Sunday, August 21, 2016

HUAWEI P8 Lite Dual SIM Firmware (ALE-L21, Android 6.0, EMUI 4.0, C185B525)

please download the software firmware here 

then extract the zip file
copy to phone storage
go update setting select local update
finish

Site to Site VPN via two Sonicwall firewalls – With DHCP over VPN


Site to Site VPN via two Sonicwall firewalls – With DHCP over VPN


Introduction: This document shows an example of how to configure a VPN tunnel between 2 SonicWALL firewalls, one running SonicOS Enhanced at the main site (central site) and the other one running SonicOS standard at the remote site. Remote PC’s located behind the SonicWALL appliance on the remote site will obtain IP addresses automatically from a DHCP server located on the LAN zone of the Enhanced unit.
Versions Used: SonicWALL recommends using the latest firmware version on the units. On this document this feature has been tested on SonicOS Enhanced 5.6.0.11-61o and SonicOS Enhanced 4.2.1.0-20e.  SonicWALL’s original document, which can be found here, shows support for this configuration on SonicOS Enhanced 3.0.0.4-21e and SonicOS Standard 3.0.0.1-28s. Please note that SonicOS Enhanced runs on TZ170, PRO2040, PRO3060, PRO 4060, Pro 5060 models, and NSA 3500. SonicOS Standard only runs on the TZ 150, TZ170, PRO2040, and PRO3060 models. Customers with current service/software support contracts can obtain updated versions of SonicWALL firmware from the MySonicWALL customer portal at https://www.mysonicwall.com. Updated firmware is also freely available to customers who have registered the SonicWALL device on MySonicWALL for the first 90 days.
Network Topology: VPN Network Topology
Prerequisites: This guide assumes the following:
  • DHCP Server is up and running on the Central Site
  • The DHCP Server is in the LAN Zone
  • WAN Interfaces have been configured properly for internet access at both the remote and central site
Task List:
  • Configurations at the central site:
    • Set Firewall Unique Identifier
    • Add and configure a VPN policy 
    • Configure DHCP over VPN 
  • Configurations at the remote site: 
    • Set Firewall Unique Identifier
    • Add and configure a VPN policy 
    • Configure DHCP over VPN 
  • Testing
    • Verify that the VPN tunnel comes up
    • Verify that the DHCP client at the remote site obtains an IP address
    • Verify that traffic flows correctly between the sites
    • Verify that the DHCP client has access to its own network
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~SonicWALL Central Site Configuration
  1. Login to your SonicWALL at the Central Site
  2. Click on VPN->Settings
  3. In the Unique Firewall Identifier box, enter CentralSite and click Apply
    1. VPN-Settings-CentralSite
  4. On the VPN->Settings page, click the Add… button
    1. Use the configuration below:
      1. General Tab
        1. Policy Type: Site to Site
        2. Authentication Method: IKE using Preshared Secret
        3. Name: RemoteSite
        4. IPsec Primary Gateway Name or Address: yourwanipaddressoftheremotesite
        5. IPsec Secondary Gateway Name or Address: Leave this blank
        6. Shared Secret: Enter a good long password here!
        7. Confirm Shared Secret: Enter the same good long password you used above!
        8. Local IKE ID and Peer IKE ID: Leave these settings their default values
        9. CentralSite-General
      2. Network Tab
        1. Local Networks: Select Choose local network from list and select LAN Subnets
        2. Remote Networks: Select Destination network obtains IP addresses using DHCP through this VPN tunnel
        3. CentralSite-Network
      3. Proposals Tab
        1. IKE (Phase 1) Proposal
          1. Exchange: Main Mode
          2. DH Group: Group 2
          3. Encryption: AES-256
          4. Authentication: SHA1
          5. Life Time (seconds): 28800
        2. IKE (Phase 2) Proposal
          1. Protocol: ESP
          2. Encryption: AES-256
          3. Authentication: SHA1
          4. Enable Perfect Forward Secrecy: unchecked
          5. Life Time (seconds): 28800
        3. CentralSite-Proposals
      4. Advanced Tab
        1. Enable Keep Alive: this should be unchecked and grayed out
        2. Suppress automatic Access Rules creation for VPN Policy: unchecked
        3. Require authentication of VPN clients by XAUTH: unchecked
        4. Enable Windows Networking (NetBIOS) Broadcast: unchecked
        5. Enable Multicast: unchecked
        6. Apply NAT Policies: unchecked
        7. Management via this SA: all options unchecked
        8. User login via this SA: all options unchecked
        9. Defualt LAN Gateway (optional): 0.0.0.0
        10. VPN Policy bound to: Zone WAN
        11. CentralSite-Advanced
  5. Click OK
  6. Click on VPN->DHCP over VPN
    1. Select Central Gateway from the dropdown and click the Configure… button
      1. CentralSite-DHCPoverVPN
    2. Click on the Add… button and then type in the IP address of your DHCP server at the CentralSite.
      1. CentralSite-DHCPConfig
    3. Click OK
SonicWALL Remote Site Configuration
  1. Login to your SonicWALL at the remote site
  2. Click on VPN->Settings
  3. In the Unique Firewall Identifier box, enter RemoteSite and click Apply
    1. RemoteSite
  4. On the VPN->Settings page, click the Add… button
    1. Use the configuration below:
      1. General Tab
        1. Authentication Method: IKE using Preshared Secret
        2. Name: CentralSite
        3. IPsec Primary Gateway Name or Address: yourwanipaddressofthecentralsite
        4. IPsec Secondary Gateway Name or Address: Leave this blank
        5. Shared Secret: Use the same secret as the CentralSite
        6. Confirm Shared Secret: Use the same password as the CentralSite
        7. Local IKE ID and Peer IKE ID: Leave these settings their default values
        8. RemoteSite-General
      2. Network Tab
        1. Local Networks: Select Local network obtains IP addresses using DHCP through this VPN Tunnel
        2. Remote Networks: Select Create new address object
          1. Enter in your CentralSite’s LAN information (this will be the network you pull DHCP IPs from.
            1. CentralSite-LAN Config
        3. On the Choose destination network from list, you can now selectCentralSite LAN
          1. RemoteSite-Network
      3. Proposals Tab
        1. IKE (Phase 1) Proposal
          1. Exchange: Main Mode
          2. DH Group: Group 2
          3. Encryption: AES-256
          4. Authentication: SHA1
          5. Life Time (seconds): 28800
        2. IKE (Phase 2) Proposal
          1. Protocol: ESP
          2. Encryption: AES-256
          3. Authentication: SHA1
          4. Enable Perfect Forward Secrecy: unchecked
          5. Life Time (seconds): 28800
        3. RemoteSite-Proposals
      4. Advanced Tab
        1. Enable Keep Alive: check this option if it is not grayed out
        2. Suppress automatic Access Rules creation for VPN Policy: unchecked
        3. Require authentication of VPN clients by XAUTH: unchecked
        4. Enable Windows Networking (NetBIOS) Broadcast: unchecked
        5. Enable Multicast: unchecked
        6. Apply NAT Policies: unchecked
        7. Management via this SA: all options unchecked
        8. User login via this SA: all options unchecked
        9. Defualt LAN Gateway (optional): 0.0.0.0
        10. VPN Policy bound to: Zone WAN
        11. RemoteSite-Advanced
  5. Click OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Testing/Verification
  1. Open up one of the SonicWALL devices (either Central or Remote) and head over to VPN->Settings
    1. You should see a green dot indicating the connection is active.  Additionally, at the bottom of the same page, you can see the “Current Active VPN Tunnels”.  You should see the tunnel has been established their as well.
      1. Active Connection
    2. Active connections from the RemoteSite’s SonicWALL
      1. Active VPN Tunnels
  2. Next, head over to a workstation on the RemoteSite’s network.
    1. Type ipconfig /release on the workstation
    2. Type ipconfig /renew on the workstation
    3. Type ipconfig and verify the IP address is in the correct range from the Central Site.
  3. On the CentralSite’s SonicWALL, go to VPN->DHCP over VPN
    1. Under Current DHCP over VPN Leases, you should see your client
  4. Try to ping a server at the CentralSite, you should receive a successful reply.

Wednesday, February 10, 2016

Windows 10 build 10586.104 now available for PC with changelog

This update includes quality improvements and security fixes. No new operating system features are being introduced this month. Key changes in this update include:
  • Fixed issues with authentication, update installation, and operating system installation.
  • Fixed issue with Microsoft Edge browser caching visited URLs while using InPrivate browsing.
  • Fixed issue that didn't allow simultaneous install of apps from the Windows Store and updates from Windows Update.
  • Fixed issue that delayed the availability of songs added to the Groove Music app in Windows 10 Mobile.
  • Improved security in the Windows kernel.
  • Fixed security issues that could allow remote code execution when malware is run on a target system.
  • Fixed security issues in Microsoft Edge and Internet Explorer 11 that could allow code from a malicious website to be installed and run on a device.
  • Fixed additional issues with the Windows UX, Windows 10 Mobile, Internet Explorer 11, Microsoft Edge, and taskbar.
  • Fixed additional security issues with .NET Framework, Windows Journal, Active Directory Federation Services, NPS Radius Server, kernel-mode drivers, and WebDAV.
For more info about the security fixes in this update and a complete list of affected files, see KB3135173.

Monday, January 4, 2016

UTM - VPN: Configuring Aggressive Mode Site to Site VPN when a Site has Dynamic WAN IP address in SonicOS Enhanced

CLICK HERE TO WATCH VEDIO




UTM - VPN: Configuring Aggressive Mode Site to Site VPN when a Site has Dynamic WAN IP address in SonicOS Enhanced (KB Article and Video Tutorial) (SW4834)

Return
Rate this Article
 
     [Select Rating]
  • Title

    UTM - VPN: Configuring Aggressive Mode Site to Site VPN when a Site has Dynamic WAN IP address in SonicOS Enhanced (KB Article and Video Tutorial)
  • Resolution

    Article Applies To:

    Gen6 SM E10000 series: NSA E10800, NSA E10400, NSA E10200, NSA E10100
    Gen6 SM 9000 series: NSA 9600, NSA 9400, NSA 9200

    Gen6 NSA Series: NSA 6600, NSA 5600, NSA 4600, NSA 3600, NSA 2600
    Gen5: NSA E8510, E8500, E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 220, NSA 220W NSA 240, NSA 250M, NSA250MW
    Gen5 TZ series: TZ 100, TZ 100W, TZ 105, TZ 105W TZ 200, TZ 200W, TZ 205, TZ 205W TZ 210, TZ 210W,TZ 215, TZ 215W.
    Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
    Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless

    Firmware/Software Version: SonicOS Enhanced
    Services: VPN

    To watch a video tutorial on this topic, click here

    Feature/Application:
    This solution explains the configuration of a Site to Site VPN on SonicWALL firewall (UTM) appliances when a site has dynamic WAN IP address. The VPN policy is setup using Aggressive Mode.
    Procedure: 
    Network Setup:

    Configuring a Site to Site VPN on the central location (Static WAN IP address)
    Device used on central site: SonicWALL PRO 4060 appliance with SonicOS Enhanced 4.0.0.2e firmware.
    Central location network configuration:

    1.       LAN Subnet: 192.168.168.0
    2.       Subnet Mask: 255.255.255.0
    3.       WAN IP: 66.249.72.115
    4.       Local IKE ID SonicWALLl Identifier: chicago (This could be any string except it has to match the remote location VPN's Peer IKE ID SonicWALLl Identifier)

    Step 1: Creating Address Object for remote Site:

     - Login to the central location SonicWALL appliance
     - Navigate to Network > Address Objects page.
     - Scroll down to the bottom of the page and click on Add button, enter the following settings.

     
    Name – newyork vpn,
    Zone – VPN,
    Type – Network,
    Network – 10.10.10.0,
    Netmask – 255.255.255.0

     -  Click OK when finished.

    Step 2: Configurating a VPN Policy:

    a.       Click on VPN > Settings
    b.       Check the box “Enable VPN” under Global VPN Settings.
    c.       Click on the “Add” button under VPN Policies section. The VPN Policy window pops up.

    Click the General tab

    a.       Select the Authentication method as “IKE Using Preshared Secret
    b.       Name: New York Aggressive Mode VPN
    c.       IPsec Primary Gateway Name or Address: 0.0.0.0

    Note:  Since the WAN IP address changes frequently, it is recommended to use the 0.0.0.0 IP address as the Primary Gateway.

    d.       IPsec Secondary Gateway Name or Address: 0.0.0.0
    e.       Shared Secret: sonicwall (The Shared Secret would be the same at both SonicWALL’s)
    f.         Local IKE ID: SonicWALL Identifier - chicago (This could be any string except it has to match the remote location VPN'sPeer IKE ID SonicWALLl Identifier)
    g.       Peer IKE ID: SonicWALL Identifier - newyork (This could be any string except it has to match the remote location VPN'sLocal IKE ID SonicWALLl Identifier)

     Click the Network tab

    Ø       Local Networks

    Select Choose local network from list, and select the Address Object – X0 Subnet (Lan subnet)

    Ø       Destination Networks

    Select Choose destination network from list, and select the Address Object – newyork vpn

    Click the Proposals tab

    IKE (Phase 1) Proposal

    Exchange:  Aggressive Mode
    DH Group:  Group 2
    Encryption: 3DES  
    Authentication: SHA1
    Life Time (seconds): 28800  

    Ipsec (Phase 2) Proposal

    Protocol:  ESP
    Encryption: 3DES 
    Authentication: SHA1

    Enable Perfect Forward Secrecy(not checked)

    DH Group:  Group 2
    Life Time (seconds): 28800

      Click the Advanced tab

    Ensure that the VPN Policy bound to: Zone WAN
      - Click OK when finished

     
    Configuring a Site to Site VPN on the remote location (Dynamic WAN IP address)

    Device used on remote location: SonicWALL TZ 170 appliance with SonicOS Enhanced 3.2.3.0 firmware

    Network Configuration:

    1.       LAN Subnet: 10.10.10.0
    2.       Subnet Mask: 255.255.255.0
    3.       WAN IP: DHCP (As this is a Dynamic IP Address)
    4.       Local IKE ID SonicWALL Identifier: newyork (This has to match the central location VPN's Peer IKE ID SonicWALLl Identifier)
     
    Step 1: Creating Address Object for remote site:

     - Login to the Remote location SonicWALL appliance
     - Navigate to Network > Address Objects page.
     - Scroll down to the bottom of the page and click on Add button, enter the following settings.
    Name – chicago vpn
    Zone – VPN
    Type – Network
    Network – 192.168.168.0
    Netmask – 255.255.255.0
     - Click OK when finished

    Step 2: Configuration VPN Policy:

    a.       Click on VPN > Settings
    b.       Check the box “Enable VPN” under Global VPN Settings.
    c.         Click on the “Add” button under the VPN Policies section. The VPN Policy window pops up.

    Click the General tab
     
    a.      Select the Authentication method as “IKE Using Preshared Secret
    b.      Name: Chicago Aggressive Mode VPN
    c.      IPsec Primary Gateway Name or Address: 66.249.72.115
    d.      IPsec Secondary Gateway Name or Address: 0.0.0.0
    e.      Shared Secret: sonicwall
    f.         Local IKE ID: SonicWALL Identifier - newyork (This has to match the central location VPN's Peer IKE ID SonicWALLl Identifier)
    g.       Peer IKE ID: SonicWALL Identifier – chicago (This has to match the central location VPN's Local IKE ID SonicWALLl Identifier)

    Click the Network tab

    Ø       Local Networks

    Select Choose local network from list, and select the Address Object – LAN Primary Subnet

    Ø       Destination Networks

    Select Choose destination network from list, and select the Address Object – chicago vpn

    Click the Proposals tab

    IKE (Phase 1) Proposal

    Exchange:  Aggressive Mode
    DH Group:  Group 2
    Encryption: 3DES 
    Authentication: SHA1
    Life Time (seconds): 28800  

    Ipsec (Phase 2) Proposal

    Protocol:  ESP
    Encryption: 3DES 
    Authentication: SHA1

    Enable Perfect Forward Secrecy (not checked)

    DH Group:  Group 2
    Life Time (seconds): 28800

    Click the Advanced tab

    Enable Keep Alive box should be checked
    VPN Policy bound to: Zone WAN
                      - Click OK when finished

    How to Test:
    From the remote location try to ping an IP address on the central location.