• SonicOS 7
• About Device Settings
• Managing SonicWall Licenses
  • Licenses
  • Managing Security Services
    • Services Summary
    • Managing Security Services Online
      • Managing Services from SonicOS Management Interface
      • Synchronizing Changes
    • Manual Upgrade for Closed Environments
  • Registering Your SonicWall Appliance
  • Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License
  • Activating FREE TRIALs
• System Administration
  • Configuring the Firewall Name
  • Enabling Wireless LAN and IPv6
  • Changing the Administrator Name and Password
  • Configuring Login Security
    • Configuring Password Compliance
    • Configuring Login Constraints
  • Multiple Administrators Support
    • Working of Multiple Administrators Support
      • Configuration Modes
      • User Groups
      • Priority for Preempting Administrators
      • GMS and Multiple Administrator Support
    • Configuring Multiple Administrator Access
  • Enabling Enhanced Audit Logging Support
  • Configuring the Wireless LAN Controller
  • Enabling SonicOS API and Configuring Authentication Methods
  • Enabling GMS Management
  • Configuring the Management Interface
    • Managing through HTTP/HTTPS
    • Selecting a Security Certificate
    • Controlling the Management Interface Tables
    • Enforcing TLS Version
    • Switching Configuration Modes
    • Deleting Browser Cookies
    • Configuring SSH Management
  • Client Certificate Verification
    • About Common Access Card
    • Configuring Client Certificate Verification
    • Using the Client Certificate Check
    • Checking Certificate Expiration
    • Troubleshooting User Lock Out
  • Selecting a Language
• Configuring Time Settings
  • Setting System Time
  • Configuring NTP Settings
    • Using a Custom NTP Server for Updating the Firewall Clock
    • Adding an NTP Server
    • Editing an NTP Server Entry
    • Deleting NTP Server Entry
• Managing Certificates
  • About Digital Certificates
  • About the Certificates Table
  • About Certificate Details
  • Importing Certificates
    • Importing a Local Certificate
    • Importing a Certificate Authority Certificate
    • Creating a PKCS-12 Formatted Certificate File (Linux Systems Only)
  • Deleting Certificates
  • Generating a Certificate Signing Request
  • Configuring Simple Certificate Enrollment Protocol
• Administering SNMP
  • About SNMP
  • Setting Up SNMP Access
    • Enabling and Configuring SNMP Access
      • Configuring Basic Functionality
      • Configuring SNMPv3 Engine IDs
      • Configuring Object IDs for SNMPv3 Views
    • Setting Up SNMPv3 Groups and Access
      • Creating Groups and Adding Users and Access
        • Creating a Group
        • Adding Access
        • Adding Users
  • Configuring SNMP as a Service and Adding Rules
• Firmware Settings
  • Firmware Management and Backup
    • Firmware Management & Backup Tables
      • Local Table
      • Cloud Table
      • Show Configuration Files Table
    • Searching the Table
  • Creating a Backup Firmware Image
    • Creating a Local Backup Firmware Image
    • Creating a Cloud Backup Firmware Image
    • Scheduling Firmware Image Backups
      • Scheduling a One-Time Backup
      • Scheduling Recurring Backups
      • Deleting Scheduled Backups
  • Updating Firmware
    • Updating Firmware Manually
    • Firmware Auto Update
    • Using SafeMode to Upgrade Firmware
  • Importing and Exporting Settings
    • Importing Settings
    • Exporting Settings
  • Configuring Firmware and Backup Settings
    • Send Settings or Reports by FTP
    • Sending Diagnostic Reports to Technical Support
    • Boot Settings
    • One-Touch Configuration Overrides
    • Enabling FIPS Mode
    • Enabling NDPP mode
• Storage
  • Installing or Replacing Storage Modules
  • Setting Storage Options
    • Configuring the Storage Module for Log File Storage
    • Purging a Storage Module
    • Viewing Trace Logs
• Restarting the System
• SonicWall Support
  • About This Document

Enabling NDPP mode

A SonicWall network security appliance can be enabled to be compliant with Network Device Protection Profile (NDPP), but certain security appliance configurations are either not allowed or are required.

NDPP is a part of Common Criteria (CC) certification. However, NDPP in SonicOS is not currently certified.

The security objectives for a device that claims compliance to a Protection Profile are defined as:

Compliant TOEs (Targets Of Evaluation) will provide security functionality that address threats to the TOE and implement policies that are imposed by law or regulation. The security functionality provided includes protected communications to and between elements of the TOE; administrative access to the TOE and its configuration capabilities; system monitoring for detection of security relevant events; control of resource availability; and the ability to verify the source of updates to the TOE.

When you enable NDPP, a popup message displays with the NDPP mode setting compliance checklist. The checklist displays every setting in your current SonicOS configuration that violates NDPP compliance so that you can change these settings. You need to navigate around the SonicOS management interface to make the changes. The checklist for an appliance with factory default settings is shown in the following procedure.

To enable NDPP and see a list of which of your current configurations are not allowed or are not present:

The Enable NDPP Mode option cannot be enabled at the same time as the Enable FIPS Mode option, which is also on the Firmware & Backups > Settings dialog.

1. Navigate to Device | Settings > Firmware and Settings.
2. Click Settings.
3. Click FIPS / NDPP.

4. Select Enable NDPP Mode.

   

   The NDPP MODE SETTING COMPLIANCE CHECKLIST appears with a list of your required and not allowed configurations.

5. If your SonicWall appliance:
   • Complies with the checklist, go to Step 6.

   • Does not comply with the checklist, manually change or disable settings to be compliant with NDPP mode requirement.

     Leave the checklist dialog open while you make the configuration changes. If you click OK before all required changes are complete, the Enable NDPP Mode option is cleared automatically upon closing the checklist dialog. Select the option again to see what configuration changes are still needed for NDPP compliance.

6. Click OK.