MSS FW Best Practices: Administration/System Setup

Description

CAUTION: These documents are intended to provide partners with firewall configuration recommendations ONLY. They contain examples and caution should be exercised when making changes to your firewall as unplanned changed could result in downtime based on the complexity of the environment and/or configuration. 

MSS Recomended SonicWall Firewall Best Practices Index

Base/Appliance Settings

Device > Firewall Settings > Administration

For maximum security, it is recommended to make the following changes:

  1. Set the firewall name.
  2. For PCI/Better Security: Change super user administration account from admin.
  3. Set password to force change every 90 days.
  4. Bar repeated password changed for 4 changes.
  5. Enforce password complexity: Require alphabetic, numeric, and symbolic characters.
  6. Apply the above password constraints for all user categories.
  7. Enable administrator/user lockout.
  8. Failed Login attempts per minute before lockout: 7.
  9. Set firewall name.
  10. Make “Certificate Common Name” the same as the firewall name.
  11. Disable “Allow management via HTTP.”
  12. Change HTTPS management port from 443 to other (i.e., 9090)
  13. Enable “Enhanced Audit Logging”

Time

Set the following time options:

  1. Set time automatically using NTP and set the correct time zone for the location of the firewall
  2. Do not configure additional NTP Servers unless needed for internal synchronization as this will cause a higher load on Core 0

Related Articles

  • Affiliating Units in MySonicWall with MSS
    Read More
  • NDR: Supported Firewalls & Sensor Options
    Read More
  • CS : Child CID Provisioning
    Read More

Categories

Managed Security Services
Firewall Monitoring and Management
Firewall Configuration and Best Practices
not finding your answers?
Ask the Community
was this article helpful?
YesNo