HTTP (TCP port 80) and HTTPS (TCP port 443).
b. If the content filtering service only scans HTTP traffic, be sure to allow access to statwatch.com over HTTPS in other places in the router configuration.
a. Click Firewall. The Firewall sub-menus are displayed.
b. Click Access Rules. The Access Rules screen appears.
c. Next to View Style, click All Rules. All access rules are displayed.
d. Scroll down and search for a LAN>WAN rule with a Service of StatWatch Data Collector. Click the pencil icon under the Configure column to edit the rule if it exists. An Edit Rule window appears.
e. If a rule with a Service of StatWatch Data Collector does not exist, click Add. An Add Rule window appears.
f. Configure the fields as follows:
i. Action: Allow
ii. From Zone: LAN
iii. To Zone: WAN
iv. Service: Select Create new service and configure the fields in the Add Service window as follows:
· Name: StatWatch Data Collector
· Protocol: TCP
· Port Range: 9000
· Click OK. A Please wait... message appears in the status bar at the bottom of the window, and then the window closes.
v. Source: Any (If this field is set to SiteWatch Server or All SiteWatch Servers, change it to Any to allow the TunnelWatch Data Collector to upload information.)
vi. Destination: Select Create new network and configure the fields in the Address Object dialog as follows:
· Name: statwatch.com
· Zone Assignment: WAN
· Type: FQDN
· FQDN: *.statwatch.com
· Click OK. A Please Wait... message appears in the status bar at the bottom of the window, and then the window closes.
vii. Users Allowed: All
viii. Schedule: Always on
ix. Comment: SW: required for StatWatch
x. Enable Logging: Verify this option is not selected.
xi. Allow Fragmented Packets: Leave this option selected.
g. Configuring the Bandwidth Management for Firewall Rule.
i. SonicWALL firmware versions after 5.9.1.0.
· Click the BWM tab. The contents of the Bandwidth Management tab are displayed.
· Select Enable Outbound Bandwidth Management.
· For the Bandwidth Object, select Create new Bandwidth Object. The Add Bandwidth Object box opens.
· Configure the following fields:
o Name: Default StatWatch Priority 1
o Guaranteed Bandwidth: 0 kbps
o Maximum Bandwidth: 100000 kbps
o Traffic Priority: 1 Highest
o Violation Action: Delay
o Comment: StatWatch Bandwidth
· Click OK. The Add Bandwidth Object box closes and adds the Bandwidth object.
· Select Enable Inbound Bandwidth Management and for the Bandwidth Object select the Bandwidth Object created in the previous step.
· Click OK. The Edit Rule box closes.
ii. SonicWALL firmware versions before 5.9.1.0.
· Click the Ethernet BWM tab. The contents of the Ethernet Bandwidth Management tab are displayed.
· Select Enable Outbound Bandwidth Management and Enable Inbound Bandwidth Management.
· Set both Guaranteed Bandwidth fields to 0.
· Set both Maximum Bandwidth fields to 100.
· Set both Bandwidth Priority fields to 1.
h. Click Add or OK. A Please wait... message appears in the status bar at the bottom of the window and then a Rule action done, please check rule table message appears.
i. Click Close. The Add Rule window closes.
a. Attention: In older default configurations, these steps were only used to allow HTTPS access. Older configurations have a group of Allowed HTTPS Hosts instead of Allowed Web Hosts. In newer default configurations, these steps are used to allow both HTTP and HTTPS access.
b. Click Network. The Network sub-menus are displayed.
c. Click Address Objects. The Address Objects screen appears.
d. Under Address Groups, find the row of the object named Allowed Web Hosts.
e. Click the pencil icon to edit in the row for that group under the Configure column. An Edit Address Object Group window appears.
f. In the list to the left, find and select statwatch.com.
g. Click the arrow button to add it to the list to the right.
h. Click OK. A Please wait... message appears in the status bar at the bottom of the window, and then the window closes.
a. Attention: These steps only apply to older default configurations shipped before December 2010. In newer configurations, the Allowed Domains list is empty. Use step 7 above to configure HTTP on newer default configurations.
b. Click Security Services. The Security Services sub-menus are displayed.
c. Click Content Filtering. The Content Filtering screen appears.
d. Click Configure. A SonicWALL Filter Properties window appears.
e. Click Custom List. The contents of the Custom List tab are displayed.
f. Under Allowed Domains, click Add. An Add Allowed Domain Entry window appears.
g. Type statwatch.com and click OK. The Add Allowed Domain Entry window closes.
h. Click OK. The SonicWALL Filter Properties window closes and the Allowed Domains list is saved.
|
Bigger Picture |
