SonicWALL Hidden Features and Configuration Options (2023)

Published March 10, 2016 | Categories: IT Services

SonicWALL Hidden Features and Configuration Options (1)

Earlier I stumbled across a hidden set of features and settings in a TZ215 by going to /diag.html and figured I'd share this with everyone in case you were unaware of it as I was. It appears to be available in all of the TZ series devices, the SOHO, and likely others. On the main page, you will see the following disclaimer.

SonicWALL Hidden Features and Configuration Options (2)

UnderInternal Settings,there are quite a few settings and options. Some are more useful than others. For me, the option I needed was “Disable Port Scan Detection” under the Firewall section. Below is a rough list of some of the options. Keep in mind these options are undocumented, unsupported, and it is suggested to only make changes to these values if instructed by Dell Technical Support. Enjoy!

SonicWALL Hidden Features and Configuration Options (3)

Trace Log:

  • Trace Log: [Current \/]
  • [Download Trace Log]
  • [Clear Trace Log]

ARP Settings:

  • Enable ARP bridging
  • Enable open ARP behavior (WARNING: Insecure!!)
  • Enable Source IP Address validation for being directly connected
  • Only allow ARP entries with unicast addresses
  • Limit ARPS of non-responsive IPs
  • Bypass ARP processing on L2 bridge interfaces
  • Enable Gratuitous ARP Compatibility Mode
  • Never broadcast more than 100 Gratuitous ARPs in any 60 second period.
  • Periodically broadcast system ARPs every 60 minutes.
  • Ignore ARPs with primary gateways MAC received on other interfaces
  • [Send System ARPs…]

Routing and Network Settings:

  • Flush flows on an alternate path when normal route path is enabled (affects existing connections)
  • Update route version when a route is enabled/disabled (affects existing connections)
  • Enable TCP packet option tagging
  • Fix/ignore malformed TCP headers
  • Enable TCP sequence number randomization
  • Perform SYN validation when not operating in strict TCP compliance mode
  • [Clear OSPF Process]
  • Clear DF (Don’t Fragment) Bit
  • Allow the first fragment of size lesser than 68 bytes
  • Enable ICMP Redirect on DMZ zone
  • Disable learning-bridge filtering on L2 bridge interfaces
  • Never add static default routes to the NSM route database
  • Enable stack traffic sending by DP core

DHCP Settings:

  • Enable DHCP Server Network Pre-Discovery
  • DHCP Server Conflict Detect Period: 300 Seconds
  • Number of DHCP resources to discover: 10
  • Timeout for a conflicted resource to be rechecked: 1800 Seconds
  • Timeout for an available resource to be rechecked: 600 Seconds
  • [Save DHCP Leases To Flash]
  • Send DHCPNAK if the "requested IP address" is on the wrong network
  • Time interval of DHCP lease database to be refreshed: 600 Seconds
  • Number of DHCP leases in the database to be refreshed: 10
  • Aggressively recycle expired DHCP leases in advance

VoIP Settings:

  • Maximum "public" VoIP Endpoints: 2048
  • H.323 Force Odd Media Control Port
  • Auto-add SIP endpoints
  • Transform SIP URIs to have an explicit port
  • Permit B2BUA to bind established calls together
  • SIP connection refresh interval (seconds): 40
  • Flush active media for SIP INVITEs without SDP
  • Flush unused media for SIP INVITEs without SDP
  • [Reset SIP Databases]

VPN Settings:

  • Do not adjust the TCP MSS option for VPN traffic
  • Use interoperable IKE DH exchange
  • Fragment VPN packets after applying ESP
  • Use SPI/CPI parameter index for IPsec/IPcomp pass-thru connections
  • Accept Reserved ID Type in Quick Mode.
  • Trust Built-in CA certificates for IKE authentication and Local certificate import.
  • Enable Compatibility with Android 4.0 Client.
  • Encryption Settings:
  • Enable Hardware Encryption
  • Disable SSLv3
  • Disable TLSv1

DP stack Settings:

  • Enable DP stack processing

Firewall Settings:

  • FTP bounce attack protection
  • Allow orphan data connections
  • Allow TCP/UDP packet with source port being zero to pass through the firewall
  • FTP protocol anomaly attack protection
  • IP Spoof checking
  • Disable Port Scan Detection
  • Trace connections to TCP port: 0
  • Include TCP data connections in traces
  • Enable Tracking Bandwidth Usage for default traffic
  • Enable to bandwidth manage WAN to WAN traffic
  • Decrease connection count immediately after TCP connection close
  • Protect against TCP State Manipulation DoS
  • Disable CSRF Token Validation
  • Disable Secure Session ID Cookie
  • [Flush Connections]
  • Deschedule Packet Count:
  • Refresh sub-domains of wildcard FQDN address objects

Security Services Settings:

  • Apply IPS Signatures Bidirectionally
  • Enable IP fragment reassembly in DPI
  • Extra dev debug info
  • Disable TCP expected sequence adjustment in DPI
  • Disable App-Firewall SMTP CHUNKING modification
  • Disable Gateway AV POP3 Auto Deletion
  • Disable Gateway AV POP3 UIDL Rewriting
  • Disable Gateway AV SMB read/write ordering enforcement
  • Log Virus URI.
  • Do not apply signatures containing file offset qualifiers
  • that trigger on TCP Streams with unidentified protocols.
  • Minimum HTTP header length (0 to disable): 0
  • Enable incremental updates to IDP, GAV, and SPY signature databases.
  • Enable enforcement of a limit on a maximum allowed advertised TCP window with any DPI-based service enabled.
  • 256 Set a limit on a maximum allowed advertised TCP window with any DPI-based service enabled (KBytes).
  • Disable signature database reload.
  • 1500 Threshold above which size limits are enforced on Regex Automaton.
  • 3000 Maximum allowed size for Regex Automaton.
  • Limit IPS CFT scan.
  • Enforce Host Tag Search for CFS
  • [Reset AV Info]
  • [Reset Client CF Enforcement Info]
  • [Reset Client CF Enforcement Cache]
  • [Reset Licenses & Security Services Info]
  • [Reset HTTP Clientless Notification Cache]
  • [Reset Cloud AV Cache]

DPI-SSL settings:

  • Rewritten certificate SN modifier:
  • Client spoofed certificate caching:
  • Remove TCP timestamp option:
  • Drop SSL packets when memory is low:
  • Allow SSL without proxy when connection limit exceeded:
  • Disable Endpoint TCP Window Setup:
  • Disable Server Facing Session Reuse:
  • Block connections to sites with untrusted certificates:
  • 512 Max stream offset to check for SSL client-hello resemblance:
  • TCP window multiplier (N * 64k):
  • Override max proxied SSL connections:
  • Disable SSLv3 client connections in DPI-SSL:
  • SSL Version:
  • Cipher Methods

High Availability Settings:

  • Enable Network Monitor probing on Idle unit
  • HA Failover when Packet Pool is Low on Active Unit
  • Suppress Alarm on HA Transition to Active
  • Always restart HA backup for watchdog task
  • Send gratuitous ARP to DMZ or LAN on transparent mode while HA failover
  • Maximum number of gratuitous ARP of transparent mode per-interface while HA failover: 256
  • Maximum number of gratuitous ARP while HA failover: 1
  • Send Syslog messages from both HA units with unique serial numbers

PPPOE Settings:

  • Allow LCP requests to PPPOE Server
  • Log LCP Echo Requests and Replies between client and server
  • Enable PPPoE End-Of-List Tag
  • PPPOE Netmask:

Dial-Up Settings:

  • Display dialup status on console
  • PPPDU Max Configuration Failures: 9
  • [Restart Dial-Up Devices]
  • One-Touch Configuration Helpers
  • [DPI and Stateful Firewall Security]
  • Preview applicable changes
  • [Stateful Firewall Security]
  • Preview applicable changes

Management Settings:

  • Use Standby Management SA
  • Allow SGMS to preempt a logged-in administrator
  • Prioritize the following selected traffic types below to be highest and above all other traffic types:

User Authentication Settings:

  • Post authentication user redirect URL: [ ]
  • Log an audit trail of all SSO attempts in the event log
  • (X) in the event log
  • ( ) in memory to download as ssoAuthLog.wri, max. buffer size: 64 KBytes.
  • – When buffer is full: (X) stop ( ) wrap. Download ssoAuthLog.wri Download and reset ssoAuthLog.wri
  • For user IP addreses: [All \/]
  • Include SSO polling Include SSO bypass Include additional non-initiation of SSO
  • Try to negotiate SSO agent protocol to version: 5 (default protocol version is 5)
  • [Logout All users]
  • Diagnostics Settings:
  • Disable SonicSetup/Setup tool Server
  • Trace message level: [Warning \/]
  • For diagnostic testing purposes, auto-restart system every 60 minutes.
  • Secured crash analysis

Watchdog Settings:

  • Do not restart for watchdog task
  • Restart quickly after an exception
  • Restart when packet pool is low

IPHelper Settings:

  • Enable no source port matching for replies from DHCP servers.
  • Disable Reverse Path check for Source IP.
  • Disable ingress-egress check.

Wireless Settings:

  • Wireless Advanced Settings
  • Set Local Bit for Virtual Access Point BSSID MAC Address
  • Allow same Virtual Access Point groups to be used for dual radios
  • Supported SonicPoint Type: [All \/]
  • SonicPoint-N System Self Maintenance: [Weekly (3:00 AM Every Sunday) \/]
  • Legacy SonicPoint A/B/G and SonicPoint-G Only Management Enforcement
  • [Update All SonicPoint’s Firmware]
  • SonicPoint KeepAlive Enforcement
  • SonicPoint Provisioning Protocol TCP Window Size: 1400
  • Use Default TCP Window Size For SonicPointN Provisioning Protocol
  • SonicPointN Provisioning Protocol TCP MSS Setting:
  • (X) Use Default Value.
  • ( ) Customized TCP MSS: 1460 bytes.
  • Prefer SonicPointN 2.4GHz Auto Channel Selection to be 1, 6, and 11 only
  • SonicPointN SSH Management Enable
  • Enable SonicPoint (N) IP address retaining
  • SonicPointN Logging Enable
  • Erase SonicPoint Crash Log generated by previous firmware image when SonicPoint image is updated
  • SonicPoint-Ni/Ne Noise Sensitivity Level: (The higher noise sensitivity level should be selected when RF environment is getting noisier) [Medium \/]
  • SonicPointN Reboot When Noise Safe Mode Detected
  • Use SNAP packet between SonicPoint / SonicPointN and Gateway
  • Send Need Fragment ICMP packet to SonicPoint / SonicPointN client
  • Enable intra-WLAN Zone communication for bonjour packet
  • WLAN DHCP lease / ARP delivery success rate enhancement
  • Wireless Guest Services Redirect Interval: 15 Seconds
  • Legacy WiFiSec Enforcement support
  • Do not apply WiFi security enforcement on reply traffic from WLAN to any other zone
  • Enable WLAN traffic DP core processing capability
  • Enable intra-WLAN Zone communication for broadcast packet
  • Enable local wireless zone traffic to bypass gateway firewalling

Tooltip Settings:

  • Enable tooltip with no descriptions

Preferences Conversion:

  • Preference Processor Server:
  • Site Relative Directory: /popup
  • Enable checking when importing settings

Anti-Spam Service:

  • Disable SYN Flood Protection for Anti-Spam-related connections
  • Use GRID IP reputation check only
  • Disable GRID IP reputation checking for Outbound SMTP connections
  • Do NOT disable custom user email policies when Anti-spam is enabled
  • Allow Limited Admin users to configure Anti-Spam Service.
  • Bypass SHLO Check when Junk Store is unavailable (while Email Security is operational).
  • Do NOT verify incoming SHLO
  • Marked as a replay if incoming SHLO timestamp is more than 3600 secs
  • [Clear Statistics]
  • [Reset GRID Name Cache]
  • [Delete Policies and Objects]
  • CASS Cloud Service Address: [Resolve Automatically \/]

Email System Detection:

  • Enable Email System Detection

TZ Default Port Assignment:

  • TZ Basic (LAN/WAN) Mode

Remote Assistance:

  • Enable Remote Assistance

SSLVPN Settings:

  • NetExtender(for Windows) Version: [ ]
  • Hide Remote EPC feature

WAN Acceleration Settings:

  • Enable checking of connection responses by remote WAN Acceleration device
  • Temporarily bypass TCP Acceleration for failed proxied connections (minutes): 15
  • Temporarily bypass TCP Acceleration for short-lived proxied connections (minutes): 60
  • Skip TCP Acceleration for stateful control channels (but accelerate data channels)
  • Enable Transparent CIFS acceleration
  • Enable WXA Web Cache Redirection
  • [Zero debug stats]
  • [Show debug stats]
  • [Open WXA Internal Settings Page]
  • [SSH to WXA appliance]

Backend Server Communication:

  • Prevent communication with DELL Backend servers
  • Server Connection Timeout (sec): 30

Log Settings:

  • Exempt unfiltered events from global, category-level, and group-level changes
  • [Restore Unfiltered Event Settings]
  • Main Log Process Reschedule Interval: 100
  • Log Entries
  • SMTP Read Timeout (sec): 10

IPv6 Settings:

  • Enable enforcement of IPv6 Ready Logo requirement

ICMP Settings:

  • Enable enforcement of Dropping Unreachable ICMP packet
  • Enable enforcement of Dropping Time Exceed ICMP packet

Debug Option:

  • Disable Pkt Monitor Application Detection

Technology is changing constantly. Please note that technical information published in the BITS blog may be inaccurate if posted prior to 2022.


SonicWALL Hidden Features and Configuration Options? ›

Enable Stealth Mode - By default, the security appliance responds to incoming connection requests as either blocked or open. If you enable Stealth Mode, your security appliance does not respond to blocked inbound connection requests. Stealth Mode makes your security appliance essentially invisible to hackers.

What is SonicWall stealth mode? ›

Enable Stealth Mode - By default, the security appliance responds to incoming connection requests as either blocked or open. If you enable Stealth Mode, your security appliance does not respond to blocked inbound connection requests. Stealth Mode makes your security appliance essentially invisible to hackers.

What are the key features of SonicWall firewall? ›

SonicWall Network Security Manager (NSM) gives you everything you need for comprehensive firewall management.
  • Onboard and manage dozens or hundreds of firewalls centrally from one interface.
  • Deploy and administer firewalls remotely with Zero-Touch Deployment.
  • Simplify set-up with configuration wizards.

What are the three security services available on the SonicWall? ›

SonicWall security services turns firewall into a complete security solution. The security services is offered in three subscription bundles – Threat, Essential and Advanced Protection.

What does SonicWall Advanced Edition include? ›

SonicWall TotalSecure Advanced Edition combines a next-generation firewall with Advanced Gateway Security Service, which features: Capture Advanced Threat Protection Service. Gateway Anti-Virus and anti-spyware.

What are the benefits of stealth mode? ›

Stealth mode allows companies to set their own pace and launch when they are ready, without pressure from the outside. Disclosing information about the project in the very early stages can also result in a premature dismissal of a good idea.

Should you enable stealth mode? ›

If you're concerned about security, you can use “stealth mode” to make it more difficult for hackers and malware to find your Mac. When stealth mode is on, your Mac doesn't respond to either “ping” requests or connection attempts from a closed TCP or UDP network.

What is the difference between ingress and egress in SonicWall? ›

Ingress – Traffic from initiator to responder in a particular traffic flow. Egress – Traffic from responder to initiator in a particular traffic flow. To be compatible with traditional bandwidth management settings in WAN zones, the terms inbound and outbound are still supported to define traffic direction.

Is SonicWall firewall IPS or IDS? ›

SonicWall Intrusion Prevention Service (SonicWall IPS) delivers a configurable, high performance Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail, file transfer, Windows services and DNS.

Is SonicWall the best firewall? ›

SonicWall NSa is the #15 ranked solution in best firewalls.

What does it mean to work in stealth mode? ›

In business, stealth mode is a company's temporary state of secretiveness, usually undertaken to avoid alerting competitors to a pending product launch or another business initiative. When an entire company is in stealth mode it may attempt to mislead the public about its true company goals.

What does operating in stealth mode mean? ›

A stealth startup is a startup company operating in silent mode, in other words, avoiding public attention and announcements about its products.

What is network stealth mode? ›

Operating an intrusion detection and prevention sensor without IP addresses assigned to its monitoring network interfaces.

What is the stealth mode feature? ›

Stealth mode is the robust solution to provide a seamless authentication to the user without any user interaction when transitioning from one connection to another. This feature supports only on Windows.

Top Articles
Latest Posts
Article information

Author: Manual Maggio

Last Updated: 09/11/2023

Views: 6400

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.