SonicWALL SonicOS Firewall

Nipper requires a copy of the SonicWALL SonicOS configuration file in order to produce a report. This page provides information on how to retreive the configuration from a device and how to use Nipper to produce a report.

This page contains the following:

• Getting The Configuration File
  • Web Admin
• Using Nipper
  • Report Formats
  • Access Rules Filtering
  • Configuration File
• Example Configurations

Getting The Configuration File

This section outlines different methods of obtaining a copy of your SonicWALL firewall configuration file.

Web Admin

The section outlines the procedure for getting the configuration from the device using the administrative web interface. The procedure is as follows:

1. Using your favorite web browser, connect to the web service provided by your SonicWALL for remote management.
2. Login.
3. Click on the "Tools" button to the left.
4. Click on the "Preferences" tab (see screenshot below).
5. From the "Preferences" tab, select the "Export" option.
6. Click the "Export" button to export the SonicWALL configuration to a file called "sonicwall.exp".

Using Nipper

Nipper has a number of different options to change how a SonicWALL SonicOS configuration is processed, some of these options are described latter in this section. The configuration can be processed with the following command:

nipper --sonicos --input=sonicwall.exp --output=report.html

Report Formats

Nipper currently supports HTML, XML, Latex and ASCII text report formats. The default format is HTML. The following command line options can be used to tell Nipper to output to a specific format:

• --html - HTML report format.
• --xml - XML report format.
• --latex - Latex report format.
• --text - ASCII text report format.

Access Rules Auditing

As part of a security audit of your device configuration, Nipper will audit the access rules. The audit is based on a network filtering policy which can be defined, otherwise Nipper will use its own builtin defaults.

The following command options can be used to enable checking for particular issues:

• --any-source - Access rules MUST NOT allow from any source.
• --network-source - Access rules MUST NOT allow from a network source.
• --any-destination - Access rules MUST NOT allow to any destination.
• --network-destination - Access rules MUST NOT allow to a network destination.
• --destination-service - Access rules MUST NOT allow to any destination port.
• --disabled-rules - No disabled access rules.
• --reject-rules - Access rules MUST NOT deny access (use discard instead).
• --deny-log - Access rules MUST log denied or discarded traffic.
• --log-rules - All access rules must log.
• --log-drop-rules - An Access rule list MUST end with a discard all and log.

Each setting can be reversed using a --no-{policy} instead of --{policy}.

The Access Rules can be output to a seperate CSV file for further analysis, you simply have to supply Nipper with the name of the CSV file you would like it to write to. This can be done using --csv=rulesfile.csv, where rulesfile.csv is the name of the CSV file.

Configuration File

All the settings described in this section and more can be configured using an external configuration file. On Linux and UNIX type systems this file is called nipper.conf and is typically stored in /etc. On Windows systems the file is called nipper.ini and will be automatically loaded from the current directory. These files are essentially the same and if not found Nipper will use internal default settings.

A specific external configuration file can be specified on the command line using --config={Config Filename}.

The file is self documenting and generally relates to the various command line options. The default configuration file can be downloaded from here.

Example Configurations

Listed below are example SonicWALL configurations and the reports that Nipper will generate from them.

• SonicWALL Pro100 sonicwall.exp - Nipper 0.11.5 report.